SoylentNews is people
SoylentNews
In the run-up to the USA's upcoming national election event:
The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.
[...] [three days later] the FBI Cyber Division issued a potentially more disturbing warning, entitled "Targeting Activity Against State Board of Election Systems." The alert, labeled as restricted for "NEED TO KNOW recipients," disclosed that the bureau was investigating cyberintrusions against two state election websites this summer, including one that resulted in the "exfiltration," or theft, of voter registration data. "It was an eye opener," one senior law enforcement official said of the bureau's discovery of the intrusions. "We believe it's kind of serious, and we're investigating."
[...] six states and parts of four others (including large swaths of Pennsylvania, a crucial swing state in this year's race) are more vulnerable because they rely on paperless touchscreen voting, known as DREs or Direct-Recording Electronic voting machines, for which there are no paper ballot backups.
[...] the FBI warning seems likely to ramp up pressure on the Department of Homeland Security to formally designate state election systems as part of the nation's "critical infrastructure" requiring federal protection — a key step, advocates say, in forestalling the possibility of foreign government meddling in the election.
The reason designating election systems "critical infrastructure" requiring federal protection is important is that designation means the Feds devote resources to protecting it and threaten a heightened response to entities messing with "critical infrastructure."
[Continues...]
Related / more info:
- Cyber Storm V: Testing the Nation's Ability to Respond to Significant Cyber Incidents
- White House releases a cyber deterrence policy outlining how the United States will respond to cyber attacks from malicious actors.
- Text of the Cyber Deterrence Policy (PDF)
Have you considered the impact on the US if the election for president is disrupted, with the winner unknown because the results are dependent upon the votes in one or more of the states with electronic-only voting systems? Some people might find it beneficial if the US election is disrupted or contested.
(Score: 5, Insightful) by Anonymous Coward on Monday August 29 2016, @09:32PM
How about instead of foolishly trying to enhance the security of computer systems that mostly run non-free proprietary user-subjugating software, we switch to a voting method that we know can't be easily rigged on a massive scale: Paper ballots. We should not be using computers for something as important as voting, even if we assume it saves a bit of money.
(Score: 0) by Anonymous Coward on Monday August 29 2016, @10:13PM
The "hanging chad" drama of the 2000 elections caused many counties to switch to electronic voting. However, hanging chads may be the least of two evils. Only a small fraction of cast votes will be subject to chad issues, but cyber-attacks could affect vastly more.
(Score: 5, Interesting) by bob_super on Monday August 29 2016, @10:33PM
If what's being hacked is the voter registration data, the question is not so much the corruption of the votes themselves, as the ability to enact massive vote suppression against the people least equipped to fight to get their name back on the list on time.
Obviously, adding records is also possible, but the logistics of acting on the fake registrations are a lot more cumbersome (and exposed to a leak).
(Score: 3, Funny) by Anonymous Coward on Tuesday August 30 2016, @12:48AM
I hear Bobby Drop Tables is now registered to vote in both states.
(Score: 4, Interesting) by JNCF on Monday August 29 2016, @10:58PM
SoylentNews user devlux [soylentnews.org] has an interesting solution to the problem of electronic voting, here's his Votabit whitepaper. [jumpshare.com] The paper is 21 pages long. Additional discussion of it can be found on the NXT forums [nxtforum.org] (NXT is a Bitcoin alternative), where he uses the same username. Basically, he wants an anonymised record of voting to be stored on a blockchain. He assumes the existance of a centralised organization that verifies eligible voter identities, whether that be a government or NGO. Accepting the centralised organization's identity verification process as valid, anybody can verify how the results turned out by reviewing the public record on the blockchain (and there's no reason you couldn't have multiple organizations verifying identities, though I don't remember if devlux makes that point in the Votabit paper).
While I'm not really interested in the problem of large-scale democracy, I don't think that electronic voting is inherently a horrible idea. A blockchain might be much harder to tamper with than a box of paper ballots.
(Score: 2, Insightful) by Anonymous Coward on Monday August 29 2016, @11:43PM
While there might be some solutions that could help alleviate the issues with electronic voting, I have no confidence that they'd be implemented correctly or that the systems would use 100% free software, which should be a requirement. Paper ballots are brain-dead easy.
(Score: 4, Insightful) by frojack on Tuesday August 30 2016, @12:49AM
I tend to agree, adding additional levels of complexity such that the common citizen in the street can no longer understand how it works is absolutely NOT the answer. Neither is tossing it all in a computer where one well timed power failure wipes out entire elections.
