I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming
In 2016, I bought two voting machines online for less than $100 apiece. I didn't even have to search the dark web. I found them on eBay.
Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online.
If getting voting machines delivered to my door was shockingly easy, getting inside them proved to be simpler still. The tamper-proof screws didn't work, all the computing equipment was still intact, and the hard drives had not been wiped. The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted. Worse, the "Property Of" government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.
[...] I reverse-engineered the machines to understand how they could be manipulated. After removing the internal hard drive, I was able to access the file structure and operating system. Since the machines were not wiped after they were used in the 2012 presidential election, I got a great deal of insight into how the machines store the votes that were cast on them. Within hours, I was able to change the candidates' names to be that of anyone I wanted. When the machine printed out the official record for the votes that were cast, it showed that the candidate's name I invented had received the most votes on that particular machine.
This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines—those that were used in the 2016 election—are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were before—dispersed, disorganized, and susceptible to manipulation.
(Score: 1, Troll) by Username on Thursday November 15 2018, @12:14PM (14 children)
Government agencies sell items at auction all the time. Including cop cars. Voter information is, and should be, publicly available. I wouldn't want a secret election controlled by a select few.
(Score: 2) by Lester on Thursday November 15 2018, @12:47PM (12 children)
A) They didn't wept data. Bad, bad, bad. That is something you should do when ever you sell an storage device.
B) He has discovered that its easily hackeable. Are you worried by Russian interfering in USA elections by Facebook? Forget it, next election they will tamper voting machines... it is easy.
(Score: 2, Insightful) by Anonymous Coward on Thursday November 15 2018, @12:53PM (10 children)
How do you know that they didn't already do it this election?
(Score: 2) by Lester on Thursday November 15 2018, @12:58PM
You are answering to A). Ok if there is no data voter, just aggregate sums.
What about B)?
(Score: 2) by VLM on Thursday November 15 2018, @01:06PM (7 children)
Recently poll results have started to be used as propaganda in themselves unlike just a few years ago, leading to ridiculous "Hillary has a 99% chance of winning" headlines and all that.
To some extent, candidates purchasing fake poll results is being interpreted as outside meddling.
There are somewhat scientific polls (as opposed to the modern PR polls) that seem to reflect actual results.
Also the election results don't seem really all that unusual. Its possible that some force would be amused at using random influence to destabilize the whole system, but unlikely, most groups want something for their money and nobody seems to be getting that.
Also there's no monopoly on corruption. If elections were hackable, the people hacking them would not be vague and nebulous forces on the other side of the planet, it would be stuff like the local zoning commission banning all legacy retail and only allowing the building of Amazon warehouses, for example, given that Amazon is a lot closer and has a lot more money and a lot more to gain or lose.
(Score: 2) by Phoenix666 on Thursday November 15 2018, @02:10PM
It seems polls are being used for voter suppression. There's also the added complication that how they used to conduct polls is how they still do, but people have stopped using those channels.
As for actual voting, Oregon uses paper ballots and you can vote by mail. It's retro, but seems less prone to the tampering TFA talks about.
Washington DC delenda est.
(Score: 3, Insightful) by ikanreed on Thursday November 15 2018, @04:32PM (2 children)
More honest poll analysis had her at a 65% chance of winning.
and 35% chances happen a lot.
(Score: 1, Funny) by Anonymous Coward on Thursday November 15 2018, @05:27PM
I hear they can happen almost 50% of the time.
(Score: 3, Informative) by DeathMonkey on Thursday November 15 2018, @07:02PM
538 had him within the error margins 1 week before the election [fivethirtyeight.com]
(Score: 2, Insightful) by Anonymous Coward on Thursday November 15 2018, @07:11PM (1 child)
Pre-electoral / campaign silence laws are ancient and were introduced for a reason. The pro/con are mostly about limiting the power of the media and the money the controls it in manipulating public opinion on emotional grounds using smear tactics when the opposition can't react in time with facts.
That being said, it doesn't matter in the US since Americans vote on tribal identity rather than between opinions and disregard news as fake unless it supports their opinions already.
That's a huge mistake. It takes coordinated effort and money to pull off a grand elections hack. By accepting the existence of hack-able voting machines you're hurting the ability of small parties from competing against big parties. It's the same reason you need regulations to keep the market free. Without it someone will just cartel and gobble up everyone else until a monopoly is formed.
Besides, don't forget the nature of the American elections is one of private corporations and individuals buying (and typically hedging) their candidates into office. Introducing another money-based "game mechanics" into the elections would further deteriorate things.
