WEBVTT - A Conversation With General Earl Matthews on Election Security 0:00:44.778 --> 0:00:48.048 All right. In this episode I talk about election security 0:00:48.138 --> 0:00:52.498 with retired Air Force Major General Earl Matthews who is 0:00:52.498 --> 0:00:55.678 the chief security officer at Rodan and who has been 0:00:55.678 --> 0:00:59.838 thinking about election security for over 20 years. We had 0:00:59.838 --> 0:01:02.778 a pretty wide ranging conversation taking us through the ultimate 0:01:02.778 --> 0:01:07.398 goal of election attacks. The Iowa debacle and the likely 0:01:07.398 --> 0:01:12.628 motives for foreign intervention into U.S. elections so with that 0:01:12.837 --> 0:01:15.478 I'm happy to bring you my conversation with General oral 0:01:15.478 --> 0:01:18.108 Matthews on the topic of election security. 0:01:22.518 --> 0:01:26.718 All right welcome General Matthews. Thanks for coming on. Unsupervised Learning. 0:01:27.248 --> 0:01:28.388 Dan thanks very much. 0:01:28.408 --> 0:01:32.967 Now Happy Friday dear so I will have already introduced 0:01:32.968 --> 0:01:35.038 you on the show and looking at your background it 0:01:35.038 --> 0:01:38.978 looks like we actually both worked at HP oh that 0:01:39.008 --> 0:01:43.588 also at same time I think it might have been. 0:01:43.598 --> 0:01:47.428 Yeah it was. Was it called ESPN the timer ISIS 0:01:47.438 --> 0:01:49.448 or something like that. 0:01:49.448 --> 0:01:52.828 No I it was so when I tried security products. Yes. 0:01:53.168 --> 0:01:56.198 Yeah I belonged in ESF That's right. 0:01:56.228 --> 0:01:59.948 Yes. So I worked for Jason Schmidt and fortify him 0:01:59.948 --> 0:02:02.528 for Ryan English and fortifying demand. 0:02:02.528 --> 0:02:05.258 Wonderful that I did when I fell in contact with 0:02:05.258 --> 0:02:08.528 Jason and others and I think fortify is still an 0:02:08.528 --> 0:02:12.618 outstanding private. I recommend it still did it yeah. 0:02:12.828 --> 0:02:17.888 Absolutely. Very cool. I guess told me how you got 0:02:17.888 --> 0:02:23.198 started in election security. I assume 2016 was probably a 0:02:23.198 --> 0:02:24.308 catalyst of some sort. 0:02:24.728 --> 0:02:30.407 Yeah. And it's actually you know my military background elections 0:02:30.428 --> 0:02:35.108 I've been front and center most of my entire career 0:02:35.548 --> 0:02:40.028 adult life. I voted the absentee ballot and it actually 0:02:40.148 --> 0:02:43.298 really started peaking my interest in there in 2000 right 0:02:43.298 --> 0:02:46.898 when we had the hanging chads and what the impact 0:02:46.898 --> 0:02:49.508 was at that time about you know supposedly all these 0:02:49.507 --> 0:02:54.368 absentee ballots from the military sway and sway the vote 0:02:54.368 --> 0:02:55.898 and hadn't been counted. 0:02:56.137 --> 0:02:59.488 And then many years later I find myself in the 0:02:59.528 --> 0:03:03.468 RAF in Germany and I am responsible for all the 0:03:03.468 --> 0:03:07.638 postal distribution throughout Europe. Now that comes by air and 0:03:07.637 --> 0:03:10.388 the army then would be responsible for by trucking it 0:03:10.387 --> 0:03:13.548 out to all the different bases but I really had 0:03:13.548 --> 0:03:17.388 to focus in on election years because after the 2000 0:03:17.387 --> 0:03:20.658 elections we had to account now for all the ballots 0:03:20.688 --> 0:03:24.528 that were coming into the military post offices overseas and 0:03:24.528 --> 0:03:27.768 actually tracking them to make sure that the people who 0:03:27.768 --> 0:03:29.988 got voted and put it back in there it got 0:03:29.988 --> 0:03:33.318 delivered on time and then just as an aside my 0:03:33.317 --> 0:03:36.978 wife also works in the I.T. sector and she was 0:03:36.978 --> 0:03:40.328 helping with the first voting. 