Bruce Schneier Sounds The Alarm: If You're Worried About Russians Hacking, Maybe Help Fix Voting Machine Security
from the wake-up-call dept
We’ve been writing about the lack of security (and accountability) in electronic voting machines almost since Techdirt began. Our very first post on the subject, way back in 2000, declared that e-voting is not safe. Of course, over the years, we’ve seen more and more examples of this, from the Diebold debacle to Sequoia’s security disaster. Basically e-voting is a complete clusterfuck. The machines have long been easily hackable, and the companies behind them don’t really seem to care much. They frequently don’t do common security practices, such as allowing for outside testing of their machines (or, even better, open sourcing their code for security testing). Instead, it’s a big “trust us” and any time security researchers have gotten their hands on these things, they’ve discovered that the trust is totally and completely misplaced. The machines are a disaster.
Along the way, this has created significant distrust among the electorate. Not an election goes by where we don’t see someone accuse the election of having been “rigged” in some manner or another, with people pointing to the insecure voting machines as the mechanism. While nothing nefarious has been proven, just the fact that this has created massive levels of distrust in one of the basic practices necessary for democracy to work is concerning.
Now, combine this with the ongoing claims of Russia hacking the DNC’s computer systems (which some experts are still disputing). Whether or not it’s true, Bruce Schneier is noting that this should be a very loud wakeup call for fixing the security of voting machines:
But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.
We no longer have time for that. We must ignore the machine manufacturers? spurious claims of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.
Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.
As he notes, “election security is now a national security issue,” but it doesn’t seem like anyone in the political realm has realized this yet. Hopefully, it doesn’t take the discovery of a hacked election to make the point clear.
Filed Under: bruce schneier, e-voting, elections, electronic voting, hacking, security
Comments on “Bruce Schneier Sounds The Alarm: If You're Worried About Russians Hacking, Maybe Help Fix Voting Machine Security”
Don’t worry, if Russia can hack the voting machines to help Trump win (let’s go with this theory for now), then Obama’s NSA can hack them back and give the win to Hillary.
Or you know, the NSA might give the win to her anyway, just because.
Re: Re:
Uh, if anybody cheats the election, it will be the Dems. Somehow all the dead people that vote are always Dems. That is also why the Dems don’t want voter Id laws. Never mind the people they say it would hurt already have Ids in order to sign up for any of the many social programs. They are more worried about the non-citizens not getting to vote for the Dems.
Re: Re: Re:
Where are all these “dead people voting”? This has been intensively investigated for years, and the highest figures I could find indicate that 270 dead people “voted” since 200.
That’s hardly a number that even matters.
Re: Re: Cheating the elections
Isn’t it all the Dixie states that are Gerrymandered all to heck making their reps and governors completely impervious to elections?
It WAS Clinton who cheated with the DNC to lock out Sanders, I’ll grant you that. And yeah, Kennedy was voted in due to graveyard voting in Illinois, but Nixon was pretty progressive for a Republican.
Re: Re: Re:
I remember back in the day when the joke was “The dead are rising! And they’re voting Republican!”
Florida, I think it was.
Re: Re: Re: Illinois dead voted Democrat...
…at least when they helped vote in Kennedy.
But then the nearly-dead voted Patrick Buchanan in 2000, Florida, due to a confusing butterfly ballot format. Apparently the Gore hole was too close to the Buchanan hole.
Heh. This reminds me of an old XKCD…
http://www.xkcd.com/463/
Re: Re:
Mike too, since it’s already a link in the article. lol.
Re: Re: Re:
Didn’t notice he linked it. LOL.
I had been thinking since awhile back about the whole voting thing and in regards to how it may take over in the future.
Of course the ultimate goals should be first and foremost security, followed by accessibility and user friendliness. Something like this should be a task given to an established technology company, not someone who bids for the best contract. Someone like Apple, for example, would be good for this project since they have a history of focusing on improving security with an easy to use system.
Such a system should be accessible as physical stations as they are now and once that’s established, work should begin towards making it accessible on the internet so that any American (with some sort of valid registration) is able to vote from the comforts of their own home.
Such a system would benefit from having additional resources available so voters could educate themselves on the people they are voting for rather than just selecting off a list of names and political party. You could click on “More Info” about a candidate and see what accomplishments they’ve made, what their stance is on issues, what things they’ve done in the past that may not be favorable. A sort of Wikipedia for candidates available in limited format right there for the person to see while they’re voting. Because while it’s easy to remember who Donald Trump, Republican Presidential Candidate is, it’s not as easy to remember who Mary J Smith, Independent City Council Candidate is.