(Score: 0) by Anonymous Coward on Thursday November 15 2018, @08:09PM
Ah yes, the voice of reason shouting into a tornado of stupid. I do hope some of your points sink in.
(Score: 0) by Anonymous Coward on Friday November 16 2018, @03:12AM
She did win. By three million votes. We just don't live in a democracy.
(note, I did not vote for her, nor for Cheeto)
(Score: 0) by Anonymous Coward on Thursday November 15 2018, @06:44PM
Have you done some probablity calculations on your question?
Here is a quote from Probability for Dummies:
(Score: 0) by Anonymous Coward on Thursday November 15 2018, @10:46PM
The worst part is that they're filled with proprietary software. Our tax money should never be used to pay for proprietary software, which is anti-education, anti-freedom, and anti-independence.
However, the best solution would be to switch to paper ballots entirely.
(Score: 2) by edIII on Thursday November 15 2018, @08:44PM
Votes are not public information, Troll.
Nice try, but the facts are a little inconvenient for you here. Also, nice try glossing over the incredibly low levels of security and how the candidate name can be changed to anything you want.
I think that explains how Trump got elected. Direct manipulation of machines.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 5, Insightful) by GreatAuntAnesthesia on Thursday November 15 2018, @12:15PM
Hey! Don't be disrespecting Diebold! Those guys deliver [boingboing.net]!
(Score: 0) by Anonymous Coward on Thursday November 15 2018, @12:16PM (5 children)
That it's not an even more locked down proprietary system than it already is? It sounds like this article tries to claim that security-through-obscurity is desireable.
(Score: 3, Interesting) by JoeMerchant on Thursday November 15 2018, @03:02PM (4 children)
This isn't security at all, this is a simple adding machine wrapped up in an operating system with well known vulnerabilities.
At a minimum, the system should require a password which unlocks the encrypted drive, and upon sale of the device the password should be changed/destroyed, requiring the device to be initialized to an "as new" state. At least with that, a meddler would need the the password to inject bogus votes into the count. Bonus points if you create a system with multiple user accounts and access logging.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Thursday November 15 2018, @05:02PM (1 child)
You mean like Windows?
(Score: 2) by JoeMerchant on Friday November 16 2018, @02:55PM
Only if they actually use the user accounts, separate passwords, and secure log login activity.
🌻🌻 [google.com]
(Score: 2) by edIII on Thursday November 15 2018, @08:50PM (1 child)
Considering the fact that nobody has demonstrated a truly tamper-proof infallible system for voting, it should be highly highly highly highly highly fucking illegal to vote with anything BUT PAPER.
Paper ballots are far more secure than anything electronic. I remember talking about different systems and being lambasted because my idea allowed people to prove votes after the fact, therefore helping people sell their votes. With these midterm elections, I had stubs from my paper ballot with numbers on them. I assume that allows me to look up my vote somehow?
If people are voting electronically, I have about no confidence in that system whatsoever, and I can pretty much assume that somebody else is deciding their vote is worth 100k other votes.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 4, Interesting) by JoeMerchant on Thursday November 15 2018, @10:11PM
I've polled in a bunch of different places, and the median age of poll workers around the country, based on that experience, seems to be about 72. Most of these poll workers seem barely capable of using the computer systems they have been trained on, much less understand how they work. Now, this cuts both ways, crafty septuagenarians are probably much more capable of cheating a paper based election, and lots of them have access - not so many computer savvy individuals are hanging out in the polling places for long days and hours thinking about how they might make the election more likely to go the way _they_ want it to.
I have very little confidence in the fine detail outcome of modern elections, whether paper or electronically voted - if it's down to less than 0.5% margin, graft and corruption likely influenced the election sufficiently to change the outcome. I have very high confidence that there is enough integrity in the system to deliver the correct result when the margin is 10% or more. I would very much like for the system to call for a re-vote on issues and races that result in a very tight margin, and for the revote process to employ enough rotation of responsibilities from the first election to expose fradulent activities through statistical analysis.
🌻🌻 [google.com]
(Score: 4, Insightful) by VLM on Thursday November 15 2018, @12:20PM (36 children)
Those are for corrupting elections. If your state wants a fair election your state will mandate optical scan readers like where I live.
If your state mandates direct-recording machines, they are traitors to the concept of democracy. There's no reason to spec those other than to fake results.
Given that the state obviously knows all that and willfully and intentionally wants corrupt elections and the people living there don't care, there is little point to journalism pointing out that fact.
I'm just saying the story can be completely true and well written and interesting while having zero impact.
From a technical standpoint its interesting to see Windows Crash Everywhere edition. I though that was long dead, but like Cthulhu...
