1 00:00:44,778 --> 00:00:48,048 Speaker 1: All right. In this episode I talk about election security 2 00:00:48,138 --> 00:00:52,498 Speaker 1: with retired Air Force Major General Earl Matthews who is 3 00:00:52,498 --> 00:00:55,678 Speaker 1: the chief security officer at Rodan and who has been 4 00:00:55,678 --> 00:00:59,838 Speaker 1: thinking about election security for over 20 years. We had 5 00:00:59,838 --> 00:01:02,778 Speaker 1: a pretty wide ranging conversation taking us through the ultimate 6 00:01:02,778 --> 00:01:07,398 Speaker 1: goal of election attacks. The Iowa debacle and the likely 7 00:01:07,398 --> 00:01:12,628 Speaker 1: motives for foreign intervention into U.S. elections so with that 8 00:01:12,837 --> 00:01:15,478 Speaker 1: I'm happy to bring you my conversation with General oral 9 00:01:15,478 --> 00:01:18,108 Speaker 1: Matthews on the topic of election security. 10 00:01:22,518 --> 00:01:26,718 Speaker 2: All right welcome General Matthews. Thanks for coming on. Unsupervised Learning. 11 00:01:27,248 --> 00:01:28,388 Speaker 3: Dan thanks very much. 12 00:01:28,408 --> 00:01:32,967 Speaker 2: Now Happy Friday dear so I will have already introduced 13 00:01:32,968 --> 00:01:35,038 Speaker 2: you on the show and looking at your background it 14 00:01:35,038 --> 00:01:38,978 Speaker 2: looks like we actually both worked at HP oh that 15 00:01:39,008 --> 00:01:43,588 Speaker 2: also at same time I think it might have been. 16 00:01:43,598 --> 00:01:47,428 Speaker 2: Yeah it was. Was it called ESPN the timer ISIS 17 00:01:47,438 --> 00:01:49,448 Speaker 2: or something like that. 18 00:01:49,448 --> 00:01:52,828 Speaker 4: No I it was so when I tried security products. Yes. 19 00:01:53,168 --> 00:01:56,198 Speaker 4: Yeah I belonged in ESF That's right. 20 00:01:56,228 --> 00:01:59,948 Speaker 2: Yes. So I worked for Jason Schmidt and fortify him 21 00:01:59,948 --> 00:02:02,528 Speaker 2: for Ryan English and fortifying demand. 22 00:02:02,528 --> 00:02:05,258 Speaker 5: Wonderful that I did when I fell in contact with 23 00:02:05,258 --> 00:02:08,528 Speaker 5: Jason and others and I think fortify is still an 24 00:02:08,528 --> 00:02:12,618 Speaker 5: outstanding private. I recommend it still did it yeah. 25 00:02:12,828 --> 00:02:17,888 Speaker 6: Absolutely. Very cool. I guess told me how you got 26 00:02:17,888 --> 00:02:23,198 Speaker 6: started in election security. I assume 2016 was probably a 27 00:02:23,198 --> 00:02:24,308 Speaker 6: catalyst of some sort. 28 00:02:24,728 --> 00:02:30,407 Speaker 5: Yeah. And it's actually you know my military background elections 29 00:02:30,428 --> 00:02:35,108 Speaker 5: I've been front and center most of my entire career 30 00:02:35,548 --> 00:02:40,028 Speaker 5: adult life. I voted the absentee ballot and it actually 31 00:02:40,148 --> 00:02:43,298 Speaker 5: really started peaking my interest in there in 2000 right 32 00:02:43,298 --> 00:02:46,898 Speaker 5: when we had the hanging chads and what the impact 33 00:02:46,898 --> 00:02:49,508 Speaker 5: was at that time about you know supposedly all these 34 00:02:49,507 --> 00:02:54,368 Speaker 5: absentee ballots from the military sway and sway the vote 35 00:02:54,368 --> 00:02:55,898 Speaker 5: and hadn't been counted. 36 00:02:56,137 --> 00:02:59,488 Speaker 7: And then many years later I find myself in the 37 00:02:59,528 --> 00:03:03,468 Speaker 7: RAF in Germany and I am responsible for all the 38 00:03:03,468 --> 00:03:07,638 Speaker 7: postal distribution throughout Europe. Now that comes by air and 39 00:03:07,637 --> 00:03:10,388 Speaker 7: the army then would be responsible for by trucking it 40 00:03:10,387 --> 00:03:13,548 Speaker 7: out to all the different bases but I really had 41 00:03:13,548 --> 00:03:17,388 Speaker 7: to focus in on election years because after the 2000 42 00:03:17,387 --> 00:03:20,658 Speaker 7: elections we had to account now for all the ballots 43 00:03:20,688 --> 00:03:24,528 Speaker 7: that were coming into the military post offices overseas and 44 00:03:24,528 --> 00:03:27,768 Speaker 7: actually tracking them to make sure that the people who 45 00:03:27,768 --> 00:03:29,988 Speaker 7: got voted and put it back in there it got 46 00:03:29,988 --> 00:03:33,318 Speaker 7: delivered on time and then just as an aside my 47 00:03:33,317 --> 00:03:36,978 Speaker 7: wife also works in the I.T. sector and she was 48 00:03:36,978 --> 00:03:40,328 Speaker 7: helping with the first voting. 49 00:03:40,368 --> 00:03:45,598 Speaker 8: This is in Uganda to thousands of military folks. So 50 00:03:45,618 --> 00:03:48,558 Speaker 8: I have been associated for a long time and now 51 00:03:48,558 --> 00:03:55,188 Speaker 8: that know after 2016 and that all the influence on 52 00:03:55,728 --> 00:04:00,948 Speaker 8: infrastructure security but really about the disinformation it has been 53 00:04:01,098 --> 00:04:05,978 Speaker 8: used really got my attention leading up to that. 54 00:04:06,068 --> 00:04:08,528 Speaker 5: Up to that election and so now today you know 55 00:04:08,538 --> 00:04:12,498 Speaker 5: social media is really my biggest concern on disinformation. 56 00:04:12,638 --> 00:04:16,638 Speaker 9: And you know we're seeing social media really start take 57 00:04:16,638 --> 00:04:19,788 Speaker 9: a hold of this start deleting accounts and I firmly 58 00:04:19,788 --> 00:04:24,467 Speaker 9: believe that social media companies should be accountable that the 59 00:04:24,468 --> 00:04:28,598 Speaker 9: accounts that are being created are truly real accounts and 60 00:04:28,598 --> 00:04:29,988 Speaker 9: are not being done falsely. 61 00:04:32,278 --> 00:04:36,388 Speaker 6: Yeah absolutely. So are you familiar with our Rene de Resta. 62 00:04:36,888 --> 00:04:38,518 Speaker 3: Yeah I am familiar yes sir. 63 00:04:39,878 --> 00:04:42,668 Speaker 2: Yeah. So really interesting she she does a lot of 64 00:04:42,668 --> 00:04:45,518 Speaker 2: work on the social media stuff and the both the 65 00:04:45,518 --> 00:04:49,568 Speaker 2: misinformation and the disinformation. And one of the things she 66 00:04:49,568 --> 00:04:54,548 Speaker 2: talks about is how difficult it can be to lock 67 00:04:54,548 --> 00:04:57,157 Speaker 2: on to a bad account because what they'll do is 68 00:04:57,158 --> 00:05:01,928 Speaker 2: months before the campaign they they create a legitimate account 69 00:05:01,948 --> 00:05:05,618 Speaker 2: with like legitimate sounding you know user name or whatever 70 00:05:05,948 --> 00:05:07,538 Speaker 2: and then they go in and they drop tons of 71 00:05:07,538 --> 00:05:10,358 Speaker 2: content related to that particular thing. So let's say it's 72 00:05:10,358 --> 00:05:14,708 Speaker 2: cars or fast cars or car modifications it'll be months 73 00:05:14,708 --> 00:05:18,608 Speaker 2: and months and months of a precedent of legitimate content 74 00:05:20,048 --> 00:05:22,538 Speaker 2: just so they could track the algorithms that look for 75 00:05:22,788 --> 00:05:24,828 Speaker 2: you know pure misinformation. 