

As Democrats approach the long-awaited Iowa caucus on February 3rd, a new smartphone app set to be used for calculating the results of the event has come under fire for its major lack of electoral security and its undisclosed origins, according to a recent report published by NPR.

根据最近发布的一份报告,随着民主党人于2月3日接近期待已久的爱荷华州核心小组,一套新的智能手机应用程序将用于计算活动结果,该应用程序因其严重缺乏选举安全性和来源不明而备受抨击由NPR 。

Unlike a simple primary vote where voters cast a ballot and the highest vote count wins, caucuses are determined via social affair — held across state gymnasiums, churches, recreation centers, or others — where delegates physically stand in their candidate’s assigned corner and caucus managers determine the results on site.


In adhering to these old-timey practices, Iowa’s Democratic Party chairman Troy Price has argued the app will modernize the vote and help “get results out to the public quicker”, all the while ignoring press questions on who exactly designed the app and what specific systems are in place to actually ensure election reliability. As of now, we only have his word.

为了秉承这些古老的做法,爱荷华州民主党主席特洛伊·普莱斯(Troy Price)辩称,该应用程序将使投票现代化,并有助于“更快地将结果发布给公众”,而始终忽略了有关谁是谁设计了该应用程序以及具体目的是什么的新闻问题。实际使用的系统可以确保选举的可靠性。 截至目前,我们只听他的话。

“We as the party have taken this very seriously, and we know how important it is for us to make sure that our process is secure and that we protect the integrity of the process,” Price says. “We want to make sure we are not relaying information that could be used against us. If there is a challenge, we’ll be ready with a backup and a backup to that backup and a backup to the backup to the backup. We are fully prepared to make sure that we can get these results in and get those results in accurately.”

普莱斯说:“作为一个政党,我们非常认真地对待这一点,我们知道确保过程安全并保护过程的完整性对我们来说至关重要。” “我们要确保我们不会中继可能对我们使用的信息。 如果遇到挑战,我们将准备好备份,该备份的备份以及该备份的备份。 我们已做好充分准备,以确保能够获得这些结果并准确地获得这些结果。”

While this flowery language of politician-speak sounds nice, there’s a trend of ‘tell, don’t show’ that was also repeated by the Democratic National Committee (DNC), the Democratic Party’s ever-controversial governing body, which has reportedly reviewed and approved of both the app and the caucus security plans. At the time, neither caucus managers, party members, or the DNC revealed the app’s developers and methods, only their approval. Party officials say “operational security prevents them from disclosing specifics about the app”, but further revelations suggest security isn’t up to snuff.

虽然这种用政治人物说话的绚烂语言听起来不错,但有一种“告诉,不显示”的趋势,民主党全国执政机构民主党全国委员会(DNC)也重复了这种说法,据报道,该委员会已对批准了该应用和核心安全计划。 当时,核心小组的负责人,党员或DNC都没有透露应用程序的开发人员和方法,只有他们的批准。 党的官员说:“运营安全性阻止他们披露有关该应用程序的细节”,但进一步的启示表明,安全性还不足以遏制。

According to further confirmations from Price, the app will also be downloaded onto the insecure personal smartphones of the caucus precinct and its own party leaders, not through security hardware provided by the party or independent bodies. Betsy Cooper, director of the Aspen Tech Policy Hub at the Aspen Institute, told NBC News this matter only makes the app more likely to receive an attack as hackers could better obtain sensitive messages, emails, and passwords to strike. “I sure hope the engineers building it are among the best on the planet,” Cooper says, adding that it’s like “giving away the keys to the kingdom and making it easier for hackers to get in.”

根据Price的进一步确认,该应用程序也将通过党或独立机构提供的安全硬件下载到核心小组及其党魁的不安全的个人智能手机上。 阿斯彭研究所(Aspen Institute)阿斯彭技术政策中心(Aspen Tech Policy Hub)主任Betsy Cooper告诉NBC新闻,这件事只会使该应用更有可能受到攻击,因为黑客可以更好地获取敏感信息,电子邮件和密码来进行攻击。 库珀说:“我当然希望建造它的工程师是全球最好的工程师之一。”这就像是“放弃了王国的钥匙,并使黑客更容易进入。”

This only begs the question of why use even the app at all? Caucuses are inherently interpersonal, allowing for several witnesses and paper records to help correct cyber-attacks should there be an investigation. In 2020, it appears delegates will be given a physical, numbered presidential preference card to record their choice, set be delivered to the Iowa Democratic Party through an established chain of custody. By contrast, it was Kiersten Todt, managing director of the cybersecurity non-profit Cyber Readiness Institute, who told NBC News the phones “can be breached in a heartbeat”, yet it is the “preferred” method for managers to report results, according to the caucus manager handbook.

这仅是为什么还要使用该应用程序的问题? 因果关系固有地是人际关系,如果有调查,则允许多个证人和书面记录来帮助纠正网络攻击。 2020年,代表们将获得一张实际的,编号已加长的总统优惠卡,以记录他们的选择,并通过建立的监护权链传递给爱荷华州民主党。 相比之下,网络安全非营利组织网络就绪研究所(Cyber​​ Readiness Institute)的常务董事基尔斯顿·托特(Kiersten Todt)告诉NBC新闻,电话“很容易被破坏”,但这是管理人员报告结果的“首选”方法。转到核心小组经理手册。

NPR interviewed several other cybersecurity experts who found the lack of transparency on the matter not only unhelpful to protecting the system but also counterproductive. “The idea of security through obscurity is almost always a mistake,” said Doug Jones, a computer science professor at the University of Iowa and a former caucus precinct leader. “Drawing the blinds on the process leaves us, in the public, in a position where we can’t even assess the competence of the people doing something on our behalf.” It’s hard to claim “operational security” is a practiced priority when the experts are bracing for disaster.

