FUD and Voting Machine Hacking: An Important Point and Important Lesson

This morning I am doing radio interviews as a Fox News Radio contributor. My topic? The DEFCON Voting Village demonstration of hacking voting machines that have been, or may currently be, used in US elections. Here are a couple of the news stories if you are unfamiliar: Hacking a US electronic voting booth takes less than 90 minutes | New Scientist and To Fix Voting Machines, Hackers Tear Them Apart | Wired

With all of the talk about hacking or rigging elections, this is a great topic to pique people’s interest for a radio interview but it can also generate a great deal of FUD. And, I really do not like FUD because it detracts from the real issues and lessons that we can learn from situations. So, there is one very important point and one very important lesson that I have tried to make during these interviews and that I hope will rise above the FUD:

IMPORTANT POINT: The voting machines used in this example were obtained from eBay and government auctions because they had been decommissioned. This means they were old. Unfortunately, some had been used in recent elections — which is a big problem — but generally speaking, we’re talking about outdated technology.

IMPORTANT LESSON: Voting machines are computers and, while (IMO) no computer will be secure they can certainly be more secure. We must be vigilant about the security of the voting machines and other election infrastructure that we use in our voting process and demand that current, state of the art equipment be used, where security is baked in from the outset and is continuously maintained as an ongoing process, from now on until further notice.

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

OCR Issues Cyberattack Response Checklist and Infographic

The United States Department of Health and Human Services’ Office for Civil Rights has just issued a checklist and infographic to aid healthcare organizations and their vendors in quickly responding to cyberattacks in compliance with HIPAA requirements.

WHDT World News Interviews Shawn Tuma about WikiLeaks’ CIA Vault7

See also: 

WikiLeaks’ Vault7 CIA Hacking Tools Release Conundrum: The Politicization of Intelligence

www.cybersecuritybusinesslaw.comFor most Americans, the WikiLeaks Vault7 release of the CIA’s hacking tools, techniques, and capabilities has created quite a conundrum. Here is how I see it:

Cyber has become the primary weapon for warfare, revolutions, and politics. As a nation, those responsible for protecting our nation must maintain superiority in that realm vis-a-vis other nations, terrorist groups, and anyone else who would do us harm. Put simply, if anybody is capable of creating and using these weapons offensively, we want it to be us, not those who want to destroy us.

I believe that most Americans understand this, expect this, and want this (at a certain level), as long as it is strictly limited in its purpose and execution. The problem is that it is not strictly limited in its purpose and execution, now, if it ever has been. The problem is the politicization of our intelligence community and other similar agencies of government whose stated purpose is to protect us and better ensure our national security but seem to be being used in ways that detract from our personal security and overall liberty. Releases of information such as Has it always been this way? Perhaps. But now, more than ever, it seems as though we are cutting down our trees as fast as we can in an effort to save our forest.

Releases of information such as this unquestionably hurt our national security. But the misuse of our intelligence agencies and the information they obtain also hurts our national security. Has it always been this way? Have our intelligence agencies always been politicized? Perhaps.

But now, more than ever, it seems as though we are cutting down our trees as fast as we can in an effort to save our forest.

In the world of forests, sometimes that must be done, such as with wildfires to create firebreaks that serve as a barrier to prevent the burning of the entire forest. But when it is done, it is precise, limited, and strategic, focused only on its intended purpose.

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Learn More About the NLJ’s Cybersecurity & Data Privacy Trailblazers for Data Privacy Day!

What better way is there to celebrate Data Privacy Day than by learning more about the most recent list of Cybersecurity & Data Privacy Law Trailblazers as published by the National Law Journal? If you are so inclined, here you go: Trailblazers!