76 00:05:24,878 --> 00:05:27,128 Speaker 5: Yeah but when those accounts get January what I would 77 00:05:27,128 --> 00:05:29,318 Speaker 5: say the corollary to that is that you have to 78 00:05:29,318 --> 00:05:35,178 Speaker 5: supply name information telephone numbers and things like that. The 79 00:05:35,228 --> 00:05:37,778 Speaker 5: more obscure that that becomes I think should be an 80 00:05:37,778 --> 00:05:41,648 Speaker 5: indicator to a social media platform that something isn't exactly 81 00:05:41,648 --> 00:05:45,158 Speaker 5: right here. And I think it's also interesting perhaps for 82 00:05:45,158 --> 00:05:50,017 Speaker 5: your listeners to understand that 61 percent of all the 83 00:05:50,018 --> 00:05:54,248 Speaker 5: traffic on the internet is actually created by bots and 84 00:05:54,248 --> 00:05:57,788 Speaker 5: not by humans putting content on there and of that 85 00:05:57,848 --> 00:06:04,058 Speaker 5: about 30 some percent are actually fairly defeated. So what 86 00:06:04,058 --> 00:06:05,558 Speaker 5: we're going to talk about today. But I do think 87 00:06:05,558 --> 00:06:08,018 Speaker 5: it's an interesting factoid that actually you know more than 88 00:06:08,018 --> 00:06:09,998 Speaker 5: 60 percent of the traffic on the Internet is not 89 00:06:09,998 --> 00:06:13,038 Speaker 5: human created yeah. 90 00:06:13,068 --> 00:06:15,828 Speaker 2: Interesting. And what would you say most of that traffic 91 00:06:15,828 --> 00:06:19,368 Speaker 2: is is that like clicking on youtube links like trying 92 00:06:19,368 --> 00:06:22,488 Speaker 2: to vote up content on Twitter. Is it a voting 93 00:06:22,488 --> 00:06:25,878 Speaker 2: type fraud or what type of bot activity is that. 94 00:06:26,368 --> 00:06:29,118 Speaker 8: Yeah. So I would take most of that bot activity 95 00:06:29,118 --> 00:06:33,077 Speaker 8: it's just taking information from one location and then moving 96 00:06:33,078 --> 00:06:37,577 Speaker 8: it to another location or trolling where news organizations are 97 00:06:38,238 --> 00:06:41,868 Speaker 8: continually looking for new types of news stories that are 98 00:06:41,868 --> 00:06:44,598 Speaker 8: being out there whether they're generated by me putting up 99 00:06:44,598 --> 00:06:48,077 Speaker 8: a video or that another news organization has has put 100 00:06:48,078 --> 00:06:50,718 Speaker 8: up there. And so it's just you have these algorithms 101 00:06:50,718 --> 00:06:53,708 Speaker 8: out there just to get that information and so forth. 102 00:06:55,208 --> 00:06:57,448 Speaker 2: OK that makes sense. So who crawlers. 103 00:06:57,788 --> 00:06:59,228 Speaker 10: Yes great traps. Yeah. 104 00:06:59,518 --> 00:07:03,638 Speaker 6: Yeah sure. Awesome. And I noticed in researching some of 105 00:07:03,638 --> 00:07:06,338 Speaker 6: your work you had some tenants you had five tenants. 106 00:07:06,338 --> 00:07:08,168 Speaker 6: I have them here. But if you would like to 107 00:07:08,168 --> 00:07:11,438 Speaker 6: go through them the first one was stop making assumptions 108 00:07:11,438 --> 00:07:15,228 Speaker 6: the second one was transparency. You won't talk about those. 109 00:07:15,998 --> 00:07:21,048 Speaker 8: Yeah. And I think that what our listeners really don't 110 00:07:21,188 --> 00:07:23,588 Speaker 8: they'll have a hard time struggling with with all these 111 00:07:23,588 --> 00:07:27,578 Speaker 8: new exposures of our information is that there really isn't 112 00:07:27,668 --> 00:07:30,668 Speaker 8: anything new right that's happening here. 113 00:07:30,668 --> 00:07:34,168 Speaker 11: Most of it is coming from mis mis configurations and 114 00:07:34,658 --> 00:07:37,568 Speaker 11: part of that is just because we start assuming that 115 00:07:38,858 --> 00:07:42,098 Speaker 11: things are actually working like they're supposed to be and 116 00:07:42,268 --> 00:07:45,938 Speaker 11: their security controls really aren't doing that. I think there's 117 00:07:45,968 --> 00:07:50,588 Speaker 11: a lack of transparency right in how the electronic voting 118 00:07:51,428 --> 00:07:56,978 Speaker 11: companies are letting us know that the vulnerability of their 119 00:07:56,978 --> 00:08:00,448 Speaker 11: platforms and that there's a lack of software independence in 120 00:08:00,498 --> 00:08:03,728 Speaker 11: the voting machines and third parties. But now I think 121 00:08:03,728 --> 00:08:08,078 Speaker 11: it's gotten significantly better since 2016 but I just think 122 00:08:08,078 --> 00:08:11,888 Speaker 11: the whole all the assurance piece of what happens to 123 00:08:11,888 --> 00:08:14,428 Speaker 11: these proprietary systems just aren't there for us. 124 00:08:15,368 --> 00:08:20,098 Speaker 6: Yeah and you've got here mandate transparency from commercial hardware 125 00:08:20,108 --> 00:08:25,338 Speaker 6: software companies many of these are transparency based data driven 126 00:08:25,338 --> 00:08:31,178 Speaker 6: evaluation of providers that provide the technology alignment between state 127 00:08:31,238 --> 00:08:36,548 Speaker 6: CEOs and CEOs and secretaries of state. These all seem 128 00:08:36,548 --> 00:08:42,508 Speaker 6: really solid and continuous and quantified evaluation and validation of 129 00:08:42,508 --> 00:08:45,968 Speaker 6: security controls. I think these are fantastic recommendations. 130 00:08:47,318 --> 00:08:51,268 Speaker 8: Yeah probably for our listeners they may not well understand 131 00:08:51,268 --> 00:08:54,418 Speaker 8: that by the way all elections are run by the 132 00:08:54,418 --> 00:08:58,078 Speaker 8: states not run by the federal government. You know that 133 00:08:58,468 --> 00:09:02,458 Speaker 8: this voting piece of this falls underneath the secretary of 134 00:09:02,458 --> 00:09:08,167 Speaker 8: state and not underneath the governor. Day to day routine business. 135 00:09:08,648 --> 00:09:11,398 Speaker 8: And so as a result there hasn't been a very 136 00:09:11,398 --> 00:09:15,448 Speaker 8: tight alignment between the state CIO OWS and the state 137 00:09:15,598 --> 00:09:21,398 Speaker 8: information security officers with the secretary of state's election State Committee. 138 00:09:21,838 --> 00:09:25,468 Speaker 8: So I'm a huge fan of those organizations coming together 139 00:09:25,498 --> 00:09:28,237 Speaker 8: and I've seen that I've seen it in Michigan and 140 00:09:28,238 --> 00:09:31,258 Speaker 8: I've seen it in Indiana and then in Iowa. We 141 00:09:31,258 --> 00:09:34,438 Speaker 8: just saw that the chief security officer for the state 142 00:09:35,038 --> 00:09:38,728 Speaker 8: has now resigned from that position and actually has moved 143 00:09:38,728 --> 00:09:42,238 Speaker 8: over to the secretary of state election office to help 144 00:09:42,288 --> 00:09:45,778 Speaker 8: them with cyber security. So this is and that is 145 00:09:46,108 --> 00:09:51,838 Speaker 8: primarily been because we have a treaty on infrastructure as 146 00:09:51,838 --> 00:09:56,518 Speaker 8: a holistic problem. We've been looking at it in isolation. 147 00:09:56,668 --> 00:10:01,118 Speaker 6: Interesting. So is that similar to like a jurisdictional problem. 