Re: Re:
— A sort of Wikipedia for candidates available in limited format right there for the person to see while they’re voting.
Wait, are you suggesting that politicians should pass laws that make it easier for voters to be informed?
https://youtu.be/UBf8Sb7wM7o?t=40s
Re: Re: Re:
If the politicians get their way with such a Wiki, mis-informed would be a better description, although they would have a reminder of what was promised by each candidate, for what that is worh.
Solution: Air Gapped, Tamper Resistant and Audited
Step one is to completely air-gap the voting machines and aggregation of results.
This would eliminate hacking elections from the other side of the planet. (Won’t happen since its ‘too inconvenient’)
Step two is to increase the physical security. Build machines that can detect they’ve been tampered with. (Won’t happen since its ‘too expensive’)
Step three require that all machines must be audited by NUMEROUS third parties. Let the Democrats/Republicans/Manufacturer/Government/Other Third parties perform security audits, if any group one group finds a flaw that machine is not allowed to be used in elections. (Won’t happen since ‘ZOY MY GOD manufacturer’s proprietary intellectual property is exposed allowing competitors to make better machines!’)
Re: Solution: Air Gapped, Tamper Resistant and Audited
Last time I looked, a watched ballot box was air gapped, tamper resistant, audited, and had a paper trail. There is a plentitude of experts able to detect basic vote tampering, votes can be recounted and verified.
The downside? The average voter will have to serve 3 sessions of ballot counting in his life time (a session more or less being one day, including ballot box watching) instead of spending $10000 of tax money on voting machines in his life time.
Making democracy work is an honor. Don’t give it to machines, they cannot appreciate it and consequently do a sloppy job, with very little oversight.
Re: Re: Solution: Air Gapped, Tamper Resistant and Audited
I don’t see any reason counting can’t be done by a machine. My local elections board recently switched from e-voting booths to scantron paper ballots that are inserted into a machine for counting. The result is a process that doesn’t take substantially longer than e-voting, has most of the same benefits as far as quick counting, and there’s a paper trail should one be required for additional verification of results.
Re: Solution: Air Gapped, Tamper Resistant and Audited
Step one is to completely air-gap the voting machines and aggregation of results.
This would eliminate hacking elections from the other side of the planet.
You might want to ask those in charge of Iran’s nuclear program how air-gapping worked out for them.
Re: Solution: Air Gapped, Tamper Resistant and Audited
Air gapping is good, but you should also ensure that there are no unnecessary peripherals attached or built into the motherboard, e.g. bluetooth, wifi, or microphones. Something like a minimalist raspberry pi might be a good starting point.
Re: Solution: Air Gapped, Tamper Resistant and Audited
University Studies have shown it’s not just the machine, but the transmission of the data that is susceptible to malicious intent i.e.
a local district sends their data to a county electronically, that data is sent to the state electronically up the line. The conclusion was that data sent isn’t always the data received as somewhere between local and federal recipients of electronic data could alter the data.
Thus my recommendation we use in the pacific northwest, MAIL IN BALLOTS, a code on each ballot that you can use to validate how your vote was received and tabulated.
Mail in also means, and this is huge, you have several weeks to sit down at the table, read through the voter guides, do research and mail in or use drop boxes for your ballot.
No ONE DAY voting, you literally have weeks to cast your vote which means no long lines, no idiots at the reception area refusing your ID, no wrong polling stations, no intimidation at the poll.
Re: Re: Solution: Air Gapped, Tamper Resistant and Audited
Thus my recommendation we use in the pacific northwest, MAIL IN BALLOTS, a code on each ballot that you can use to validate how your vote was received and tabulated.
Does this allow voters to see that they voted for X (for Senate, let’s say) and for Y (for the House, let’s say)?
Re: Re: Re: Solution: Air Gapped, Tamper Resistant and Audited
Yes, that’s the point of your code, you can use it to VERIFY how your vote was cast.
Re: Re: Re:2 Solution: Air Gapped, Tamper Resistant and Audited
Then this method is fatally flawed and must be discarded, because it allows for third-party manipulation of voters, either willingly (buying votes) or unwillingly (coercion).
This is actually a fairly well-known problem in election system design, see for example Electronic Voting (by Ron Rivest) which touches on this point briefly.
Re: Re: Re:3 Solution: Air Gapped, Tamper Resistant and Audited
… either willingly (buying votes) or unwillingly (coercion).
