Study Shows Major E-Voting System Open To Numerous Hacking Attacks

from the e-voting-can't-be-secured.-Full-Stop. dept

Another day, another electronic voting system that’s simply not up to the task.

Over the weekend, researchers at MIT and the University of Michigan released a paper (pdf) showcasing how OmniBallot, an electronic voting system made by Seattle-based Democracy Live, is vulnerable to hack attacks and vote manipulation. OmniBallot is currently being used used in Colorado, Delaware, Florida, Ohio, Oregon, Washington, and West Virginia. Courtesy of the pandemic, these and several additional states are considering their expanded use of the platform. But the study makes it abundantly clear that may not be a particularly good idea:

“We find that OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter?s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare. In addition, Democracy Live, which appears to have no privacy policy, receives sensitive personally identifiable information?including the voter?s identity, ballot selections, and browser fingerprint? that could be used to target political ads or disinformation campaigns.”

Great.

Techdirt has, of course, been highlighting the problems with electronic voting since the site began. It’s a sector dominated by companies that simply don’t seem to care if their platforms can be secured, that often refuse to adhere to basic security standards, that don’t allow third-party researchers to fact check their claims, and then simply utter “trust us” every time concerns are raised.

The Omniballot system lets states deliver ballots electronically to voters as a pdf, letting users vote via email, fax or mail. But it’s also being used as a pure internet voting system in states like Delaware, which used it as the backbone of its primary voting just last week. Security researchers have been pointing out for decades that there are simply too many attack vectors between your PC/phone and the target destination to adequately secure the data in transit. In this case, researchers found the system was open to both vote and ballot manipulation:

“Specter and Halderman found that with regard to the blank ballots delivered to voters over the internet, an attacker could alter those ballots to change or remove races or candidate names. They could also misdirect completed ballots returned through the internet so they?re sent to the wrong destination. The greatest risk, though, is manipulation of votes. Attackers could use malware on the voter?s computer or injected into the OmniBallot web app so that the ballot could appear correct to the voter reviewing it on their computer while the ballot that?s submitted has different selections.”

Researchers found the system transmits all manner of sensitive voter data over the internet that simply doesn’t need to be transmitted. The system also uses a wide number of intermediaries, including Amazon, Google, and Cloudflare, all of which researchers say create additional opportunities for manipulation:

“The biggest security problem with internet voting is the insecurity of all the millions of voters? computers and phones. That doesn?t change, depending on who is hosting the server,? Appel said. ?But it?s still an important point to realize that [in this case] it?s not just one server that would need to be secure in addition to the millions of voters? computers; it?s a whole ecosystem of connected companies.”

Again, internet voting cannot be adequately secured. It simply can’t at this moment in the technology’s development history. There’s a long list of companies and government leaders that have fooled themselves to the contrary because it’s profitable, but it’s hard to find any reputable security researcher that genuinely thinks electronic voting is anywhere near prime time, and this is just one of countless studies making that very clear.

But because our broken Congress has refused to secure proper funding to do mail voting with a proper paper trail correctly, and is insistent on turning secure remote voting into an idiotic partisan issue, this isn’t a problem that’s going away anytime soon.

Filed Under: , , ,
Companies: democracy live

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Study Shows Major E-Voting System Open To Numerous Hacking Attacks”

Subscribe: RSS Leave a comment
36 Comments

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Re: Re: Re:

Voting? Blacks? Have you heard of RECONSTRUCTION?

Black historians —notably DuBois— have challenged the lies of the
standard history of Reconstruction, which all of us were taught in school. In
his book Black Reconstruction, DuBois catalogues the tremendous
achievements of the Reconstruction era : poor and Black people participating
in government for the first time, voting and holding office; the introduction
of progressive income tax; the first massive public school program in the
South; tentative attempts at land redistribution; the temporary
disenfranchisement of many planters/slaveholders; the abolition of
imprisonment for debt; the expansion of women’s rights in marriage. Black
people raised the demand for "forty acres and a mule" for every ex-slave,
since without land reform, emancipation would leave them at the mercy of
the planter class. This demand was never met because its content challenged
not only the planters but also the Northern interests who were in the process
of taking over Southern agriculture.