148 00:10:01,508 --> 00:10:03,748 Speaker 6: Not quite at the scale of 9/11 but where you 149 00:10:03,748 --> 00:10:06,808 Speaker 6: have different groups and they're not designed to work with 150 00:10:06,808 --> 00:10:10,228 Speaker 6: each other and therefore the information's not being exchanged. Is 151 00:10:10,228 --> 00:10:12,987 Speaker 6: that kind of what you're describing with the secretary of 152 00:10:12,988 --> 00:10:14,388 Speaker 6: state versus governors group. 153 00:10:16,148 --> 00:10:23,048 Speaker 5: I think it's traditional. So I've been of functions versus 154 00:10:23,288 --> 00:10:27,848 Speaker 5: the commingling of functions across an organization. And you and 155 00:10:27,848 --> 00:10:30,218 Speaker 5: I saw this when we were at HP you two 156 00:10:30,428 --> 00:10:33,008 Speaker 5: things got siloed off and then the left hand doesn't 157 00:10:33,008 --> 00:10:34,878 Speaker 5: know what the right what the right hand is doing. 158 00:10:35,768 --> 00:10:41,168 Speaker 12: But I think that since 2016 we've seen a significant 159 00:10:41,168 --> 00:10:45,338 Speaker 12: change in all of this because of the one that 160 00:10:45,338 --> 00:10:53,318 Speaker 12: designation against critical infrastructure. We've seen the DHS create a 161 00:10:53,318 --> 00:10:59,498 Speaker 12: special office for election to look since her day oversight 162 00:10:59,978 --> 00:11:03,368 Speaker 12: and we've seen the US government create the US election 163 00:11:03,368 --> 00:11:08,948 Speaker 12: commission and then we've also seen the federal government designate 164 00:11:09,918 --> 00:11:15,118 Speaker 12: funding for states specifically for election security. 165 00:11:15,138 --> 00:11:18,048 Speaker 6: So I think that I think it's gotten very interesting 166 00:11:18,768 --> 00:11:22,028 Speaker 6: I guess. So you currently work at is a very 167 00:11:22,028 --> 00:11:24,968 Speaker 6: dinner or Rodin verdant probably yeah. 168 00:11:25,158 --> 00:11:31,248 Speaker 5: Yes buried in and that's a common you mispronunciation of 169 00:11:31,248 --> 00:11:35,568 Speaker 5: the organization but it comes from the god burritos for 170 00:11:35,568 --> 00:11:39,028 Speaker 5: Truth o knife in the God put in for wisdom 171 00:11:39,048 --> 00:11:43,558 Speaker 5: in battle and what Odin would do is send out 172 00:11:43,558 --> 00:11:47,698 Speaker 5: dogs and ravens to collect intelligence about his enemy and 173 00:11:47,698 --> 00:11:50,158 Speaker 5: then bring that intelligence back and then he would go 174 00:11:50,158 --> 00:11:52,867 Speaker 5: into battle which is why he was so successful. 175 00:11:52,978 --> 00:11:57,747 Speaker 8: I consider ourselves the warrior troop company because what we 176 00:11:57,748 --> 00:12:03,387 Speaker 8: do is we instrument your network looking for your security controls. 177 00:12:03,778 --> 00:12:08,968 Speaker 8: Current instantiation. Are they working like you are supposed to 178 00:12:08,968 --> 00:12:12,658 Speaker 8: be working. And we do that by running like malware 179 00:12:12,658 --> 00:12:16,768 Speaker 8: in your production environment to give you the No Kidding truth. 180 00:12:16,798 --> 00:12:20,668 Speaker 8: This is how my controls are actually working. So that's 181 00:12:20,668 --> 00:12:22,808 Speaker 8: what their net burden is about. 182 00:12:22,858 --> 00:12:26,528 Speaker 2: Nice and Verizon is now part of FireEye. Is that correct. 183 00:12:27,588 --> 00:12:28,727 Speaker 13: That is very true. 184 00:12:28,788 --> 00:12:31,727 Speaker 8: So last summer we were one of the few cybersecurity 185 00:12:31,908 --> 00:12:36,398 Speaker 8: companies that gets acquired and we were acquired by FireEye 186 00:12:36,828 --> 00:12:40,818 Speaker 8: which is really considered the number one threat intelligence in 187 00:12:40,998 --> 00:12:44,108 Speaker 8: the world and Mandiant is a part of fire right 188 00:12:44,118 --> 00:12:46,788 Speaker 8: that does the most efficient response around the world in 189 00:12:46,788 --> 00:12:50,278 Speaker 8: our platform runs off of intelligence. So it was a 190 00:12:50,718 --> 00:12:51,908 Speaker 8: superb marriage for us. 191 00:12:51,918 --> 00:12:55,798 Speaker 4: Now in this space that's fantastic Degrassi. 192 00:12:56,058 --> 00:12:59,918 Speaker 2: Yeah. And actually I knew I recognized the name Veridian 193 00:13:00,328 --> 00:13:01,998 Speaker 2: and I looked it up it's actually one of my 194 00:13:01,998 --> 00:13:05,898 Speaker 2: favorite spaces in all of the security tools. I love 195 00:13:05,898 --> 00:13:10,068 Speaker 2: the idea of continuous checking. So I guess can you 196 00:13:10,068 --> 00:13:12,398 Speaker 2: go in a little more detail about how it works 197 00:13:12,418 --> 00:13:14,958 Speaker 2: like Do you have a center and a receiver and 198 00:13:14,958 --> 00:13:19,488 Speaker 2: you sprinkle these throughout the environment and then you send 199 00:13:19,488 --> 00:13:22,848 Speaker 2: malware from the center to the receiver to see if 200 00:13:22,848 --> 00:13:25,008 Speaker 2: it's caught by various controls or how does that work. 201 00:13:26,338 --> 00:13:28,208 Speaker 5: Yeah. You've described that you've nailed it. 202 00:13:28,368 --> 00:13:33,018 Speaker 8: You could be a spokesman for us and what is 203 00:13:33,058 --> 00:13:36,298 Speaker 8: all automated mail software driven and what we are really 204 00:13:36,298 --> 00:13:39,908 Speaker 8: attacking is the number one problem which is false with. 205 00:13:40,558 --> 00:13:44,248 Speaker 8: And so we are both the attacker and the target 206 00:13:44,888 --> 00:13:47,548 Speaker 8: we are. We sit in your operational environment but we're 207 00:13:47,548 --> 00:13:51,627 Speaker 8: not on anybody's operational assets meaning if you have a 208 00:13:51,628 --> 00:13:54,508 Speaker 8: server that has customer data on it. We're not sitting 209 00:13:54,508 --> 00:13:57,718 Speaker 8: on that server. We just look like a virtual image 210 00:13:57,748 --> 00:14:01,228 Speaker 8: of that server with the same security controls. And then 211 00:14:01,228 --> 00:14:04,318 Speaker 8: is the. And then we put one and another side 212 00:14:04,318 --> 00:14:06,568 Speaker 8: of your network where it could be external or to 213 00:14:06,568 --> 00:14:10,158 Speaker 8: be internal to look for segmentation and then the you 214 00:14:10,148 --> 00:14:12,868 Speaker 8: know the National console tells this actor to go attack 215 00:14:12,928 --> 00:14:16,617 Speaker 8: this other actor. And we know that it's successful or 216 00:14:16,618 --> 00:14:20,188 Speaker 8: not successful because we are controlling both the originating in 217 00:14:21,058 --> 00:14:25,288 Speaker 8: IP address and the target IP address. And if it 218 00:14:25,288 --> 00:14:26,908 Speaker 8: makes it from one end to the other we know 219 00:14:26,908 --> 00:14:30,928 Speaker 8: that your security stack didn't block it. And then what 220 00:14:30,928 --> 00:14:33,118 Speaker 8: we do is we produce all the data to show 221 00:14:33,538 --> 00:14:36,778 Speaker 8: what in your security stack could have blocked it but 222 00:14:36,778 --> 00:14:40,258 Speaker 8: you don't have it together correctly the painful to do that. 223 00:14:40,808 --> 00:14:44,288 Speaker 14: Mm hmm interesting. Yeah. Yeah. 224 00:14:44,308 --> 00:14:47,728 Speaker 2: And just to let everyone know who's listening. This is 225 00:14:47,728 --> 00:14:51,718 Speaker 2: not about the vendor thing. So we have lots more 226 00:14:51,718 --> 00:14:55,688 Speaker 2: questions about elections itself but I think this is important. 