‘Internet of Things’ Could Be an Unseen Threat to Elections

Yves here. Lovely. And remember, one of the big justifications for 5G is to have even more devices talk to each other. Of course, no one needs to care about how elections are run if we have evil Rooskies to blame when the wrong side does a better job of rigging them.

However, calling for consumers to demand more security and privacy is barking up the wrong tree. Anyone who uses the Echo clearly doesn’t care. It is hard for me to work out why being able to order your music player around is so valuable as to justify exposing who is in your personal network.1

By Laura DeNardis. Professor of Communication Studies, American University School of Communication. Originally published at openDemocracy

The app failure that led to a chaotic 2020 Iowa caucus was a reminder of how vulnerable the democratic process is to technological problems – even without any malicious outside intervention. Far more sophisticated foreign hacking continues to try to disrupt democracy, as a rare joint federal agency warning advised prior to Super Tuesday. Russia’s attempt to interfere in the 2016 election has already revealed how this could happen: social media disinformation, email hacking and probing of voter registration systems.

The threats to the 2020 election may be even more insidious. As I explain in my new book, “The Internet in Everything: Freedom and Security in a World with No Off Switch,” election interference may well come through the vast constellation of always-on, always-connected cameras, thermostats, alarm systems and other physical objects collectively known as the “internet of things.”

The social and economic benefits of these devices are tremendous. But, in large part because the devices are not yet adequately secure, they also raise concerns for consumer safety, national security and privacy. And they create new vulnerabilities for democracy.

It is not necessary to hack into voting systems themselves but merely co-opt internet-connected objects to attack political information sites, stop people from voting, or exploit the intimate personal data these devices capture to manipulate voters.

Disrupting Political Communication

Connected objects have already been hijacked to shut down internet traffic.

The Mirai botnet of 2016 hijacked insecure video cameras and other home devices to launch a massive “distributed denial of service” attack that blocked access to many popular sites, including Reddit and Twitter. More recently, the FBI arrested a hacker for allegedly disrupting a California congressional candidate’s website, flooding it with so many false requests it became inaccessible for legitimate views.

Similar political attacks that hijack some of the billions of often insecure connected devices could disrupt campaign websites and social media. They could also restrict public access to government websites with information about how and where to vote, as well as news reports on election results.

Preventing People from Voting

Beyond blocking access to political information, a foreign agent or group might seek to stop people from voting by creating targeted chaos, whether by disrupting power systems, generating false weather or traffic reports, or otherwise triggering local emergencies that divert attention on Election Day.

Smart cities and the industrial internet of things are already targets, as evidenced by the yearslong history of Russia-attributed disruptions to Ukrainian power systems. Hacking home alarm or water systems could create politically micro-targeted local emergencies that distract people who would otherwise vote.

This type of local disruption in swing districts would be more likely to evade public or press scrutiny than an outright hack of election machines or vote-tallying systems.

The massive amount of intimate data these devices collect – when someone enters a building, drives a car, uses a sink, or turns on a coffee machine – could also make political operatives more susceptible to highly targeted spear phishing attacks. These tactics trick people into relinquishing personal information or clicking on malicious links – mistakes that gave hackers access to Democratic National Committee emails in 2016.

Similar phishing attempts on political campaigns continue, seeking to infiltrate email accounts used by presidential and down-ballot candidates. The more believable they are, the more effective they are – so an email referencing personal facts gleaned from connected objects would make these attacks more potent.

Not being surprised again

More things than people are now connected to the internet. These connected objects are a new terrain for election interference – and people shouldn’t be surprised if they’re used that way.

To address this over the long term, customers will have to demand better privacy and security from their connected devices, such as doorbells and lightbulbs. Companies – and political institutions – that connect these devices to their networks will have to build in appropriate safeguards. Manufacturers will also have to design better protections into their devices. There may also need to be data privacy laws limiting how personal information is collected and shared.

More immediately, though, it is essential not only for state and local authorities and intelligence communities to remain vigilant, but for citizens to take security precautions with their own devices, and be on high alert for personalized attempts to influence or disrupt their political participation.

Preserving democracy now requires taking seriously the consequences of the internet being deeply embedded in the physical world – the internet in everything. We are all responsible.

[

___

1 Say you have a dinner party at your house. The Echo can capture each voice. More and more banks are using voiceprints as IDs (some whether you want to or not, like JP Morgan). The Echo can also detect whether it has heard the a particular it heard at your party in another setting….say someone who decided to use Echo in his hotel, or in a doctor’s office, or at another party.

Print Friendly, PDF & Email

17 comments

  1. Watt4Bob

    Consider this; when your neighbor across the street installs one of those ‘Smart’ door bells with an embedded camera facing the street, and by coincidence, your house, he has put you under surveillance, 24/7.

    Did your neighbor ask permission to surveil your premises?

    1. Jack

      External home cameras have been around for years without the fancy doorbells, etc. A friend of mine has 120 seconds of full color video showing a guy getting out of a car at 430 AM, going up to his unlocked car and removing the key fob.

      To the best of my visual knowledge evey house but mine has some sort of external video. The train has left the station.