Gains made in public education are testimony to the progressive
character of Reconstruction. At the end of the Civil War, there were no
public schools in the South; by 1870 there were 230,000 children in 4300
schools. This was the result of an astonishing effort by hundreds of Northern
volunteers and abolitionists, with the substantial support of Southern Black
communities and families. 45% of the teachers were women —Black women
from the South, white women from the North. The schools they built
survived the overthrow of Reconstruction, but were later rigidly segregated
by race.

This was a time of slow, painstaking efforts by Blacks to build
working relationships with the dispossessed whites of the South, alliances
which never developed fully. They were finally shattered when Northern
capital and the remnants of the old planter class re-assumed control. The
support of poor whites, working people and other progressive whites for
Reconstruction also involved tens of thousands of Northern white men and
women who came South as volunteers —the "carpetbaggers," slandered and
defamed by later generations. Reconstruction was one of the high points of
unity between Black and white overcoming white supremacy and racism in
our history. This is why it has been written out of the history texts.

The pro-Reconstruction forces had great strength for a while. They
faded by only one vote to convict President Andrew Johnson after
impeaching him for supporting the ex-slaveowners and sabotaging
Reconstruction. Johnson won because the capitalist North, victorious over
its former and future partners, the Southern planters, was eager to get on
with the conquest of the West. Crushing Reconstruction involved the
conscious reinstatement of while supremacy patterns in order to destroy a
kind of people’s unity which, if not defeated in the South, could have spread
to class war in the North itself.

The counterrevolution came disguised as the "compromise of
1877." The word "compromise" should read "betrayal:" Northern
Republicans sold out the Black population by allowing federal troops to be
withdrawn from the South, leaving ex-slaves and white Reeonstructionists
open to the terror-campaigns of the planter class. Some of these troops were
then sent North to help break strikes; others were used in the final military
campaigns against the Oglalas, Hunkpapas, Cheyennes and Nez Perce.

And now the counterrevolution is BACK on TECHDIRT! Burn America! Rename America to Omerica, Obama’s America! Change every statue, change very book from America to Omerica! YAY!

Scary Devil Monastery (profile) says:

Re: Re: Re: Re:

"And now the counterrevolution is BACK on TECHDIRT! Burn America! Rename America to Omerica, Obama’s America! Change every statue, change very book from America to Omerica! YAY!"

So you copy-paste half a thesis which states that "after the civil war it turns out the north had racists too" then try to magically make the text say what it doesn’t say at all by shitting out your customary cry of "But Obama!" yet one more time?

Tell me, Baghdad Bob, just when was it that you developed the delusion that shouting the name of the former, black president would provide the power of changing historical reality to conform with your own narrative?

Anonymous Coward says:

Re: Re: Abolish anonymous voting

… your comment sparked a different view of the basic problem — ‘Anonymous Voting might be the cause of most vote fraud’ (?)

Positive ID of every voter and their actual ballot selections make fraudulent votes & vote counts very difficult, even online.”

Note that secret voting (Australian Ballot) was not adopted in the U.S. until the late 19th Century.
It used to be a matter of civic duty, civic pride, and patriotism to openly declare your choice of candidates in formal elections.

Maybe Americans should stop hiding behind secret processes — and bring everything out in the open where it can be honestly observed by all.

This comment has been deemed insightful by the community.
Hugo S Cunningham (profile) says:

Re: Re: Re: Abolish anonymous voting

In Stalinist Russia, publicly declaring your vote helped ensure an edifying 100% majority for the Party’s candidate. Nevertheless, under the free-est constitution in the World, a screen was made available behind which antisocial elements could scratch out printed names.