227 00:14:55,698 --> 00:14:59,218 Speaker 2: And I actually want to ask you does this interact 228 00:14:59,218 --> 00:15:02,608 Speaker 2: at all with election security devices like do you put 229 00:15:02,608 --> 00:15:06,228 Speaker 2: it on a network where polling devices are in use 230 00:15:06,228 --> 00:15:09,118 Speaker 2: this technology to defend elections in any way or is 231 00:15:09,118 --> 00:15:09,898 Speaker 2: it unrelated. 232 00:15:11,538 --> 00:15:14,178 Speaker 8: No you would actually put it into the segment in 233 00:15:14,178 --> 00:15:17,808 Speaker 8: which those voting polling devices are going to be located 234 00:15:18,588 --> 00:15:21,558 Speaker 8: and then what you would be doing is just assessing 235 00:15:21,668 --> 00:15:24,678 Speaker 8: that the controls that are protect to protect that voting 236 00:15:24,678 --> 00:15:27,848 Speaker 8: device are actually working like they're supposed to be working 237 00:15:27,868 --> 00:15:32,358 Speaker 8: because many of these voting devices are connected to either 238 00:15:32,358 --> 00:15:35,898 Speaker 8: a separate network or an outer band network and you 239 00:15:35,978 --> 00:15:40,638 Speaker 8: monitor that from a defensive staff who's actually doing what 240 00:15:40,638 --> 00:15:41,898 Speaker 8: it's supposed to be doing OK. 241 00:15:42,048 --> 00:15:44,208 Speaker 2: That makes sense. So you're you're basically looking at the 242 00:15:44,208 --> 00:15:48,888 Speaker 2: health of the networks and the connectivity around that environment. 243 00:15:48,888 --> 00:15:50,748 Speaker 2: So it's not like running an age and like on 244 00:15:50,748 --> 00:15:53,588 Speaker 2: the voting machine or something like that and looking out 245 00:15:53,708 --> 00:15:56,818 Speaker 2: for anybody making standpoint that's all right. 246 00:15:57,078 --> 00:15:59,658 Speaker 15: The voting machines have enough going on up there and 247 00:15:59,658 --> 00:16:02,698 Speaker 15: they don't need any more heavyweight things put on there. 248 00:16:02,718 --> 00:16:05,118 Speaker 6: Speaking of that what did you think about the Iowa 249 00:16:05,118 --> 00:16:07,908 Speaker 6: situation yeah. 250 00:16:07,938 --> 00:16:12,468 Speaker 8: And so this was really fascinating to me. I belong 251 00:16:12,468 --> 00:16:17,348 Speaker 8: to a Forbes Technology Council and it was immediately sent 252 00:16:17,348 --> 00:16:20,508 Speaker 8: a note by another member who was on the council 253 00:16:20,808 --> 00:16:23,168 Speaker 8: and me on there like five or six others in 254 00:16:23,178 --> 00:16:24,608 Speaker 8: this little dialogue. 255 00:16:24,738 --> 00:16:26,898 Speaker 5: And as soon as I got it the next morning 256 00:16:27,618 --> 00:16:29,988 Speaker 5: I just was easy for me to respond back and 257 00:16:30,078 --> 00:16:33,558 Speaker 5: I knew in my heart that it was not because 258 00:16:33,558 --> 00:16:39,408 Speaker 5: of the cyber vulnerability but development then you know I 259 00:16:39,408 --> 00:16:43,908 Speaker 5: was a CIO myself at U.S. Transportation Command and what 260 00:16:44,058 --> 00:16:47,268 Speaker 5: always happens in software is that there is a rush 261 00:16:47,628 --> 00:16:51,828 Speaker 5: to finalize the code and then that generally leads to 262 00:16:51,828 --> 00:16:55,308 Speaker 5: a lack of amount of time for the testing organization 263 00:16:55,608 --> 00:16:58,608 Speaker 5: to do their full vetting of it before that app 264 00:16:58,608 --> 00:17:02,388 Speaker 5: goes into production. Sure. That was my first suspicion and 265 00:17:02,388 --> 00:17:05,258 Speaker 5: that that's the one that actually turned out to be true. 266 00:17:05,268 --> 00:17:10,937 Speaker 5: My second suspicion was that there wasn't enough data sets 267 00:17:10,937 --> 00:17:14,178 Speaker 5: available for them to actually go do the testing at 268 00:17:14,177 --> 00:17:17,388 Speaker 5: scale and we see this all the time. It doesn't 269 00:17:17,388 --> 00:17:20,898 Speaker 5: matter how large a organization is having that real production 270 00:17:20,898 --> 00:17:24,228 Speaker 5: data it gets hard to come by. And then my 271 00:17:24,228 --> 00:17:27,527 Speaker 5: third suspicion was there was no never a dry run 272 00:17:27,798 --> 00:17:31,248 Speaker 5: of the entire system from end. So it turned out 273 00:17:31,248 --> 00:17:34,128 Speaker 5: that the number one hey this rush to get there 274 00:17:34,427 --> 00:17:37,167 Speaker 5: actually happened because we did x and the number to 275 00:17:37,177 --> 00:17:41,378 Speaker 5: beat 360 or do a dry run with that. 276 00:17:41,388 --> 00:17:45,757 Speaker 4: Interesting what that application. Yeah yeah. 277 00:17:45,947 --> 00:17:48,288 Speaker 15: Now M.I.T. has done a review of their code. Now 278 00:17:48,318 --> 00:17:50,537 Speaker 15: they've got all these other vulnerabilities but that wasn't the 279 00:17:50,538 --> 00:17:53,148 Speaker 15: cause of the problem on top of that. 280 00:17:53,207 --> 00:17:58,267 Speaker 6: Interesting. How do you see the relative threats of overall incompetence. 281 00:17:58,308 --> 00:18:00,947 Speaker 6: Like you said just not necessarily incompetence but like software 282 00:18:00,947 --> 00:18:03,677 Speaker 6: is hard and complex and there are lots of failures 283 00:18:04,068 --> 00:18:08,778 Speaker 6: versus a lack of transparency into voting versus actual for 284 00:18:08,777 --> 00:18:12,328 Speaker 6: an intervention into the system. How do you stock those 285 00:18:12,318 --> 00:18:13,388 Speaker 6: as as threats. 286 00:18:14,608 --> 00:18:19,708 Speaker 7: Well I would certainly stack. Number one foreign intervention through 287 00:18:19,767 --> 00:18:24,717 Speaker 7: either miss or disinformation using social media platforms as being 288 00:18:24,717 --> 00:18:29,888 Speaker 7: the number one threat and that is primarily because I 289 00:18:29,888 --> 00:18:34,087 Speaker 7: think we've done a very good reason for this show 290 00:18:34,388 --> 00:18:38,087 Speaker 7: about addressing the hardware and software pieces of it and 291 00:18:38,148 --> 00:18:41,388 Speaker 7: to your point. Software is never going to be perfect. 292 00:18:41,497 --> 00:18:44,197 Speaker 7: So that's how I would say that's the the order 293 00:18:44,197 --> 00:18:46,687 Speaker 7: of those of those two threats is when we look 294 00:18:46,687 --> 00:18:50,617 Speaker 7: at the voting process. Dan it's actually pretty simple. You 295 00:18:50,618 --> 00:18:53,828 Speaker 7: have an eligible voter. You have one vote and that 296 00:18:53,828 --> 00:18:55,717 Speaker 7: vote has to be kept secret. 