HideOnly 2 days left to get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »
HideOnly 2 days left to get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »

Yet Another E-voting Machine Vulnerability Found

from the because-of-course dept

We've been talking about the ridiculousness of e-voting machines for well over a decade. If a machine doesn't include a paper trail for backup, it's suspect. That's been the case since e-voting machines have been on the market, and many of us have been pointing this out all along. And the big e-voting companies have a long history of not really caring, even as their machines are shown to be vulnerable in a variety of ways. So it come as little to no surprise to find out that security firm Cylance has announced that it's found yet another set of e-voting vulnerabilities in the Sequoia AVC Edge Mk1 voting machine. Sequoia especially has a long history of buggy, faulty machines.

Of course, with all the talk of "rigged" voting this year, the fact that some machines are hackable is very, very bad. Mainly because it just enables conspiracy theory talk to seem much more believable. It remains true (for somewhat ridiculous reasons) that while these vulnerabilities do exist, a widespread hack would be quite difficult. The real problem is at the margin, where low level vote changing could occur. As Ed Snowden rightly notes, the hacking may not be difficult, but using that to rig an election is much more difficult, and would almost certainly be caught.
That said, this remains ridiculous. Even the appearance of potential vote hacking is a problem in actually getting the public to trust the results of an election. I can pretty much guarantee that no matter who wins tomorrow, someone will allege e-voting machine hacking, and point to this (or perhaps other) vulnerability disclosures in the days leading up to the election. And that's bad. For over a decade we've been sounding the alarm that it's ridiculous to use such electronic voting machines, and it would be a damn good idea to fix things. Would have been nice if someone listened.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 7 Nov 2016 @ 9:37am

    That said, this remains ridiculous. Even the appearance of potential vote hacking is a problem in actually getting the public to trust the results of an election.

    There is a candidate who won't believe the result if he loses, and this will just be more ammunition in his attempts to overturn such a result.

    reply to this | link to this | view in chronology ]

    • icon
      art guerrilla (profile), 7 Nov 2016 @ 11:08am

      Re:

      don't be daft, punk: NEITHER of the two hydra heads of the one and only Korporate Money Party want to 'fix' the electoral college and the broken election systems we suffer under... (it is already fixed to their liking)
      the absolute proof : IF they really were interested in election integrity, WHAT/WHO has been stopping them lo these countless decades ? ? ?
      no, the ONLY rational conclusion is that The They WANT a broken systrm they control behind the curtains...

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Nov 2016 @ 2:46pm

      Re:

      He's not wrong, though. I mean if the Democrats had a hue and cry about Bush and the "hanging chads" in 2000, Trump voters have every right to challenge the results of easily one of the most contentious elections in modern history -- and one where the opponent has a history of corruption going all the way back to, of all things, Watergate.

      Not to mention good ol' Palpatine Soros has his crooked fingers in the company that owns a significant number of these machines. Dominion is its name, I believe. If you thought Bush having a stake in Diebold was bad, well, considering the depths of pure, unencumbered, psychopathic evil that Soros and his puppet whøre are capable of, you might as well call this round *Diebold with a Vengeance.*

      My vote at this point goes to Kim Jong Un 2016: Make America Glow Again.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Nov 2016 @ 5:59pm

      Re:

      Considering his opponent rigged the Democratic primary against Bernie and rigged the debates by being fed questions from the moderators, I would say he would be just in his doubt about the election results.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2016 @ 9:45am

    It's not a bug, it's a feature!

    reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 7 Nov 2016 @ 9:51am

    Hacking voting machines: not that difficult. Hiding a secret deviation in votes from after-the-fact statistical analysis: nearly impossible.

    That's not very comforting, knowing that those deviations have been found in at least three recent elections. After-the-fact statistical analysis only produces trivia if the results are ignored.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Nov 2016 @ 2:20pm

      Re:

      It is a basic fact of statistics that false positives and false negatives will always occur. While it is hard to hide true negatives, the occurance of false negatives will require more than statistical evidence to confirm fraud.

      reply to this | link to this | view in chronology ]

      • icon
        Roger Strong (profile), 7 Nov 2016 @ 4:42pm

        Re: Re:

        Still not comforting. Instead of deviations being ignored, you've merely declared them to be easily dismissed. Any REAL deviation - as these appear to be - can be responded to with "That proves nothing. False positives and false negatives will always occur."

        reply to this | link to this | view in chronology ]

  • identicon
    TripMN, 7 Nov 2016 @ 10:19am

    I'm having a hard time finding any of the articles on it because of the noise that is the internet (especially with the last year of politics being what it has been), but wasn't their cries of alarm during the Democratic primaries because of post-vote statistical analysis saying their was something screwy happening in the primaries?

