Uncertain Times — Infosec's here to help. Learn about remote testing and other COVID-19 resources.

Election Security issues for 2020

Adam Darrah, Director of Intelligence at Vigilante ATI and an expert on Eurasian political machinations, specifically about Russia and disinformation campaigns, and Cyber Work podcast host Chris Sienko discuss foreign vote tampering and all other election security concerns for 2020.

  • View transcript
    • Chris Sienko: Welcome to this week’s episode of the Cyber Work with Infosec podcast. Each week, I sit down with a different industry thought leader and we discuss the latest cybersecurity trends, how those trends are affecting the work of infosec professionals, while offering tips for those trying to break in or move up the ladder in the cybersecurity industry. 2020 as you know is right around the corner and with it, there is another presidential election coming up, with all its attendance security issues. For 2020, Infosec is attempting to get ahead of these potential issues. Use our free election security training resources to educate poll workers and volunteers on the cybersecurity threats they face during the election season. For more information about how to download your training packet, go to infosecinstitute.com/iq/election-security-training, or visit the link in the description. Our guest today is Adam Darrah, Director of Intelligence for Vigilante. He’s a national security and threat intelligence expert, who spent eight years working for the US government coordinating across several federal agencies to fill critical knowledge gaps on national security policies. We’re gonna talk about the 2020 elections and specifically around the concept of election meddling, and coordinated disinformation campaigns, as well as ways that smart voters can separate fact from fiction when new shocking news comes into their social media feed. Adam Darrah is an experienced intelligence analyst, skilled in putting international affairs into cultural and political contexts. Before joining Vigilante, Adam served as Director of Intelligence at InfoArmor. Previously, he spent eight years working for the US government, coordinating across several federal agencies to fill critical knowledge gaps on national security priorities, which helped form his specialization in Central Eurasian political security and intelligence issues. Adam holds a bachelor’s and master’s degree in Russian from the University of Utah, and the University of Arizona respectively. Adam, thank you for joining us.

      Adam Darrah: Thanks, Chris, it’s a pleasure to be here.

      Chris: Okay, I just realized I should’ve asked beforehand, is it Darrah or Darrah?

      Adam: It’s Darrah like Sarah. It’s fine.

      Chris: Darrah like Sarah, okay. We will of course, correct on the way up. So in a previous episode on the podcast, we discussed some of the security issues that came to pass with the 2016 election, as well as concerns that were surrounding the then-upcoming midterm elections in 2018. Based on most available research, can you tell me what kind of security breaches, tamperings, or other issues, actually happened in 2016, and 2018 versus the predictions?

      Adam: Yeah, absolutely, let’s get into this a little bit, and I just wanna set the stage with a little bit of context. Election operations from an intelligence perspective are consistent and they’re ongoing, and so, in the lead-up to 2016, you have US adversarial governments working around the clock in three primary areas. You have the ongoing human intelligence effort to infiltrate campaigns, get to know people, and get insider information. You have a signals intelligence campaign, where you’re trying to, or an adversarial government’s trying to get on your electronic communications, and eavesdrop, and again, so they have an advantage. Then you have, you know, open source information. That can be defensive as well as offensive, and what we saw in 2016 is really the first time, a few foreign powers decided to be very aggressive in their offensive operations and misinformation campaigns. The ongoing signals intelligence and human intelligence operations, that was nothing new to me, it wasn’t shocking to me but the overt nature of the brazenness in their open-source campaigns to misinform voters was quite shocking in 2016 and in the lead-up to 2016.

      Chris: Now how about 2018, I didn’t really hear that many stories about the midterms. Were there any noteworthy security issues in that election?

      Adam: You know from where I was sitting at the time, that was not for whatever reason, again we didn’t see as many brazen attempts to misinform voters here in the United States. And as far as the ongoing human intelligence and signals intelligence operations, those remained in effect, that mandate didn’t go away just because some would argue that they purposely got their hand caught in the cookie jar on purpose to send a message to us in 2016.

