It’s Monday morning, which normally means that I’m sluggish, in need of coffee, and figuring out my calendar for the work week. This week I’m actually quite optimistic. Hanukah starts tomorrow night, but more importantly, A NEW STAR WARS MOVIE IS BEING RELEASED THIS WEEK!!! Sorry to geek out there, but Star Wars was quite a formative film franchise in my youth development, and is part of the reason why I was inspired to go into the tech industry. I apologize that I did not release a blog post over the weekend. I was quite busy with important but mundane chores and didn’t get a chance to open my computer screen.
Now, for my first rant of the week: There is a special election happening tomorrow in Alabama for the vacant senator seat there, and that means there will be a lot of registered voters heading to the polls. (Side note, if you are a US Citizen, residing in Alabama, over the age of 18, and registered to vote, do your civic duty and vote! It doesn’t matter for whom; just vote). The past year or so, the concept of electoral integrity has been a major news story, and this is directly related to the tech industry. Many polling districts use electronic voting machines. Unfortunately, like almost any computing device, these machines can be hacked.
Hacking is a very strong, yet misunderstood term. There are several different forms of hacking, from the original usage of finding workarounds to a problem or complexity, to the more common perception of gaining unauthorized access to a system for illicit gain or purpose. The latter reason, which in the cybersecurity world is known as Black Hat hacking, is why many technology and software companies employ what are called White Hat hackers, who try and hack the technology in question in order to document the vulnerabilities and patch them up to prevent anyone else from gaining access. There is also another category of hackers called Grey Hat hackers who operate in that shadowy grey area in between of illegal and legal, often doing something illegal but without seeking personal profit or gain. If you’ve illegally downloaded a song or used a cracked software, then you have done a Grey Hat hack.
However, more than voting machines, what terrifies me as a tech professional is proposed changes to how voter rolls are being stored. There is a plan being floated by the White House’s Commission on Electoral Integrity to warehouse all voter data, including sensitive information like social security numbers, on one potentially unsecure server in the White House. This scares me for several reasons. First, if a database is stored in the White House, which is the symbol of American partisan politics, then the voter database is in the hands and beholden to the whims of a political politician who may not be well versed in cyber security or computer technology better practices. What is to stop him or her from using the data contained to punish opposition voters or to purge everyone he or she doesn’t like from the list. Secondly, the servers of the White House are generally not as secure as those of the NSA, FBI or CIA. These agencies are more in the forefront of cyber security and technology, and are motivated by security concerns while generally being apolitical. Thirdly, putting all this information in once place creates a one stop shop for would be Black Hat hackers. The way the system is set up presently, each state (and territory) is in control of it’s own separate database with it’s own security and encryption. If a hacker wanted all of America’s voting data, they have to hack into 57 separate systems, each with separate forms of security, encryption, and a separate set of eyeballs watching it’s integrity. Inherently this means there are more chances of getting caught. It’s much easier to hack all of this data when you only have attack one system. Consequently, I feel the need to speak out against this particular plan because it is poor security architecture.
Now, keeping with the theme of security and integrity, my tech tip of the day is about better practices with keeping your personal computer secure. If you use a Windows or Mac machine, Microsoft and Apple will periodically send updates to your machine. Make sure that your machine is set to automatically run updates. Most of them are fixes to address discovered flaws or new innovations created by hackers.
Ensure that you have antimalware AND antivirus installed on your machine, and make sure that their parameters are regularly updated. If you are cheap like me, Sophos is a good free anti-virus program. It is created and maintained by the Massachusetts Institute of Technology, so it’s got a pretty good reputation.