Summary
DOMAIN DISDAIN — States that will play a key role in the presidential election aren’t widely using secure website protocols, McAfee said in a report published today. Only 17 percent of counties in battleground states use .gov domains, as federal authorities recommend, including 11 percent of Iowa counties and 10 percent of New Hampshire counties. Arizona fared the best out of the 13 states that McAfee examined, but even there, only 67 percent of its counties used .gov domains. At the bottom of the list were Minnesota (4.6 percent) and Texas (5.1 percent).
On an even more basic level, nearly half (46.6 percent) of battleground-state counties lack HTTPS, which protects traffic from interception and tampering. “This means that any personal voter registration information that a user shares with the site cannot be intercepted and stolen by hackers while they are on the site,” wrote McAfee’s researchers. Another possible risk: hackers directing voters to a fake county website, exploiting the real county site’s lack of trust signifiers like .gov or HTTPS. “As people gear up to cast their ballots for party candidates,” the researchers wrote, “they may not realize that website security shortcomings could leave the U.S. elections susceptible to digital disinformation campaigns or possibly worse seeking to influence and/or manipulate the democratic process.”
…
Smartphone voting was already unpopular with election security experts, so this isn’t likely to help the cause. Even as speculation ran wild on Twitter and elsewhere, some of it deemed false, there may have been potential lessons related to election hacking. “Most who have been paying attention to election ‘hacking’ threats, have focused on the voting machines,” tweeted Nathaniel Persily, co-director of Stanford Cyber Policy Center. “But we need to focus equally on the entire technological ecosystem of elections — and any technology that can raise doubts (however unfounded) about the accuracy of results.”
Read More