0:03:40.368 --> 0:03:45.598 This is in Uganda to thousands of military folks. So 0:03:45.618 --> 0:03:48.558 I have been associated for a long time and now 0:03:48.558 --> 0:03:55.188 that know after 2016 and that all the influence on 0:03:55.728 --> 0:04:00.948 infrastructure security but really about the disinformation it has been 0:04:01.098 --> 0:04:05.978 used really got my attention leading up to that. 0:04:06.068 --> 0:04:08.528 Up to that election and so now today you know 0:04:08.538 --> 0:04:12.498 social media is really my biggest concern on disinformation. 0:04:12.638 --> 0:04:16.638 And you know we're seeing social media really start take 0:04:16.638 --> 0:04:19.788 a hold of this start deleting accounts and I firmly 0:04:19.788 --> 0:04:24.467 believe that social media companies should be accountable that the 0:04:24.468 --> 0:04:28.598 accounts that are being created are truly real accounts and 0:04:28.598 --> 0:04:29.988 are not being done falsely. 0:04:32.278 --> 0:04:36.388 Yeah absolutely. So are you familiar with our Rene de Resta. 0:04:36.888 --> 0:04:38.518 Yeah I am familiar yes sir. 0:04:39.878 --> 0:04:42.668 Yeah. So really interesting she she does a lot of 0:04:42.668 --> 0:04:45.518 work on the social media stuff and the both the 0:04:45.518 --> 0:04:49.568 misinformation and the disinformation. And one of the things she 0:04:49.568 --> 0:04:54.548 talks about is how difficult it can be to lock 0:04:54.548 --> 0:04:57.157 on to a bad account because what they'll do is 0:04:57.158 --> 0:05:01.928 months before the campaign they they create a legitimate account 0:05:01.948 --> 0:05:05.618 with like legitimate sounding you know user name or whatever 0:05:05.948 --> 0:05:07.538 and then they go in and they drop tons of 0:05:07.538 --> 0:05:10.358 content related to that particular thing. So let's say it's 0:05:10.358 --> 0:05:14.708 cars or fast cars or car modifications it'll be months 0:05:14.708 --> 0:05:18.608 and months and months of a precedent of legitimate content 0:05:20.048 --> 0:05:22.538 just so they could track the algorithms that look for 0:05:22.788 --> 0:05:24.828 you know pure misinformation. 0:05:24.878 --> 0:05:27.128 Yeah but when those accounts get January what I would 0:05:27.128 --> 0:05:29.318 say the corollary to that is that you have to 0:05:29.318 --> 0:05:35.178 supply name information telephone numbers and things like that. The 0:05:35.228 --> 0:05:37.778 more obscure that that becomes I think should be an 0:05:37.778 --> 0:05:41.648 indicator to a social media platform that something isn't exactly 0:05:41.648 --> 0:05:45.158 right here. And I think it's also interesting perhaps for 0:05:45.158 --> 0:05:50.017 your listeners to understand that 61 percent of all the 0:05:50.018 --> 0:05:54.248 traffic on the internet is actually created by bots and 0:05:54.248 --> 0:05:57.788 not by humans putting content on there and of that 0:05:57.848 --> 0:06:04.058 about 30 some percent are actually fairly defeated. So what 0:06:04.058 --> 0:06:05.558 we're going to talk about today. But I do think 0:06:05.558 --> 0:06:08.018 it's an interesting factoid that actually you know more than 0:06:08.018 --> 0:06:09.998 60 percent of the traffic on the Internet is not 0:06:09.998 --> 0:06:13.038 human created yeah. 0:06:13.068 --> 0:06:15.828 Interesting. And what would you say most of that traffic 0:06:15.828 --> 0:06:19.368 is is that like clicking on youtube links like trying 0:06:19.368 --> 0:06:22.488 to vote up content on Twitter. Is it a voting 0:06:22.488 --> 0:06:25.878 type fraud or what type of bot activity is that. 0:06:26.368 --> 0:06:29.118 Yeah. So I would take most of that bot activity 0:06:29.118 --> 0:06:33.077 it's just taking information from one location and then moving 0:06:33.078 --> 0:06:37.577 it to another location or trolling where news organizations are 0:06:38.238 --> 0:06:41.868 continually looking for new types of news stories that are 0:06:41.868 --> 0:06:44.598 being out there whether they're generated by me putting up 0:06:44.598 --> 0:06:48.077 a video or that another news organization has has put 0:06:48.078 --> 0:06:50.718 up there. And so it's just you have these algorithms 0:06:50.718 --> 0:06:53.708 out there just to get that information and so forth. 