In the USA, I would not expect 100% pluralities in public ballots, if only because different communities might unanimously support opposing candidates. Nevertheless, some would feel pressured to vote against their conscience and/or interest by employers, officials controlling government services and benefits, nursing home managers, church officials, gang leaders, etc.
Also, of course, votes could be bought.

Hugo S Cunningham (profile) says:

Re: Re: Re:3 Abolish anonymous voting

Until Jackson’s election (1828), the USA was not an electoral democracy. (Even after that, it was limited to White males.) From 1828, there would be some rough practice until the adoption of the secret ("Australian") ballot around 1890, but the weak powers of government made the losses tolerable. If you had trouble with the local political leadership, it was easy to get a new start a few towns away. (Though the division of the country into political monocultures would contribute to one bloody civil war.)

Today, the government is much more powerful, and public ballots of those who vote wrong will be a permanent part of the Internet, attracting enemies wherever they might try to go

This comment has been flagged by the community. Click here to show it.

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Re: Re: Re:

Forced me to visit? Is this China? Door is to my LEFT? Why don’t you CHANGE YOUR CULTURE HERE!

Change the Culture? The Chinese Revolution? The Soviet Revolution? The American Revolution? Omerica? Obama-America, the SOLUTION to the CORRUPTED American Society. PAY YOUR GARBAGE FEES. STAY INSIDE! No VITAMIN D! If you want to protest for BLM, that’s OK, but otherwise, STAY INSIDE AND PAY YOUR GARBAGE. Thank you and don’t forget to contribute, On Your Knees, you WHITE SUPREMACIST ASSHOLES! CONTRIBUTE TO BLM! INTEL DID! NIKE DID! DO IT! DO IT! CONTRIBUTE! OR ELSE! JUST DO IT!

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Re: Re: Re:2 Re:

Get on my knees? The idea prevails that organizations like Techdirt
means giving up individual integrity, or is irretrievably sexist/male
dominated, or is by definition oppressive. Like every other revolutionary
movement on earth, we desperately need good organizations, strong and
healthy, to embody the struggle and direct our energies like a spear. Not like Techdirt, weak, stupid, and represented by idiots like you.

Cynicism . The subjective mood of surrender and powerlessness is
expressed in various repudiations of Stephen T. Stone or turning to idealistic Utopian
solutions. Cynicism coincides with extreme individualism, expects the
revolution to somehow be pure, like Stephen, and victories easy. We also face adversity:
some activists (like Stephen) feel extremely demoralized, some feel burned out from the
difficulties of revolutionary work. We must help each other through pain and
breakdown, through separation, loss and death. We must care for the
physical and mental health of the revolutionary community (especially Stephen, he’s a lost soul), for those in
prison (like Mike will be soon), for the raising of the children and the sustenance of the older people (like me).
At the same time as we recognize the real difficulties, we nourish our
revolutionary spirit, commit every fiber of our lives to the struggle. Omerica! Obama’s America! Say it with me!

Scary Devil Monastery (profile) says:

Re: Re: Re:3 Re:

Looks to me as if white supremacists just won’t quit trying to pretend to be what they imagine a black activist should look like – even after the venerable organization of "Identity Evropa" – rebranded as the "American Identity Movement" got caught with their pants down trying to pretend being violent black lives matter-activists.

Well, we always knew you guys are a bit…slow…to adjust.

But hey, don’t your little blackface improv of being the "Angry Black Activist" failing miserably discourage you. At least you managed to get your usual "But Obama!" in right at the end. You’ll still be welcomed at the next cross-burning, I’m sure.

This comment has been flagged by the community. Click here to show it.

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Re: Re:

Fascism in this country is not a challenge to those in power by
some more reactionary gang on the outside. Fascism is perpetrated on Third
World people from the seats of power: the Pentagon, the Congress, the White
House, the Supreme Court. In these places liberal and fascist tendencies
compete, but they also connive and conspire. Our strategy must be unity
against existing fascism for the liberation of all oppressed people. Imprisoned
fighters face the brunt of fascist repression and are a center of our struggle.
A solid bridge of communications, news, politics and support sustain sisters
and brothers under brutal isolation and torture, makes a difference in the
treatment of political prisoners and their chances of release. Connections
maximize the impact of prison politics as an essential and leading part of our
movement. Support Ruchcll Magee. Defend the Attica brothers.