(Score: 5, Insightful) by Lester on Thursday November 15 2018, @12:56PM (34 children)
The best: box, paper and manual counting.
Machines are black boxes. No one, or at least most people, has the technical knowledge to tell if the aggregated results have been modified. With paper votes, any regular guy that can count can check results. And if you don't use aggregate results, the secrecy of vote disappears.
(Score: 2, Insightful) by VLM on Thursday November 15 2018, @01:12PM (23 children)
Replacing handwriting analysis humans with "fill in the dot" machines is basically the optical scan machines I mentioned. My ballot goes in the box at the end of the scanner and humans later use the physical ballots to audit the machines, although the machines historically are never wrong and machine counts can be reported a couple minutes after polls close.
There's no real need for manual counting as long as you can audit the machines result using paper ballots, and the machines historically have proven very accurate.
In this election cycle the corruption seems to be days after the election "finding" ballots suspiciously just enough to tip the election, and the machines must be good enough or they'd tamper the machines instead of "finding" ballots.
(Score: 3, Insightful) by Blymie on Thursday November 15 2018, @01:51PM (13 children)
The point is, every single count should be manually verified anyhow.
And manual counting is *simplistic*. All parties present and involved, all you have to do per polling station is count a few thousand votes. It's child's play. Simple. There's no, zero, nada, no reason ever ever to use anything but pen and paper. Ever. Never ever.
Also I did mention never? ;P
But seriously, there's no call for it. There's no reason. It makes zero sense.
(Score: -1, Redundant) by Anonymous Coward on Thursday November 15 2018, @04:23PM (2 children)
Wow. Do you really mean never [wikipedia.org]?
(Score: 2) by Blymie on Thursday November 15 2018, @09:21PM (1 child)
Yes. I fail to see what your wikipedia link has to do, with not using paper ballots and pen. The issue had to do with "found" ballots, which will NOT happen if an election is run and managed properly.
(Score: 0) by Anonymous Coward on Friday November 16 2018, @10:59AM
Elections are not run and managed properly. By design.
(Score: 2) by number11 on Thursday November 15 2018, @05:13PM (7 children)
Must have been a boring election where you are, or your workers can count really fast. My ballot had: US Senate, US House, State Senate, State House, Governor, Secretary of State, State Auditor, State Atty General, County Commissioner, County Sheriff, County Atty, City Charter Amendment, 2 School Board seats, 2 school bond issues, and 30 judges (ok, all but three of those judge "races" were uncontested). Yes, it was a big piece of paper, both sides. So "all you have to do" is count a few thousand votes 45 times.
We do have paper ballots and scanners (which will complain if they see voter screwups that they can identify, so the voter will have the opportunity to void their ballot and do it again). A small random percentage of precincts are check-recounted by hand to hopefully catch systemic machine screwups.
(Score: 3, Insightful) by fritsd on Thursday November 15 2018, @05:28PM
0. What's the hurry? You're going to have those new electees for four years or so, a day or two more for counting does no harm.
1. Why? It sounds complicated. Why do you make something very important, more complicated?
(Score: 2) by Blymie on Thursday November 15 2018, @09:28PM (2 children)
Interesting. We just vote for the party rep here.
From our viewpoint, you're hiring the person to manage / run the government. Their job, is to become intimately familiar with "many things", and vote/decide those things.
People don't have time to investigate and decide on 100 people, in depth, per election. It's hard enough to read a complete policy / stance from a few candidates, to listen to their speeches, and so on.
So .. spend time concentration on election the *right person* (note I didn't say party) to do the job, and they can handle all the little things.
Regardless, there are loads of ways to handle this. One way, is to have separate ballots (which go into separate sealed boxes), which are then counted by different groups of party representatives. Make it easy to have a separate set of individuals count, whilst still maintaining an auditable trail.
It really isn't hard. You work out a system to count efficiently and fast, and then you use that same system -- forever, with minor improvements here an there.
Election counting isn't "sexy". It doesn't need to be "revamped" or "modernized". It needs to be effective, simple, and something that anyone can understand.
Counting machines are black boxes. They should be disallowed.
(Score: 2) by number11 on Saturday November 17 2018, @02:36AM (1 child)
Yeah, that's how much of the world does it. But not the US, here the voters micromanage that stuff. Party power is way more fragmented, which can be good or bad, depending on the circumstances. And details vary wildly over 50 states, some jobs may be elected (sometimes "nonpartisan", without any party identification or endorsement), sometimes they're appointed. And you're right that voters often don't know much about more than a handful of the candidates/offices being filled.