      Chris: Yeah, I was gonna ask about that. Do you have any theories on why 2018 was so quiet by comparison?

      Adam: Yes, I do, I think they’ve moved on to the next thing. I think our adversaries, they pivot very quickly. They’re highly sophisticated in their trade craft and it is my personal opinion that they’ve already pivoted to the next thing in order to sprinkle some discord and some misinformation or perhaps something else for future campaigns in order to disrupt a very stable, and to destabilize a very stable and democratically elected government.

      Chris: So based on your initial research, how many of these points of attack have been rectified? Are there new attack vectors, do you feel like the things that were a problem in 2016 are still a problem going into 2020?

      Adam: Yes, in short, yes.

      Chris: Short version.

      Adam: I wish, I wish and again I’m not exactly a cynic. I believe in America, I believe in the rule of law. What’s great about our country is that we do have a rule of law and we don’t rule by law. We’re not arbitrary, we haven’t gone down the arbitrary enforcement of law here yet. And so other people, other people that operate here in this country, they can operate without, we’re not a police state and so they still have the freedom if you will, the freedom of movement to operate on the internet, on our streets, they can go to parties, they can still walk around. So the traditional avenues to let’s say, get an advantage over American policy makers is still in effect, that hasn’t gone away. I think our federal law enforcement have done an excellent job in doing the best they can with the tools they have but since we’re not a police state, we’re not gonna monitor every single little thing that happens here. Moreover on the electronics side, on the open-source side and let’s call it the hacking side, we still have voter lists being leaked in the deep and dark web, we still have a concerted effort by legal business entities to gather information about citizens here. So I mean, those threats and the data security involved with protecting against those threats, that’s still either really good or really bad depending on the company’s security practices. So those threat vectors are still there.

      Chris: Okay, so since one of your areas of expertise is Central Eurasian political security and intelligence issues as well as how nation states conduct disinformation campaigns, I want to learn more about that from you. So let’s start by talking about any recent or noteworthy examples in your global area of expertise, Eurasian, of vote tampering or disinformation campaigns. Are there things that we should be watching and things that we can learn from this part of the world that could apply to the 2020 election?

      Adam: Absolutely and I think that’s a very well thought out question. And I’m gonna quote unquote pick on Russia as an example because that happens to be my primary area of expertise.

      Chris: Sure.

      Adam: And I have a lot of respect for the culture and everything but my goodness, in the lead-up to 2016 I was noticing things and techniques being employed on our soil that they’ve employed for a very long time against their own people and what you see is they want to prep the battlefield so election day goes the way they want it too.

      Chris: Right.

      Adam: And so what you do to prep the battlefield is you control the media messages, you control the narrative. Then you arbitrarily enforce law to send a message saying, “hey guys, “in the opposition that we’re not too keen on, “chill out, please don’t destabilize us on election day.” But you also want to have a friendly opposition as well, an approved friendly opposition.

      Chris: Approved opposition, yeah.

      – Approved, absolutely. And on election day if things pretty much go your way, you relax, you just you know, because again these countries want to be perceived like us, right?

      Chris: Right.

      Adam: Look, we’re the same. We’re sophisticated, we’re stable, we’ve got a democratic process and we love the law here. And so what you see is that okay, they decided okay, America is always picking on us. America is always calling us out for being so unruly and silly and we’re turning on against ourselves, we’re unsophisticated, okay. Well how about this, how about we run a similar campaign. Again, they’re not making up the trade craft, this is something they’ve perfected on their own soil.

      Chris: Sure.

      Adam: And they just turn the laser beam on us and it’s been heartbreaking to watch how it’s worked. In other words, we have turned on each other, we have become a little less stable, at least in our media narratives, in the way that we think about elections. I mean, we have an amazing process. We have an amazing country and to see even really smart people start to call the basic and foundational document into question, I mean this is what I would call, regard as a very successful campaign that our adversaries have conducted against us.

