New cyberthreats require new ways to protect democracy

New cyberthreats require new ways to protect democracy
Man and woman look at Microsoft ElectionGuard demos
Microsoft ElectionGuard demos on July 17, 2019 at the Aspen Security Forum in Aspen, Colorado. 

With the elections coming up, regardless of who you support, this is vital. I haven’t seen any other major tech company coming up with solutions, though it’s mentioned inside the full blog post.

Starting today at the Aspen Security Forum we’re demonstrating the first voting system running Microsoft ElectionGuard as an example of how ElectionGuard can enable a new era of secure, verifiable voting. The demo shows how it’s also possible to make voting more accessible for people with disabilities and more affordable for local governments while increasing security. Finding new ways to ensure that voters can trust the election process has never been more important. The world’s democracies remain under attack as new data we are sharing today makes clear. ElectionGuard and the range of offerings from Microsoft’s Defending Democracy Program, as well as tools from others in the technology industry and academia,  are needed more than ever to help defend democracy.

 

So the problem is real and unabated. It is time to find solutions. Governments and civil society have important roles to play, but the tech industry also has a responsibility to help defend democracy. As part of our contribution at Microsoft, we believe ElectionGuard will be an important tool to protect the voting process and to ensure that all voters can trust the outcome of free democratic elections.

 

Our ElectionGuard demo will showcase three core features.

 

First, people will be able to vote directly on the screen of the Microsoft Surface or using the Xbox Adaptive Controller, which Microsoft originally built in close partnership with organizations like the Cerebral Palsy Foundation to meet the needs of gamers with limited mobility. We hope this will help show the community how accessibility hardware can be built securely and inexpensively into primary voting systems and no longer requires separate voting machines to meet the needs of those with disabilities – ultimately making it easier for more people to vote.

 

Second, people using the demo will be provided with a tracking code that, when voting is complete, they will be able to enter into a website to confirm their vote was counted and not altered; the website will not display their actual votes. In the ElectionGuard software development kit (SDK) this verification feature will be enabled by homomorphic encryption, which allows mathematical procedures – like counting votes – to be done while keeping the data of people’s actual votes fully encrypted. The use of homomorphic encryption in election systems was pioneered by Microsoft Research under the leadership of Senior Cryptographer Josh Benaloh. This tracking code is a key feature of the ElectionGuard technology. For the first time, voters will be able to independently verify with certainty that their vote was counted and not altered. Importantly, in its final form, the ElectionGuard SDK will also enable voting officials, the media, or any third party to use a “verifier” application to similarly confirm that the encrypted vote was properly counted and not altered.

 

Third, the demo will show how ElectionGuard can enable end-to-end verifiable elections for the first time while retaining the familiarity and certainty of paper ballots. The demo will provide voters with a printed record of their votes, which they can check and place into a physical ballot box, with verification through the web portal serving as a supplemental layer of security and verifiability.

 

ElectionGuard is free and open-source and will be available through GitHub as an SDK later this summer. This week’s demo is simply one sample of the many ways ElectionGuard can be used to improve voting, and the final SDK will also enable features like Risk Limiting Audits to compare ballots with ballot counts and other post-election audits.

 

No one solution alone can address cyberattacks from nation-states. As we’ve seen, attackers will take any avenue to gain intelligence and disrupt the democratic process. That’s why Microsoft’s Defending Democracy Program has also offered Microsoft 365 for Campaigns and AccountGuard to protect political campaigns, parties and democracy-focused NGOs, and it’s why we’ve partnered with NewsGuard to defend against disinformation.

 

The post New cyberthreats require new ways to protect democracy appeared first on Microsoft on the Issues.

 

from Microsoft on the Issues https://ift.tt/2xVkjWA via IFTTT 

Advertisements

Protecting political campaigns from hacking |Microsoft on the Issues

Protecting political campaigns from hacking |Microsoft on the Issues

This is very much a step in the right direction. A challenge to open-source advocates to do something similar (LibreOffice are you listening!)

Today, at Microsoft’s Build Developer Conference, Microsoft CEO Satya Nadella announced a new service from our Defending Democracy Program called Microsoft 365 for Campaigns, which brings the high-end security capabilities of our Microsoft 365 Business offering to political parties and campaigns.

 

The majority of security breaches faced by political campaigns originate from malicious phishing attacks and target email and filesharing systems. But many campaigns are ill-equipped to deal with these threats from nation-states and criminal scammers. We talked with campaign staffers and leaders in campaign technology and heard repeatedly that security solutions for email often were too hard to configure and too expensive. M365 for Campaigns addresses both issues by making it easy to deploy advanced security features at a much lower price.

 

Starting today, campaigns can sign up to be notified when the service becomes available in June by visiting https://m365forcampaigns.microsoft.com.

 

M365 for Campaigns will be available in June to all federal election campaigns, federal candidate committees, and national party committees in the United States, and we are exploring ways to bring the service to other countries in the future.

 

As we said when we announced the Defending Democracy Program, threats to our democratic processes from cyber-enabled interference have become a critical concern. We must all partner and do more to protect free and fair elections, and securing campaigns is an important part of this work.

 

The post Protecting political campaigns from hacking appeared first on Microsoft on the Issues.

from Microsoft on the Issues http://bit.ly/2V1COln via IFTTT

‘Netizens’ highlights the need for collaboration to fight online harassment, ‘revenge porn’ | Microsoft on the Issues

Microsoft recently hosted a screening of the documentary film “Netizens”, which examines the online harassment of women and the non-consensual distribution of intimate images, what is commonly but unartfully referred to as “revenge porn.” The event, which included a multi-stakeholder panel discussion, underscores the need for all groups to work together to tackle online hate and abuse and to promote digital civility and safer and more respectful online interactions.