That won't work if you're having 45 simultaneous elections. You can't give a voter 45 ballots and expect stuff to get into the correct sealed box, and there aren't enough party reps to oversee the counting. But, OCR ballots solve a lot of that, and maintains an audit trail. 10 years ago, we had a statewide election that required a hand recount. Out of a total of about 3M votes, the hand count was within about 500 votes of the machine count (some of that was due not to miscounting, but disputes about whether particular ballots were valid).
We don't really need to know results immediately (it'll be months before any of the candidates takes office, and at least weeks before the results are certified), but the demand for instant gratification is strong.
(Score: 2) by Blymie on Saturday November 17 2018, @04:23AM
Instant gratification is helpful in this case, I think.
I didn't mean separate ballots for each. You can have 3 ballots. Whatever is required to split up counting, and make it easier.
I recently posted a link to the Florida recount, by hand, and done in a few hours.... showing how easily it can be done.
(Score: 2) by Runaway1956 on Friday November 16 2018, @02:36AM (1 child)
If every one of those elections is hotly contested, then it will be a rather large task to settle each one. But, that being the case would indicate that your local election officials may be doing something wrong.
In all likelihood, one or two of the results would be contested, and have to be recounted. The more contested counts, the more likely that your officials are corrupt.
(Score: 2) by number11 on Saturday November 17 2018, @02:12AM
I assume you mean, the results are contested after the election. That's fairly rare. None of the races on my ballot this year, though if they all had to be hand counted that would be a massive headache. Occasionally one or two races will be close enough (within 0.5%) to require a recount.
Yes, that would indicate some systemic problem, whether corruption or massive incompetence. Elections are pretty clean where I am, at least the mechanics of their administration (as opposed to the advertising and occasional threats). (Disclaimer: I am an extremely minor election "official", that is, one of the people who staffs the polls.)
(Score: 2) by Blymie on Friday November 16 2018, @07:05PM
https://www.washingtonpost.com/politics/hand-recount-of-ballots-begins-in-floridas-broward-county/2018/11/16/f9131ee0-e92f-11e8-bbdb-72fdbf9d4fed_story.html?noredirect=on&utm_term=.23a319ea0ba2 [washingtonpost.com]
(Score: 2) by darkfeline on Thursday November 15 2018, @11:12PM (1 child)
>And manual counting is *simplistic*
It is also slow and expensive, subject to human error, and subject to its own security issues. Say polling station A we can assume truly did count X votes correctly, how do you get that X number to a centralized location to be merged with other polling stations, and prevent someone from voting at multiple polling stations?
Join the SDF Public Access UNIX System today!
(Score: 3, Informative) by Blymie on Friday November 16 2018, @04:21AM
These sorts of things were worked out a century ago. For example here?
You may only vote at your assigned voting station. You get informed before the election... a card comes that says "You are registered at this address!". If you don't receive a card, you call.. ads are in papers, everywhere to do so.
If you call, you can change your address, your polling station, whatever.
But you get ONE polling station. Why do you need to vote 1000 miles away? Advanced polling is available for those traveling during the day.
Really.. it's all been worked out. Every contingent. And in terms of expensive? Come on! This is *one night*, and this is *democracy* we're talking about. You do *not* *ever* cut corners!!
For example, each party has representatives monitoring and observing the count. And methods to count efficiently by hand have been used for centuries.
You're acting like counting by hand is *new*. No! Counting by hand is the tried and true method! The method that has worked, that has been fine tuned and honed!
Here? The polls close, and 2 hours after they are counted. Really.
One thing we have is sealed, official ballot boxes. Those boxes are transported under guard to the counting area. Again with party reps if desired, monitoring. And each box is tamper proof, on and on and on.
So the count starts while people are still voting! It's not like everyone votes 5 minutes before the polls close.
(Score: 5, Insightful) by datapharmer on Thursday November 15 2018, @02:57PM (1 child)
Can you please point me to a reputable source that shows they are "finding" votes? This seems to be totally false information - provisional ballots that were simply not counted initially is not "finding" anything. Provisional ballots are never counted on election night. "A provisional ballot is voted the same as a regular ballot; however, after the voter marks his or her selections, the ballot is sealed in a certificate envelope instead of being fed into the tabulating machine... A voter may also present written evidence of eligibility to the Supervisor of Elections by 5 PM on the second day after the election... After the period has passed for voters to provide supporting documentation, the provisional ballot certificates are individually examined to determine the voter's eligibility. The county canvassing board reviews voter eligibility status and determines whether the provisional ballot should be counted. The vote totals from the ballots that are determined to be eligible to be counted are then obtained and added to the totals from election night. Ballots that are determined to be ineligible to be counted remain sealed in their certificate envelopes, and the envelopes are marked "rejected." Source: https://www.votebrevard.com/election-information/provisional-ballots [votebrevard.com]
You simply see more provisional ballots in areas with higher poverty and immigration as statistically these people are less likely to have a current valid government id for various reasons (but doesn't mean they are ineligible to vote) and there are more in heavily populated areas (even if the overall percentages are the same) which can create the appearance of more sway than there actually is statistically. This has only been a problem recently as voter ID laws have been added to deter minority voting (knowing they are less likely to carry valid ID, especially when the definition of valid ID keeps changing). See North Dakota example (surely nobody thinks that Native Americans are illegal immigrants trying to vote... right) Example: http://www.wbur.org/hereandnow/2018/10/23/north-dakota-voter-id-law-native-americans [wbur.org] it is a clear case of voter suppression - add ID requirement, voters get ID, change address requirement, voters must get different addresses and new IDs, rinse, repeat.
