So its to you every thing were doing and initiative for the launch of this crucially important report, and you know, people standing at the podium safe in my crucially important. It really is. Hacking the election, lessons from the defcon voting village. Here the Atlantic Council we operate under the Enduring Mission of working together to secure the future. This has meant seriously because the founders of Atlantic Council desecration, one of the people who helped found this was dean acheson wrote the book of the International Double order. We see that order is being under threat and we see one of the things exposed that most of tht in the order we created is the advance and the protection and security of democracies. We believe a stable prosperous world depends on building a sustaining democracy, and democracy depends on the sanctity of the boat. In recent years this fundamental quarter to our system of record has come under threat. Unprecedented assault in the United States and europe are bringing scrutiny and uncertainty to once and vibrant electoral processes. We at Atlantic Council have been doing quite a bit of work in countering this information both within our Eurasia Center and in our Digital Forensic research lab, cutting edge work. We havent done yet work in this area so its a particular pleasure and honor to be associated with this event and the work behind it. In the current geoPolitical Climate, preserving or in some cases reinstating public faith in the integrity of security of our elections is more crucial than ever before. This can only be achieved if were able to protect the technologies, to protect the technologies underpinning our democracy. While much of the discussion over the past 12 months has focused on the russian link Information Operations with carefully timed a leaks, fake news, facebook ads recently, recent revelations have made clear how vulnerable the very technologies we use to manage our records can cast a vote in town of results with our, and thats new. We have alarming evidence of russian connected hackers successfully breaching electronic poll books and state and local voter databases in a lease 21 states across the United States this recently released by the department of Homeland Security. You have to understand how careful dhs before puts out this kind of information. The Technical Community including many Atlantic Council experts have attempted to raise alarm about these threats for some years. This some of the experts on todays panel and others concerned about the safety of the vote teamed up with the World Largest hacker conference, defcon, to host the first ever, and id like this, first ever voting machine hacking village. This determined group invited security researchers to probe to dozens electronic Voting Machines to dozens. Many of which are still in use today. The hackers were able to break into and gain Remote Control of the machines in a matter of minutes. These findings from the voting village are incredibly disconcerting. We Atlantic Council applaud the groundbreaking and tireless work of the organizers to shed light on these threads and this unsettling reality. We believe that transparency is about 80 of what is needed because you have to understand to know the threat in order to get the targets and others to take care of defending themselves. This is a this is a simply a cyy issue but one of the most pressing National Security concerns eating at the bedrock of our democracy. The councils own cyber team is proud to support this critical effort by taking representatives james link of an and will las vegas this july, the first sitting congressman to ever attend the conference and witness firsthand this voting village. We are honored to continue this partnership by convening todays discussion and look forward to assisting in the next steps that is crucially important effort. You may have read in usa today that a group is coming together to try to continue to work and continue to work around this and were proud to be part of that. Before i turn over to jeff for his remarks, let me take a moment to introduce our panelists. Jeff is the founder of two of the most influential Information Security conferences in the world, defcon and black cat, and hes a senior fellow with Galactic CouncilsCyber Statecraft Initiative and are Brent Scowcroft said on interNational Security. Ambassador looked luke is a former u. S. Permanent representative of and serving under president obama from 2013 20132017. Prior to this and after retiring from active duty as Lieutenant General after 35 years of service he served as the assistant to the president and Deputy National adviser under president bush as well as under president obama. We had a bipartisan ethos. Youve worked in real handson bipartisan manner. John gilligan is chairman of the board at the center for the Internet Security cookies are just president of the Schafer CorporationSenior Vice President , and chief Information Officer at the u. S. Air force and department of energy. Sherri ramsay is Senior Advisor to the ceo at cyber. International, engaged in Strategy Development and planning. She is the former director of the nsa css threat operations center, thats a pretty big job and pretty significant position where she led discovery and characterization of threats to National Study systems. Harri hursti is a Founding Partner of nordic Innovation Labs in one of