A lesson on election security from tea ladies

Our current election season faces the same problems as in 2016 and 2020. Foreign adversaries are interfering with the election process. This time we know it’s happening we know where it’s coming from and we have ways of dealing with it. The question is, is it enough? Maybe not, because it isn’t a technology issue. It’s a human issue. A Facebook group of tea aficionados may offer a lesson on election security we need.

Democracies worldwide debate whether the technology we use to collect and tabulate votes is corrupt. In some cases we have found significant flaws, but because of how we confirm the viability of the vote those technology issues have never altered the outcome of an election. Sometimes, in third-world countries, the technology has been manipulated by certain factions in power, but eventually, even those outcomes have been reversed with few exceptions.

Most of the time, the people screaming the loudest about election fraud belong to the same faction that is committing the fraud. It’s what is called the Wizard of Oz effect (“Pay no attention to the man behind the curtain.”)

It’s not always technology

Recognizing non-technical attacks from people claiming to be like-minded citizens is much harder. Meeting new friends on social media requires implementing a zero-trust philosophy, or maybe more accurately, a “trust but verify” philosophy.

That’s what the denizens of the Royal Winton Collectors Resource Group on Facebook employed to stop a ring of scammers recently.

Tea aficionados can be some of the most rabid fans even while demonstrating hospitality and acceptance. You can find them scattered throughout social media, not just Facebook, but Etsy, Ebay, and even Reddit where the r/Tea group has more than 800,000 rabid imbibers.

The Royal Winton Group is much smaller but growing rapidly. Based in Australia the group has an international membership with approximately 1,100 members scattered around the UK, Australia, and the US. They have a particular bent for Royal Winton Chintz designs, a historic British china producer. The group members share photos and suggestions as well as participate in a lively marketplace for rare items.

Not everyone is trustworthy

Joining the site is not that hard, although the administrators vet potential members fairly thoroughly. Often a member will state they are “downsizing” their collection and ask members if they are looking for any particular pieces.

In March, one new member under the name of “Trust Mabel” posted one of these announcements and one of the members responded with a private message.

“They replied back with pictures and prices and was willing to negotiate on the items,” said Cindy Oliver, a US collector. “But they wanted immediate payment so they could get it in the mail that day.”

The poster sent a picture of a loaded open trailer with boxes that looked like building materials, describing the items as “NEW”, Never Used”, for vintage Royal Winton items. At the same time they said the items were part of a parent’s collection.

Looking for the red flags

“That set off too many red flags. I asked if these items were listed elsewhere and they said ‘NO.’ So I hopped onto Ebay and found all 3 items, the same pictures and for sale by 3 different dealers, in 3 different locations.”

She confronted the scammer. “They got nasty, all while asking if I’ve sent payment.”

Other members, after reading the warning, checked the scammers’ profile and noticed the profile picture was of Markus Anderson, a close friend of Princess Meaghan.

The members reported the incident to group administrators and encouraged others to do the same to other platforms. That set off a wave of account cancellations.

Related:   Normalising data leaks: A dangerous step in the wrong direction

Four actions

There are four actions that the group took collectively that can be applied to al social media scams and disinformation.

  • Member responsibility. Oliver and others immediately warned the group about a scam’s presence and let the administrators know.
  • Swift administration. One of the administrators said this wasn’t the first problem they’ve had and, sometimes, they’ve had to put restrictions on members who have shared sketchy content.
  • Focus. The group sticks to its subject matter and doesn’t allow deviations and post-hijacking.
    “We have had to put restrictions on other members where their posts must be approved before they show up.” The administrator said.
  • Knowing your subject. Social media groups can be a great way to learn about a subject from experts. It’s also a good way for scammers to get caught doing disreputable things.

Crystal Morin, a cybersecurity strategist for Sysdig, applauded the efforts of the group, calling them nascent “cyberwarriors.” And she immediately saw the connection to fighting disinformation from adversary nations.

“You just need to be careful where you get your information from, and you need to come to determinations and assumptions on your own accord. You can’t rely on everybody else anymore. You can’t believe everything that you read on the internet or on your cell phone. That’s what leads to the divisiveness that we’re seeing in the country that’s coming again from both domestic and foreign adversaries.

We are on our own

“People must independently determine truths and reject unsupported views to counter foreign and domestic efforts fueling societal tensions,” she said.
Morin also brought up a fairly new idea of verification on social media, especially because, “Isolated areas face divides as urban-rural data differences grow. Personal verification is crucial everywhere due to easy access to conflicting claims online and on phones, regardless of location.

Serendipitously, media.com recently issued a study saying the majority of social media users surveyed supported mandatory mandatory user identity verification. Additionally, 67% are more likely to trust platforms that require proof of identity for verified users.

That might be good news for companies like Meta and Xitter. The former wants to charge up to $15 a month for a verification service and Elon Musk is already selling checkmarks to prop up his money pit. But if the results of the latter’s efforts are to be the measure, it will probably make thing worse.

The problem with social media companies and user verification is it reduces the number of disinformation bots. That lowers the amount of advertising revenue (fewer users, less money from advertisers).

Until legislators decide to force verification, we need to pour ourselves a cuppa and look at the platforms with a wary eye.

Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.

Leave a Reply

Your email address will not be published. Required fields are marked *