0:06:55.208 --> 0:06:57.448 OK that makes sense. So who crawlers. 0:06:57.788 --> 0:06:59.228 Yes great traps. Yeah. 0:06:59.518 --> 0:07:03.638 Yeah sure. Awesome. And I noticed in researching some of 0:07:03.638 --> 0:07:06.338 your work you had some tenants you had five tenants. 0:07:06.338 --> 0:07:08.168 I have them here. But if you would like to 0:07:08.168 --> 0:07:11.438 go through them the first one was stop making assumptions 0:07:11.438 --> 0:07:15.228 the second one was transparency. You won't talk about those. 0:07:15.998 --> 0:07:21.048 Yeah. And I think that what our listeners really don't 0:07:21.188 --> 0:07:23.588 they'll have a hard time struggling with with all these 0:07:23.588 --> 0:07:27.578 new exposures of our information is that there really isn't 0:07:27.668 --> 0:07:30.668 anything new right that's happening here. 0:07:30.668 --> 0:07:34.168 Most of it is coming from mis mis configurations and 0:07:34.658 --> 0:07:37.568 part of that is just because we start assuming that 0:07:38.858 --> 0:07:42.098 things are actually working like they're supposed to be and 0:07:42.268 --> 0:07:45.938 their security controls really aren't doing that. I think there's 0:07:45.968 --> 0:07:50.588 a lack of transparency right in how the electronic voting 0:07:51.428 --> 0:07:56.978 companies are letting us know that the vulnerability of their 0:07:56.978 --> 0:08:00.448 platforms and that there's a lack of software independence in 0:08:00.498 --> 0:08:03.728 the voting machines and third parties. But now I think 0:08:03.728 --> 0:08:08.078 it's gotten significantly better since 2016 but I just think 0:08:08.078 --> 0:08:11.888 the whole all the assurance piece of what happens to 0:08:11.888 --> 0:08:14.428 these proprietary systems just aren't there for us. 0:08:15.368 --> 0:08:20.098 Yeah and you've got here mandate transparency from commercial hardware 0:08:20.108 --> 0:08:25.338 software companies many of these are transparency based data driven 0:08:25.338 --> 0:08:31.178 evaluation of providers that provide the technology alignment between state 0:08:31.238 --> 0:08:36.548 CEOs and CEOs and secretaries of state. These all seem 0:08:36.548 --> 0:08:42.508 really solid and continuous and quantified evaluation and validation of 0:08:42.508 --> 0:08:45.968 security controls. I think these are fantastic recommendations. 0:08:47.318 --> 0:08:51.268 Yeah probably for our listeners they may not well understand 0:08:51.268 --> 0:08:54.418 that by the way all elections are run by the 0:08:54.418 --> 0:08:58.078 states not run by the federal government. You know that 0:08:58.468 --> 0:09:02.458 this voting piece of this falls underneath the secretary of 0:09:02.458 --> 0:09:08.167 state and not underneath the governor. Day to day routine business. 0:09:08.648 --> 0:09:11.398 And so as a result there hasn't been a very 0:09:11.398 --> 0:09:15.448 tight alignment between the state CIO OWS and the state 0:09:15.598 --> 0:09:21.398 information security officers with the secretary of state's election State Committee. 0:09:21.838 --> 0:09:25.468 So I'm a huge fan of those organizations coming together 0:09:25.498 --> 0:09:28.237 and I've seen that I've seen it in Michigan and 0:09:28.238 --> 0:09:31.258 I've seen it in Indiana and then in Iowa. We 0:09:31.258 --> 0:09:34.438 just saw that the chief security officer for the state 0:09:35.038 --> 0:09:38.728 has now resigned from that position and actually has moved 0:09:38.728 --> 0:09:42.238 over to the secretary of state election office to help 0:09:42.288 --> 0:09:45.778 them with cyber security. So this is and that is 0:09:46.108 --> 0:09:51.838 primarily been because we have a treaty on infrastructure as 0:09:51.838 --> 0:09:56.518 a holistic problem. We've been looking at it in isolation. 0:09:56.668 --> 0:10:01.118 Interesting. So is that similar to like a jurisdictional problem. 