      Chris: So along the, sort of the physical hacking aspect of it, I want to hear more about your research into disinformation campaigns that could be launched. It’s one thing to tamper with a voting box which can be traced or explained and is patently illegal but it’s another thing to spread wrong information by using social media to spread news about candidate acts and how they’re losing so that voters are discouraged and might not be coming in after work to even bother voting at all, or as you said, reduce confidence in the interest of the very idea of voting, this speaks to the general cynicism around voting. You hear a lot of, “well it’s just gonna be stolen anyway,” or, “everyone’s equally corrupt,” or whatever. So how do we sort of turn this trend of cynicism around?

      Adam: Wow, you know I, we need to–

      Chris: Tall order, I realize.

      Adam: fall in love with our country again.

      Chris: We have 45 more minutes to figure this out, so let’s do it.

      Adam: No, let’s do it, we need to fall in love with our country again.

      Chris: Right.

      Adam: We need to fall in love with each other again. We need to be, again, okay with people not seeing things the same way, whatever tribe you’re in. Whatever political tribe you subscribe to, it’s time to again, respect people who are not like us and it’s time to respect people on the other side of the aisle. And to fall in love with the idea of the great American experiment. And also, be okay with losing. Sometimes the person you vote for is not going to win and it’s like, just grieve, it’s okay. I’m gonna wake up tomorrow, I’m gonna turn on my electricity, I’m gonna have a warm house, everything’s gonna be okay, so I don’t know how you re-win the hearts and minds of your countrymen and to start learning that, like, “hey, “that guy that I don’t agree with “or the lady I see that I’ve kind of ignored “because her Facebook posts or her Twitter posts “are just so absurd,” maybe it’s time to fall in love again I guess would be one way to look at it. And also, we also need to re-rely on that inner voice that we all have. If absurd things are coming across, if hyperbolic and absurd things are coming across the news wire or across a social media feed, just breathe. It’s probably not true, you know, laugh at it. And just go, “yeah, yeah, okay I wish that was true “about the person I don’t like,” but come on, no. It’s not true, so–

      Chris: Yeah, yeah I was gonna say I think that’s almost harder. It’s one thing to say, “look at the terrible thing “that’s happening to the guy I don’t like,” but it’s even harder to sort of, oh, this great thing that I like about this candidate that’s probably unlikely is probably also not happening.

      Adam: Correct.

      Chris: But yeah I think it also speaks to sort of a need for some degree of media literacy that we don’t have anymore. That there’s just, there’s such a rash of strange, quasi-legitimate or illegitimate news sites that are quickly shared on social media before anyone can do fact-checking. I remember 2016, 2017, there were so many, I was going to book stores to take classes on media literacy and they would literally just send links of like, here’s fact-checking groups, here’s non-partisan things, here’s a spectrum of things across the political spectrum that, whether you agree with them or not are fact-checked and means tested and whatever. But there’s that sense that that’s not the case for a lot of people right now.

      Adam: Correct, and even the term “fact-checking” will send a chill down half the country’s spine.

      Chris: Sure.

      Adam: And the other half will be cheerleading this so-called fact-check industry.

      Chris: Right.

      Adam: So even something as non-controversial and level-headed and medium as the sentences you just said are still cause for controversy nowadays.

      Chris: Sure.

      Adam: And so media literacy is interesting, that’s an interesting concept but I don’t understand, I mean I understand from a marketing perspective but it’s heartbreaking to watch my great country’s, these once great news organizations just start down this very, this very dangerous road of they have the truth.

      Chris: Right.

      Adam: And they’re the only ones that have the truth and the reason our adversaries conduct these campaigns is because they work. The reason our adversaries conducted against their own people is because they work. And because if you just accept this is the new reality, which I don’t accept, I don’t accept the premise that this has to be our new reality.

      Chris: Yes.

      Adam: In my house, it’s not the new reality but we double-down on these things because they work. I just wish there were more voices out there just like, “everybody breathe.”

      Chris: Yeah.

