The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research and development at the intersection of information and communication technologies, human rights, and global security. Learn more.
Shortly before the election, the president endorsed Mr. Kemp, and the political tide turned. He has a skill set that Mr. Trump desperately needed but was curiously silent about in his endorsement: He is a master of voter suppression.
Hackable polling machines, voter roll purges, refusing to register voters until after an election, the use of investigations to intimidate groups registering minorities to vote — Mr. Kemp knows it all.
.. Voter suppression keeps Georgia a red state. Since 2005, Republicans have controlled the State Legislature as well as the governor’s office. Now most of the congressional districts are Republican. So are nearly 64 percent of the state representatives and 66 percent of the state senators... Whites make up less than 60 percent of the state’s population but more than 90 percent of people who voted Republican in the primary. The state’s gerrymandered districts, drawn and redrawn by the Republican-dominated Legislature, mirror the inordinate and disproportionate power of this constituency... He has begun investigations into organizations that registered nearly 200,000 new Asian-American and African-American voters — efforts that resulted in the first majority-black school board in a small town.His investigations yielded no charges, no indictments, no convictions, despite years of probing, suspects’ losing their jobs and Georgia Bureau of Investigation agents knocking on doors. Yet the intimidation had an impact. An attorney from a targeted organization told a reporter: “I’m not going to lie; I was shocked. I was scared.”.. While Mr. Kemp insisted that these investigations were about preventing in-person voter fraud (which basically doesn’t exist), he was more candid when talking with fellow Republicans: “Democrats are working hard,” he warned in a recording released by a progressive group “registering all these minority voters that are out there and others that are sitting on the sidelines.”
“If they can do that, they can win these elections in November,” Mr. Kemp said. Therefore, even after the multiple investigations yielded no indication of fraud, thousands of people registered during these drives were not on the voter registration rolls, and a court ruling kept it that way.
Mr. Kemp also used Exact Match, a version of the infamous Crosscheck database, to put tens of thousands of citizens in electoral limbo, refusing to place them on the rolls if an errant hyphen, a stray letter or a typographical error on someone’s voter registration card didn’t match the records of the state’s driver’s license bureau or the Social Security office
Using this method, Mr. Kemp blocked nearly 35,000 people from the voter rolls. Equally important, African-Americans, who made up a third of the registrants, accounted for almost 66 percent of the rejected applicants. And Asian-Americans and Latino voters were more than six times as likely as whites to have been stymied from registering.
.. But as diligent as he has been about purging eligible citizens from the voter rolls, Mr. Kemp has been just as lax about the cybersecurity of the state’s 27,000 electronic voting machines. Although there were a series of warnings about the ease with which they could be hacked, Mr. Kemp did not respond. Georgia’s electronic voting machines, which run on Windows 2000, leave no paper trail; as a result, there is no way to verify whether the counts are accurate or whether the vote has been hacked.
.. Mr. Kemp finally accepted federal dollars, which he had refused for years, to update some of the machines. But his efforts were too little, too late.
.. officials at Kennesaw State University, which provides logistical support for the state’s election machinery, “destroyed the server that housed statewide election data.”
.. That series of events, including an April visit to the small campus by Ambassador Sergey Kislyak of Russia, raised warning flags to many observers. But not to Mr. Kemp, who said that there was nothing untoward in any of it; the erasure was “in accordance with standard IT procedures.”
.. Mr. Trump’s endorsement, therefore, was no surprise. Mr. Kemp had pulled off an incredible feat: Georgia’s population increased, but since 2012, the number of registered voters has decreased.
A Kemp victory in November is, therefore, transactional but essential for Mr. Trump. It means that there will be a governor, in a state that demographically should be blue, who is practiced and steeped in the nuances of disfranchisement. Mr. Kemp can rubber-stamp the Legislature’s voter-suppression bills that privilege the Republican Party, artificially increase the Republican representation in Congress and in the end protect a president facing mounting evidence of graft, corruption, conspiracy and the threat of impeachment.
a group of finance ministers to simulate a similar attack that shut down financial markets and froze global transactions. By several accounts, it quickly spun into farce: No one wanted to admit how much damage could be done or how helpless they would be to deter it.
.. something has changed since 2008, when the United States and Israel mounted the most sophisticated cyberattack in history on Iran’s nuclear program, temporarily crippling it in hopes of forcing Iran to the bargaining table.
.. the sophistication of cyberweapons has so improved that many of the attacks that once shocked us — like the denial-of-service attacks Iran mounted against Bank of America, JPMorgan Chase and other banks in 2012, or North Korea’s hacking of Sony in 2014 — look like tiny skirmishes compared with the daily cybercombat of today.
.. Yet in this arms race, the United States has often been its own worst enemy. Because our government has been so incompetent at protecting its highly sophisticated cyberweapons, those weapons have been stolen out of the electronic vaults of the National Security Agency and the C.I.A. and shot right back at us.