Wrong. Criminally Wrong.
You can always draft people to count ballots if you have ballots. You'd have legions waiting to volunteer just to make sure there was no funny business going on.
Lets see you count that blockchain when the lights go out.
No, you are mistaken. I've always had this sig.
(Score: 4, Interesting) by hemocyanin on Tuesday August 30 2016, @05:44AM
I totally agree with you on paper ballots. The system we use in Washington state is really simple. You get a ballot in the mail printed on heavy cardstock about two weeks before the election. You use a pen to mark your vote (no hanging chads from complicated punch machines) -- the place to mark is right next to the specific candidate or ballot measure (no alignment issues). You mail or drop off the ballot at collection location (in the last election I waited less than 10 seconds in line to drop off my ballot). The ballots are then machine read (obviously a place for shenanigans to occur) but of course, there is a paper trail if those shenanigans do occur.
When we first went to all mail-in ballots, I was against it thinking that if people couldn't be bothered to go to a polling location, they didn't deserve to vote. After using it now for years, I wouldn't trade it back. You can sit there with your ballot and search the obscure candidates/issues on the internet which while it may not always be the most accurate source of info, is still more accurate than taking a flying guess in the voting booth. Plus there's the whole no waiting, no fuss advantage. It's a superior system.
As for some kind of bitcoinish voting rigamarole -- it will just make the system more opaque, it can't beat the paper trail, and like all software systems, it will be vulnerable but possibly more difficult to find leaving the system insecure for longer periods. It feels like the tech overkill you often see non-tech savvy people get hooked on -- as soon as someone puts a microchip in a shaver, I'm sure they'll make tons of money off the same sorts of people who would by paperless voting machines. There are places where technology does not actually make life better, easier, or safer.
(Score: 0) by Anonymous Coward on Tuesday August 30 2016, @05:29PM
So what happens if my boss asks me to bring my heavy cardstock to work so she can make sure I vote for the candidates she wants? Assume that my boss is smart enough to not leave any paper trail so if I report her to the election commission it's her word against mine. How do I not loss my job nor my right to vote for the candidates I want?
(Score: 2) by hemocyanin on Tuesday August 30 2016, @06:22PM
So what if your boss requires you to snap a photo of your finished ballot in the voting booth? We can play that what if game forever, but after seeing long lines of people being disenfranchised of their vote this season, I have a lot respect for WA's system.
(Score: 0) by Anonymous Coward on Tuesday August 30 2016, @09:01PM
I take the picture, then tear it so the scan tron machine will not accept it, get another, fill it in the way I want, and then work with the election commission so they record her asking for the picture and now we have proof she tried to coerce my vote.
(Score: 0) by Anonymous Coward on Tuesday August 30 2016, @10:10PM
So what if your boss requires you to snap a photo of your finished ballot in the voting booth? We can play that what if game forever, but after seeing long lines of people being disenfranchised of their vote this season, I have a lot respect for WA's system.
You tell them it is a crime to take any cameras, cell phones, or other things into the polling place... at least it is in Virginia.
I've not tried mailing voting, but on the outside it seems good. I'm concerned at the idea of things like "abusive spouse forces somebody to vote a certain way," but I'm guessing such a thing is an exceptional case which won't affect an election (any more than "abuse spouse traps somebody indoors on election day").
Still, if there was widespread systemic abuses, how would the system catch and fix it? A quick search online found a pdf saying "remote voting systems such as vote-by-mail are generally regarded as providing inferior protection from coercion, and as such, their use is often discouraged by experts"... which could be incorrect but doesn't exactly inspire me with confidence.
(Score: 2) by hemocyanin on Thursday September 01 2016, @06:21AM
Compared to standing 4-10 hours in the baking sun to find out the machines broke, mail-in is a gazillion times better. Besides, if you want a mail-in ballot in states with polling stations, you just ask for one -- now the annoying system is just as weak as the convenient system.
Honestly, I used to think just like you and other naysayers, but after using the WA mail-in system, I love it. It is just better.
(Score: 4, Insightful) by Arik on Tuesday August 30 2016, @12:49AM
If laughter is the best medicine, who are the best doctors?
(Score: 2) by JNCF on Tuesday August 30 2016, @01:42AM
It's inherently a horrible idea based simply on the inevitability that, just like everything else, the technology will not be designed and perfected by passionate geeks seeking perfection, but by the cheapest excuse for programmers the bosses can find, using unsuitable tools, without any formal 'design' phase at all.