0:10:01.508 --> 0:10:03.748 Not quite at the scale of 9/11 but where you 0:10:03.748 --> 0:10:06.808 have different groups and they're not designed to work with 0:10:06.808 --> 0:10:10.228 each other and therefore the information's not being exchanged. Is 0:10:10.228 --> 0:10:12.987 that kind of what you're describing with the secretary of 0:10:12.988 --> 0:10:14.388 state versus governors group. 0:10:16.148 --> 0:10:23.048 I think it's traditional. So I've been of functions versus 0:10:23.288 --> 0:10:27.848 the commingling of functions across an organization. And you and 0:10:27.848 --> 0:10:30.218 I saw this when we were at HP you two 0:10:30.428 --> 0:10:33.008 things got siloed off and then the left hand doesn't 0:10:33.008 --> 0:10:34.878 know what the right what the right hand is doing. 0:10:35.768 --> 0:10:41.168 But I think that since 2016 we've seen a significant 0:10:41.168 --> 0:10:45.338 change in all of this because of the one that 0:10:45.338 --> 0:10:53.318 designation against critical infrastructure. We've seen the DHS create a 0:10:53.318 --> 0:10:59.498 special office for election to look since her day oversight 0:10:59.978 --> 0:11:03.368 and we've seen the US government create the US election 0:11:03.368 --> 0:11:08.948 commission and then we've also seen the federal government designate 0:11:09.918 --> 0:11:15.118 funding for states specifically for election security. 0:11:15.138 --> 0:11:18.048 So I think that I think it's gotten very interesting 0:11:18.768 --> 0:11:22.028 I guess. So you currently work at is a very 0:11:22.028 --> 0:11:24.968 dinner or Rodin verdant probably yeah. 0:11:25.158 --> 0:11:31.248 Yes buried in and that's a common you mispronunciation of 0:11:31.248 --> 0:11:35.568 the organization but it comes from the god burritos for 0:11:35.568 --> 0:11:39.028 Truth o knife in the God put in for wisdom 0:11:39.048 --> 0:11:43.558 in battle and what Odin would do is send out 0:11:43.558 --> 0:11:47.698 dogs and ravens to collect intelligence about his enemy and 0:11:47.698 --> 0:11:50.158 then bring that intelligence back and then he would go 0:11:50.158 --> 0:11:52.867 into battle which is why he was so successful. 0:11:52.978 --> 0:11:57.747 I consider ourselves the warrior troop company because what we 0:11:57.748 --> 0:12:03.387 do is we instrument your network looking for your security controls. 0:12:03.778 --> 0:12:08.968 Current instantiation. Are they working like you are supposed to 0:12:08.968 --> 0:12:12.658 be working. And we do that by running like malware 0:12:12.658 --> 0:12:16.768 in your production environment to give you the No Kidding truth. 0:12:16.798 --> 0:12:20.668 This is how my controls are actually working. So that's 0:12:20.668 --> 0:12:22.808 what their net burden is about. 0:12:22.858 --> 0:12:26.528 Nice and Verizon is now part of FireEye. Is that correct. 0:12:27.588 --> 0:12:28.727 That is very true. 0:12:28.788 --> 0:12:31.727 So last summer we were one of the few cybersecurity 0:12:31.908 --> 0:12:36.398 companies that gets acquired and we were acquired by FireEye 0:12:36.828 --> 0:12:40.818 which is really considered the number one threat intelligence in 0:12:40.998 --> 0:12:44.108 the world and Mandiant is a part of fire right 0:12:44.118 --> 0:12:46.788 that does the most efficient response around the world in 0:12:46.788 --> 0:12:50.278 our platform runs off of intelligence. So it was a 0:12:50.718 --> 0:12:51.908 superb marriage for us. 0:12:51.918 --> 0:12:55.798 Now in this space that's fantastic Degrassi. 