297 00:18:55,898 --> 00:18:58,537 Speaker 3: And then what happens is we have a chain of 298 00:18:58,538 --> 00:19:04,947 Speaker 3: custody and it needs to be an end and verifiable structure. 299 00:19:05,017 --> 00:19:09,368 Speaker 3: We have to guarantee integrity of the. And then that 300 00:19:09,368 --> 00:19:14,768 Speaker 3: the ballot was actually cast was collected and that's been counted. 301 00:19:14,788 --> 00:19:17,258 Speaker 3: And now we need to verify that. I mean it's 302 00:19:17,257 --> 00:19:20,707 Speaker 3: a pretty pretty simple thing actually in the end. 303 00:19:20,707 --> 00:19:23,847 Speaker 2: Interesting. What would you say. I actually agree with you 304 00:19:23,858 --> 00:19:26,407 Speaker 2: for the record. But what would you say to somebody 305 00:19:26,407 --> 00:19:29,767 Speaker 2: who says well yeah there was foreign interaction you know 306 00:19:29,767 --> 00:19:33,007 Speaker 2: interference with the 2016 election but it didn't seem to 307 00:19:33,007 --> 00:19:35,647 Speaker 2: have that much impact in a tangible way. I'm not 308 00:19:35,648 --> 00:19:37,537 Speaker 2: sure we have great data on that. I think a 309 00:19:37,538 --> 00:19:41,378 Speaker 2: lot might be conjecture. But let's say it wasn't that 310 00:19:41,378 --> 00:19:45,217 Speaker 2: much of a tangible impact in 2016. How would you 311 00:19:45,217 --> 00:19:47,138 Speaker 2: respond to those numbers. 312 00:19:48,638 --> 00:19:52,957 Speaker 7: Yeah I would say where it had the most tangible 313 00:19:53,048 --> 00:19:59,288 Speaker 7: impact was creating divisiveness between groups. All right. So that's 314 00:19:59,288 --> 00:20:04,358 Speaker 7: where it had the biggest impact versus you know pitting 315 00:20:05,947 --> 00:20:11,138 Speaker 7: the Republicans versus the Democrats are actually influencing the election 316 00:20:11,288 --> 00:20:15,907 Speaker 7: through the voting infrastructure itself but certainly creating dissent and 317 00:20:16,027 --> 00:20:19,208 Speaker 7: animosity amongst groups played it played a big role in it. 318 00:20:19,227 --> 00:20:22,478 Speaker 7: And that problem is not going to go away. And 319 00:20:22,538 --> 00:20:26,347 Speaker 7: we've looked and have tracked this now since the early 320 00:20:26,378 --> 00:20:32,727 Speaker 7: 2000s and then you know specific some would say 40. 321 00:20:32,767 --> 00:20:38,227 Speaker 7: Up to earlier this year we've seen them in the Philippines. 322 00:20:38,227 --> 00:20:40,417 Speaker 7: We've seen it in the US elections we've seen it 323 00:20:40,447 --> 00:20:43,058 Speaker 7: in France. We've seen it in Kenya seen it in 324 00:20:43,058 --> 00:20:48,367 Speaker 7: Russia itself. We've seen it in Catalonia Andorra Cambodia and Mexico. 325 00:20:48,667 --> 00:20:52,238 Speaker 7: Most recently in Hong Kong are not Hong Kong and 326 00:20:52,237 --> 00:20:57,787 Speaker 7: Taiwan and their elections. So it's really our viewers and 327 00:20:57,788 --> 00:21:01,838 Speaker 7: your listeners really have to pay attention to what is 328 00:21:01,838 --> 00:21:05,378 Speaker 7: the source of the information in the media outlet that 329 00:21:05,378 --> 00:21:08,378 Speaker 7: they're getting their data from and how they're making their decisions. 330 00:21:08,378 --> 00:21:09,967 Speaker 7: That's what I would say that we have to just 331 00:21:09,967 --> 00:21:11,578 Speaker 7: be smarter in that regard. 332 00:21:11,657 --> 00:21:14,977 Speaker 6: Yeah I think that's crucial it seems like we can 333 00:21:14,977 --> 00:21:18,937 Speaker 6: end up in November of 2020 with half of the 334 00:21:18,937 --> 00:21:23,467 Speaker 6: country thinking the election was stolen whichever way it goes. 335 00:21:23,467 --> 00:21:25,537 Speaker 6: What do you think we have to do to be 336 00:21:25,538 --> 00:21:26,417 Speaker 6: able to address that. 337 00:21:28,368 --> 00:21:30,068 Speaker 16: I don't think that will be the case. 338 00:21:31,947 --> 00:21:36,508 Speaker 8: What I think more importantly right would be this whole 339 00:21:37,017 --> 00:21:39,927 Speaker 8: issue on where did it. Where am I getting my 340 00:21:40,767 --> 00:21:43,318 Speaker 8: my news media from and where am I getting my 341 00:21:43,318 --> 00:21:47,307 Speaker 8: information from what are my trusted sources of that. And 342 00:21:47,308 --> 00:21:52,277 Speaker 8: I think people have to educate themselves on getting you 343 00:21:52,277 --> 00:21:56,578 Speaker 8: know familiar that hey there is a evolving threat landscape 344 00:21:56,578 --> 00:21:59,128 Speaker 8: that is trying to impact the way that I think 345 00:21:59,128 --> 00:22:02,398 Speaker 8: and what it is that I read and that if 346 00:22:02,427 --> 00:22:06,898 Speaker 8: I'm only getting my information from one source I'm probably 347 00:22:06,957 --> 00:22:10,707 Speaker 8: likely to get the least amount of right information. So 348 00:22:10,707 --> 00:22:13,167 Speaker 8: it should be get kind of get cooperated. So I 349 00:22:13,167 --> 00:22:15,717 Speaker 8: think people should try to get their news from you 350 00:22:15,828 --> 00:22:20,817 Speaker 8: know well established news organizations versus some pop up site 351 00:22:20,907 --> 00:22:23,798 Speaker 8: that has created some because they really don't know. 352 00:22:24,618 --> 00:22:29,407 Speaker 7: I find it so that would probably be the the 353 00:22:29,667 --> 00:22:31,348 Speaker 7: biggest thing. Then the second thing is that there are 354 00:22:31,348 --> 00:22:35,217 Speaker 7: a lot of actually online resources that are voters if 355 00:22:35,217 --> 00:22:39,527 Speaker 7: they are concerned about the voting infrastructure. 356 00:22:39,898 --> 00:22:42,447 Speaker 9: If they can go to such an as the center 357 00:22:42,447 --> 00:22:47,157 Speaker 9: net for Internet Security has a great election place Belfer 358 00:22:47,157 --> 00:22:51,607 Speaker 9: Center at Harvard University also has one and then the 359 00:22:51,628 --> 00:22:55,648 Speaker 9: DHS also has a collection services place where people can 360 00:22:55,648 --> 00:23:00,207 Speaker 9: read up to you know make themselves more confident that 361 00:23:00,388 --> 00:23:03,388 Speaker 9: you know things are being addressed and we will have 362 00:23:03,388 --> 00:23:04,998 Speaker 9: a secure and uneventful. 363 00:23:05,487 --> 00:23:08,217 Speaker 2: Yes even in 2020. That makes sense to me it 364 00:23:08,217 --> 00:23:11,518 Speaker 2: all combines though into a single threat. Right. Which is 365 00:23:12,237 --> 00:23:15,177 Speaker 2: the single goal for the attacker which is to reduce 366 00:23:15,267 --> 00:23:18,477 Speaker 2: the legitimacy of the U.S. government in the mind of 367 00:23:18,477 --> 00:23:23,728 Speaker 2: its citizens. Right. And it's all about this polarization. There's 368 00:23:23,727 --> 00:23:29,037 Speaker 2: actually a conversation about how a lot of social media 369 00:23:29,068 --> 00:23:35,167 Speaker 2: networks are trying to optimize for predictability in the user. Right. 