Tempting Fate: Pittsburgh Election Officials Insist Their E-Voting Machines Can't Be Hacked

from the fire-everyone dept

Let's face facts: if you have an electronic voting machine it can be hacked. Anyone who claims any piece of technology or computer equipment is "unhackable" is a fool and should not be in a position to determine the security of such equipment. Electronic voting machines have a very long tradition of having absolutely horrible security and being easily hacked. It's why it's so important that people understand just how vulnerable these things are, not just because they can be hacked, but the poor security practices around them will lead many people to distrust the results of any election, even if all the votes were actually counted.

You know what doesn't help? Having election officials declare their e-voting machines unhackable. And yet that's exactly what officials in Pennsylvania's Allegheny County (think: Pittsburgh) have done.
Starting in the next few weeks and running past Election Day, the machines will undergo tests to ensure they are recording votes properly, that they have not been hacked and that they cannot be tampered with, said Mark Wolosik, longtime manager of the Allegheny County Elections Division. Each test is designed to check a potential breach in the system.

“The voting public can feel confident,” Wolosik said. “Everything is tested extensively before the election, after election and on Election Day.”

Election officials in Allegheny and Westmoreland counties said they are confident their electronic voting systems are immune from hackers or malware that could alter election results.

“In my experience, there is no way to compromise these election systems,” said Dave Ridilla, head of Westmoreland County's computer information department.
That doesn't make me feel more confident. It makes me question the competence of those officials. Any such hardware can be hacked. Saying it can't means that you're just not understanding the threats you face, and that's more problematic. There are things that people can do to minimize the risks, and hopefully that's what's happening here, but giving a flat out "there is no way" statement is ridiculous on its face and is almost screaming out to have that statement mocked when the equipment is actually hacked.

The machines being used do not appear to have open source software that people can examine, and they don't have a paper backup, so if votes are tampered with there's really no clear way to know for sure. That's especially problematic. Yes, people may have done a good job securing the machines, but saying they can't be hacked is not just wrong, but it calls into question the competence of the people securing the machines.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    rw (profile), 24 Aug 2016 @ 7:36am

    Plus there is no verification possible. "These machines are unhackable...therefore the incumbent did receive 100% of the votes." How are voters supposed to trust ANY politician when you can't verify results of elections. I hope the power goes out at about 6:55 PM election day.

    reply to this | link to this | view in chronology ]

  • identicon
    kallethen, 24 Aug 2016 @ 8:34am

    I won't be surprised if this ends up being the Titanic of e-voting this year. Hell, I pretty much expect it now.

    reply to this | link to this | view in chronology ]

  • identicon
    pixelation, 24 Aug 2016 @ 8:39am

    How do we know

    “The voting public can feel confident,” Wolosik said. “Everything is tested extensively before the election, after election and on Election Day.”

    How do we know that the ones doing the testing aren't the very ones we need to protect against?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Aug 2016 @ 8:40am

    I will pay $1 to anyone who can prove that they have successfully hacked the Pittsburgh e-voting machines, up to a maximum of $100.

    reply to this | link to this | view in chronology ]

  • identicon
    Paul Clark, 24 Aug 2016 @ 8:46am

    Maybe the Russian Hackers Will See This As A Challenge

    The evil side of me hopes the Russian hackers will hack the machines and declare Putin the winner of the election.

    reply to this | link to this | view in chronology ]

  • icon
    AricTheRed (profile), 24 Aug 2016 @ 8:52am

    Absolutely Confident!

    “In my experience, there is no way to compromise these election systems,” said Ronald McDonald, head of Westmoreland County's computer burger department. "I Have been given every assurance from The Hamburgler that there is no way!"

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 24 Aug 2016 @ 9:32am

      Re: Absolutely Confident!

      You can be absolutely confident that after we make sure the election goes the right way, there will be no way to refute the results. No recount. No paper trail. Just the electronic results.

      Even in the face of actual hacking, you can be assured the results we produce will be the desired result.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Aug 2016 @ 9:49am

      Re: Absolutely Confident!

      Funny that you bring Ronald McDonald into this...