Then put devlux in charge of it! He's passionate enough to write a whitepaper about it.
Oh and there are similar problems with the hardware as well. A system like that can never be secured.
That depends on what you mean by secured.
Are you worried about it recording an incorrect vote? If so, devlux has that figured out already. The individual voter can verify that the vote recorded on the blockchain was the one they intended to cast. Any discrepencies would be immediately apparent to the people who cast the votes, which is not true of paper ballots which can be switched with other ones later; we have more gaurantees with a blockchain-recorded vote, not less (and you could print out an extra paper version if it mattered, it just wouldn't). You have to find an issue with the blockchain or this isn't a concern. If simply having red flags pop up when votes are recorded incorrectly isn't good enough, each voter could be given a dedicated piece of hardware that physically connects to the voting machine and sends a vote in the format proposed in the Votabit whitepaper, already cryptographically signed. The dedicated piece of hardware wouldn't need to accept any data from the machine, only send it. This should cost quite a bit less than $100 per voter, and is only necessary if you aren't satisfied with red flags popping up. This should totally isolate the private keys from the voting machines, which means that the individual TREZOR-knockoffs would need to be tampered with -- and if they were tampered with, that should be apparent and detectable after the fact when the voter walks out of the booth with their TREZOR-knockoff in hand. The failure point is placed back on the centralised organization(s) responsible for identity verification, not the hardware.
If you're talking about surveillance concerns, those should all apply equally to paper ballots.
(Score: 3, Insightful) by Arik on Tuesday August 30 2016, @01:53AM
The people that do have that power in our society have neither the knowledge nor the motivation to make, nay *let* this work the way it should.
They were always going to do exactly what they're doing, doling out projects to the well connected, buying whatever they are told to buy, and sticking their fingers in their ears when informed of problems.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by JNCF on Tuesday August 30 2016, @02:05AM
The people that do have that power in our society have neither the knowledge nor the motivation to make, nay *let* this work the way it should.
As I stated originally, I'm not really interested in the problem of large-scale democracy. I wholeheartedly agree that the system is fucked, but that isn't an argument for the blockchain being a more tamper-prone way to record votes than a box full of paper ballots. If I were trying to argue for reforming this mess, I'd argue that voting should be done on a blockchain. I took your original post to be partly concerned with the difficulties of implementing the system securely, and I don't think those concerns are valid. I agree that the system which currently exists wouldn't put devlux in charge of implementation, but that's a problem of politics not a technical issue.
(Score: 2) by Arik on Tuesday August 30 2016, @03:35AM
The powerful have no particular interest in fair elections and little fear of seeing them rigged, as they'll generally be the ones doing the rigging not the other way around.
Combine that with the general technical incompetence and it's simply impossible, in reality this is exactly what you should expect from it:
http://www.counterpunch.org/2016/05/16/clinton-does-best-where-voting-machines-flunk-hacking-tests-hillary-clinton-vs-bernie-sanders-election-fraud-allegations/
If laughter is the best medicine, who are the best doctors?
(Score: 1, Insightful) by Anonymous Coward on Tuesday August 30 2016, @02:29AM
> Accepting the centralised organization's identity verification process as valid,
And that right there is why devlux is on a fool's errand. Not the part about accepting the validity, but the fact that his entire system relies on identity verification. You can not have both a secret ballot and a provably tamper-proof election. That's practically a fundamental law of information theory if not physics in general.
We get around that in real life by putting lots of friction in the parts of the process most vulnerable to deanonymizing ballots and tampering with votes. Its not perfect, but most of the time its good enough. Going electronic is all about taking the friction out of a system. So without the benefit of friction you are left with a choice - no more secret ballots or a totally hackable voting system.
Pick one.
(Score: 4, Informative) by mhajicek on Tuesday August 30 2016, @02:48AM
You could have a system where each voter gets a receipt with a code, and can verify their vote anonymously. They would only need to identify themselves if they wished to contest how their vote had been counted.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 1, Insightful) by Anonymous Coward on Tuesday August 30 2016, @03:08AM
> You could have a system where each voter gets a receipt with a code, and can verify their vote anonymously
No you could not. If you have a receipt with a code then you can be coerced into giving that receipt with a code to someone else and now your ballot is no longer anonymous.
Seriously this is an immutable law, you can not be simultaneously anonymous and verifiable. Any who thinks otherwise just has not thought it through.