So? If I want to sell my vote, shouldn’t I be allowed to do so? It’s my vote! I get to do what I want with it! That’s the capitalist way! All you socialists need to just shut up.
/s
Re: Re: Re:3 Solution: Air Gapped, Tamper Resistant and Audited
I suspect he meant he can verify THAT it was counted. Verifying HOW it was counted would never have been implemented.
Re: Re: Re:4 Solution: Air Gapped, Tamper Resistant and Audited
If you look at the precise question I asked and the response I got back, it does in fact say that “how it was counted” is available. I hope that’s wrong.
Re: Solution: Air Gapped, Tamper Resistant and Audited
I disagree.
Step 1 is to stop using electronic voting machines anywhere.
Step 2 is to look into developing a voting system that can be remotely trusted.
MailInIsTheOnlyWayToGo
Join us on the pacific northwest where we mail our ballots in, where we have multiple weeks to make our choices.
Each mail in ballot comes with a code, that code is used to VERIFY how the election system took your ballot and confirms who you voted for.
Anything less than our system is well, undemocractic!
Re: MailInIsTheOnlyWayToGo
Intriguing… How can you confirm your vote was actually included in the final results?
(I ask knowing full well that I have no confirmation of that even with the scanned paper ballots in my district.)
Re: Re: MailInIsTheOnlyWayToGo
We get on the internet and enter the code on the States election system, these are the final tally’s, which can be challenged if inaccurate.
Re: Re: Re: MailInIsTheOnlyWayToGo
Is there a way to go in reverse and verify that votes correspond to actual people? (Of course, without being able to obtain or coerce information about what the actual vote was..)
Re: Re: Re:2 MailInIsTheOnlyWayToGo
Signatures need to match what is on record. When you mail in the ballot, you sign it.
I can see where your going, but no we haven’t had voter fraud of any sort using this system, as we can verify our final vote cast – it’s like the paper audit, we can see the result.
Re: Re: Re:2 MailInIsTheOnlyWayToGo
Oh wait, I think I misunderstood. If correct you’re asking if the final votes can be linked back to the voters.
For example, news reporters couldn’t go in to the system and get a list of HOW they voted, only that they voted.
This is the exit polling aspect that political parties CAN use to call you and remind you to vote. They don’t see how you voted, only that you did or did not.
Re: MailInIsTheOnlyWayToGo
The drawback to mail-in ballots is giving up secrecy. Oregon has a high degree of public trust, but there are other societies where nursing home patients would all be induced to vote the way management prefers, and similarly with employees both public and private who want to keep their jobs.
Re: MailInIsTheOnlyWayToGo
Each mail in ballot comes with a code, that code is used to VERIFY how the election system took your ballot and confirms who you voted for.
So, you can prove to whoever you sold your vote to that you actually voted the way they they wanted? Most excellent! We need more systems like this if the vote selling market is ever going to really take off.
/s
Make America Great Again
Maybe a certain presidential candidate can call upon a foreign power to hack our voting machines — to ensure the correct election outcome — for the good of the entire world. Or “for the children”. Whatever works for you.
Then the only remaining obstacle would be to remove the limit on the number of terms that the president can serve.
Unrelated: from googling, the name “Donald” seems to have two meanings. 1. ruler of the world, and 2. dark stranger.
For the convenience of everyone, couldn’t voting machines be modified to automatically vote for you. This would save you from the time and trouble of having to leave work to go to the polling place and wait. Voting is such an inconvenience anyway. Like jury duty.
Re: Make America Great Again
“googling, the name “Donald””
My first thought is Duck.
Re: Re: Make America Great Again
I wish that was the only Donald we had to worry about, I would much rather have Donald Duck for president than either of our current options.
Re: Re: Re: Make America Great Again
At this point I’m pretty sure I’d take Cthulhu over the current possibilities, as at least he(it?) is honest.
Re: Re: Make America Great Again
I should have said: googling for the meaning of the name Donald.
Re: Re: Make America Great Again
And cover.
Re: Re: Re: Make America Great Again
“Put your head between your legs and kiss your ass goodbye” will become the new meaning soon enough.
Re: Re: Re:2 The real meaning of "Make America Great Again"
“Put your head between your legs and kiss your ass goodbye” will become the new meaning soon enough.
It wasn’t already?
Re: Make America Great Again
Voting is such an inconvenience anyway. Like jury duty.
If you are an American citizen please leave the U.S., you are not worth the fucking air you breath.