      It is true that the Big Mac was "created" by an owner-operator of the McDonalds franchise for Pittsburgh, PA and gets a royalty from EVERY Big Mac sold.

      https://en.wikipedia.org/wiki/Big_Mac

      reply to this | link to this | view in chronology ]

  • icon
    ArkieGuy (profile), 24 Aug 2016 @ 9:06am

    Experience Matters

    “In my experience, there is no way to compromise these election systems"...

    The key to this is the first 3 words. It's like a sewer worker commenting on string theory (the physics kind, not the plumbing kind).

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Aug 2016 @ 9:14am

    !00% confidence in their never being hacked

    So basically they are the computer scientist from the Willy Wonka movie.

    It feels like they are more worried about becoming another 2000 Florida than hackers from another country choosing a president illegally. Which I would not be surprised is how they really are thinking about this now that I think about it.

    Personally i'm more worried about voter intimidation as a serious and immediate widespread threat to the election. Will hacking happen? I am confident it will. But those hopefully will be limited in scope and result in special elections to verify results.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Aug 2016 @ 9:19am

    Famous last words.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Aug 2016 @ 9:22am

    Prove it

    Let some of the whitehat people have a crack at it. I would bet a months pay that it is not only hackable, but after some practice, it would be undetectable. If ATM machines aren't hackproof after multiple generations, voting machines don't have a chance.

    reply to this | link to this | view in chronology ]

  • icon
    TheResidentSkeptic (profile), 24 Aug 2016 @ 9:26am

    Election Results Just In

    ... 45% voted Democrat; 37% voted Republican, and 29% voted Independent.

    reply to this | link to this | view in chronology ]

  • icon
    radarmonkey (profile), 24 Aug 2016 @ 9:38am

    .... and a million voices cry out ....

    "Challenge Accepted!"

    -- Every Black-Hat in the World

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Aug 2016 @ 10:05am

      Re: .... and a million voices cry out ....

      Exactly what I was thinking.

      reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 24 Aug 2016 @ 11:29am

      Re: .... and a million voices cry out ....

      I felt a great disturbance in the Election, as if millions of voters suddenly cried out in terror, and were suddenly silenced. I fear something terrible has happened.

      reply to this | link to this | view in chronology ]

  • icon
    Go5 (profile), 24 Aug 2016 @ 9:39am

    Dave from IT brought in his son who's Really Good With Computers. They worked all afternoon and drank two liters of Mountain Dew, but neither expert could find a way to hack the voting machines.

    Then they went to the mall for dinner and torrented Big Bang Theory by VPN'ing the Apple Store's free wifi from the froyo joint next door. 133t!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Aug 2016 @ 9:45am

    "they cannot be tampered with"
    said Mark Wolosik, the Donald Trump of the tech world.

    reply to this | link to this | view in chronology ]

  • icon
    Norahc (profile), 24 Aug 2016 @ 10:16am

    Post election headline

    "The day after the presidential election shows Deez Nuts holding a 95% majority in Pittsburgh voting districts."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Aug 2016 @ 10:21am

    I find it slightly amusing and slightly depressing to see officials make statements like this. Amusing because in the last year or so my county replaced the purely electronic machines it's used for the last 15 years or so, with paper ballots and a machine that scans and stores them. Something about the old purely electronic machines they had having been certified is what the election worker I asked told me. Though from a cursory search it seems a law in my state intended to phase out electronic machines in favor of paper based ones is involved as well. Depressing because there are people dumb enough to be this overconfident in purely electronic systems.

    reply to this | link to this | view in chronology ]

  • icon
    NeghVar (profile), 24 Aug 2016 @ 10:24am

    Call of the hackers

    For anyone to make such a claim is going to attract hackers from all over the world. Prepare for a massive cyber-attack

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Aug 2016 @ 11:00am

    Probably more about expectation management than anything else.

    The Washington ComPost the other day ran a full page basically saying: "It is just like, SOOOO hard to steal an election!"

    This is probably part of the same propaganda campaign. They intend to commit a fraud, so they are planning ahead to debunk anyone who brings attention to that fraud.

    Good long term planning really.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Aug 2016 @ 11:11am

    Tempting Fate

    These dimwits have tempted hackers, a community renowned for picking up gauntlets of stupidity flung at their feet. Given the most commonly portrayed demographic of hackers as twenty-somethings, it now seems like Bernie has a good chance after all...well, at least in Pittsburg.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Aug 2016 @ 11:40am

    Don't they call that the Tony Stark effect?

