How to make elections secure in the age of digital operatives

Former Facebook CSO Alex Stamos tells us what he learned in 2016 and what comes next.

Video by Chris Schodt, production by Justin Wolfson (video link)

In our latest episode of Ars Technica Live, we talk about election security. My guest was Alex Stamos, a researcher at Stanford who just happened to be the CSO at Facebook when the company discovered Russian operatives meddling in the US presidential election. He told us about that experience, and what's worrying him about the future of UU democracy.

It was odd for technical experts like Stamos and his team at Facebook to find themselves at ground zero of a political propaganda war. Stamos explained that infosec researchers are not typically trained to deal with things like weaponized memes. "We had ignored that the vast majority of human harm caused online has no interesting technical component," he said wryly. "It's a technically correct use of the products we build."

Read 26 remaining paragraphs | Comments

Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds

(credit: David Ramos/Bloomberg via Getty Images)
According to a new report by Reuters citing anonymous intelligence officials, in 2015, Yahoo covertly built a secret “custom software program to search all of its customers’ incoming emails for spe…

(credit: David Ramos/Bloomberg via Getty Images)

According to a new report by Reuters citing anonymous intelligence officials, in 2015, Yahoo covertly built a secret “custom software program to search all of its customers' incoming emails for specific information.”

Reuters noted that Yahoo “complied with a classified US government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.” It is not clear what data, if any, was handed over.

Presuming that the report is correct, it would represent essentially the digital equivalent of a general warrant—which is forbidden by the Fourth Amendment, as Electronic Frontier Foundation lawyer Andrew Crocker noted on Twitter.

Read 3 remaining paragraphs | Comments