      1. Carey

        >External home cameras have been around for years without the fancy doorbells

        “deal with it, proles!”

        Pass

    2. campbeln

      This is far less of a concern, IMHO, so long as they are not connected to central databases of information, making them accessible to others.

      My dash cam, for example, is not connected to anything save the SD card it writes to. It’s accessibility to police or otherwise is (generally) restricted by me and I believe people having dashcams are a net benefit.

      1. Watt4Bob

        My dash cam, for example, is not connected to anything save the SD card it writes to.

        Which means your dash cam is not part of the IOT, this thread is about the Internet of Things.

        We’ll learn more about its accessibility to Police right after you are involved in an accident, possibly when your camera ‘witnesses’ an accident.

  2. John

    The world turned day after day without smart this, smart that, and smart the other thing. There was life before aps and life without social media. The simple answer to all the angst and difficulty flowing from these things is get along without them. I have not been troubled by whatever or whomever is purported to have hacked the election in 2016 not am I surprised that someone did or might have or may have, after all the US government has been massively meddling in other peoples elections at least since the 1950s and the Israelis have been meddling in our elections since there was an Israel and at this moment there are any number of people whose allegiance to or whose allegiance leans toward Israel in positions to influence American policy to an extent that the phrase “wag the dog” expresses a reality and not an arch metaphor.

    If you do not like the intrusive nature of certain technologies, don’t use them. You can live without social media. Who cares that you are wearing blue polka dotted socks this morning, that your children have left for school, or that your infant had a bowel movement? Take away trivia and advertising and what is left of social media?

    1. Watt4Bob

      If you do not like the intrusive nature of certain technologies, don’t use them.

      You’ve ignored the question I ask above?

      You may believe that you’re not impacted by the IOT, but there is no basis in fact to support your belief.

      1. xkeyscored

        Too true. If reports are to be believed, Facebook probably has a file on me, although I’ve never signed up, and hardly ever go to their site. What do I do about that? Turn off javascript, clear cookies, etc, but what about other people who mention me there and on other social media, or catch me on videos that get uploaded and (maybe) scanned by facial recognition AI? Never mind when the Internet for Things spreads its tentacles everywhere.
        (Not only that, but there doesn’t appear to be any process whereby I can ask Zuckerborg what he’s got on me, unlike for his users. Has any non-user tried asking to see or delete their Factblock file?)

  3. shinola

    I find it difficult to take seriously anyone who, apparently, believes this about IoT:

    “The social and economic benefits of these devices are tremendous.”

    Also, the author doesn’t seem to understand that the greatest threats to voting integrity are domestic rather than foreign. (Russia! Russia!)

    1. xkeyscored

      I absolutely agree with your second point. I was going to say something similar.
      A “foreign agent or group might …” is entirely true, but nowhere does DeNardis say why she (apparently) doesn’t care if domestic actors do such things.

      1. Anarcissie

        That, to me, was a tell that the author does not really understand the technology or the implications of its use. I am not sure what a ‘professor of communication studies’ is supposed to profess — or study — but apparently it does not include first-hand contact with the tools of the trade involved with the Internet of Things, or the dangers they may pose, which go far beyond interfering with our supposedly democratic political processes.

  4. Eclair

    Last week, during a discussion about public transportation systems, we touched on the cost of IT and bureaucracy supporting fare systems. I mentioned that I had been appalled when I attempted, for the first time, to access my account via the internet and load on more money. (I take advantage of a vastly discounted senior rate.) There on the screen, unrolled a record of every bus trip I had taken, the location I boarded, the date and time. I had had no idea.

    A man in his late twenties looked surprised and asked me why I was upset. He uses his record as a sort of diary to remind him of his activities. He said that if the government was collecting this data, then he might be worried. I was speechless. Maybe it’s the vast age difference? I lived for 35 years BI (Before Internet.)

    1. JE

      If the govt was collecting this?!!??? Bwahahahahaha! Made my Monday. Hilarious. Blackly hilarious.

      Dr. Strangelove 2 or: How I Learned to Stop Worrying and Love The Surveillance State….

    2. xkeyscored

      He said that if the government was collecting this data, then he might be worried.
      and Yves’
      It is hard for me to work out why being able to order your music player around is so valuable as to justify exposing your who is in your personal network.

      I’ve watched and read quite a few things about Edward Snowden, and he more or less says that was his attitude when he was younger and more naive. Surely they aren’t surveilling everyone, and surely there are compelling reasons for the ones they are surveilling. I do find it harder to imagine how people can still have that attitude, but many do. “But why should I care? I haven’t done anything wrong.”

      1. xkeyscored

        And I guess it stems from seeing one’s government and economy etc as essentially benign, a few mistakes notwithstanding. That’s certainly how Snowden explains it.
        “Edward Snowden said that he had expected to work for the federal government, as had the rest of his family.” – Wikipedia
        And that’s what he went and did, first in a failed attempt to get into special forces, then to aid the ‘war on terror’ with his computer skills. Which gradually led him to see what kind of a war was being waged, and on whom.

Comments are closed.