the organizers of the defcon voting village. He has fast dating insights. I just took a little bit outside this room on this probably would talk about today. Is one of the world leading authorities in the areas of election voting security and Critical Infrastructure security, and as an ethical hacker famously demonstrated how certain Voting Machines could be hacked, ultimately altering voting results. Our moderate today is jake braun. Jake is a lecturer at the university of chicago and ceo of cambridge global advisors, and coorganizer of the defcon voting village. Jake also serves a Strategic Advisor on cybersecurity to the department of Homeland Security and the pentagon. So this is a heavyweight group, and we are looking forward to your reflections. Huge thanks for all of you joining us today and joining us online, and thank you for everything you contributed to this work. Lastly i encourage anyone in the audience watching online to take part in the conversation by following at ac scowcroft and at voting village of d. C. , but using the Hashtag Hashtag accyber. And now without further delay, let me turn the podium over to jeff. Thank you. Good afternoon, everyone. Im going to start with a little bit of a story to give you some context on how we got here. And then just a couple of thoughts on where i i think wee going. For those of you curious, we had electronic Voting Machines for a long time, and hackers have been talking about them for a long time. I think harri has been poking at them for 14 years. At defcon with one of our first speakers talk about this concept of blackbox Voting Machines more than ten, 12 years ago. So in the hacking world its not new. Whats new dell is the attention on them and the importance that they are now playing in our democracy. So how did we get here . I want to blame this guy, jake, blame him. Jake was this National Security coordinator between the white house and dhs back when i first started at Homeland SecurityAdvisory Council ps as i got to know jake, and he was with a passion about voting protection he was involved in the obama campaign. Maybe last year we were talking and jake still with his Voter Protection hat on is saying i bet these machines are just, theres got to be problems with these machines, right . Oh, yeah, definitely problems with these machines. I just dont know what they are but i can tell you theres got to be problems. So i start looking online and i look for reports and to look for studies and other for security analysts hearing these machines apart, and you cant find any. You can find an adverse report from 2008. You can find some very controlled report with the manufacturers got the researchers to sign in the aas and to limited testing over a couple of days but for hacker like that doesnt count. I want to see the pictures. I want to see like that concentrate relation of attacking these machines. And so i told him i i couldnt find anything but im sure they are just a disaster. And it maybe a couple more weeks with my entity said you know what, you should just get a bunch of hackers and tear these things apart. Thats a great idea. But were not going to be up to get any of these from the manufacturers. They are so highly controlled the first purchase, sales agreements. You were not going to give these machines for the software. What i started looking on ebay and sure enough, thank you, ebay. There were some to be found, right . We have to hear that harri will hack into later. So sure enough okay we get our hands on some machines and they are not that expensive because of these things never get update. Theyve been around for like a decade pixie can get these things fairly inexpensively, and then, and so i allocated some space. We guess and people together. We started ordering machines and a realized im not a voting machine expert. I can tell you about generalized security problems. I can tell you historically what kind of systems have had issues, but i cant tell you the ins and outs specifically. My friend harri, matt blaze, sandy clark and some others have spent more than a decade looking at the set okay, you get the machines and you get as the space and we will run the village. It was really fascinating because if enough in my with the defcon, we have about 25,000 people that show up. That divides into many different topic areas but as soon as we announced the voting village, i got state, local, county Election Officials contacting me desperate for information. I have these machines and have no idea what they do. I have these machines and i dont know if i can trust him at the documentation. Tell me what you find. So well try to get them to come out and theyre like i have no budget. I get travel. Can you just live stream people attacking the machines . I dont know how much this could help you but we will write this report and this will helpfully help you. So this report is a culmination of a lot of things. One, it is the first step in trying to change the narrative. As you will read, these machines were pretty easy to hack. This flies in the face of narrative thats been spun by the manufacturers, which is you have to be an insider, you have to specific knowledge of the technology. Random people are not going to be able to just approach these machines and acting. They will need to spend some time to study them and understand the context. We open the doors and 35 inside one of the machines