Since you have such a dim view of Jury Duty, it is clear you are one of the ones responsible for the corruption of the government. Jury Duty is the last stand against government corruption where citizens can refuse to convict people when government comes calling for their liberty, property, or life.
You are an enemy of “The People” and one of the reasons that Trump’s political potential came to exist in the first place. I do not like Trump, but I will enjoy watching people like you writhe over his existence and doubly so if he becomes president.
Re: Re: Make America Great Again
I have a feeling he was being sarcastic. Maybe you are too, but I can’t tell.
Re: Re: Re: Make America Great Again
Nope, I derped, thought he was serious.
Re: Re: Make America Great Again
“…If you are an American citizen please leave the U.S., you are not worth the fucking air you breath….”
Pretty sure you missed the sarcasm in the post you’re replying to.
Re: Re: Make America Great Again
I’m sorry you didn’t get the sarcasm.
I mentioned Jury Duty because it is fresh on my mind. I happen to be on Jury Duty this past week, and next week. Last Monday in the judge’s orientation, she pointed out how jury duty is not convenient for anyone. But we should be glad we have an independent judiciary. Which I am. Jury duty, like voting, is part of how you participate in a democracy. Even one that has become disfunctional.
I have no wish for Trump to become president. I’m hoping that was obvious.
Re: Re: Re: Make America Great Again
Okay good, then I apologies for the very obviously harsh words.
I sometimes get red eye about the whole jury duty process because 99% of Americans are shirking their duty to the nation.
I do not see anyone getting out of this Presidential election unscathed, but I have to say, Hillary is a proven corruption, and so far Trump appears to be a huge toddler that is hated by both parties. There is a higher likely hood that a lot of his BS will be put into check by that fact where as Hillary will get a blank check because she stands for everything wrong with the Democrats.
Re: Re: Re:2 Make America Great Again
Around about 95% of all criminal cases are resolved through plea-bargaining these days.
See, for instance, “Plea Bargaining and the Innocent”, by U.S. District Judge John L. Kane (Dec. 2014), who was writing in response to an earlier article by United States District Judge Jed S. Rakoff, “Why Innocent People Plead Guilty” (Nov. 2014).
Approximately similar statistics can be readily found with a quick Google.
We no longer have a system of criminal trials, rather we have a system of plea-bargaining.
Re: Re: Re:3 Make America Great Again
Yea, I know about those nasty numbers.
I also consider people fighting back when innocent and NOT taking those plea bargains and another duty to their Nation. You see, we have clearly done this to ourselves, which is why I am red eyed about it all. First citizens treated Jury Duty like some fucking game to get out of (“judged by people too stupid to escape jury duty”) ring any bells? Then by that understanding people lose faith in their fellow citizens to protect them. This is not helped by a well corrupted legal system that actually lies to the jurors about their duties and responsibilities. It could be countered by the Public Education system, but we all know how that turned out.
Life may not be fair, but you cannot win laying down, you MUST rise up. Yes, we will lose some during the fight, but we will lose more if we do not fight.
Americans have lost heart, become apathetic, and fight each other over the farces created by both parties. Instead they are full of fear and cowardice!
Re: Re: Re:4 Make America Great Again
I’m sorry, but I don’t understand exactly what you mean by “red eyed” ? Does that mean you’re reacting emotionally to the situation?
You started out in this thread by saying—
Forgive me when I suggest to you that your comment did not actually quite come across to me as any sort of calm, rational and reasonable statement. Not at all.
Re: Re: Re: Make America Great Again
Did the judge mention that you should be careful about posting on social media?
For that matter, is the Techdirt comment section considered “social media”?
Re: Make America Great Again
Maybe a certain presidential candidate can call upon a foreign power to hack our voting machines — to ensure the correct election outcome — for the good of the entire world. Or “for the children”. Whatever works for you.
Do you really think she would do that?
It's a civic duty
I agree with your idea, though not your wording. 😉
The United States asks so little of its citizens. For example, we don’t have mandatory military or civic service. Yet people complain about the “inconvenience” of taking a few hours out of their schedule every 2 or 4 years to vote.
And yes, jury duty may be boring and you may sit around all day, but again, this is part of your civic duty as an American citizen.
Re: It's a civic duty
Just like it’s your “civic duty” to cooperate with the police when they want to search you?
Here’s an item from earlier this month… “Republican-American: Waterbury chief: ‘Let’s cooperate’ [and consent to searches to defuse police]”, by John Hall, FourthAmendment.com, July 19, 2016:
All part of a proud American’s“civic duty”? — Voting. Jury duty. Police cooperation. Consent to search.