(Score: 1, Funny) by Anonymous Coward on Tuesday August 30 2016, @05:15AM
Since I have to show ID and prove who I am to be able to vote, I don't expect my vote to be anonymous in the first place.
(Score: 2) by Scruffy Beard 2 on Tuesday August 30 2016, @07:12AM
has this law been proven?
I would be interested in reading such a proof.
It is my understanding that it has only been postulated that e-votes can not be both anonymous and verifiable.
(Score: 2) by mhajicek on Tuesday August 30 2016, @12:18PM
Regardless of the voting system you could be coerced into revealing your vote.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by deimtee on Tuesday August 30 2016, @01:51PM
Once you've dropped the filled in ballot paper through the slot, you can say you voted whatever way they want. They can't check, and even if you wanted to, you couldn't prove which way you voted.
If you cough while drinking cheap red wine it really cleans out your sinuses.
(Score: 2) by JNCF on Tuesday August 30 2016, @03:22AM
You can not have both a secret ballot and a provably tamper-proof election. That's practically a fundamental law of information theory if not physics in general.
You can have a ballot that is secret unless you possess a given private key. This takes away all concerns about secrecy except for vote selling/coercing, and if you were being coerced into voting a certain way you could just find somebody voting the other way who was willing to let you decieve your aggressor with their private key. I would consider this a relatively minor problem compared to election fraud.
(Score: 1, Interesting) by Anonymous Coward on Tuesday August 30 2016, @04:24AM
> and if you were being coerced into voting a certain way you could just find somebody voting the other way who was willing to let you decieve your aggressor with their private key
Lol. Do you even think before posting?
(a) Not only is that not easy to do, it is illegal. If the solution to the problem is to break the law, then it's not an actual solution.
(b) Coercion isn't just about aggression, its also about bribes.
Designing voting systems is like designing encryption systems - if you aren't an expert then you will fuck it up royally. I've been part of verifiedvoting.org since their start back in 2003. You clearly haven't really given this much thought at all.
(Score: 2) by JNCF on Tuesday August 30 2016, @05:54AM
I'm in agreement that your worries about anonymity are valid in the specific case of targeted coercion, and I think my last post makes that clear. I represented it as a minor issue, not a solved problem. It's not like the current system doesn't allow for make-shift evidence of ballots cast -- ballot selfies aren't even illegal in every state, and they're producable everywhere. You just don't have any gaurantees that the ballot in the selfie is actually counted.
The imperfect solution of supplying a false key is worth bringing up because it makes everything more difficult for the would-be ballot buyer; they can't ever really verify how somebody voted, only that a given key matched a given vote, so they incur more cost per vote actually bought. If they wanted greater assurance they'd need to go through the same hassle as today. The secrecy is more comparable to our current system than it is to voting in a place and time where votes were public knowledge.
(Score: 2) by JNCF on Tuesday August 30 2016, @06:05AM
Here's what I actually overlooked until just now: absentee votes are super easy for a third party to confirm with cooperation from the voter, so targeted coercion is even easier than a selfie in the current system. This negates your whole argument unless you oppose absentee voting.
(Score: 0) by Anonymous Coward on Tuesday August 30 2016, @06:20AM
Yes there are anonymity problems with vote-by-mail and as more and more districts roll that out eventually somebody is going to start exploiting those problems. But at least they still have the friction of physical ballots so scaling the coercion isn't anywhere near as easy as with e-voting. You'd need someone to personally verify the ballot and mail it themselves to assure the coerced vote was actually cast.
Ballot selfies are not a problem because a photograph of a ballot before it is cast is not proof that it was cast.
And what you call a "minor issue" is anything but because, again, scaling. It is no great leap to automate a vote buying scheme where people message their "receipts" and get bitcoin in return. That's 1000x easier than dicking around with ballots in the mail.
And while I haven't mentioned this yet, secure e-voting is impossible too. You can't guarantee that the computer used to cast the vote isn't compromised in such a way that (a) it casts a different vote and (b) intercepts the "receipt" and give you a fake one. For example, everybody who thinks they voted for candidate X but their phone had a virus that voted for Y instead gets the same "receipt" from someone who really did vote for X.
(Score: 2) by JNCF on Tuesday August 30 2016, @06:34AM
The whitepaper is actually an interesting read. We're talking about voting in a booth still.
If you were automatically paying anybody for keys that are tied to a specific vote, you're mostly going to be paying people who were going to vote that way regardless. Very cost prohibitive.