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 24 Aug 2016 @ 12:11pm

    "If I don't see it, it never happened."

    The machines being used do not appear to have open source software that people can examine, and they don't have a paper backup, so if votes are tampered with there's really no clear way to know for sure.

    If it's impossible to tell whether or not the votes have been tampered with, it's also impossible to tell whether or not the machine has been hacked, because there won't be any evidence of a hack.

    As such you could say they're technically true, in that it's impossible(or extremely unlikely) to have any evidence of hacking, and without evidence clearly it never happened.

    reply to this | link to this | view in chronology ]

  • icon
    Derek (profile), 24 Aug 2016 @ 12:32pm

    More secure elsewhere

    I do think they made every other election more secure because now more of the back hats will concentrate on Pittsburgh.

    reply to this | link to this | view in chronology ]

  • icon
    Get off my cyber-lawn! (profile), 24 Aug 2016 @ 1:20pm

    Who is running their election board?

    Sounds like Gary Hart to me!

    reply to this | link to this | view in chronology ]

  • identicon
    Jay Dee, 24 Aug 2016 @ 2:04pm

    The fun starts

    The fun starts when 100% of the votes are recorded for Pat Paulsen.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Aug 2016 @ 2:21pm

    It's all in the planning....

    Step 1 - Claim election machines are unhackable
    Step 2 - Hack easily hackable election machines and have stooge elected (whoever paid the most)
    Step 3 - Steal election...
    Step 4 - Profit...

    reply to this | link to this | view in chronology ]

  • identicon
    Ruby, 24 Aug 2016 @ 3:45pm

    I can't speak for Penn. or other states...

    ...but as someone that works the polls on election day in Ohio, I have yet to see any expert demonstrate a hacking method that has a snowball's chance in hell of occurring in reality.

    Remember, these machines are plugged into the power socket on the wall and that is it. They are not networked to anything and have no wifi capabilities.

    The only way to hack them is to mess with them physically. The dude that did that "scary" study apparently just got a machine and messed with it in his living room. Which means he has no idea what type of counter measures are used to detect hardware tampering.

    Also, WHEN would you do this?!

    Does he think these just chill unsecured in an unlocked room or something???

    The only time you'd have access to the machines (if you weren't a poll worker and, to be clear, no worker is ever left unattended with anything) would be on election day (and at least one "expert" thinks you could tamper with them on election day).

    Bull-fucking-shit.

    Again, I don't know about elsewhere but here? Here the e-voting machines sit out in the open, in the middle of a room filled with 4-8 poll workers (at least one of whom will have the sole task of chilling around the machines until we switch jobs) and god knows how many voters. Plus state and county observers popping up randomly throughout the day.

    Good luck doing anything out of the ordinary without getting caught.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Aug 2016 @ 5:01pm

      Re: I can't speak for Penn. or other states...

      You clearly have no experience with hacking. Taking something apart in your living room is exactly the type of thing someone does to become familiar with the hardware and software. With an example machine, you will get access to the electronics and eventually to the OS. If you can figure out how to change the programming, you are halfway to rigging an election. Hacking via the power cord is nothing new, but I doubt that it would be needed. Believing that your product is invulnerable just because it uses proprietary software and doesn't have obvious access points is just naive. If your product hasn't been independently verified as hackproof, by actual hackers and the code hasn't been verified to lack bugs or hidden code that will effect the election results, why should we trust it? If you really feel your product is so secure, let it be tested, otherwise it is just a fancy potentially rigged ballot box.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Aug 2016 @ 9:42pm

      Re: I can't speak for Penn. or other states...

      "...but as someone that works the polls on election day in Ohio, I have yet to see any expert demonstrate a hacking method that has a snowball's chance in hell of occurring in reality."

      Exactly how many expert hacking methods did you review? How did you vet the "expertise" of those doing the demos? What credentials and professional accreditations do you hold that certify your competence to judge?

      Lets reflect on the EASIEST hack - design the machines pre-hacked. VW did exactly this with their emissions controls, i.e., work one way most of the time, but under special circumstances work entirely another way. Nobody has to "break in" to make the machines cheat, since the machines already know how and when to do so. All we have to do to get away with that approach is restrict reviews of the software.