    If that was so quickly swept under the rug and forgotten, what's to say that cries of the same after the main election will be any different?

    I am losing trust that our democracy is in any way democratic... and that any ones cares.

    reply to this | link to this | view in chronology ]

  • icon
    TheResidentSkeptic (profile), 7 Nov 2016 @ 10:33am

    No Hacking Here!

    The machines are correct - and they show that the projection of our candidate being 11% ahead in the polls was also accurate. The losing candidate only got 48% of the vote, while our winning candidate got 59% - exactly 11% more. The machines were not tampered with by any external parties. Trust us.

    reply to this | link to this | view in chronology ]

  • identicon
    Jim, 7 Nov 2016 @ 11:26am

    But:

    Snowden forgot the data in the count. Not everyone votes on each issue. Some skip to what is important on that ballot, to them. Issues on the ballot, local taxes, that initive, etc. So there may be a o in any spot. There may be many interested parties to hack the system or create a false trail. That's why a verify able has to be created. It's not just the bad person who wants your missed vote.

    reply to this | link to this | view in chronology ]

  • icon
    Jeffrey Nonken (profile), 7 Nov 2016 @ 11:27am

    Years ago I wrote a blog post suggesting end-to-end verification. I got one Nirvana Fallacy reply, otherwise crickets.

    I dunno. Sounds good in my head, but I don't know if it could really be done.

    reply to this | link to this | view in chronology ]

    • icon
      Oninoshiko (profile), 7 Nov 2016 @ 1:35pm

      Re:

      The major issue with end-to-end verification is doing in such a way that the voter is still not individually identifiable. We've all seen "anonymized" data become identifiable.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Nov 2016 @ 1:40pm

        Re: Re:

        I do not subscribe to this.

        If you are nor prepared to stand up for your vote, maybe you should not have one?

        I think it would be just as easy to prove that someone is trying to harass you over your vote.

        Most people are registered to a party and if you talk to them more than a couple hours a day you can likely find out how they vote.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 7 Nov 2016 @ 2:34pm

          Re: Re: Re:

          Well, that is possible, but having a presidential candidate making veiled threats about using weapons and having a history of going legal on people that critizise him, it is not impossible.

          But a much more likely way to use such information is the mexican way where people get payed for voting a certain way. While money talks and bullshit walks, I don't see the balance between the parties remaining forever in those circumstances as the economic support relies on picking the winner and getting the advantages it brings...

          reply to this | link to this | view in chronology ]

      • icon
        R.H. (profile), 7 Nov 2016 @ 10:02pm

        Re: Re:

        I'd been somewhat worried about the same outcome (although not to the extent that it had caused me to believe that end-to-end verification was a bad thing). However, I've seen a bit of information about using homomorphic encryption to allow a person to verify their vote without it also being specifically verifiable to a third party.

        The specifics of the system are quite interesting in that any member of the public is able to verify the identities of the people who voted and encrypted versions of their votes, as well as the total vote tallies but, there isn't any way to figure out who voted for whom once a voter completes the process and leaves the voting booth with their encrypted ballot copy. That is a part of the system that the video explains better than the paper does.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2016 @ 1:29pm

    Rotten Tomatoes

    It is a stupid idea to use machines that can't do a recount. Well, I guess they actually can. You press the recount button, and it displays the same numbers you already have.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2016 @ 2:35pm

    What's the problem with paper ballot?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2016 @ 2:58pm

    This is the best our two party system has to offer, how sad.
    Pee Wee Herman 2016.

    reply to this | link to this | view in chronology ]

  • icon
    TRX (profile), 7 Nov 2016 @ 3:20pm

    As a former security wonk, I'm all for the fat laundry marker and cardboard ballot system.

    My local electors, alas, have gone the Diebold terminal route. Because it's important that national news services get their figures as soon as the polls close, as opposed to a couple of hours for the blue-haired old ladies to count the paper ballots in the open, on cafeteria tables.

    reply to this | link to this | view in chronology ]

  • icon
    Hugo S Cunningham (profile), 7 Nov 2016 @ 4:35pm

    Massachusetts-- OCR cards instantly tabulated, hand-recountable

    One complaint, though minor compared to other instant systems:

    Sometimes officials are tempted to alter OCR cards so that the machine can read what it looks like the voter intended. It would be safer if such cards were left unchanged, for tabulation only in the official hand recount. Any markings made on them by officials should be in a different-colored ink from the voter's.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.