All part of the same “civic duty”?
Re: Re: 'Rights: Only applicable when they don't inconvenience the police'
WATERBURY — Police Chief Vernon L. Riddick Jr. brought a message of cooperation with police to a mostly African-American crowd of more than 200 people at Mount Olive A.M.E. Zion Church on Wednesday night.
If an officer stops your car, if they ask to search your person or vehicle, if they demand entry into your home, comply and then complain later to the department’s internal affairs office and police chief’s office if you feel your rights have been violated, Riddick said.
Yeah, no. That argument/threat might make at least some sense if he was phrasing it as a matter of safety(‘You don’t want to make the police mad, they can make your life all sorts of unpleasant/short purely on a whim.’), but ‘cooperation’? Not even close.
That’s not ‘cooperation’, that’s rolling over and letting your rights be violated, potentially screwing you over later on(‘The accused willingly let us perform the search, and as such any evidence found should not be suppressed.’), under the idea that (barring the police union) the two groups least interested in punishing police for violations will do something about it at some point down the line.
It’s amazing he can travel anywhere safely with blinders as large as the ones he seems to be wearing.
Re: Re: Re: 'Rights: Only applicable when they don't inconvenience the police'
Let me see if I can rephrase what you said, and maybe twist your words a little bit—
You’re saying that an American’s civic duty includes: • Voting • Jury duty • Cooperating with police.
But you’re also saying that that civic duty does not include: • Consenting to search.
Is consenting to search maybe part of some other “civic duty”?
Or am I twisting your words too much? Into something unrecognizable.
Re: Re: Re:2 Choice vs Obligation
You’re saying that an American’s civic duty includes: • Voting • Jury duty • Cooperating with police.
My focus wasn’t on the ‘civic duty’ part so much as the absurd idea thrown out by the police chief, but addressing your questions I’d probably say yes, yes and no respectively.
The first two are (theoretically) how the public makes sure that the ‘right’ people are representing their interests and acting as a check against unjust laws and overzealous prosecutors who care more about convictions than seeing justice done, while the third has a chance to negate the first two if applied blindly or poorly.
If someone chooses to be cooperative or helpful to police rather than the absolute minimum required that’s up to them, but I don’t feel in the slightest that it should ever be seen as an obligation or duty to do so, especially when it comes to actions that are violations of a person’s rights. The police are intended to serve the public and society, not the other way around.
If police want people to want to help them then they need to work on doing something about their toxic reputation, and the idea that people should feel obligated to help, even at the cost of their rights just because a cop feels like doing something isn’t exactly helping that.
Re: Re: It's a civic duty
I’d say it’s a civic duty to refuse a warrant-less search.
Re: Re: Re: It's a civic duty
Emotionally, of course, I’m altogether happy to agree with you on this point. (To stir up a little patriotism, I’d remind everyone of what John Adams, of Massachusetts, said in speaking of the opposition to general warrants by James Otis in the 1761 Writs of Assistance case, “Then and there the child Independence was born.” Opposition to unreasonable searches is deeply rooted in America, not just coldly and rationally, but in a heartfelt way.)
All the same, even living now in a state where our state’s constitution contains an even stronger guarantee to our citizens than the U.S. Constitution’s Fourth Amendment—
(York v. Wahkiakum School Dist. No. 200 (Wash.2008), citing State v. McKinney (Wash.2002) and State v. Myrick (Wash.1984).)
All the same, even living now in a state with an even stronger distaste for warrantless searches, it’s as well-established here as it is anywhere else in the union that consent is indeed an exception.
So, on a non-emotional basis (Massachussetts is a long ways back east on I-90, and the year 1761 was a very long time ago), on a non-emotional basis, I’d have to reject the proposition that people have any duty to refuse consent to a warrantless search. No, folks ought to be free either way.
Re: Re: Re:2 It's a civic duty
No, folks ought to be free either way.
People are perfectly free to to shirk their civic duty to refuse warrant-less searches.
Re: Civic duties
The United States takes its tradition of patriotic duties from culture of Old England, though it doesn’t work very well there either. Officers from affluent families seemed to have strong patriotism to motivate them. Conscripted enlisted men, not so much.
The motivation to civic duties from patriotism (jury duty, the draft, census forms, voting, writing angry letters to your congressperson) only work when the people are patriotic. Such as if they generally feel enfranchised, recognized and supported by their state officials and agencies.
That’s not a situation we have presently in the US.