      I would be very suspicious of Mark Wolosik and Dave Ridilla - ignorant boobs, paid stooges, or evil hackers are the only categories into which I can see them fitting. Same holds for you, altho' I find the latter categories most unlikely in your case.

      reply to this | link to this | view in chronology ]

    • identicon
      bob, 25 Aug 2016 @ 1:40pm

      Re: I can't speak for Penn. or other states...

      Yes because that person watching is able to watch each person's screen and hands without needing to look away or get distracted or zone out.

      All it would take is an accomplice that distracts everyone long enough for you to plug in a thumb drive that can execute code automatically. Sure you need to research the target a bit first but that can be arranged before election day.

      There is always some port somewhere that a developer left so that they could reprogram/update the system.

      reply to this | link to this | view in chronology ]

  • icon
    David (profile), 24 Aug 2016 @ 3:55pm

    And it runs on DOS!

    So far, every voting machine that has been 'accessed' by other means have had two choices for operating systems, MSDOS or Windows. While there might be a Linux/BSD option I have yet to hear/read about one.

    Both MSDOS and W* are so hackable as to not having any protection at all. Paper trail audits could at least warn about a problem, or attempt to back out the hack.

    But, you would have to acknowledge that it is a possibility first. That isn't going to happen.

    reply to this | link to this | view in chronology ]

  • icon
    JBDragon (profile), 24 Aug 2016 @ 4:53pm

    I know where I live in California, we had these eVoting machines 1 year. They had issues, not reliable. We're now back to filling in bubbles with the old #2 pencil. No hanging chad that way either!!! I think it's the best way. If it's good enough to test kids with in school, then why not and they grow up used to it!!! You stick it directly into the machine and it reads it right then and you have a paper trail.

    I think it's much cheaper then these COMPUTERS which is what they are that sit around most of the time and rot away and become outdated in no time anyway. It's way to costly and not Reliable and that's before even getting to hacking.

    I'm not sure why anyone would still want a eVoting machine at this point. It makes zero sense unless you have plans for fraud with them.

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 24 Aug 2016 @ 5:58pm

    Easiest way would be to hack them and have someone not even on the ballot in that state win.

    Say make president obama the winner.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Aug 2016 @ 9:12pm

    If any of these voting machines were even close to being as secure as the companies that make them and politicians claim they are then they'd be more open to real independent security tests on them. But they aren't, not even close, sometimes they're so laughably weak that a 4 year old could have built a better system.

    Saying that it, or anything for that matter, is unhackable is just throwing out a challenge and many people will try and do it and most likely they will succeed.

    reply to this | link to this | view in chronology ]

  • identicon
    Cliff, 25 Aug 2016 @ 6:45am

    Haven't seen this linked yet

    https://www.youtube.com/watch?v=w3_0x6oaDmI

    Very simply put why this is a bad idea - (Yes it is the Tom Scott/Computerphile one)

    reply to this | link to this | view in chronology ]

  • icon
    OldGeezer (profile), 25 Aug 2016 @ 8:44am

    Years ago after the Tylenol tampering scare and other cases the decision was made to call the protections implemented "tamper resistant" rather than "tamper proof" because they felt the latter would be perceived as a challenge. Hackers who would otherwise ignore things just love accepting a dare.

    reply to this | link to this | view in chronology ]

  • icon
    Aaron T (profile), 26 Aug 2016 @ 8:18am

    What are they going to say?

    Seriously, this is just marketing. What are the election officials going to say?

    "Hey, we know we spent millions of your tax dollars on new voting machines not that long ago, but it turns out they're completely insecure and frankly, there's no point in you even voting because some guy in Russia or some rando wearing a Guy Fawkes mask is going to make sure their candidate wins."

    If you're an election official, the last thing you want to convey is anything but confidence in the election, the voting machines or the system as a whole. Once people stop trusting the validity of the elections, your democracy (and cushy government job) comes crumbling down on your head.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Aug 2016 @ 6:02pm

    Tempting Fate: Pittsburgh Election Officials Insist Their E-Voting Machines Can't Be Hacked
    Needs an update, North Korea just cracked the machines and made them so that no matter which candidates are named on the forms, it'll be Kim Jong-un who gets elected.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.