370 00:23:35,187 --> 00:23:38,128 Speaker 2: They actually don't want someone who's going to not be 371 00:23:38,128 --> 00:23:40,228 Speaker 2: sure what to do with a piece of content. They 372 00:23:40,227 --> 00:23:44,008 Speaker 2: want someone who's definitely going to like or hate something. 373 00:23:44,638 --> 00:23:48,088 Speaker 2: And when we're training the algorithms we're actually training them 374 00:23:48,808 --> 00:23:54,507 Speaker 2: to teach people to be more polarized which is which 375 00:23:54,507 --> 00:23:57,977 Speaker 2: is kind of scary. And that's why I think I 376 00:23:57,977 --> 00:24:01,398 Speaker 2: think we do have to worry about the 2020 situation 377 00:24:02,088 --> 00:24:05,657 Speaker 2: because it's one thing to say well we should just 378 00:24:05,657 --> 00:24:07,027 Speaker 2: take better sources. 379 00:24:07,247 --> 00:24:11,058 Speaker 6: I think the problem is if they believe they have 380 00:24:11,058 --> 00:24:14,648 Speaker 6: good sources they're not going to search for better ones. Right. 381 00:24:14,657 --> 00:24:18,777 Speaker 6: And if you know what I mean so it's like basically. 382 00:24:19,937 --> 00:24:23,628 Speaker 6: I think it was Hitchens that said if you have 383 00:24:23,628 --> 00:24:26,657 Speaker 6: someone who doesn't accept evidence there's no evidence you could 384 00:24:26,657 --> 00:24:28,187 Speaker 6: provide them to convince them. 385 00:24:31,687 --> 00:24:34,297 Speaker 17: I would agree wholeheartedly with that. 386 00:24:35,277 --> 00:24:39,628 Speaker 16: Right. And so again I just. There's no way you're 387 00:24:39,628 --> 00:24:41,058 Speaker 16: going to come back I have no. 388 00:24:41,118 --> 00:24:45,867 Speaker 8: No way to offer any solutions in that regard. In 389 00:24:45,868 --> 00:24:52,558 Speaker 8: my personal view what we're seeing here are classic psychological 390 00:24:52,618 --> 00:25:00,078 Speaker 8: operations being done at scale to influence elections that. 391 00:25:00,828 --> 00:25:02,747 Speaker 12: Are Done. That's that's that's right. 392 00:25:02,818 --> 00:25:05,337 Speaker 2: Yeah I agree with you. I mean what do you 393 00:25:05,338 --> 00:25:09,898 Speaker 2: think are the main threads like what are the main 394 00:25:09,898 --> 00:25:14,068 Speaker 2: messages that are trying to like advance it. I mean 395 00:25:14,338 --> 00:25:17,848 Speaker 2: what we've saw before in 2016 it was very much 396 00:25:17,848 --> 00:25:21,088 Speaker 2: along the lines of what you said earlier which is divisiveness. 397 00:25:21,088 --> 00:25:25,648 Speaker 2: So they would find these niche groups that felt very 398 00:25:25,648 --> 00:25:29,038 Speaker 2: strongly about a small topic and then they would inflame 399 00:25:29,187 --> 00:25:33,028 Speaker 2: the counter side. In fact they they organized a physical 400 00:25:33,027 --> 00:25:35,487 Speaker 2: one in Texas. I'm sure you heard of this one 401 00:25:35,487 --> 00:25:40,557 Speaker 2: where they they managed to bring protesters from both sides 402 00:25:40,558 --> 00:25:43,377 Speaker 2: of a topic and arranged them in the same physical 403 00:25:43,378 --> 00:25:48,207 Speaker 2: location presumably to try to create an actual physical altercation. 404 00:25:48,207 --> 00:25:50,037 Speaker 2: But it seems like they were doing that over and 405 00:25:50,038 --> 00:25:54,208 Speaker 2: over with various topics. So that seems to be one 406 00:25:54,717 --> 00:25:57,148 Speaker 2: like a tactical view to do it at a small 407 00:25:57,148 --> 00:25:59,427 Speaker 2: scale for a small number of issues and get people 408 00:25:59,427 --> 00:26:02,757 Speaker 2: really riled up about a specific thing but it seems 409 00:26:02,757 --> 00:26:06,957 Speaker 2: to me like there's an overarching you know strategic narrative 410 00:26:07,017 --> 00:26:12,088 Speaker 2: which is you can't trust the election system because it's 411 00:26:12,148 --> 00:26:15,268 Speaker 2: all bad and it's all fake news and that just 412 00:26:15,267 --> 00:26:17,487 Speaker 2: makes people want to check out. And it also makes 413 00:26:17,487 --> 00:26:20,157 Speaker 2: them want to not accept an outcome if they don't 414 00:26:20,157 --> 00:26:24,148 Speaker 2: like it yes to all of that. 415 00:26:24,207 --> 00:26:29,657 Speaker 8: And the grand strategic play that's been done on the 416 00:26:29,657 --> 00:26:34,807 Speaker 8: world stage in my view is that Russia China Iran 417 00:26:34,927 --> 00:26:39,318 Speaker 8: and North Korea right are trying to create this decisiveness 418 00:26:39,338 --> 00:26:43,338 Speaker 8: so that we will end up with this position of 419 00:26:43,638 --> 00:26:46,998 Speaker 8: that we've got all these things happening at home. We're 420 00:26:46,997 --> 00:26:51,828 Speaker 8: not going to engage anywhere else overseas when something else 421 00:26:51,828 --> 00:26:55,128 Speaker 8: is happening. Right. That we normally might get involved in 422 00:26:56,247 --> 00:26:58,128 Speaker 8: but we go ahead. We've got too much at home 423 00:26:58,128 --> 00:27:01,518 Speaker 8: dander or we can divert our time and energy to 424 00:27:01,517 --> 00:27:04,608 Speaker 8: focus on those other world part that a really one 425 00:27:04,757 --> 00:27:05,497 Speaker 8: 100 percent. 426 00:27:05,898 --> 00:27:08,927 Speaker 2: I think they're basically trying to get us basically trying 427 00:27:08,927 --> 00:27:11,897 Speaker 2: to get us out of the global theater because we're 428 00:27:11,898 --> 00:27:16,008 Speaker 2: too consumed with our own internal strife so that whoever 429 00:27:16,007 --> 00:27:18,888 Speaker 2: can step up right. I think particularly Russia. 430 00:27:19,447 --> 00:27:22,487 Speaker 6: Would love to see that happen so they could regain 431 00:27:22,487 --> 00:27:24,148 Speaker 6: some of their previous glory right. 432 00:27:25,767 --> 00:27:29,018 Speaker 13: Yes that's exactly right. But don't discount the you know 433 00:27:29,017 --> 00:27:36,098 Speaker 13: the Chinese and in this either especially within their region 434 00:27:36,277 --> 00:27:43,057 Speaker 13: of influence right now Hong Kong specifically Taiwan Vietnam. I 435 00:27:43,058 --> 00:27:46,267 Speaker 13: just saw a news report right the other day saying 436 00:27:46,267 --> 00:27:50,888 Speaker 13: that the Philippines may back out of the defense protection 437 00:27:50,927 --> 00:27:54,088 Speaker 13: you know pack. Go that's dangerous for us if that 438 00:27:54,128 --> 00:27:58,288 Speaker 13: if that's to happen in my personal personal view. 439 00:27:59,108 --> 00:28:02,078 Speaker 8: So the Chinese are going to be heavily targeting elections 440 00:28:02,078 --> 00:28:06,557 Speaker 8: within their within within our post Asian region. So look 441 00:28:06,977 --> 00:28:09,768 Speaker 8: why we focus a lot on the Russians and our own. 442 00:28:09,848 --> 00:28:12,937 Speaker 8: The Chinese are actively doing this and in Asia. 443 00:28:13,568 --> 00:28:14,578 Speaker 6: Oh that's a great point. 444 00:28:14,677 --> 00:28:18,397 Speaker 2: And then they could potentially do the same thing internally 445 00:28:18,517 --> 00:28:22,838 Speaker 2: with causing strife internally because that would be one less 446 00:28:23,048 --> 00:28:26,717 Speaker 2: person aggravating them overseas telling them not to do those things. 