0:12:56.058 --> 0:12:59.918 Yeah. And actually I knew I recognized the name Veridian 0:13:00.328 --> 0:13:01.998 and I looked it up it's actually one of my 0:13:01.998 --> 0:13:05.898 favorite spaces in all of the security tools. I love 0:13:05.898 --> 0:13:10.068 the idea of continuous checking. So I guess can you 0:13:10.068 --> 0:13:12.398 go in a little more detail about how it works 0:13:12.418 --> 0:13:14.958 like Do you have a center and a receiver and 0:13:14.958 --> 0:13:19.488 you sprinkle these throughout the environment and then you send 0:13:19.488 --> 0:13:22.848 malware from the center to the receiver to see if 0:13:22.848 --> 0:13:25.008 it's caught by various controls or how does that work. 0:13:26.338 --> 0:13:28.208 Yeah. You've described that you've nailed it. 0:13:28.368 --> 0:13:33.018 You could be a spokesman for us and what is 0:13:33.058 --> 0:13:36.298 all automated mail software driven and what we are really 0:13:36.298 --> 0:13:39.908 attacking is the number one problem which is false with. 0:13:40.558 --> 0:13:44.248 And so we are both the attacker and the target 0:13:44.888 --> 0:13:47.548 we are. We sit in your operational environment but we're 0:13:47.548 --> 0:13:51.627 not on anybody's operational assets meaning if you have a 0:13:51.628 --> 0:13:54.508 server that has customer data on it. We're not sitting 0:13:54.508 --> 0:13:57.718 on that server. We just look like a virtual image 0:13:57.748 --> 0:14:01.228 of that server with the same security controls. And then 0:14:01.228 --> 0:14:04.318 is the. And then we put one and another side 0:14:04.318 --> 0:14:06.568 of your network where it could be external or to 0:14:06.568 --> 0:14:10.158 be internal to look for segmentation and then the you 0:14:10.148 --> 0:14:12.868 know the National console tells this actor to go attack 0:14:12.928 --> 0:14:16.617 this other actor. And we know that it's successful or 0:14:16.618 --> 0:14:20.188 not successful because we are controlling both the originating in 0:14:21.058 --> 0:14:25.288 IP address and the target IP address. And if it 0:14:25.288 --> 0:14:26.908 makes it from one end to the other we know 0:14:26.908 --> 0:14:30.928 that your security stack didn't block it. And then what 0:14:30.928 --> 0:14:33.118 we do is we produce all the data to show 0:14:33.538 --> 0:14:36.778 what in your security stack could have blocked it but 0:14:36.778 --> 0:14:40.258 you don't have it together correctly the painful to do that. 0:14:40.808 --> 0:14:44.288 Mm hmm interesting. Yeah. Yeah. 0:14:44.308 --> 0:14:47.728 And just to let everyone know who's listening. This is 0:14:47.728 --> 0:14:51.718 not about the vendor thing. So we have lots more 0:14:51.718 --> 0:14:55.688 questions about elections itself but I think this is important. 0:14:55.698 --> 0:14:59.218 And I actually want to ask you does this interact 0:14:59.218 --> 0:15:02.608 at all with election security devices like do you put 0:15:02.608 --> 0:15:06.228 it on a network where polling devices are in use 0:15:06.228 --> 0:15:09.118 this technology to defend elections in any way or is 0:15:09.118 --> 0:15:09.898 it unrelated. 0:15:11.538 --> 0:15:14.178 No you would actually put it into the segment in 0:15:14.178 --> 0:15:17.808 which those voting polling devices are going to be located 0:15:18.588 --> 0:15:21.558 and then what you would be doing is just assessing 0:15:21.668 --> 0:15:24.678 that the controls that are protect to protect that voting 0:15:24.678 --> 0:15:27.848 device are actually working like they're supposed to be working 0:15:27.868 --> 0:15:32.358 because many of these voting devices are connected to either 0:15:32.358 --> 0:15:35.898 a separate network or an outer band network and you 0:15:35.978 --> 0:15:40.638 monitor that from a defensive staff who's actually doing what 0:15:40.638 --> 0:15:41.898 it's supposed to be doing OK. 0:15:42.048 --> 0:15:44.208 That makes sense. So you're you're basically looking at the 0:15:44.208 --> 0:15:48.888 health of the networks and the connectivity around that environment. 0:15:48.888 --> 0:15:50.748 So it's not like running an age and like on 0:15:50.748 --> 0:15:53.588 the voting machine or something like that and looking out 0:15:53.708 --> 0:15:56.818 for anybody making standpoint that's all right. 0:15:57.078 --> 0:15:59.658 The voting machines have enough going on up there and 0:15:59.658 --> 0:16:02.698 they don't need any more heavyweight things put on there. 