(Score: 2) by Runaway1956 on Friday November 16 2018, @02:42AM
You are exposing your racist views with that post. Black folk aren't stupid, after all. Or, more accurately, some of them are - in about the same proportions that white folk are stupid.
https://www.youtube.com/watch?v=3JGmKHrWKMQ [youtube.com]
(Score: 3, Interesting) by Immerman on Thursday November 15 2018, @03:57PM (6 children)
>There's no real need for manual counting as long as you can audit the machines result using paper ballots, and the machines historically have proven very accurate.
Correction - so long as you *do* audit the machines - a machine that can be audited, but isn't, still can't be trusted. Doesn't matter what the historical record is - only whether they were hacked *this time*.
Now, they could have all the software on ROM so that it couldn't be easily hacked (or updated of course, but counting scantron sheets isn't exactly the sort of job that needs updates), then you only need to ensure that the config file guiding the tally process works properly. That's the only way I could see them being realistically auditable though, unless you audited every machine, every time. And even then it would be iffy.
Otherwise, if I had hacked the tallying machines and was trying to compromise an election without being detected, I'd only compromise the tally if:
- at least 70% of the expected votes had been cast (dodge quick-n-easy audits, though it wouldn't work unless you knew which district the machine would be used in, or all/most potential the districts had similar numbers)
- the date and time was correct, and hadn't been changed recently
- the tallying process had lasted about as long as expected (e.g. you have to either wait until the end of the voting day to start tallying, or your audit has to run all day long as well.)
- there's no suspicious patterns in the voting sheets (i.e. the audit can't just run the same 100 sheets through many times in different orders)
I can think of several more, but those are some trivial ones, and they would be sufficient to make sure an audit by anyone but security experts would have a vanishingly small chance of detecting that it had been compromised.
(Score: 2) by edIII on Thursday November 15 2018, @09:08PM (4 children)
I'll mention it again here, but you don't need scantron machines either. It could be aluminum punch outs. Insert a blank aluminum sheet into the machine, choose your votes, then watch it be printed onto the aluminum, punch outs created, and then ejected back to the voter for their own verification. That's who should be verifying it anyways, the voter. Once verified, they slip it back into the machine, and it gets cut into notched squares, which can still be verified all over again.
Once you have your aluminum squares, it could be a physical stacking of them. Just like those toys for toddlers that only allow the right block into the right hole, only the correctly voted square can fit onto a candidates stack. That should be work that anybody can do at a polling location. It's worth mentioning how anybody around the stack can visually inspect it for accuracy, and vote tampering would be a hilariously laborious affair.
It's all recyclable, just like paper.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by Immerman on Friday November 16 2018, @02:51AM (3 children)
Surely. Sounds a bit expensive, but there's lots of ways to implement the ballot-casting process if counting speed is considered important for some reason. Just stay away from computers, the security technology is still nowhere near mature enough to be trusted for something so tempting to corrupt.
(Score: 2) by VLM on Friday November 16 2018, @12:36PM (2 children)
A scantron, aside from the light sensor magic, is little more computationally advanced than 1930s unit record equipment.
(Score: 2) by Immerman on Friday November 16 2018, @02:57PM (1 child)
Are you certain about that? I'm sure they originally were, but these days programmable computers/SOCs have gotten so cheap that they've pretty much replaced anything that would otherwise require purpose-built electronics.
(Score: 2) by VLM on Friday November 16 2018, @09:45PM
Strange but interesting thought experiment... mandate elections use 1930s unit record equipment or new models. Not the craziest idea ever.
(Score: 0) by Anonymous Coward on Friday November 16 2018, @02:46AM
You OS can be as secure as you wish. I'm going to do an end run around that security, and tamper with the input/output devices. The scanner is only going to see the marks that I want it to see.
