BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: Conflicting Security Reports from Halderman-Springal ll and\n from MITRE: Which Is Right?\n When: Saturday\, Aug 12\, 12:55 - 13:40 PDT\n Where: Caesars Forum - Academy - 415-418 - Voting Village - [1]Map\n Speakers:David Jefferson\,Drew Springall\,Richard DeMillo\n\ n SpeakerBio:David Jefferson\n Dr. David Jefferson is a computer scien tist and an internationally\n recognized researcher on election security for well over twenty years\,\n advising five Secretaries of State of Ca lifornia on voting technology\n issues. He served as the Chair of the Se cretary of State's\n Post-Election Audit Standards Working Group\, the p anel that invented\n the notion of risk limiting audits and has written extensively on\n elections and voting security.\n Twitter: [2]@drjeffe rson\n\n SpeakerBio:Drew Springall\n I am an Assistant Professor in th e Department of Computer Science and\n Software Engineering ([3]https:// www.eng.auburn.edu/comp/) at Auburn\n University ([4]https://auburn.edu/ ). As a security researcher\, I focus\n on nation-state/highly privilege d attackers\, Internet-scale\n measurement/vulnerabilities\, and electio n security. I recently left\n Google's Production Security team where I was working to mitigate\n insider threats\, secure core infrastructure\, and improve the overall\n security and privacy properties of Google's p roducts and services. My\n Ph.D. research focused on studying nation-sta te attackers such as the\n NSA\, GCHQ\, and other intelligence agencies to understand their\n approach to security issues and identify weaknesse s that are\n form-fitted to their special abilities and characteristics. Throughout\n my graduate education at the University of Michigan ([5]ht tps://umich.edu/)\,\n I was advised by Prof. J. Alex Halderman ([6]https ://jhalderm.com/)\n and funded by an NSF Graduate Research Fellowship\, the Post-9/11 GI\n Bill\, Google ATAP\, and others. My work has helped e xplain intelligence\n agencies' ability to defeat widely used cryptograp hy ([7]https://aaspring.com/ccs2015/imperfect-forward-secrecy-ccs15.pdf)\, \n identify and analyze the danger posed by common cryptographic\n sho rtcuts ([8]https://aaspring.com/imc2016/crypto-shortcuts.pdf) used\n in the TLS protocol\, and demonstrated the real-world potential of\n electi on interference by foreign actors ([9]https://aaspring.com/ccs2014/ivoting -paper.pdf)through\n technical means. This research has been covered and cited by The\n Wall Street Journal ([10]https://cacm.acm.org/news/1872 59-new-computer-bug-exposes-broad-security-flaws/fulltext)\,\n The Washi ngton Post ([11]https://www.washingtonpost.com/news/the-switch/wp/2014/05 /13/how-russia-could-easily-hack-its-neighbors-elections/)\,\n ARS Tech nica ([12]https://arstechnica.com/security/2015/05/https-crippling-attack- threatens-tens-of-thousands-of-web-and-mail-servers/)\,\n the Guardian ( [13]https://www.theguardian.com/technology/2014/may/12/estonian-e-voting-s ecurity-warning-european-elections-research)\,\n US-CERT ([14]https://ww w.us-cert.gov/ncas/alerts/TA17-075A)\, NIST ([15]https://nvd.nist.gov/vuln /detail/CVE-2015-4000)\,\n FBI Cyber Division ([16]https://info.publicin telligence.net/FBI-PHI-FTP.pdf\,\n Playboy (SFW) ([17]https://web.archiv e.org/web/20180126034202/https://www.playboy.com/articles/technology-will- destroy-democracy).\n Twitter: [18]@_aaspring_\n\n SpeakerBio:Richard DeMillo\n Richard DeMillo is a professor at Georgia Tech’s School of\n Cybersecurity and Privacy. He holds the Charlotte B. and Roger C.\n W arren Chair in Computing at Georgia Tech. He is is also Managing\n Direc tor of Gtatrium™\, LLC\, a subsidiary of Georgia Advanced\n Technology Ventures. He was formerly the John P. Imlay Dean of\n Computing and Dir ector of the Georgia Tech Information Security\n Center. Positions he he ld prior to joining Georgia Tech\, include: \n Chief Technology Officer for Hewlett-Packard\, Vice President of\n Computing Research for Bell C ommunications Research\, Director of the\n Computer Research Division fo r the National Science Foundation\, and\n Director of the Software Test and Evaluation Project for the Office of\n the Secretary of Defense. He has also held faculty positions at the\n University of Wisconsin\, Purdu e University and the University of\n Padua\, Italy. His research include s over 100 articles\, books and\n patents in software and computer engin eering\, cryptography\,\n cybersecurity\, and theoretical computer scien ce. In 1982\, he wrote the\n first policy for testing software intensive systems for the US\n Department of Defense. DeMillo and his collaborato rs launched and\n developed the field of program mutation for software t esting\, which is\n today the standard technique for determining softwar e test adequacy.