fell. It turns out that Hacking Technology is pretty much Hacking Technology. If you look at defcon without automobiles, implantable medical devices, airplanes, physical locks, Access Control systems, internet of things devices, adult toys, atm machines. So chances are yes, yes were g to be able to hack your tenyearold election machine. The difference that is that it counts. Now people are paying attention. They were not paying attention ten years ago, and so the other thing is now with not a conversation i think between us and the state and local officials i think this needs to be more of a discussion at a higher, more National Security level here i was struck something the ambassador said which was essentially theres two ways to change a government. The bullet box or the ballot box. And i thought about that for a while and we spend a lot of money on the bullet box. We have nuclear triads. We have oversight. We are testing ranges. We have a large amount of money in technology invested in the bullet box. How much do we have in the ballot box . Pretty much nothing. It was only just recently classified as Critical Infrastructure. So they both are i believe equally important for all of our energy is in the more exciting bullet box. I think part of what were going to say is it really needs to also be the ballot box because this path is not going away. Its only going to accelerate. So three thinks made this possible. The first, we have a an exception. Normally you would be able to reverse engineered these things for copyright violations, and the manufacturers aggressively use the in situ takedown notices to prevent researchers from publishing results are looking into these machines. There was a threeyear exemption because last year was your number two pick next year is your three. It we can get that exemption renewed or in permanent position, researchers will just be able to think about this technology and really provide an independent view of whats going on. That was not ever possible before. Once we removed the fear of litigation and wood lined up an impressive array of lawyers waiting to defend us if anything happened, we felt pretty confident going to the conference if anybody is going to sue us were going to have enough resources to defend ourselves. This time with the dmca outoftheway would be able to defend herself. The second one was a giant storm that collapsed the roof of the building where a title story all the Voting Machines. The Insurance Company total out all the equipment in the facility, including the Voting Machines. And the Insurance Company owned the Voting Machines now. There is no and sale agreement. Theres no sort of ndaa covering this equipment. The Insurance Company didnt want it. They gave it away to a recycler, and electronics recycler, who then, now they have the equipment with no ndaa and no Purchase Agreement signed. So now we got her hands on these machines we can do whatever we want and we are not violating any rules, any civil law. The manufacturer contact them and said hey, can you please disassemble all the machines . Basically take them out of commission. He said sure. How much do you want to pay me per machine . We want to pay you zero. Well, would you like to buy all the machines back . Well, no. Okay, this is my number. Call me back anytime you willing to change your mind and he just started selling them on ebay. Ladies and gentlemen, the voting machine. And last a file agreed that we have this culture of hacking things, and exploring and publishing results. It was these three things, upcoming defcon, the storm, the dmca made this possible for the first time and really, thats totally unacceptable. We been using these machines for more than a decade, and this is the first time we get to actually look under the hood . That doesnt make any sense as a country. Something is wrong therefrom a policy standpoint and we need to really understand whats going on and how do we fix that. We cant run our country like this. When is the next storm going to happen, right . I really want us to think about that. With that said i like to hand it over to jake who is going to go into a moderate q a session within when were done will go to the audience and answer any questions you may have. All right, thank you very much. [applause] im just going to sit for the q a. So first off, harri, you and professor blais where the technical leads running the hacking village vote hacking village. So tell us, what did you find . First of all it was every machine we had is packable. That was not [inaudible] instead this is a learning experience where people can first time sink their teeth into the machines, find the truth themselves. What be like it was how many Election Officials came in and hacked the method to used to rn the elections. They really came, cannot go ahead. The other thing was the speed. A lot of time when we have come one of the of been doing it, these secretary of state commission studies, one has been of course, if you have few weeks you connect. First of all [inaudible] they dont wake up and hangover. They have election, lets do that now. They have time, but as mentioned the dmca, regulation and the rules, those other things like it took long time. Right now we had less than half an hour with the first machine hectic we opened the doors at ten. At 11 already one team came to me, 11 was supposed be the introductory speech. At the tim