(Score: 5, Insightful) by DannyB on Thursday November 15 2018, @02:46PM (6 children)
I like what my precinct does: box, paper, machine counting, and option of as many manual counts as desired.
You get a paper ballot. Fill it out with a pen. They put it in a machine which counts it before dropping it visibly into a cardboard box. A display on the machine increments showing total ballots counted, so you know yours was.
The Voter doesn't have to worry that the machine counts some mysterious bar codes, hanging chads, hole punches or other non-human readable marking. The machine counts exactly what a human sees and fills out with a pen. In a manual count, they should get exactly the same result. It would even be possible to take the entire box of ballots and feed them through a 2nd counting machine to check the results. Or, if necessary, manually count them. Or manually count a statistical sampling.
No hanging chads. No holes punched.
If there are any defects in the ballot or the way it is marked, the machine rejects it immediately without counting, and you can fill out another ballot.
The box of ballots is the actual record. The machine count is merely for speed and convenience.
It would be possible to announce preliminary results on election night, with an actual human count done in the following days to be the actual official result.
This seems to me to have the best attributes of completely manual paper voting with the speed of machine counted results.
The lower I set my standards the more accomplishments I have.
(Score: 3, Insightful) by Immerman on Thursday November 15 2018, @04:10PM (3 children)
Statistical samples are of dubious value though, especially when elections are close. And all the other things that *could* be done, are only of value if they *are* done. Which they rarely are.
And if the manual counting is the official result, then what exactly is the point of having an early result election night? There is literally no benefit to anyone, except the media outlets and their ability to sell ads. Elections are not sports games - the final result is the ONLY thing that matters, except insofar as preliminary results may compromise the election by encouraging or discouraging voters from going to the polls.
(Score: 2) by DannyB on Thursday November 15 2018, @06:25PM (2 children)
Yep, with close results, do full recounts.
The machine count provides the election night results that everyone so desperately wants and needs.
The lower I set my standards the more accomplishments I have.
(Score: 2) by Immerman on Friday November 16 2018, @02:26AM (1 child)
It's that "desperately wants and needs" bit that I don't get. It's not going to make any real difference to anyone until the winners take office months in the future. As far as I can tell the only reason we desperately want fake (inaccurate? non-definitive?) results right away is because the media has turned the whole thing into a circus to boost ad revenues.
(Score: 2) by Runaway1956 on Friday November 16 2018, @02:56AM
On election night, the losers desperately need the turds, so that they can start polishing them.
Seriously, everyone wants to know the results ASAP. At the same time, everyone realizes that the early results can sometimes be wrong. The closer the results are, the more likely that they are wrong. That's why even the less honest polling places only offer percentages. "We're more than ninety percent certain that Candidate A has won." We might hear certainties offered in some precincts, but I don't recall hearing very many of those. If there were only 1000 eligible voters, and there were 800 votes for Candidate A, then the results can hardly be contested. If they were, it would only be a sign of a sore loser trying to make things difficult for everyone. In reality, few elections are so clearly decided. We are accustomed to the winner taking as little as 45% of the vote, the loser getting as much as 44% of the vote, and third parties dividing the rest.
(Score: 2) by Lester on Thursday November 15 2018, @04:25PM (1 child)
They should always be verified with manual counting, or at least a significative number of machines should be checked if they have counted properly. Do you remember the voting machines of USA 2000 presidential election in Florida [wikipedia.org]? Do you check Credit Card Payments? Do you count money form a cash machine? I always do it. There are two actor and all those gadgets let an actor (the bank) speed up process (teller machine, bank software...), but the other actor (you) can verify it. With electronic voting, you drop the ballot in a vacuum. And with this machines if you don't count manually ballots, just count them again in the same machine, is not very different. Think of Volskwagen dieselgate [wikipedia.org], considering what is in stake in a election, and that someone always to tamper it. It is a good idea manipulating the circuits to move 10% votes from others candidates to me when dumping totals.
Voting machines could be even connected to internet, so, a second after finishing elections, you could have *provisional* results, but always pending of manual counting. Never trust in machine
(Score: 3, Insightful) by DannyB on Thursday November 15 2018, @06:29PM
You mention something that I failed to mention.
The voting machines I talk about are NOT connected to the internet. Ever. They don't need to be.
The results can be sent by a human over the internet or some other way.
Another thing about passing the ballots through multiple machines to verify the count would the the idea of multiple machines from different vendors that might not be implemented the same way.
The lower I set my standards the more accomplishments I have.