      Adam: The other side is not the end of the world, my side is not the only source of truth and sometimes my side’s gonna win and sometimes my side is gonna lose and I’m still gonna shake their hands, I’m still gonna be polite, it’s all good. I can still rage, I will still be sad, I mean please, I can still rage and be sad but I’m not gonna reputationally abuse the other side.

      Chris: Yeah but I think going back to sort of the notion of getting to the bottom of story, I think one of the things that you hear a lot is, from people who reflexively share things that they think, “well that’s it, that person’s done for,” or, “this person got completely taken down,” is that everyone’s so busy now and everyone feels like I don’t have time to go back to the congressional record to see if this really happened or not but that’s part of it. I realize that there’s not a panecea of perfect, even-handed news going back to the 50’s or 60’s or 70’s or whatever but there’s also this feeling that I don’t even know where to start looking to see whether this is true or not, you know what I mean?

      Adam: Exactly, and again I just want to clear up something very quickly, what’s going on today is that we’ve also accepted the false premise that our adversaries have a side in our political fight.

      Chris: Yeah.

      Adam: They don’t have a side. They don’t have a preferred candidate. We always have to ask ourselves, why are they doing this right now?

      Chris: Right, right, okay.

      Adam: Why does it appear that they are supporting one candidate over the other, why, okay? It’s not because that’s the person they want elected.

      Chris: Right.

      Adam: They usually lean on the open door that’s gonna lead into the most chaos, okay? Not because they, in my opinion and my experience and with my knowledge of how our adversaries work and how they view us, they view us the same way they view themselves. They don’t think we’re any different. They just think we’re better at pretending we live in a free society than they do. And so again, that cynicism is being, that Central Eurasian cynicism with regard to our leaders, with regard to politics, with regard to the election process, with regard to the basic and fundamentals of liberty, that cynicism, they’re turning their laser beam, focusing it on the United States political system and saying, “aha, that’s actually working now, “they are tribal and see, they’re “just as bad as we are, see,” and again to be clear, they don’t have a preferred side.

      Chris: Right.

      Adam: They don’t trust any of us, actually.

      Chris: Mhmm, so speaking to that, it seems like there’s probably a decent chance that no anti-tampering legislation is gonna come through in time for 2020. So what can citizens do to take this issue into their own hands, how do we dismantle this system that allows outright propaganda or disinformation to flourish?

      Adam: Pet a dog, pet your cats, hug your loved ones. I think that’s the biggest, well okay, I’m only half joking because we need to trust ourselves. We need to trust the inner voice, we need to trust that when something so absurd comes in front of our face, even if it’s against a person we don’t like, and we want it to be true, “my goodness “I really hope this person loves to abuse kittens,” or whatever it is, like, “oh man, “I really hope this person hates kittens,” it’s gonna be okay.

      Chris: Mhmm.

      Adam: There are already plenty of laws in the books. It is illegal to tamper with voting machines. It’s illegal to ballot stuff, it’s illegal to register people who aren’t alive or who–

      Chris: Of course.

      Adam: It’s already illegal to vote twice, you know?

      Chris: Sure.

      Adam: All these things already exist, right?

      Chris: Sure, there’s also a whole lot of selective enforcement of that, I mean …

      Adam:  Correct, again, correct.

      Chris: I can send you some books.

      Adam:  Correct, but please if you can hear me and you’re thinking about doing something on behalf of your political tribe, that’s nefarious, please don’t do it, it’s okay.

      Chris: Right.

      Adam: And it’s okay to lose. It’s okay, we’re gonna be fine. So there’s already enough legislation. I think it’s really about respecting the United States voter again and we need to get rid, to the best of our ability, this idea that somehow, how can I say this, this idea that there’s a dumb voting populous.

      Chris: Mhmm.

      Adam: People are entitled to have their opinions.

      Chris: Right.

      Adam: And that’s okay, and just because somebody doesn’t have all the facts that you have, everybody deserves their voice to be heard. And one thing that scares me a lot is when elections don’t go the way, in other countries when elections don’t go the way that they had tried to make them go, let’s say, they begin trying to win the election via the legal system.