0:16:02.718 --> 0:16:05.118 Speaking of that what did you think about the Iowa 0:16:05.118 --> 0:16:07.908 situation yeah. 0:16:07.938 --> 0:16:12.468 And so this was really fascinating to me. I belong 0:16:12.468 --> 0:16:17.348 to a Forbes Technology Council and it was immediately sent 0:16:17.348 --> 0:16:20.508 a note by another member who was on the council 0:16:20.808 --> 0:16:23.168 and me on there like five or six others in 0:16:23.178 --> 0:16:24.608 this little dialogue. 0:16:24.738 --> 0:16:26.898 And as soon as I got it the next morning 0:16:27.618 --> 0:16:29.988 I just was easy for me to respond back and 0:16:30.078 --> 0:16:33.558 I knew in my heart that it was not because 0:16:33.558 --> 0:16:39.408 of the cyber vulnerability but development then you know I 0:16:39.408 --> 0:16:43.908 was a CIO myself at U.S. Transportation Command and what 0:16:44.058 --> 0:16:47.268 always happens in software is that there is a rush 0:16:47.628 --> 0:16:51.828 to finalize the code and then that generally leads to 0:16:51.828 --> 0:16:55.308 a lack of amount of time for the testing organization 0:16:55.608 --> 0:16:58.608 to do their full vetting of it before that app 0:16:58.608 --> 0:17:02.388 goes into production. Sure. That was my first suspicion and 0:17:02.388 --> 0:17:05.258 that that's the one that actually turned out to be true. 0:17:05.268 --> 0:17:10.937 My second suspicion was that there wasn't enough data sets 0:17:10.937 --> 0:17:14.178 available for them to actually go do the testing at 0:17:14.177 --> 0:17:17.388 scale and we see this all the time. It doesn't 0:17:17.388 --> 0:17:20.898 matter how large a organization is having that real production 0:17:20.898 --> 0:17:24.228 data it gets hard to come by. And then my 0:17:24.228 --> 0:17:27.527 third suspicion was there was no never a dry run 0:17:27.798 --> 0:17:31.248 of the entire system from end. So it turned out 0:17:31.248 --> 0:17:34.128 that the number one hey this rush to get there 0:17:34.427 --> 0:17:37.167 actually happened because we did x and the number to 0:17:37.177 --> 0:17:41.378 beat 360 or do a dry run with that. 0:17:41.388 --> 0:17:45.757 Interesting what that application. Yeah yeah. 0:17:45.947 --> 0:17:48.288 Now M.I.T. has done a review of their code. Now 0:17:48.318 --> 0:17:50.537 they've got all these other vulnerabilities but that wasn't the 0:17:50.538 --> 0:17:53.148 cause of the problem on top of that. 0:17:53.207 --> 0:17:58.267 Interesting. How do you see the relative threats of overall incompetence. 0:17:58.308 --> 0:18:00.947 Like you said just not necessarily incompetence but like software 0:18:00.947 --> 0:18:03.677 is hard and complex and there are lots of failures 0:18:04.068 --> 0:18:08.778 versus a lack of transparency into voting versus actual for 0:18:08.777 --> 0:18:12.328 an intervention into the system. How do you stock those 0:18:12.318 --> 0:18:13.388 as as threats. 0:18:14.608 --> 0:18:19.708 Well I would certainly stack. Number one foreign intervention through 0:18:19.767 --> 0:18:24.717 either miss or disinformation using social media platforms as being 0:18:24.717 --> 0:18:29.888 the number one threat and that is primarily because I 0:18:29.888 --> 0:18:34.087 think we've done a very good reason for this show 0:18:34.388 --> 0:18:38.087 about addressing the hardware and software pieces of it and 0:18:38.148 --> 0:18:41.388 to your point. Software is never going to be perfect. 0:18:41.497 --> 0:18:44.197 So that's how I would say that's the the order 0:18:44.197 --> 0:18:46.687 of those of those two threats is when we look 0:18:46.687 --> 0:18:50.617 at the voting process. Dan it's actually pretty simple. You 0:18:50.618 --> 0:18:53.828 have an eligible voter. You have one vote and that 0:18:53.828 --> 0:18:55.717 vote has to be kept secret. 0:18:55.898 --> 0:18:58.537 And then what happens is we have a chain of 0:18:58.538 --> 0:19:04.947 custody and it needs to be an end and verifiable structure. 0:19:05.017 --> 0:19:09.368 We have to guarantee integrity of the. And then that 0:19:09.368 --> 0:19:14.768 the ballot was actually cast was collected and that's been counted. 