(Score: 2) by JNCF on Tuesday August 30 2016, @06:51AM
I do see your point about taking a ballot selfie and then requesting a new ballot. I was trying to think of a clever way around it, but I haven't yet.
(Score: 2) by JNCF on Tuesday August 30 2016, @06:59AM
Oh, wait, here's the clever solution: video transition from selfie to ballot dropping in hole, obviously. Hurpadurpa.
(Score: 2) by https on Tuesday August 30 2016, @04:20PM
You really, really, really should look at how elections are conducted in nations other than the USA.
I suspect that a major part of the problem is the sheer number of things that must be voted for simultaneously on Election Day - it's unnecessarily complex. You even have a particular day called Election Day. Weirdos.
Offended and laughing about it.
(Score: 2) by CirclesInSand on Tuesday August 30 2016, @02:19PM
There is a much easier and simpler solution. Just publish 2 lists per district.
First list is a list of everyone who voted, not including how they voted.
Second list is each vote that was cast with a serial number assigned to it.
Each voter gets a receipt with a serial number and a record of how they voted.
Anyone can verify that no extra votes were recorded, as the lists must be the same length. Anyone can audit the lists to ensure that only real people voted. Anyone with a receipt knows if their vote was recorded incorrectly. And there is no trusted central government organization.
There is no magic algorithm that can prevent voter fraud, the most you can hope for is that fraud is detectable. There is no magic algorithm that can punish the fraudulent actors, people actually have to be motivated to do that.
(Score: 2) by JNCF on Tuesday August 30 2016, @03:28PM
It seems like basically the same proposal, with a couple of unfortunate differences:
I disagree about this scheme not requiring a trusted central organization. If we need to verify the identity of voters, I can't think of a system that doesn't require trust at some point. I'd like to, but I can't.
(Score: 2) by CirclesInSand on Tuesday August 30 2016, @03:56PM
Exactly how would a "trusted government organization" be able to verify people better than a general audit?
(Score: 2) by JNCF on Tuesday August 30 2016, @04:34PM
Exactly how would a "trusted government organization" be able to verify people better than a general audit?
I don't think I used that terminology. The trusted centralised organization I'm talking about could be an NGO, and there could be multiple independant organizations. You were the one that said "there is no trusted central government organization" in reference to your own proposal, I've been using the term "centralised." I would argue that the general audit is carried out by a (rightly or wrongly) trusted centralised government organization, which is what I meant when I said "I disagree about this scheme not requiring a trusted central organization."
(Score: 2) by CirclesInSand on Tuesday August 30 2016, @05:56PM
I merely thought that "trusted government organization" is such an absurd term that it deserved to be in quotes.
(Score: 0) by Anonymous Coward on Tuesday August 30 2016, @04:50PM
First of all, in a huge election, there will be error.
Second of all, what can legally be done if an error is detected?
Running the election again is not an option. If you can prove an error, all you've done is undermine the legitimacy of the election. You can't change the result. This could tear the country apart.
(Score: 4, Insightful) by JNCF on Tuesday August 30 2016, @05:22PM
Running the election again is not an option.
Why not? Some folks do it. [telegraph.co.uk]
If you can prove an error, all you've done is undermine the legitimacy of the election. You can't change the result.
Would you prefer to let the vote-thief go unnoticed? If you care about democracy, that seems like a horrible precedent.
This could tear the country apart.
That sounds like the best election result in American history.
(Score: 2) by dingus on Tuesday August 30 2016, @02:56AM
Venezuela's system is pretty good: you fill out a paper ballot slip and feed it into the computer, which reports to a central server and also keeps a copy locally. So there are three records of every vote that can be counted seperately.
(Score: 2) by tangomargarine on Tuesday August 30 2016, @02:23PM
What happens if any of the three results don't match?
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by dingus on Tuesday August 30 2016, @09:53PM
Presumably they trust the slip.
(Score: 1, Interesting) by Anonymous Coward on Tuesday August 30 2016, @07:02AM
No, the American way would be to outsource the whole thing to India. Hey they're the world's largest democracy.
Seriously though, those fancy computer methods are weak at one of the requirements of election systems - convincing the losers they've lost. Paper ballot systems are better at convincing losers that they have lost fairly enough and not through some fancy computer trickery.
If an election system can't convince enough of the losers that they lost, then that election system is a waste of money or just for show (like those elections that Dictators like to hold where they win 99% of the votes).
You might as well skip the whole thing and go to a dictatorship or a civil war.