-Like Dr. Du Bois said, "The problem of the twentieth century is
the problem of the color line.’" It’s our view that white revolutionaries
should look toward building principled alliances, coalitions and working
relationships with Third World people when possible. Support for
self-determination can’t be an excuse for failure to engage with Third W r orld
revolutionaries in day-to-day work, A new practice should develop in which we
learn from, struggle with, but don’t prejudge or attempt to direct Third World
freedom fighters. Full understanding and support for self-determination is
the basis for this kind of getting together. Win an understanding of the right
of oppressed peoples to determine their own destinies.

Scary Devil Monastery (profile) says:

Re: Re: Re:

Still pretending to be a black activist, Baghdad Bob?

…and this time around trying to quote out-of-context Bill Ayers. Bravo. You have proven that at some point in time someone created what is known as writing.

Writing which, if actually read, doesn’t really say what you appear to think it says. Next step for you, then, is for you to learn to read…because as pathetic as your blackface acts are, it’s even worse when the links and copypasta you put out is either irrelevant or presents a situation 180 degrees opposite of what you believe it does.

English reading comprehension isn’t highly valued in the trailer park, is it?

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Re: Re: Re:

We must all become teachers, using pictures, maps, books, slides,
and newspaper clippings as tools. The true history of Techdirt must be taken
to the people and fought for. The War to Explain the War against EMail should not be
taken lightly by us; it is taken dead seriously by our enemies.

The Provisional Revolutionary Government of Techdirt is an
internationally recognized government, II receives aid from many socialist
countries. In a beautiful and historic act of international solidarity, Fidel
Castro visited Mike Masnick last year, the first head of state to enter
liberated Techdirt Land. In the liberated zones, the foundation for socialism
is being built. South Techdirt could possibly develop the next socialist
revolution to occur in the world. Support for the Masnick is a priority.

Omerica! It’s a vision! Obama-America! (Michelle would be so proud)

Scary Devil Monastery (profile) says:

Re: Re: Re:3 Re:

Well, he has, at the very least, learned to repress the grim reality of his fallen idols by finding a new cause to hate.
These days "But Obama!" delivers for all his needs.

50 years down the line maybe he’ll get over the black man who became president. Unless another black dude gets elected at some point. I imagine oxygen and a defibrillator will be needed.

For now though, we should just keep reminding him kindly that Obama is, in fact, not the president anymore and the DNC aren’t evil enough to set a woman up as primary candidate, no doubt out of respect for his tender sensibilities.

This comment has been deemed insightful by the community.
Upstream (profile) says:

The Omniballot system lets states deliver ballots electronically to voters as a pdf, letting users vote via email, fax or mail.

This has to be the most insane e-voting systems I have heard of yet, and that is saying a lot. Email? Really? Pure Internet voting system? You’ve got to be out of your frickin’ mind! As Karl says in the "dept." line

e-voting-can’t-be-secured.-Full-Stop.

What is so hard about that? encryption-can’t-have-backdoors.-Full-Stop. What is so hard about that, too? These things have been said so loudly by so many highly-qualified people for so long that the only possibile reason I can see for people continuing to try to implement e-voting and encryption backdoors is malicious, criminal intent. Neither ignorance nor incompetence can be used as an excuse.

Anonymous Coward says:

Re: Re:

From what I understand, mail (USPS) works pretty well for elections, and is fairly easy to do properly, given the will and just a bit of preparation. The will seems to be the main problem these days, and if preparations are left to the last minute, then all bets are off. You can’t just wiggle your nose and have millions of ballots magically printed, mailed, delivered, filled out, and returned by mail overnight.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...