The most trivial communications were weaponized and drastically changed the course ofthe 2016 elections right before our eyes. As a result, information security is now a number one priority for all political campaigns — domestic and international. Yet many in the political community, including France, theUK, and the US, are deploying the same old practices, tools, and user training for communicating highly-sensitive information. In addition to continuing to hoard high-target data, political parties and candidates are reluctant to change behaviors and ask for help. Admitting to being hacked hasbecome increasingly stigmatized, preventing under-resourced campaigns andthe policy community from understanding how to deal with persistent and well-funded adversaries.
What have we learned and how likely is it that this will happen to election campaigns again? This talk will provide a first-hand context for understanding the exact political, media and security environments in which multiple breaches were detected on the democratic sideof the 2016 campaign and how they went unmitigated for months. The talk will then trace how, in the aftermath, the affected parties have attempted,successfully or not, to recover and learn to work with the infosec community. We will also touch on what impact product decisions in the tech and security space have on ordinary users’ ability to do their work, including running national campaigns. Finally, the talk will touch on ephemerality becoming a number one behavioral change the ‘victims’ of the election hackingseek as an antidote to information weaponization.