Considering how long it has been since that has been a common feeling, it is no surprise that all of these functions have become tragic commons. People don’t expect the legal system to be available to them (And why should they when innocent people are forced into convictions or plea bargains every day?) so of course they don’t care to be a juror.
When we have to choose between a charismatic demagogue and a criminal career politician, why would people want to vote?
When we’re being sent to fight in foreign lands to win land rights for corporate interests, why would people want to risk their lives?
But as I’m fond of noting, We build a civilization with the people we have, not the people we wish we had. (credit to Rumsfeld where it’s due) Now that there is a abyssal divide between the state and the people, we’re going to need to find other ways to motivate them to want to participate in their own governance.
Once votes and juries count again, they might start doing it out of patriotic duty again, and people may actually put effort into serving their country.
But so long as our country treats its people like conscripted commoners pressed into service for the bemusement of a handful of gentiles, we’re not going to show much enthusiasm for service.
Re: It's a civic duty
It’s called consent.
Individual liberty, the ability to choose where we go and what we do, is the very foundation of ‘being American’.
The thought that people are unpatriotic, unamerican, or somehow immoral because they do not consent to the activities YOU consent to IS wildly facetious.
Hopefully, it doesn't take the discovery of a hacked election
Apparently you don’t remember Bush v. Gore?
IMHO the correct solution was actually demonstrated decades ago in the film Johnny Mnemonic.
More or less it comes down to arranging the machines in a “U” shape, with the screens pointing at the voters outside of the “U”, and the other side camera pointing a string quartet or something similarly animated. Each vote is block chained with a snapshot of the string quartet. Validation is by watching the video of the string quartet (which will be unique to each machine) after the vote is complete and sequence checking the blocks.
In such a case, volunteers are only responsible for security over physical installation of the removal of the machines, and validation of the initial block chain key for each machine, and perhaps interspersing their own random input string every 20 or 30 voters to bind the witness to the machine. After that the whole vote tally is tamper evident.
Of course we won’t do this even though the tech is more than 20 years old at this point. And really, as the leaders of the free world, we should have open sourced a chip for this shit to the world YEARS ago, as a national security initiative. Whole cost would have been less than a rounding error in the defense budget. And don’t tell me that nobody fucking thought of it, because protecting the integrity of the democracy is what the NSA is SUPPOSED to be doing.
I mean I get it. I’d rather be inventorying porn for the FBI than hacking crypto API all day too. And hey, why create world peace when you can blow shit up really good. Job security and all that.
The problem is not that we don’t know how to fix this. The problem is that oligarchy doesn’t want it fixed. And if you are voting for either of the two circus clowns in the main attraction ring, YOU are contributing to that.
Re: It WILL NOT take the discovery of a hacked election
Once an election really is hacked, then those elected will ensure that it cannot be discovered.
Or will ensure that the discoverers cannot publish.
The world wide internet will need to be shut down briefly, um . . . for maintenance. Sorry for any inconvenience.
Three laws safe
http://www.theonion.com/video/voting-machines-elect-one-of-their-own-as-presiden-14286
Electronic voting machines CAN'T be fixed
With respect to Schneier, who is one of the people I’ve read on this subject for years, I don’t think this problem is solvable. The issues is available resources, and the asymmetry between attackers and defenders.
On resources, I’ll refer to Schneier himself and to the article that I think is the first one anybody interested in this issue should read. It’s from 2004, and it’s called Stealing an Election.
In that article, Schneier arrives at the very conservative estimate of a $100M attacker budget for someone attempting to ensure that their party gains control of the US House of Representatives. That, to remind everyone again, was in 2004. If you look at the numbers Schneier bases this on (campaign expenditures) and update those for 2016, you will arrive at a much higher final estimate. And note: this is for the House. What’s the Senate worth? How about the Presidency? (Even more so given current and anticipated Supreme Court vacancies.)
Do think it would be worth $1B to the Russians (or Chinese, the other government capable of footing the bill)? (The correct answer is “yes”. They would write that check in a heartbeat.)
That covers resources. Now for asymmetry. One of the things that we keep seeing over and over and over again in security is that attackers need only a tiny fraction of the defenders’ budget in order to prevail against them.
So if an attacker has $1B, how much will you need to spend to defeat them? I’ll give a conservative estimate of $100B — reflecting a 100:1 ratio, while noting that observed attacks have often reflected much greater differences.
You can differ with the $1B number and the 100:1 ratio all you like. Make it $500M and 40:1 or whatever you wish. But whatever that final total comes out to be, you’re going to need to be prepared to spend that much, or you’re going to need to be prepared to lose.