447 00:28:26,767 --> 00:28:28,868 Speaker 2: For example if we were so consumed with our own 448 00:28:28,868 --> 00:28:32,227 Speaker 2: problems maybe we wouldn't notice or wouldn't be able to 449 00:28:32,227 --> 00:28:35,338 Speaker 2: act if they wanted to Taiwan. 450 00:28:35,727 --> 00:28:38,108 Speaker 13: That's right. That's exactly right. And then if we look 451 00:28:38,108 --> 00:28:40,898 Speaker 13: at them at least right. The Iranians are heavily involved 452 00:28:41,318 --> 00:28:45,368 Speaker 13: in election hacking too because they're trying to influence what's 453 00:28:45,368 --> 00:28:50,658 Speaker 13: happening right with what the Gulf States and causing uprising 454 00:28:50,688 --> 00:28:54,908 Speaker 13: uprisings there too. So it's a world problem just a 455 00:28:54,908 --> 00:28:58,298 Speaker 13: world problem and governments have got to come together. Now 456 00:28:58,298 --> 00:29:00,547 Speaker 13: one of the things that you know maybe some of 457 00:29:00,548 --> 00:29:03,308 Speaker 13: our listeners are going to be happy about it. What 458 00:29:03,308 --> 00:29:06,398 Speaker 13: I'm going to say back. But you know our next 459 00:29:08,238 --> 00:29:11,388 Speaker 13: really evolution into this kind of coming back to the 460 00:29:11,388 --> 00:29:17,678 Speaker 13: Iowa pieces Mobile Voting I am a huge fan of 461 00:29:18,248 --> 00:29:20,508 Speaker 13: having the capability to do mobile voting. 462 00:29:20,568 --> 00:29:21,698 Speaker 4: Interesting. 463 00:29:22,588 --> 00:29:25,358 Speaker 13: In that you know as I described my military background 464 00:29:25,388 --> 00:29:27,428 Speaker 13: I spent a lot of time received most my career 465 00:29:27,438 --> 00:29:30,128 Speaker 13: I did absentee voting. I would love to be able 466 00:29:30,128 --> 00:29:32,178 Speaker 13: to just vote at the time and place it by 467 00:29:32,178 --> 00:29:36,728 Speaker 13: the leader. If I'm deployed somewhere in the world or 468 00:29:36,728 --> 00:29:39,368 Speaker 13: assigned somewhere in the world. We have a lot of 469 00:29:39,908 --> 00:29:43,388 Speaker 13: expatriates write us citizens living in foreign countries this stay 470 00:29:43,618 --> 00:29:48,037 Speaker 13: where you just might be on vacation. How awesome would 471 00:29:48,038 --> 00:29:50,198 Speaker 13: it be that you could just use your phone to 472 00:29:50,198 --> 00:29:53,017 Speaker 13: be able to go vote. Yeah and I it's come 473 00:29:53,198 --> 00:29:57,968 Speaker 13: it's coming. I think block chain is a technology that 474 00:29:57,968 --> 00:30:03,547 Speaker 13: will help us in that regard which is really totally auditable. 475 00:30:03,548 --> 00:30:08,918 Speaker 13: It's immutable and it's very transparent and it's secure. We 476 00:30:08,918 --> 00:30:11,648 Speaker 13: saw a couple of states in 2016. I think West 477 00:30:11,648 --> 00:30:16,478 Speaker 13: Virginia and Virginia you test drive it and then you 478 00:30:16,498 --> 00:30:19,568 Speaker 13: know then that will probably get most people's ideas. I'm 479 00:30:19,718 --> 00:30:23,488 Speaker 13: you know I'm just a fan of the national digital identity. 480 00:30:23,618 --> 00:30:26,658 Speaker 13: Why shouldn't I have. We'll have to have a passport 481 00:30:26,658 --> 00:30:29,678 Speaker 13: app a driver's license to prove all this stuff already. 482 00:30:29,678 --> 00:30:30,998 Speaker 13: And when I log on and I want to buy 483 00:30:30,998 --> 00:30:34,268 Speaker 13: something that you know target I shouldn't target No. Yeah 484 00:30:34,368 --> 00:30:37,777 Speaker 13: it's a road map is right. Here's his national identity. 485 00:30:37,988 --> 00:30:40,468 Speaker 4: OK what do you think about that Dan. 486 00:30:40,628 --> 00:30:42,728 Speaker 2: Yeah yeah I was going to ask you about this. 487 00:30:42,728 --> 00:30:45,368 Speaker 2: This is very interesting that we got onto this. I 488 00:30:45,368 --> 00:30:48,428 Speaker 2: was very much of the same opinion for many years 489 00:30:48,788 --> 00:30:51,158 Speaker 2: that why don't we just move to digital voting like 490 00:30:51,158 --> 00:30:54,128 Speaker 2: this is silly. You know it's we have all this 491 00:30:54,128 --> 00:30:57,188 Speaker 2: technology why don't we just do it. And after attending 492 00:30:57,218 --> 00:31:02,708 Speaker 2: the enigma conference for a few years I attended multiple 493 00:31:02,858 --> 00:31:09,097 Speaker 2: elections security and actually digital election security talks and I 494 00:31:09,098 --> 00:31:13,537 Speaker 2: came away from them with my mind changed. Basically all 495 00:31:13,538 --> 00:31:16,598 Speaker 2: of them actually all of them said we are nowhere 496 00:31:16,598 --> 00:31:19,538 Speaker 2: near ready. I wonder if it's not possible to say 497 00:31:19,538 --> 00:31:22,537 Speaker 2: we are ready or aren't ready because it depends on 498 00:31:22,538 --> 00:31:25,238 Speaker 2: the population that you're talking about. It depends on the 499 00:31:25,238 --> 00:31:28,868 Speaker 2: technology you're talking about. But when you mentioned the national I.D. 500 00:31:28,898 --> 00:31:34,278 Speaker 2: I think that would be a critical prerequisite because right 501 00:31:34,277 --> 00:31:37,097 Speaker 2: now we just have a giant mess of different ideas 502 00:31:37,098 --> 00:31:41,098 Speaker 2: like who's going to actually make sure that it's you. 503 00:31:41,267 --> 00:31:43,638 Speaker 2: But what a lot of these talks actually talked about 504 00:31:43,638 --> 00:31:46,518 Speaker 2: was just how easy it is to break these systems 505 00:31:46,848 --> 00:31:51,948 Speaker 2: how fragile elections are already in that if you moved 506 00:31:51,948 --> 00:31:54,767 Speaker 2: it to the digital world you would just have even 507 00:31:54,767 --> 00:31:58,567 Speaker 2: more questions about integrity than we have now. 508 00:31:59,638 --> 00:32:02,998 Speaker 5: Well what I would say is that in anything that 509 00:32:02,998 --> 00:32:06,898 Speaker 5: we do in the electronic age is going to have 510 00:32:07,588 --> 00:32:10,678 Speaker 5: some type of risk associated with it because nothing is 511 00:32:10,678 --> 00:32:14,848 Speaker 5: truly secure and you know you're you're a longtime practitioner 512 00:32:14,848 --> 00:32:17,218 Speaker 5: in this space as I am and you know that 513 00:32:17,218 --> 00:32:23,228 Speaker 5: even close networks are not closed networks. So it depends 514 00:32:23,248 --> 00:32:26,098 Speaker 5: to me is how big Hamlet. How let's assess what 515 00:32:26,098 --> 00:32:29,327 Speaker 5: the risk is then let's figure out how would you 516 00:32:29,338 --> 00:32:34,818 Speaker 5: how do we mitigate that risk. And you go from there. 517 00:32:34,888 --> 00:32:35,868 Speaker 5: Yeah that's what I would. 518 00:32:36,398 --> 00:32:39,628 Speaker 2: Yeah I agree with you. And I do think it's inevitable. 519 00:32:39,628 --> 00:32:42,338 Speaker 2: And I do think that's where we should be going. 