.. the WannaCry ransomware attack by North Korea last year, which used some of the sophisticated tools the N.S.A. had developed.
.. Nuclear weapons are still the ultimate currency of national power, as the meeting between President Trump and Kim Jong-un in Singapore last week showed. But they cannot be used without causing the end of human civilization — or at least of a regime. So it’s no surprise that hackers working for North Korea, Iran’s mullahs, Vladimir V. Putin in Russia and the People’s Liberation Army of China have all learned that the great advantage of cyberweapons is that they are the opposite of a nuke: hard to detect, easy to deny and increasingly finely targeted. And therefore, extraordinarily hard to deter.
.. Cyberattacks have long been hard to stop because determining where they come from takes time — and sometimes the mystery is never solved.
.. Today cyberattackers believe there is almost no risk that the United States or any other power would retaliate with significant sanctions, much less bombs, troops or even a counter cyberattack.
.. “They don’t fear us,”
.. At the State Department, the eviction took weeks, shutting down systems during negotiations on the Iran nuclear deal. The hackers were even bolder at the White House. Instead of disappearing when they were exposed, they fought back, looking to install new malware as soon as the old versions were neutralized.
.. It appears the attackers just wanted to prove they could go, and stay, anywhere in the American government’s network.
.. the United States never called out the Russians for what they were doing.
.. If Mr. Putin thought there was no price to be paid for invading White House systems, why wouldn’t he attack the Democratic National Committee?
.. By the summer of 2016, some Obama administration officials, waking to the threat, proposed counterstrikes that included exposing Mr. Putin’s hidden bank accounts and his ties to the oligarchs and cutting off Russia’s banking system. But the potential for escalation caused Mr. Obama and his top aides to reject the plan.
“It was an enormously satisfying response,” a senior American official told me later, “until we began to think about what it would do to the Europeans.”
Mr. Obama also understandably feared that anything the United States did might provoke Mr. Putin to tinker with election systems just enough to give credence to Donald Trump’s warning that the system was “rigged.”
.. Since the election, the American retaliation has included closing some Russian consulates and recreation centers and expelling spies — actions one Obama national security official called “the perfect 19th-century solution to a 21st-century problem.”
.. The wide-open vulnerabilities in America’s networks have essentially deterred the United States from credibly threatening retaliation against the Russians, the Chinese, the North Koreans and the Iranians.
.. One way to start is to make sure no new equipment goes on the market unless it meets basic security requirements. We won’t let cars on the road without airbags, so why do we do less with the systems that connect them to the internet?
.. Second, we must decide what networks we care most about defending — and make those priorities clear. Mr. Mattis’s threat to turn to nuclear weapons hardly seems credible — unless the cyberattack would create an existential threat to America. That requires an intensive public review of what is critical to our nation’s survival.
..President Trump forfeited the perfect opportunity when he decided against a commission to learn the larger lessons from the 2016 election.
.. the United States needs to end the reflexive secrecy surrounding its cyberoperations. We need to explain to the world why we have cyberweapons, what they are capable of and, most important, what we will not use them for.
.. it is in the nation’s interests to develop global norms clarifying that some targets are off limits: election systems, hospitals and emergency communications systems, and maybe even electric power grids and other civilian targets.
.. Microsoft’s president, Brad Smith, has proposed digital Geneva Conventions that begin to establish those norms, outside the structure of governments and treaties.
.. Intelligence agencies hate this idea: They want the most latitude possible for future operations in an uncertain world. But in any arms control negotiation, to create limits on others, you need to give up something.
Meltdown is a particular problem for the cloud computing services run by the likes of Amazon, Google and Microsoft.
.. Amazon told customers of its Amazon Web Services cloud service that the vulnerability “has existed for more than 20 years in modern processor architectures.” It said that it had already protected nearly all instances of A.W.S. and that customers must update their own software running atop the service as well.
.. To take advantage of Meltdown, hackers could rent space on a cloud service, just like any other business customer. Once they were on the service, the flaw would allow them to grab information like passwords from other customers.
.. That is a major threat to the way cloud-computing systems operate. Cloud services often share machines among many customers
.. The personal computers used by consumers are also vulnerable, but hackers would have to first find a way to run software on a personal computer before they could gain access to information elsewhere on the machine.
.. The worldwide community of coders that oversees the open-source Linux operating system, which runs about 30 percent of computer servers worldwide, has already posted a patch for that operating system.
.. The software patches could slow the performance of affected machines by 20 to 30 percent, said Andres Freund, an independent software developer who has tested the new Linux code.
.. The other flaw, Spectre, affects most processors now in use, though the researchers believe this flaw is more difficult to exploit. There is no known fix for it, and it is not clear what chip makers like Intel will do to address the problem.