0:19:14.788 --> 0:19:17.258 And now we need to verify that. I mean it's 0:19:17.257 --> 0:19:20.707 a pretty pretty simple thing actually in the end. 0:19:20.707 --> 0:19:23.847 Interesting. What would you say. I actually agree with you 0:19:23.858 --> 0:19:26.407 for the record. But what would you say to somebody 0:19:26.407 --> 0:19:29.767 who says well yeah there was foreign interaction you know 0:19:29.767 --> 0:19:33.007 interference with the 2016 election but it didn't seem to 0:19:33.007 --> 0:19:35.647 have that much impact in a tangible way. I'm not 0:19:35.648 --> 0:19:37.537 sure we have great data on that. I think a 0:19:37.538 --> 0:19:41.378 lot might be conjecture. But let's say it wasn't that 0:19:41.378 --> 0:19:45.217 much of a tangible impact in 2016. How would you 0:19:45.217 --> 0:19:47.138 respond to those numbers. 0:19:48.638 --> 0:19:52.957 Yeah I would say where it had the most tangible 0:19:53.048 --> 0:19:59.288 impact was creating divisiveness between groups. All right. So that's 0:19:59.288 --> 0:20:04.358 where it had the biggest impact versus you know pitting 0:20:05.947 --> 0:20:11.138 the Republicans versus the Democrats are actually influencing the election 0:20:11.288 --> 0:20:15.907 through the voting infrastructure itself but certainly creating dissent and 0:20:16.027 --> 0:20:19.208 animosity amongst groups played it played a big role in it. 0:20:19.227 --> 0:20:22.478 And that problem is not going to go away. And 0:20:22.538 --> 0:20:26.347 we've looked and have tracked this now since the early 0:20:26.378 --> 0:20:32.727 2000s and then you know specific some would say 40. 0:20:32.767 --> 0:20:38.227 Up to earlier this year we've seen them in the Philippines. 0:20:38.227 --> 0:20:40.417 We've seen it in the US elections we've seen it 0:20:40.447 --> 0:20:43.058 in France. We've seen it in Kenya seen it in 0:20:43.058 --> 0:20:48.367 Russia itself. We've seen it in Catalonia Andorra Cambodia and Mexico. 0:20:48.667 --> 0:20:52.238 Most recently in Hong Kong are not Hong Kong and 0:20:52.237 --> 0:20:57.787 Taiwan and their elections. So it's really our viewers and 0:20:57.788 --> 0:21:01.838 your listeners really have to pay attention to what is 0:21:01.838 --> 0:21:05.378 the source of the information in the media outlet that 0:21:05.378 --> 0:21:08.378 they're getting their data from and how they're making their decisions. 0:21:08.378 --> 0:21:09.967 That's what I would say that we have to just 0:21:09.967 --> 0:21:11.578 be smarter in that regard. 0:21:11.657 --> 0:21:14.977 Yeah I think that's crucial it seems like we can 0:21:14.977 --> 0:21:18.937 end up in November of 2020 with half of the 0:21:18.937 --> 0:21:23.467 country thinking the election was stolen whichever way it goes. 0:21:23.467 --> 0:21:25.537 What do you think we have to do to be 0:21:25.538 --> 0:21:26.417 able to address that. 0:21:28.368 --> 0:21:30.068 I don't think that will be the case. 0:21:31.947 --> 0:21:36.508 What I think more importantly right would be this whole 0:21:37.017 --> 0:21:39.927 issue on where did it. Where am I getting my 0:21:40.767 --> 0:21:43.318 my news media from and where am I getting my 0:21:43.318 --> 0:21:47.307 information from what are my trusted sources of that. And 0:21:47.308 --> 0:21:52.277 I think people have to educate themselves on getting you 0:21:52.277 --> 0:21:56.578 know familiar that hey there is a evolving threat landscape 0:21:56.578 --> 0:21:59.128 that is trying to impact the way that I think 0:21:59.128 --> 0:22:02.398 and what it is that I read and that if 0:22:02.427 --> 0:22:06.898 I'm only getting my information from one source I'm probably 0:22:06.957 --> 0:22:10.707 likely to get the least amount of right information. So 0:22:10.707 --> 0:22:13.167 it should be get kind of get cooperated. So I 0:22:13.167 --> 0:22:15.717 think people should try to get their news from you 0:22:15.828 --> 0:22:20.817 know well established news organizations versus some pop up site 0:22:20.907 --> 0:22:23.798 that has created some because they really don't know. 0:22:24.618 --> 0:22:29.407 I find it so that would probably be the the 0:22:29.667 --> 0:22:31.348 biggest thing. Then the second thing is that there are 0:22:31.348 --> 0:22:35.217 a lot of actually online resources that are voters if 0:22:35.217 --> 0:22:39.527 they are concerned about the voting infrastructure. 