520 00:32:42,358 --> 00:32:44,938 Speaker 2: I think the question is really just the cadence and 521 00:32:45,027 --> 00:32:47,968 Speaker 2: what has to happen first. I think as we talked 522 00:32:47,968 --> 00:32:53,398 Speaker 2: about earlier ultimately that the target for the attacker is 523 00:32:53,398 --> 00:32:58,178 Speaker 2: trust in the system. Right. So yeah if we moved 524 00:32:58,178 --> 00:33:01,787 Speaker 2: into digital voting that would have to be paramount on 525 00:33:01,788 --> 00:33:04,608 Speaker 2: our minds is like how do we that if it 526 00:33:04,608 --> 00:33:07,668 Speaker 2: was some sort of block chain thing which somehow block 527 00:33:07,668 --> 00:33:10,398 Speaker 2: chain seems to have dropped off the radar in 2020. 528 00:33:10,488 --> 00:33:12,678 Speaker 2: It seems like fewer people are talking about it at 529 00:33:12,678 --> 00:33:15,468 Speaker 2: least in my circles. But yeah but if you were 530 00:33:15,468 --> 00:33:19,068 Speaker 2: to have a record of every single vote that was 531 00:33:19,068 --> 00:33:22,758 Speaker 2: done by the different different people and be able to 532 00:33:22,758 --> 00:33:25,188 Speaker 2: say yes it was done on this device with these 533 00:33:25,188 --> 00:33:28,938 Speaker 2: parameters and here's how they authenticated to that device and 534 00:33:28,938 --> 00:33:32,428 Speaker 2: here's the the way we could tell it was actually them. 535 00:33:32,538 --> 00:33:35,448 Speaker 2: I mean if we had a full life cycle like 536 00:33:35,448 --> 00:33:40,918 Speaker 2: that that was you know cryptic graphically verifiable. I think 537 00:33:40,918 --> 00:33:42,298 Speaker 2: that would be a great step. 538 00:33:44,338 --> 00:33:46,058 Speaker 14: And I do think it's sad. I don't know. 539 00:33:47,438 --> 00:33:49,298 Speaker 16: Yeah. I don't think we're too far away from it. 540 00:33:49,378 --> 00:33:51,488 Speaker 16: I mean I've not gone to any of those to 541 00:33:51,488 --> 00:33:55,448 Speaker 16: see what the you know the big enigma conference. You 542 00:33:55,448 --> 00:34:00,518 Speaker 16: know what you're saying. But I would say if by 543 00:34:00,517 --> 00:34:03,998 Speaker 16: the next you know in the next four years significant 544 00:34:03,998 --> 00:34:07,027 Speaker 16: progress will be will be made it made in that 545 00:34:10,768 --> 00:34:12,928 Speaker 16: if you think about it right. Every day we almost 546 00:34:12,938 --> 00:34:17,098 Speaker 16: every a lot of America elevated what the markets do 547 00:34:17,098 --> 00:34:23,068 Speaker 16: their banking every single day. They're comfortable enough with that risk. Right. 548 00:34:23,068 --> 00:34:25,948 Speaker 16: Why would they be comfortable enough with taking the risk 549 00:34:26,248 --> 00:34:30,018 Speaker 16: to be able to have my phone encrypt. You know what. 550 00:34:30,027 --> 00:34:33,148 Speaker 16: Download the whatever app my state plays is their app 551 00:34:33,768 --> 00:34:36,298 Speaker 16: and they get it then when I vote it gets encrypted. 552 00:34:36,298 --> 00:34:39,248 Speaker 16: Goes back to that central database and then gets that 553 00:34:39,268 --> 00:34:42,958 Speaker 16: gets deposited at any different than the way that they're 554 00:34:42,958 --> 00:34:46,498 Speaker 16: logging on to make a deposit from their phone to 555 00:34:46,498 --> 00:34:47,228 Speaker 16: their bank. 556 00:34:47,598 --> 00:34:50,068 Speaker 2: Yeah. One 100 percent. I think that's why it comes 557 00:34:50,068 --> 00:34:53,227 Speaker 2: down to the population. Right. I mean people in our 558 00:34:53,308 --> 00:34:56,308 Speaker 2: outer circles I think and people listening are gonna be 559 00:34:56,308 --> 00:34:58,527 Speaker 2: 100 percent able to do that and probably be able 560 00:34:58,527 --> 00:35:00,868 Speaker 2: to do it securely. But I think there are other 561 00:35:00,868 --> 00:35:07,258 Speaker 2: populations the elderly disenfranchised groups who maybe don't have access 562 00:35:07,258 --> 00:35:09,598 Speaker 2: to the same tech. And then you have to worry about. 563 00:35:10,047 --> 00:35:13,767 Speaker 2: I don't know. I mean security so I'm always worried 564 00:35:13,768 --> 00:35:17,127 Speaker 2: about everything but it's like now you start paying people 565 00:35:17,277 --> 00:35:21,448 Speaker 2: for votes. So the actual vote is a hundred percent correct. 566 00:35:21,598 --> 00:35:24,877 Speaker 2: But they were somehow encouraged to do that and then 567 00:35:24,897 --> 00:35:26,848 Speaker 2: you know they did you got to do it already 568 00:35:26,857 --> 00:35:28,097 Speaker 2: in the current voting booth. 569 00:35:28,107 --> 00:35:33,928 Speaker 16: So I think yeah that's still possible now but I 570 00:35:33,928 --> 00:35:37,797 Speaker 16: would say that your assessment on that risk right is 571 00:35:37,978 --> 00:35:42,268 Speaker 16: exceptionally notable that we have to pay attention to that. Right. 572 00:35:42,277 --> 00:35:46,828 Speaker 16: That that certainly could drive up or even outweigh anything 573 00:35:46,828 --> 00:35:50,308 Speaker 16: else that we're talking about from a cybersecurity perspective is 574 00:35:50,308 --> 00:35:52,587 Speaker 16: that it's a lot easier to get people to be 575 00:35:52,587 --> 00:35:54,768 Speaker 16: influenced to be able to go vote for that. Yeah 576 00:35:54,958 --> 00:35:56,588 Speaker 16: right the way that they want to have it done. 577 00:35:56,728 --> 00:35:59,547 Speaker 16: And that alone may say we never get there. 578 00:35:59,547 --> 00:36:04,718 Speaker 6: I don't know. Well this has been fantastic I guess. 579 00:36:04,728 --> 00:36:09,858 Speaker 6: Are you optimistic going into this very crazy 2020 election 580 00:36:09,857 --> 00:36:14,058 Speaker 6: year or are you optimistic for this upcoming election and beyond. 581 00:36:16,018 --> 00:36:19,688 Speaker 16: So as a recap on a very optimistic that the 582 00:36:19,688 --> 00:36:25,837 Speaker 16: voting companies the machines and oversight by state officials is 583 00:36:25,837 --> 00:36:29,738 Speaker 16: heightened like it's never been heightened before. We're on less 584 00:36:29,828 --> 00:36:35,107 Speaker 16: optimistic is our ability to be able to detect when 585 00:36:35,107 --> 00:36:41,167 Speaker 16: there isn't enough disinformation out there that is causing appraisal 586 00:36:42,698 --> 00:36:49,297 Speaker 16: and consternation amongst our American population and get each other. 587 00:36:49,368 --> 00:36:51,618 Speaker 16: That is what I believe will remain concerned from from 588 00:36:51,647 --> 00:36:54,527 Speaker 16: the whole year and I will be watching media very 589 00:36:54,527 --> 00:36:57,558 Speaker 16: closely to see to see how that happens. 590 00:36:57,828 --> 00:37:01,067 Speaker 6: All right. Well General Matthews it's been great having you on. 591 00:37:01,368 --> 00:37:05,918 Speaker 16: And I really appreciate the conversation and again I appreciate 592 00:37:05,918 --> 00:37:08,288 Speaker 16: you're inviting me to come spend time with you here 593 00:37:08,288 --> 00:37:09,758 Speaker 16: on this podcast. Thank you.