(Score: 5, Interesting) by Thexalon on Thursday November 15 2018, @05:30PM
Not even techy type people can tell. For instance, even if you're a competent programmer, and you have complete access to the application code used for the election and believe it to be clean, it could be that the application is relying on compromised 3rd-party software such as a database. And even if you have complete access to the code of that 3rd-party software, and it's clean, the OS could still be compromised and be making changes behind the scenes. And even if you had all the code to the OS and ensured that it was completely clean (and we're already well into fantasy-land at this point), the hardware could have been compromised and you'd have absolutely no way to tell without a microscope and a bunch of training in electrical engineering and hardware design. Meanwhile, if you were someone who understood the hardware and were good at catching shenanigans at the hardware level, odds are you don't have the software security background needed to verify the application, 3rd-party packages, and OS are clean.
Based on the simple fact that a large number of people affiliated both with Republicans and Democrats have observed votes flipping, where the voter selects one choice but the machine changes it to another choice, I'd say it's safe to conclude that either the applications themselves are intentionally compromised, or the people programming them are complete idiots, or both. These machines should not be being used for anything important, but will be because crooked Secretaries of State would like to ensure that their team wins the election without having to do all that annoying work of convincing the citizens that they're the better choice.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by krishnoid on Friday November 16 2018, @01:36AM
That's definitely the least expensive way to do it properly. If you want technology and security, though, you do have other options [schneier.com].
(Score: 2) by JoeMerchant on Friday November 16 2018, @02:59PM
We need blockchain quantum voting - blockchain to prove that you voted (only once) and that your vote was received and counted, quantum to encrypt your vote outside the aggregate count.
Put that in the cloud and smoke it.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Thursday November 15 2018, @01:22PM
> If your state wants a fair election your state will mandate optical scan readers like where I live.
Same here. NY State went from the old mechanical lever machines (they really were security by obscurity, I understand they were fairly time consuming to set up) directly to optical scanners. In our case, we fill in the dots on the paper ballot, run through the scanner and then put it through a slot under the scanner where it drops into a closed bin for future audit or re-count.
My memory is that NY didn't even consider the "all electronic" touch-screen voting systems.
(Score: 2) by RandomFactor on Thursday November 15 2018, @12:39PM
does any form of the word 'surprised' appear.
Read: "I know this is going to be bad, but I'm gonna pretend I didn't for dramatic effect."
В «Правде» нет известий, в «Известиях» нет правды
(Score: 2) by Virindi on Thursday November 15 2018, @01:21PM (5 children)
Yeah, the fact that you can buy them is not "alarming". The public has a right to know and inspect how the voting process works, and what better way is there than being able to buy an old voting machine and examine it yourself? This is how vulnerabilities are found...and preventing this does not prevent the bad guys from finding vulnerabilities, only the good guys. The bad guys can just steal one.
Beware anyone who claims it should only be examined by "selected experts". Any system like that is highly vulnerable because you cannot trust the person who chooses the 'experts', and you cannot prevent political pressure on said 'experts'. Letting any Joe willing to buy an old machine examine it and publish their findings as they please solves this at little cost to anyone.
(Score: 3, Interesting) by bzipitidoo on Thursday November 15 2018, @02:07PM
Another thing I thought alarmist was the wailing about the lack of encryption. Paper ballots really can't be encrypted, so how is unencrypted "on a computer" worse? And, what "voter information" was on the machines? The article didn't say any personal info was present. And why should there be? I've never had nor heard of a voting machine asking for voters' name and address. Seems the article might be running with the notion that the votes themselves, anonymized though they are, constitute personal and private info.
As for "tamper proof screws", come on, anyone with any sense ought to realize that such things are almost entirely security theater, really only able to delay tampering by a few seconds, which could be vital. The author had all the time and privacy he needed, no kind of physical lock could possibly last against that. It's like expecting a safe to stay unbreached after it had been stolen, and defeat all the machinery that can be brought to bear on it. Likely all that's needed is a diamond edged power saw. Some of the best such security I'd heard of is in old video games. In at least one case, the machine was set up to wipe the ROMs if it was tampered with. And that was still defeated. So to screech "insecurity!" about that is unfair and disingenuous.
Securing electronic voting is a hard problem. And Diebold has showed they are not trustworthy. There are tough real problems here. Don't need to be diverted with unrealistic, impractical, and unnecessary expectations.
(Score: 2) by DannyB on Thursday November 15 2018, @02:49PM
The public has a right to know and inspect how the insecure the voting process is.
The lower I set my standards the more accomplishments I have.