      Chris: Right.

      Adam: Or to overturn the results of a kind of free and a kind of fair election. I’m speaking of other countries now, through the legislature, through the courts. Or let’s just say in other countries, even if the election goes their way but they didn’t win by as much as they thought they should have won, I mean we’re seeing people thrown in jail in other countries because of alleged ties to foreign governments.

      Chris: Right.

      Adam: I mean, it goes down a really silly and scary place when you start, when a temper-tantrum persists.

      Chris: Right.

      Adam: When we can’t be okay with losing for a few years. It’s gonna be okay, we’re only gonna lose for a few years and then it’s fine, you know? And so that’s the pattern I see in other countries and then I look here and I go, “my goodness, “please, no, no, no, no, we don’t need this right now, “we’ll never need this, this is still a great country, “we’re still the envy of the world, “even with all of our short comings.” We’re better than this, we are, and that message is not being promulgated or disseminated in my opinion.

      Chris: So, on an even larger scale than bots and social media forums and so forth, this red disservation you have, things like Cambridge Analytica who can sway elections by a marketing campaign, so do you have any thoughts on any safeguards that have been put in place to prevent this and if there aren’t any, what safeguards could realistically be put in place? So you know, if it’s clear that this will be a once again, unregulated 2020, what do we do to combat influences like this?

      Adam: Well again, secure your buckets. There are still companies that do this today. It’s all legal. They legally purchase our information from social media, we’ve agreed to it when we agree to the terms. We’re okay with that, and so there’s nothing inherently illegal about companies such as Cambridge Analytica, or it’s not even illegal, it may be in bad taste nowadays but it’s not illegal to employ their analytics. What have you learned about the voting population? It’s all about gathering the best information for your campaign, okay? So I don’t want to outlaw people wanting more information about how to reach their preferred voting population to, “hey vote for me because I’m gonna solve world hunger,” or whatever it is. So I’m weary to start thinking that we need to start legislating against people learning about how to reach the voting populous, here in this country, I’m nervous about that. Tactics, and again, where I worry is that I don’t, I didn’t hit that I agree to them mishandling the information once they have it. Meaning, I haven’t agreed for you to leave my information exposed to the nefarious actors on the dark web or to foreign entities who are trying to use me, my social media to retweet, to become my friend and to infiltrate my friends and then do their misinformation campaigns. I didn’t agree to be a part of a intelligence operation. So again, I’m hesitant to really come out strongly against firms like that because everybody does it. The guy starting out, who’s starting a business, needs information about the target market he wants or she wants to target, they deserve to have that information purchased legally and to make their business awesome. Same with candidates who are running in this country. So yeah, I know this is maybe a bit unpopular but all the parties do it, all the candidates do it. They contact these types to message us. So when intelligence operation uses the same methods and trade craft that private business and private individuals use for good, that’s where it gets tricky. So I don’t want to legislate only because bad guys did it. This is where it gets a little tricky.

      Chris: Okay, so what are some dangers to watch out for from a social engineering perspective? Are there things that voters should be watching for that are out there, like there’s been reports of fishing campaigns that use email or phone calls to gather information or fake information disseminated in forms of phone polling or attempts to harvest registration from phones, like on a pure sort of technical level how should people keep themselves and their information protected as we come into the election season?

      Adam: Stellar, stellar question, and this needs to get out, this needs to get out, it’s your identity. It’s your electronic footprint, please own it. Own where you go on the internet, own it. Be purposeful, don’t click on everything, don’t sign up for everything and if you have, get a grip on where your email is being used for marketing purposes, again, legal, completely above board marketing purposes, get a handle on it, unsubscribe. If you don’t recognize emails, delete them, it doesn’t matter. If you don’t recognize the phone number, don’t answer it, block it, subscribe, there are services out there that will filter these types of phone calls. Listen to your inner voice, you are smarter than you think. Your gut will not, and if it is a loved one trying to find you after 20 years, they’ll find another way.

      Chris: There’s other ways, right.