\n He is a co-inventor of Differential Fault Cryptanalys is and holds the\n patent on applying DFA to break public key cryptosyst ems. His 1979\n paper “Social Processes and Proofs of Theorems and P rograms\,”\n co-authored with Richard Lipton and Alan Perlis has been reprinted\n dozens of times and was recently cited as one of the 50 clas sic papers\n in the history of computer science. He currently works in t he area of\n election and voting system security. His work has been cite d in court\n cases\, including a 2019 Federal Court decision declaring\n unconstitutional the use of paperless voting machines. He has served\n as a foreign election observer for the Carter Center and is a member\n of the State of Michigan Election Security Commission. He has served\n on boards of public and private cybersecurity and privacy companies\,\n including RSA Security and SecureWorks. He has served on many\n non-prof it and philanthropic boards including the Exploratorium and\n the Campus Community Partnership Foundation (formerly the Rosalind and\n Jimmy Car ter Foundation). He is a fellow of both the Association for\n Computing Machinery and the American Association for the Advancement\n of Science. In 2010\, he founded the Center for 21st Century\n Universities\, Georg ia Tech’s living laboratory for fundamental\n change in higher educati on. He served as Executive Director for ten\n years. He was named Lumina Foundation Fellow for his work in higher\n education. His book\, Abelar d to Apple: The Fate of American Colleges\n and Universities\, (MIT Pres s\, 2011) helped spark a national\n conversation about online education.  A 2015 sequel\, Revolution in\n Higher Education\, also published by MIT Press\, won the Best Education\n Book award from the American Associ ation of Publishers. From\n 2015-2018\, he co-chaired Georgia Tech’s C ommission on Creating the\n Next in Education. The Commission’s report was released in 2018 and\n was awarded the awarded 2019 Achievement Awa rd of the Association for\n Educational Communications and Technology. H e received the ANAK\n Society’s Outstanding Faculty Member Award in 20 16 for his work in\n service to students.\n Twitter: [19]@rad_atl\n\n Description:\n Join us for a timely and important discussion of the vu lnerability of\n Dominion Voting Systems ImageCast X (ICX) ballot-markin g devices\, used\n in many states including Georgia--where there was ext ended illicit\n access to voting systems and software in 2021. (An ICX i s available at\n Voting Village this year for researchers to explore.) I n an unrebutted\n expert report filed in a federal suit seeking to compe l the State of\n Georgia to reduce reliance on the ICX\, Professors J. A lex Halderman\n and Drew Springall documented security vulnerabilities i n the ICX that\n would allow votes to be altered. CISA issued a vulnerab ility advisory\n confirming the principal claims in that report. Dominio n Voting\n Systems contracted with MITRE Corporation\, a Federally Funde d Contract\n Research and Development Center (FFRDC)\, to critique the\n Halderman/Springall report. Georgia election officials have cited the\n MITRE report in their decision to use unpatched versions of\n Dominio n’s software in every precinct during the 2024 Presidential\n Election \, despite CISA's warnings.\n '\n\n 1. #CaesarsAcademyBR\n 2. https: //twitter.com/drjefferson\n 3. https://www.eng.auburn.edu/comp/\n 4. h ttps://auburn.edu/\n 5. https://umich.edu/\n 6. https://jhalderm.com/\ n 7. https://aaspring.com/ccs2015/imperfect-forward-secrecy-ccs15.pdf\n 8. https://aaspring.com/imc2016/crypto-shortcuts.pdf\n 9. https://aasp ring.com/ccs2014/ivoting-paper.pdf\n 10. https://cacm.acm.org/news/18725 9-new-computer-bug-exposes-broad-security-flaws/fulltext\n 11. https://w ww.washingtonpost.com/news/the-switch/wp/2014/05/13/how-russia-could-easil y-hack-its-neighbors-elections/\n 12. https://arstechnica.com/security/2 015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail- servers/\n 13. https://www.theguardian.com/technology/2014/may/12/estoni an-e-voting-security-warning-european-elections-research\n 14. https://w ww.us-cert.gov/ncas/alerts/TA17-075A\n 15. https://nvd.nist.gov/vuln/det ail/CVE-2015-4000\n 16. https://info.publicintelligence.net/FBI-PHI-FTP. pdf\,\n 17. https://web.archive.org/web/20180126034202/https://www.playb oy.com/articles/technology-will-destroy-democracy\n 18. https://twitter. com/_aaspring_\n 19. https://twitter.com/rad_atl\n\n\n DTEND:20230812T204000Z DTSTART:20230812T195500Z LOCATION:VMV - Caesars Forum - Academy - 415-418 - Voting Village SUMMARY:Conflicting Security Reports from Halderman-Springalll and from MIT RE: Which Is Right? END:VEVENT END:VCALENDAR