(Score: 1) by khallow on Thursday November 15 2018, @03:17PM
You're thinking of it from the rural point of view where misusing a voting machine means merely that one damages one's own property. A terrorist could turn one of these into a significant weapon by dropping it out a window from a ten story window onto a busy traffic area. Just like any other heavy object, it should be banned from high rises, bridges, balconies, and anywhere else that terrorists can drop such objects onto unsuspecting victims.
(Score: 0) by Anonymous Coward on Thursday November 15 2018, @05:58PM
So why not open source all the code?
(Score: 2) by Runaway1956 on Friday November 16 2018, @03:09AM
Yet, we hear this routinely from OS vendors (closed source), automakers, aviation, and more. We even see it outside of computing/electronics fields. "No consumer serviceable parts inside." We are accustomed to seeing and hearing the warnings.
https://en.wikipedia.org/wiki/Blinkenlights [wikipedia.org]
(Score: 3, Interesting) by Bot on Thursday November 15 2018, @03:34PM (4 children)
subject is what i thought about the net in the mid nineties. Why? because I thought that instantaneous communication and access to whatever amount of data meant direct democracy was feasible, and I figured out whoever was in charge preferred to continue being the middleman between the voter and the decisions.
Turn out i was wrong, but not in all aspects.
Face it, if the system can reasonably secure financial transactions it can also secure votes.
They don't want it. They want the voter to perceive the good ol methods are safer. So they make electronic voting as shit as it can possibly be. It's decades we have such stories in the news. The author of TFA did a good work but it is propaganda.
Account abandoned.
(Score: 0) by Anonymous Coward on Thursday November 15 2018, @04:09PM
They don't want it. Another example is the difference in security employed on Slot machines versus Voting machines. Night and Day. Solutions exist, but "they" don't want to use them.
(Score: 2, Insightful) by Anonymous Coward on Thursday November 15 2018, @05:12PM
I disagree. If a financial institution screws up a transaction, or your account gets hacked and you lose money, the financial institution is responsible for making it right. There is no "making it right" after an election. And there is no equivalent to recouping financial transfers.
For those that don't vote they will never know (or care) that their voter ID was used in a malicious way. Almost everybody will notice (and care) if their bank account gets hacked.
Also, there is more motivation for those with great resources to interfere in an election than there is for the same people to hack individual's financial accounts. Getting "desirable" people elected can result in much more financial gain than robbing thousands (or millions) of people.
(Score: 3, Insightful) by Anonymous Coward on Thursday November 15 2018, @05:17PM (1 child)
There one important issue that elections have which is very different from financial transactions.
Most modern democracies are set up so that your vote is secret. This has two aspects: first, nobody can find out how you actually voted, and second, you can't prove to anyone how you actually voted. This secrecy is in place because coercion and buying votes have been a real problem.
Any kind of absentee vote (online or otherwise) violates the second aspect. You can prove how you voted by actually filling out your ballot while someone is watching. So normally people can only do absentee ballots after demonstrating that voting by other means will be impractical. This is also the same reason why it is normally verboten to take selfies with a filled-out ballot.
On the other hand for financial transactions you normally do want someone to know about your transaction. "Hey Joe, I sent you the money, please give me the car now".
(Score: 2) by Bot on Monday November 19 2018, @04:59PM
Ok, what if: at the voting office you pick randomly a usb card with a privkey.
The office ties the key to you by etching your data on it and have you sign it.
The corresponding pubkey is in the hands of the counting system.
Your key signs the vote transaction. The transaction is numbered and the vote outcome is kept private, when you vote the system shows you your transaction number plus a transaction number for any other choice. You can write it down the one who you prefer to tell the mafia guy coerces you out of it.
The mafia guy cannot simply check all transactions numbers online with the vote result, he needs to show up at the voting office with the key, impersonating you.
You could also vote from home, just have the cellphone recording you live to avoid the mafia guy collecting keys from voters.
Besides, in a totally transparent society, which will not happen because whoever the elite is, they need privacy and would rather have WWIII and send us all back to stone age, the mafia guy would have lost his job already because it's not possible to steal or coerce already.
Again, this seems to explain why the corporations and governments happily let private info be collected and leaked. They want YOU to value privacy so that they can abuse it, the magic word being national security.
Account abandoned.
(Score: 4, Informative) by requerdanos on Thursday November 15 2018, @03:46PM (2 children)
This is the worst car analogy seen on this site to date. Props to upstart and chromas for this awesome achievement.
(Score: 4, Touché) by RandomFactor on Thursday November 15 2018, @10:05PM
Better would have been "...with the suspects still in the back."
В «Правде» нет известий, в «Известиях» нет правды
(Score: 2) by JoeMerchant on Friday November 16 2018, @03:01PM
It's like a stretch Yugo limo car analogy...
🌻🌻 [google.com]