      Adam: They’ll find another way. So we don’t need to be so anxious to answer all the mail, to answer all the phone calls, be purposeful. Be smart, be vigilant, and having a default mindset of security is great. But get out there, get a grip on what your digital footprint is and start owning it and minimizing it. Get to know your security settings on everything you do. Google yourself, search for yourself. It’ll be eye-opening.

      Chris: You’ll be surprised, absolutely, so can you give us any tips or strategies around separating fact from fiction regarding election coverage? Are there certain types of red flags to watch out for when seeing or considering sending out a potentially, quote-unquote game-changing news story that comes across your social media feed?

      Adam: Yeah, so my advice is breathe. If it’s too much, if it’s too sensational, you’re probably unknowingly becoming a part of a misinformation campaign.

      Chris: Yeah, if it’s pushing your buttons–

      Adam: I’m not victim-blaming.

      Chris: Sort of, if you’re like, “oh, I knew it.”

      Adam: Yeah, exactly and even if it’s in support of the person you like.

      Chris: Right.

      Adam: If it sets you off, and if it taps into that part of our psyche that sets you off like super excited, super angry it starts at the individual. The individual needs to begin to own what they spread and maybe just walk away, turn it off, it’s okay. I’ve done that in my house. I’ve simply turned TVs off, I’m minimized, I’ve been purposeful, I’ve minimized my social media footprint, I’ve set strict boundaries around my time on social media, what I choose to use it for, it starts at the individual. But again, I would hate for us to get into the mindset that we need somebody else to fix it. I think the individual knows themselves well enough and their families well enough to, let’s start there and let’s not become a part of the problem.

      Chris: Yeah I think during, especially stressful times, it feels like sort of scrolling your social media feed for political news, it sort of triggers sort of an addictive aspect of your personality and I know when things are going very bad, I obsessively scroll with that feeling that the next news piece is gonna be the one where it’s like, “everything’s gonna be fine,” and I think there’s a lot of people out there that there’s just that endless feeling of, “oh I gotta just look for one more thing “and that’s gonna tell me that I can stop “worrying about this,” but you don’t get to stop worrying about this.

      Adam: No, it’s not.

      Chris: It’s more nuanced than that.

      Adam: You’re right, that’s an excellent observation. And so again, I believe in the individual. I believe that people can use their powers for good and I believe that one day we’ll snap out of it. I’m also waiting for my social media feed, for the guy that hypnotized us to go, “okay and you’re back.”

      Chris: Right, yeah, yeah.

      Adam: So I think we’ll get there, we’re a great country.

      Chris: So speaking of sort of media literacy and stuff, can you sort of suggest, without being partisan or whatever, certain ways of bringing the voting populous up a bit more to speed about current security dangers, even not necessarily this candidate says this or this candidate says this but do you have any suggestions for getting people to realize foreign actors do these things or voting boxes can still be hacked, they don’t have enough, their firmware isn’t updated fast enough or they’re too old or things like that. What are your thoughts on sort of getting that level of education out?

      Adam: Oh, man, what a great question. And I’m gonna fall back on the silly sign that we see everywhere, it’s cliche but it works. If you see something, say something. If you’re in line to cast your vote and somebody’s breaking a rule, somebody’s out campaigning closer than they should. Somebody approaches, knocks on your door after voting registration has legally ended and is asking you to register to vote, get their information, ask them why they’re out here. What are you doing, I did that once. I was in a neighborhood, I was driving through the neighborhood one day in the commonwealth of Virginia and it was a few days past the legal registration to vote and I stopped and I saw these people. I recognized them by their shirts and I mean, they weren’t hiding, you know I stopped and I said, “excuse me, what are you guys out doing today, “it’s a beautiful day, what are you out doing today? “oh, you’re registering vote but didn’t that deadline pass, “can I have your information, this seems a little, “this is interesting to me, I don’t understand “why you’re out voting, or registering people to vote,” and they just walked away, they didn’t want to talk to me.