0:22:39.898 --> 0:22:42.447 If they can go to such an as the center 0:22:42.447 --> 0:22:47.157 net for Internet Security has a great election place Belfer 0:22:47.157 --> 0:22:51.607 Center at Harvard University also has one and then the 0:22:51.628 --> 0:22:55.648 DHS also has a collection services place where people can 0:22:55.648 --> 0:23:00.207 read up to you know make themselves more confident that 0:23:00.388 --> 0:23:03.388 you know things are being addressed and we will have 0:23:03.388 --> 0:23:04.998 a secure and uneventful. 0:23:05.487 --> 0:23:08.217 Yes even in 2020. That makes sense to me it 0:23:08.217 --> 0:23:11.518 all combines though into a single threat. Right. Which is 0:23:12.237 --> 0:23:15.177 the single goal for the attacker which is to reduce 0:23:15.267 --> 0:23:18.477 the legitimacy of the U.S. government in the mind of 0:23:18.477 --> 0:23:23.728 its citizens. Right. And it's all about this polarization. There's 0:23:23.727 --> 0:23:29.037 actually a conversation about how a lot of social media 0:23:29.068 --> 0:23:35.167 networks are trying to optimize for predictability in the user. Right. 0:23:35.187 --> 0:23:38.128 They actually don't want someone who's going to not be 0:23:38.128 --> 0:23:40.228 sure what to do with a piece of content. They 0:23:40.227 --> 0:23:44.008 want someone who's definitely going to like or hate something. 0:23:44.638 --> 0:23:48.088 And when we're training the algorithms we're actually training them 0:23:48.808 --> 0:23:54.507 to teach people to be more polarized which is which 0:23:54.507 --> 0:23:57.977 is kind of scary. And that's why I think I 0:23:57.977 --> 0:24:01.398 think we do have to worry about the 2020 situation 0:24:02.088 --> 0:24:05.657 because it's one thing to say well we should just 0:24:05.657 --> 0:24:07.027 take better sources. 0:24:07.247 --> 0:24:11.058 I think the problem is if they believe they have 0:24:11.058 --> 0:24:14.648 good sources they're not going to search for better ones. Right. 0:24:14.657 --> 0:24:18.777 And if you know what I mean so it's like basically. 0:24:19.937 --> 0:24:23.628 I think it was Hitchens that said if you have 0:24:23.628 --> 0:24:26.657 someone who doesn't accept evidence there's no evidence you could 0:24:26.657 --> 0:24:28.187 provide them to convince them. 0:24:31.687 --> 0:24:34.297 I would agree wholeheartedly with that. 0:24:35.277 --> 0:24:39.628 Right. And so again I just. There's no way you're 0:24:39.628 --> 0:24:41.058 going to come back I have no. 0:24:41.118 --> 0:24:45.867 No way to offer any solutions in that regard. In 0:24:45.868 --> 0:24:52.558 my personal view what we're seeing here are classic psychological 0:24:52.618 --> 0:25:00.078 operations being done at scale to influence elections that. 0:25:00.828 --> 0:25:02.747 Are Done. That's that's that's right. 0:25:02.818 --> 0:25:05.337 Yeah I agree with you. I mean what do you 0:25:05.338 --> 0:25:09.898 think are the main threads like what are the main 0:25:09.898 --> 0:25:14.068 messages that are trying to like advance it. I mean 0:25:14.338 --> 0:25:17.848 what we've saw before in 2016 it was very much 0:25:17.848 --> 0:25:21.088 along the lines of what you said earlier which is divisiveness. 0:25:21.088 --> 0:25:25.648 So they would find these niche groups that felt very 0:25:25.648 --> 0:25:29.038 strongly about a small topic and then they would inflame 0:25:29.187 --> 0:25:33.028 the counter side. In fact they they organized a physical 0:25:33.027 --> 0:25:35.487 one in Texas. I'm sure you heard of this one 0:25:35.487 --> 0:25:40.557