[noelrock]

Get real.

Political campaigns, outside of the States, are very much bootstrapped. And IT folks very much not minded to volunteer their time.

Citation: I'm a member of a European Parliament on his third term in politics. Of my 200+ volunteers, not one is in infosec. Within my party, maybe 60 staff total are paid for a campaign.

[walrus01]

I am really skeptical that considering the ongoing total operational budget on a yearly basis for all of the facilities and support structure in Strasbourg there are no infosec/netsec professionals. If that's really true, then to put it crudely, you're utterly fucked. Because Russia certainly does have money for blackhat infosec/netsec types.

[objclxt]

> considering the ongoing total operational budget on a yearly basis for all of the facilities and support structure in Strasbourg

You're conflating parliamentary budget and staff with a campaign budget and staff. These documents came from his campaign, not a parliamentary office (be it EU or French). For obvious reasons the two don't mix. Campaigns generally operate on extremely restricted budgets, and are naturally transient in nature.

[walrus01]

okay, true, even so. In a nation the size of France I find it really doubtful that major political parties would go begging for the budget to hire infosec/netsec professionals, considering the amount of money spent on all the other expenses of a major campaign.

[ajdlinux]

Note that En Marche is a party that was specifically set up for Macron's presidential campaign in April last year - it's not one of France's established parties.

[literallycancer]

FN is financed by Russia, since other banks wouldn't give them a loan. And Le Pen is a contender in the second round so presumably it is exactly the case that major parties can have budget issues.

[dragonwriter]

> I am really skeptical that considering the ongoing total operational budget on a yearly basis for all of the facilities and support structure in Strasbourg there are no infosec/netsec professionals.

I think you just confused "a European Parliament" (that is, a national parliament in Europe) with "the European Parliament", which is a different thing altogether.

And then also confused an MP (or, in your interpretation, MEP) not having any infosec staff with the whole government (or EU) not having infosec staff.

But then, even with all that, your conclusion isn't all that wrong for the topic at hand; if a major power like Russia targets a particular politician in the West (perhaps aside from the official, rather than campaign, personality of the sitting head of state), there is likely to be a substantial resource asymmetry that favors the attacker.

[matt4077]

I think OP works for a member of parliament, if I understand them correctly. Their offices are actually not that sensitive. All the secrets are held by the executive, and the EU doesn't even have the sort of military and intelligence institutions that are usually most secretive.

[throwaway847345]

> I think OP works for a member of parliament, if I understand them correctly.

No, he is saying that he is a member of a parliament. The lower house of the Irish parliament to be exact [0].

[0] https://en.wikipedia.org/wiki/Noel_Rock

[literallycancer]

>EU doesn't even have the sort of military and intelligence institutions that are usually most secretive.

Might just be because the EU is a trade block, it doesn't have secretive military and intelligence institutions because it doesn't have any military and intelligence institutions at all.

[alva]

> it doesn't have any military and intelligence institutions at all.

Better let INTCEN, SIAC, SitCen, EUFOR and EUNAVFOR know that.

The EU is absolutely far, far more than a trade block.

[walrus01]

and ISAF (now RS/Resolute Support)

[remarkEon]

ISAF and RS are functions of NATO, not the EU.

[walrus01]

Well shit, I better let the people in the DGSE and BND know that they shouldn't have access to their data sharing partnership with the NSA. Some guy on the Internet says that the EU doesn't have any IMINT, HUMINT or SIGINT, it must be true.

[literallycancer]

France or Germany having their own intelligence services is entirely compatible with what I said though. Their allegiance is to their own country first, and data sharing partnerships change little.

[tangue]

I'll just add as a reference that for the french presidential election most campaigns are costing around 5 millions euros ( it's a side effect of a system which fixes this as a max limit for campaign costs refunds, but I guess they can't spend way more)

[cm2187]

And in France (as in many other countries), most high ranking politicians do not have any kind of technical background. They typically studied political science or other soft disciplines. And are also often of a generation that barely uses computers but do not understand them.

In fact in France there is a general contempt from the political class and the medias for any candidate who is not a literary person.

[x0ner]

I'd be interested in volunteering some time or access to data sets to help protect these sorts of things. Feel free to DM me.

[jaredklewis]

Then political parties need to get real or resign themselves to being hacked.

At the level of Hillary and Macron, the money is there. If infosec people don't volunteer, they will need to be paid for, even if it means running less television ads or what not. Even in Europe campaigns have paid staff. It might mean cuts to something else, but is it worth skimping on security?

As an aside, I'm from the US and have never heard of a campaign looking for infosec volunteers. Are we sure no one would volunteer?

[JBerlinsky]

Shoot me an email (in profile) if you'd like some domain expertise :)

[topranks]

Wow you are a TD? On hacker news?

Wonders never cease.

[alva]

> Political campaigns, outside of the States, are very much bootstrapped

Get real.

edit: Considering the response perhaps I should qualify. The major parties in most developed countries have permanent election teams with multi-million pound budgets. I cannot see why my response is in any way controversial.

[ceejayoz]

The US is mostly unique in having 18-24 months to fundraise, A/B test, staff up, etc.

edit: Regarding this...

> The major parties in all developed countries have permanent election teams with many multi-million pound budgets.

That's very likely. However, the bursty nature of elections means they're probably also onboarding thousands of volunteers and temporary staff in a very short period of time.

[walrus01]

a Canadian political campaign (Federal) lasts at most 45 days, with probably an estimated 45-60 days of additional lead up time to prepare for it when it's obvious a vote is going to be called... The parties still seem to find plenty of money to spend on 4/5-star hotels, chartered airplanes, staff, etc.

[oska]

> And IT folks very much not minded to volunteer their time.

This is an ignorant statement. The many millions of hours of work freely given to producing, maintaining and supporting users of software licensed under Free Software [1] licenses shows it's not true.

I suspect it's just that ‘IT folks’ tend to be cynical about most political parties. So they would want to be paid for any work done for such outfits rather than doing it pro bono.

I'd suggest that politicians who expect they can get such work done for free are the ones who need to “get real”.

[1] https://en.wikipedia.org/wiki/Free_software

[ajdlinux]

Free Software doesn't mean unpaid volunteer any more, given the number of projects that have developers working for large companies...

[oska]

Obviously some developers get paid. But there is still a huge amount of unpaid volunteer work given to these projects.

[ocschwar]

He meant they do not volunteer their time to political campaigns.