      Chris: Sure.

      Adam: So I mean, if you see something, say something. If you’re getting things in your email, don’t click on them. If you’re getting things, “hey register to vote, “it’s not too late,” and you know it’s too late, it’s a trick. People just need to reassert ownership over this process. This country doesn’t belong to somebody else, right, it’s ours. And this is a uniquely American thing. And I actually am very grateful that each state, each county, each city, each precinct has it’s own way of doing it cause there can be a coordinated attack effort. They can rabble-rouse here but you can’t meddle or interfere the same way one county over. So take ownership, voter. And just recognize that you’re a lot more well informed than you are.

      Chris: Okay. So sort of fast-forwarding to, we’re talking like days before the election. Everyone’s got their opinion, everyone’s ready to go, what have you but now we’re at that point where there’s the possibility for mechanical tampering, for cyber tampering, whatever. Sort of playing arm share quarterback, what’s the balance to be found between watching out for social engineering concerns versus out-and-out software fraud? What do you think should be the focus for this next cycle based on what you see?

      Adam: Social engineering is already happening. this isn’t, social engineering is an ongoing operation, especially when it’s conducted on behalf of a very sophisticated and adversarial nation-state. What I mean, adversarial is that another country that views us as their primary adversary. So social engineering, it’s going to continue and it’s happening right now. With regard to securing our, with regard to securing our votes at the electronic level, at the network level, this is where I have very strong feelings that it’s the public and private partnerships. I think the public sector should absolutely reach out to trustworthy, private expertise. I think the public sector could learn a lot from what we do in the private sector nowadays to help secure our own systems and maybe there should be increase in that partnership. And without a fear of, I don’t know, there’s a lot of distrust right now, there’s a fear of distrust. And the federal government and local governments have their reasons, you can’t just let anybody into your systems, I mean I get it. But spreading the expertise, sharing expertise across disciplines, I think will absolutely help us prepare for 2020 and beyond at that very technical level.

      Chris: Okay, sketch out to me, I just thought of this, based on sort of private sector versus public sector security technology aspects, draw me a prototype of a reasonably safe voting machine. What’s a thing that’s in your ideal in-your-head version of a voting machine that’s maybe not there right now for a lot of places cause I know some of them are 20 years old, 30 years old, there’s talk about firmware issues or things that just can’t be secured. I’m not talking about someone whisks away a box of ballots or whatever, but I think there’s legitimate concerns about outdated technology that’s very easy to hack and things like that. What do you imagine as a very good, I’m not gonna say unhackable but a very good hack-resistant voting machine?

      Adam: Well, I wouldn’t want any voting machine that I had in my precinct transmit anything at all, ever. Yes, it can be electronic. You slide your ballot in and it reads it however it reads it, I’m not against technology by any stretch of the imagination, but I wouldn’t want any voting machine that transmits unless it’s done in a very, very secure manner. But while it’s standing still and while it’s not needing to transmit, all those signals that transmit are turned off until it’s time to tally the votes. But even then, right, it gets very precarious because when it begins to transmit, you’re opening a screen door and it’s, we’re never gonna have, oh man, did I just say never, it’s highly unlikely that we’ll ever create a uniform, hack-proof voting system here in the United States. It’s just not in our culture to have a uniform thing that’s equal from Kansas to D.C. We’re not gonna have the same thing in each precinct so I would just want to minimize signals in my voting machines, minimizing transmittable signals would be my preference.