Given this, I think the only way to win is not to play the game. Manual voting systems are well-understood, heavily studied, and very difficult to manipulate en masse. They have the significant downside of requiring large amounts of human labor and not yielding immediate results. I think we have the labor (“poll duty” should be like “jury duty”, something we take turns doing) and I think we can manage to wait a day or a week for results.
Re: Electronic voting machines CAN'T be fixed
Whether voting machines can be ‘fixed’ or not, depends on what the meaning of the word ‘fixed’ is.
Re: Electronic voting machines CAN'T be fixed
Why pay $1B for the presidential election if you can buy the (much less controlled) primaries for $20mil each in order to leave only bad choices?
I mean, explain Hillary Clinton and Donald Trump rationally. Probably a wager between the Chinese and the Russians: “if you get one, I’ll get the other, see if I don’t”.
Re: Re: Electronic voting machines CAN'T be fixed
Because they’re neither foolish or capricious. Any idiot can throw a monkey wrench into the works and inflict obvious destruction; but someone with cunning will exert far more subtle influence and cause the machinery to do their bidding without making it evident that they’re doing so.
Re: Electronic voting machines CAN'T be fixed
“The issues is available resources, and the asymmetry between attackers and defenders.”
I think you are reading the asymmetry in reverse video. Validation is a matter of binding unreproducible state to the user input (hence the the live string quartet). The user can validate an image back to the machine with a paper ticket, but the hacker can’t spoof an image that is taken in real time.
The problem is similar to a one way cipher, with the added requirement of reproducible human validation of a single use key. It can be done. I’d estimate a team 8 very good software and hardware engineers could do it in 2 years for about 10M$, with about a 50% chance of bullseying the thing, and about a 90% chance of advancing the state of the art to a point where rev 2.0 would be servicable.
This isn’t like DVD security. There is more state on the end user side to play with. The other issue here is that if you are willing to tolerate a conversation with someone at the RNC or the DNC, it is highly unlikely you are the guy with the skillset.
People who are willing to subjugate themselves to the consensus view even though the math speaks otherwise, don’t become scientists. (Or Democrats or Repuplicans in the current electoral cycle for that matter.)
Re: Re: Electronic voting machines CAN'T be fixed
…the hacker can’t spoof an image that is taken in real time.
Is there a rigorous proof of that?
Whatever the system we choose it should be audited. Exhaustively. By many parties. That’s the flaw in these voting machines. And, guess what, all with the helping hand of copyright!
I maintain my position: copyright is utterly toxic and should be abolished.
Re: Redundancy.
I’m with Ninja
Open-source software and hardware.
Redundant auditing and counting by multiple, independent agents.
Maybe blockchaining which allows for some organizations to securely vote online without tampering worries.
Re: Re: Redundancy.
Needs to be on paper, computers can be used to count the votes.
No reason to let a machine between a person and their vote.
It is now possible to remotely watch or tamper with a machine even with an air gap, it is currently not possible to remotely tamper with a paper ballot that I am aware of.
Re: Re: Redundancy.
Maybe blockchaining which allows for some organizations to securely vote online without tampering worries.
I’m kind of worried about it. China has gotten hold of a lot of power within the bitcoin world with their massive mining farms. If it comes to blockchain then it should prevent power concentration.
OCR cards combine speedy reporting with solid recount
I like the system we have in Massachusetts: OCR cards filled out by the voter. OCR technology provides the instant result, but the cards remain for a hand recount that anyone can follow.
Re: OCR cards combine speedy reporting with solid recount
This is one of the best systems possible.
Re: Re: OCR cards combine speedy reporting with solid recount
This is one of the best systems possible.
Nah, too hard to rig. That’s why most places won’t use it.
Re: OCR cards combine speedy reporting with solid recount
Printing the votes so the voter can have a copy and there is another physical pool that can be counted against the machine (ie: auditing) seems quite good too. Then anybody could ask to audit specific machines. If you get a random sample and multiply the sample by multiple auditing bodies (including regular citizens) then it should be of great help. The word here is auditing. If it can be audited then it will be stopped even before deployment when flaws are found.
Re: Re: OCR cards combine speedy reporting with solid recount
The danger in giving an identifiable receipt to the voter is that it makes vote-buying enforceable. He could be required to show proof that he voted “correctly” to his employer (whether private or public)to keep his job, or to housing officials to keep his subsidized apartment, or to his preacher to avoid getting excommunicated, etc. …
Re: OCR cards combine speedy reporting with solid recount
We use OCR cards in Connecticut too. I would say that it works very well.