NPR采访了其他几位网络安全专家,他们发现在此问题上缺乏透明度不仅不利于保护系统,而且适得其反。 爱荷华大学计算机科学教授,前核心小组负责人道格·琼斯(Doug Jones)说:“通过模糊性来实现安全的想法几乎总是错误的。” “对流程视而不见,使我们在公众中处于无法评估代表我们做某事的人的能力的位置。” 当专家为灾难作好准备时,很难说“操作安全性”是实践中的优先事项。

The NPR report also makes a note of how the state party is working alongside the national party’s elusive cybersecurity team alongside Harvard University’s Defending Digital Democracy Project, although their relationship to the app remains unclear. NBC, on the other hand, only mentions the developer’s conducting election threat simulations with Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), according to a statement from Matt Masterson, a senior cybersecurity adviser at the agency.

NPR报告还记录了该缔约国如何与国民党难以捉摸的网络安全团队以及哈佛大学的捍卫数字民主项目一起工作,尽管他们与该应用程序的关系尚不清楚。 另一方面,根据国家广播公司高级网络安全顾问马特·马斯特森(Matt Masterson)的说法,美国国家广播公司(NBC)仅提及该开发商与国土安全部的网络安全和基础设施安全局(CISA)进行选举威胁模拟。

Alternatively, Price declined to answer whether any other third-party investigation even looked into the app, let alone found any vulnerabilities before the event. David Bergstein, a DNC spokesperson, told NBC News that there’s simply nothing to worry about here as “the security of [Iowa] caucuses [are taken] extremely seriously from all perspectives.”

另外,Price拒绝回答是否有其他第三方调查甚至调查了该应用程序,更不用说在事件发生之前发现任何漏洞了。 DNC发言人戴维·伯格斯坦(David Bergstein)告诉美国全国广播公司新闻 ( NBC News) ,这里根本没有什么可担心的,因为“ [爱荷华州”预案的安全性从各个角度都得到了非常认真的对待。”

The honest word of the DNC, however, doesn’t mean very much considering their organization’s previous court testimonies arguing they’re actually a “private organization” under no obligation to ensure “fair and impartial elections” to their voters, despite such a mandate being directly listed verbatim within their own charter.

但是,DNC的诚实话并不意味着要考虑其组织以前的法庭证词,认为它们实际上是一个“私人组织”,尽管有这样的授权,但他们没有义务确保对其选民进行“公平公正的选举”被直接逐字列出自己的宪章 。

For an even broader context, the civil lawsuit where the statement originates was in regard to key DNC leadership unethically favoring 2016 primary candidate Hillary Clinton over her rival Bernie Sanders. For an electoral app to be overseen by such undemocratic forces without third party watchdogs, it’s clear they’re not an authority on fair, impartial and secure electoral practice, whether it's through deceptive malice or just plain negligence.

从更广泛的角度来看,该声明起源的民事诉讼是关于DNC的主要领导不道德地赞成2016年主要候选人希拉里·克林顿胜过她的竞争对手伯尼·桑德斯。 要使这样的选举应用程序受到没有第三方监督者的这种不民主力量的监督,很明显,他们不是通过公正的,公正的和安全的选举实践的权威,无论是通过欺骗性的恶意还是仅仅出于疏忽。

If the wrong results go reported because of a hack, a glitch or shady political power grabs, “the damage to public confidence would be catastrophic,” Jones argues, implying greater power should be given to security watch-dogs. “Once you report something, it’s really hard to undo it, no matter how many retractions you print, no matter how many apologies you say, it’s too late, from that point of view, someone hacking the reporting process, even though its purpose is entirely informal, not intended to have any permanent importance, is something that could be very disruptive.”

琼斯认为,如果由于黑客入侵,故障或政治权力抢夺而报告了错误的结果,“对公众信心的损害将是灾难性的”,这意味着应该给安全监督机构更大的权力。 “一旦您举报了某件事,无论您打印多少撤稿,无论您说多少道歉,都很难撤消它,从那个角度来看,有人入侵了报告过程,即使目的是为了完全非正式的,不打算具有任何永久性的重要性,这可能会造成破坏。”

Thank you for reading. This article was published for TrigTent, a bipartisan media platform for political and social commentary. Bailey Steen is a journalist, editor, and designer from Australia. You can read their work on Medium and previous publications such as Janks Reviews and Newslogue.

感谢您的阅读。 本文是为TrigTent出版的, TrigTent是两党政治和社会评论媒体平台。 Bailey Steen是澳大利亚的记者,编辑和设计师。 您可以阅读他们在中型和以前的出版物(例如《 Janks评论》)上的工作 新闻日志

For updates, feel free to follow Bailey through Facebook, Twitter, Instagram, YouTube, and other social media sites. You can also contact through bsteen85@gmail for personal or business reasons. Stay honest and radical. Cheers, darlings. 💋

有关更新,请随时通过FacebookTwitter InstagramYouTube和其他社交媒体网站关注Bailey。 您也可以出于个人或业务原因通过bsteen85@gmail与您联系。 保持诚实和激进。 欢呼,亲爱的。 💋

翻译自: https://medium/swlh/the-dncs-iowa-caucus-app-raises-major-election-security-concerns-ce88b54b1ec3

本文标签: 安全问题dncsiowacaucus