 

Microsoft’s approach

 

At Microsoft, we believe “whole society” strategies hold the greatest promise for addressing issues like online harassment and the non-consensual distribution of intimate images. It was nearly four years ago that we announced our approach to the non-consensual distribution of intimate images on our consumer services. At the time, we sought to put victims back in control of their privacy, stating that when contacted by a victim or his or her representative, Microsoft would remove links to photos and videos from Bing search results and remove the content itself when it was shared on OneDrive or Xbox Live. We created a dedicated web form for making such reports to us.

 

Digital civility and ‘Netizens’

 

In addition, Microsoft was eager to collaborate with Lowen and her team given the close alignment to our own ongoing campaign for digital civility, fostering safer, healthier and more respectful online interactions among all people. Our work in digital civility started in 2016, and we’re about to field our fourth installment of global perception and attitudinal research. Each year, we survey teens and adults about their exposure to more than 20 online risks, including “sexploitation” and the non-consensual distribution of intimate images.

 

Learn more

 

To learn more about the film, visit the “Netizens” website and consult these Microsoft resources: online bullying and harassment factsheet, risks of sexting factsheet. For more on general online safety issues, visit our website and resources page. And, for regular news and information about online safety, connect with us on Facebook and Twitter.

 

from Microsoft on the Issues http://bit.ly/2PdKDTG
via IFTTT

An important step toward peace and security in the digital world – Microsoft on the issues.

An important step toward peace and security in the digital world – Microsoft on the issues.

Today, French President Emmanuel Macron launched a global effort among governments, businesses and civil society to protect and defend against threats to the digital infrastructure that runs our daily lives. We’re proud to be one of the 370 signatories of The Paris Call for Trust and Security in Cyberspace. This includes 51 governments from around the world, including all 28 members of the European Union and 27 of the 29 NATO members. It also includes key governments from other parts of the world, including Japan, South Korea, Mexico, Colombia and New Zealand.

 

The Paris Call is an important step on the path toward digital peace, creating a stronger foundation for progress ahead. It calls for strong commitments in support of clear principles and strong norms to protect citizens and civilian infrastructure from systemic or indiscriminate cyberattacks. Similarly, it calls for governments, tech companies and nongovernmental organizations (NGOs) to work together to protect our democracies and electoral processes from nation-state cyberthreats.

 

The Paris Call breaks new ground by bringing together to support these steps an unprecedented and broad array of supporters. Its signatories include more than 200 companies and business associations, including leading tech companies such as Microsoft, Google, Facebook, Intel, Ericsson, Samsung, Accenture, Fujitsu, SAP, Salesforce and Hitachi. Importantly, it also includes leading financial services institutions such as Citigroup, Mastercard, Visa, Deutsche Bank, as well as industrial leaders such as Nestle, Lufthansa and Schneider Electric. And it includes almost 100 critical NGOs that span groups across civil society.

 

All of this is important for a reason. Success in advancing cybersecurity requires an approach that is not only multinational, but multistakeholder in nature. This is because cyberspace, unlike the traditional planes of warfare like land, sea and air, is typically privately owned. Cyberspace in fact consists of concrete elements in the real world, such as datacenters, undersea cables, and laptops and mobile devices. These are designed and manufactured by private companies. And often they are owned and operated by tech companies and others in the private sector.

The post An important step toward peace and security in the digital world appeared first on Microsoft on the Issues.

Technology and the US military | Microsoft on the Issues

Technology and the US military | Microsoft on the Issues

Over the last few months, there has been a debate in our industry about when and how technology companies should work with the government, and specifically whether companies should supply digital technology to the military, including here in the United States. Yesterday, Satya Nadella and I addressed this issue in a conversation with our employees at the company’s monthly Q&A session. Given the public interest in this question, we want to be transparent both internally and externally on where Microsoft stands on these issues.

 

As we explained at our Q&A session, our work as a company in this space is based on three straightforward convictions.

 

  1. We believe in the strong defense of the United States and we want the people who defend it to have access to the nation’s best technology, including from Microsoft.
  2. We appreciate the important new ethical and policy issues that artificial intelligence is creating for weapons and warfare…
  3. We understand that some of our employees may have different views…

<snip> The post Technology and the US military appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/2OREaRB via IFTTT

EHR vendors, you’re not only next, but now.

This blog and other places have discussed the recent publicity about Ransomware and how hospitals cope with it, some better than others. What they really want is the Electronic Health Records that are employed in such environments. EHR are very personal and specific. Add the web-based nature of exchange and that is manna to a hacker because they can “hit once, effect many”. Mark Menke, security expert and CTO of Network DLP at Digital Guardian remarked: The financial incentives associated with EHR adoption encourage healthcare providers to roll out bare-bones systems without the infrastructure to back them u(Lisa Hoover McGreevey, 2016).
 
  1. HIPAA has very specific rules regards data security and the chain of command. Ignore this at your peril.
  2. Virtually all data in an EHR is valuable, some parts more than others. It is the cyber security specialist along with the practice IT staff or consultants to know the difference. Ignorance is not bliss here.
  3. Encryption, Digital Rights Management (DRM), Single Sign On (SSO), and other technologies are your gateway to mitigating the attacks that will come.
  4. Backups, Backups, Backups. The size of the organization will determine how often this is done; Real-time on-site/off-network and hourly off-site is a good place to start.
(Mark Menke, 2016).

Continue reading