(I’ll admit I sort of do miss the old mechanical lever machines, but I realize what we have now is better.)
Five or ten years ago, everything was blamed on China, then suddenly Russia became the designated suspect. Israel has the rare distinction of never being a suspect despite a proven record of being a perpetrator. Putin can only gloat that anyone might actually believe that his incompetant regime is even capable of hacking into anything.
ANYONE HERE?
Anyone here, with abit of hardware knowledge from the last 30 years??
And abit of programming language, in HTML, GW basic, or any of the 20 Older languages USED?
TELL me how easy it would be to LOCK down a system..
Hardware and software..
Couldnt we just use an OLD 385/486(without all the current hardware spec).. And set it up REAL basic and simple..
Lock down all the ports.
NO ACKNOWLEDGED Ports in OS software..
Master KEYLOCK on the case that will interrupt the computer and SHUT IT DOWN from any inputs..
There REALLY is bad news here, in that there are TO MANY PEOPLE willing to PAY to get a backdoor into these machines…
Re: ANYONE HERE?
It’s impossible to lock down a system when there’s so much money at stake, the voting machines are controlled by a few secretive companies and the machines themselves are physically exposed throughout the election cycle and “monitored” by well-meaning volunteers who know little about cyber-security in thousands of locations once every few years.
Please see http://blackboxvoting.org/black-box-voting-book/ or watch “Hacking Democracy” for a sense of the challenges.
Re: Re: ANYONE HERE?
I really do understand…
99.999% of it all comes down to MONEY and Corruption.
It wouldnt matter WHAT computer we used, or software..
If you gave me ENOUGH money and paid the TAX for me…
It wouldnt be a problem.
The one thing I can say, is that the SIMPLER it is, the EASIER it is to monitor…
DONT complicate it..
Then when the Election is done, the Programming is looked at by both sides, and verified..Then the count is done..
I would also PRINT a form for the voter, that could be taken IN’ anytime and Checked with the Finished vote.
The 1 REAL problem is we cant make it with NO HUMAN hands touching it.. There are to many places to Augment things..
Tampered
Voting has been broken since the 17th Amendment. It has continuously been tampered with through unconstitutional changes in law ever since. It was because Women were given the vote – mess with it and them; Blacks and their votes – have always messed with them and their vote; and, now, because of such unconscionable attacks on Minorities, these votes will be messed with. You don’t need to be online to vote, it’s as simple as that…
So what. if it takes an extra hour to get the tally in, if the voting is electronic, the only safest way to get those tally’s in is the Human factor – meaning, a ‘body’ has to go online and submit their count. It’s the only way to be sure. Leave the voting booths offline – period.
There were number of lawsuits over machines security, all failed. Maybe that is not an accident? What is wrong with old fashioned paper then?
Any is election held on a working day, anyway?
Fix the voting machines?
Yeah, but, how will we have the option to rig the vote then
*scratches head*
I dont understand
Yours insincerely
Career Politician
Videotape and publish our ballots
“Everyone complains about the weather, but no one does anything about it.”
Whether or not that’s true of the weather, it’s largely true of digital voting systems. That’s because even the most secure proposed remedy–traditional “hand-counted paper ballots” (HCPB)–isn’t secure enough.
In traditional hand-counting, the paper ballots get hand-tallied in the polling place. That sounds great, until you realize that you’re not personally there to see the counting. Instead, you’re asked to put your trust in the six people who do the counting–and to trust the thousands of other six-person teams in other precincts across the country. Do you really trust all those people? No way.
What’s needed is a new approach to hand counting, one that reduces the “trust-me” factor to virtual insignificance.
Here’s an outline of one such approach:
1. All votes get cast on paper ballots in the polling place on election day.
(Yes, there are arguments for allowing paper ballots to be cast at other places and/or times. We can discuss these options if the rest of this proposal is acceptable.)
2. When the polls close, each person in the polling place gets to video-record the ballots. Each video should simultaneously show enough of the polling place to authenticate the video.
3. The videos get published on the Internet, each video serving as a check and balance on the others. As desired, the videos get authenticated against the actual ballots.
4. The public gets to tally the ballot images, by hand, by personal software, by off-the-shelf software, by calculator, or however. Alongside each video is a description that includes its tallies as calculated by its creator. Ambiguous and other miscast votes get tallied as such.
5. Any outlying miscount is quickly detected due to its divergence from the other counts.
The result: All counts soon converge to an accurate count, given the margin for miscast votes.