      Chris: Okay, so when I wrote this question, I didn’t realize this is, I feel you already kind of answered this a few times but if you were given a magic, legislative gavel to pass a passel of laws to make voting safer, more accurate, what would you enact? It sounds like that’s not necessarily where you head goes, but–

      Adam: No, I think it’s a great, I love going to these mind spaces where we get to push ourselves to think a little bit more. No, you asked me that question, I think about it, I would just, I wouldn’t even want to wave a wand to change a law, I’d want to wave a wand, I wouldn’t even want to wave a wand to get people to think like me, I would just want people’s heart rate to go down. I would wave a wand so people’s pulse would be at a healthy level and just their hearts would soften a bit. Because I believe in the individual, I really do, I believe people are so fascinating and complicated and wonderful and that once individuals make a decision, there’s impact in that. Once an individual decides, “I’m not gonna buy into “the common belief that,” whatever, fill in the blank. I’m not gonna become an unwitting participant in this really interesting and kind of dangerous circus that’s going on right now. When I’m approached about, I’m not saying me but if I could wave a wand I would say, “hey when you’re approached about a political,” whatever the outrage of the day is. I heard that this candidate likes to kick puppies, it’s like okay, I’m gonna breathe and go, he doesn’t kick puppies. They don’t kick puppies, nobody does that, okay. So I’m skeptical of when a large group of imperfect people get together and think they know more. And again, well-intentioned, lawmakers are very well-intentioned, I don’t think that they’re out going, “how can I take over the world?” and accomplish the new world order, I think it’s more like, “wow we need to do something,” but let’s not be hasty to fix things that we’ve created and boy I love that question. I didn’t give you a good answer but I would wave a wand and I would say, “okay, everybody, “computers have to be off for 24 hours.” That’s what I would do.That’s the one, okay so I lied.

      Chris: Cutting the cord for a while, yeah.

      Adam: I would mandate a 24 hour fast from all internet connectivity. That’s what I would do.

      Chris: Sounds like bliss to me.

      Adam: Just one day, just one day.

      Chris: Yeah, yeah, just deep breath, so to wrap up today, summarize your fears and hopes for the next election and elections to come, what’s one thing that was adopted, if it was adopted across the populous would help you sleep better between now and November 2020?

      Adam: Hmm, my hope is that we fall in love with each other again as a country, my fear is that we double down on the path we are currently on. Let’s stop, let’s stop demonizing each other. Let’s stop thinking that the more we do this, whoever the individual or group, the intelligence operation that was conducted against the United States that really was brought to the forefront in 2016 is ongoing and they’re not even having to do anything right now. They’re just leaning back going, “wow, “all we had to do was hand it off to the media.” And I’m not picking a side here, I mean all of us and they’re running with it. These foreign actors are no longer having to pour gasoline, we’re doing it now to ourselves. So my fear is that we double down on this path we’ve chosen, my hope is that we won’t and that we’ll fall in love again and laugh at each other again, laugh at ourselves again about how silly our candidate is sometimes and that we just kind of get back to being the way we were before this thing happened. And I know we will get there, I do believe we’ll get there.

      Chris: Well, Adam Darrah, thank you very much for your time and insights today.

      Adam: Chris, it’s been a pleasure and I really appreciate the great questions, man. This has really forced some great thoughts and I hope I haven’t said anything too silly or awful.

      Chris: Nope, absolutely, we appreciate your insights and very glad you could make the time today.

      Adam: Anytime Chris, talk to you later.

      Chris: Alright, and thank you all for listening and watching. If you enjoyed today’s video, you can find many more on our YouTube page, just go to YouTube.com and type in Cyber Work with InfoSec to check out our collection of tutorials, interviews, and past webinars. If you’d rather have us in your ears during your workday, all of our videos are also available as audio podcasts. Just search Cyber Work with InfoSec in your favorite podcast catcher of choice. To see the current promotional offers available to listeners of this podcast, go to infosecinstitute.com/podcast, and again as I said at the top of the hour, use our free election security training resources to educate poll workers and volunteers on the cybersecurity threats they may face during election season. For information about how to download your free training packet, visit infosecinstitute.com/iq/election-security-training, or click the link in the description probably below. Thanks once again to Adam Darrah and thank you all again for watching and listening. We’ll speak to you next week.

Cyber Work listeners get a free month of Infosec Skills.

Use code “cyberwork” to get access to 500+ IT and security courses today.

Get Started

About Cyber Work

Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.

Special offer for Cyber Work listeners

Use code "cyberwork" to get a FREE month of Infosec Skills