Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Monday August 29 2016, @09:23PM   Printer-friendly
from the throwaway-votes dept.

In the run-up to the USA's upcoming national election event:

The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

[...] [three days later] the FBI Cyber Division issued a potentially more disturbing warning, entitled "Targeting Activity Against State Board of Election Systems." The alert, labeled as restricted for "NEED TO KNOW recipients," disclosed that the bureau was investigating cyberintrusions against two state election websites this summer, including one that resulted in the "exfiltration," or theft, of voter registration data. "It was an eye opener," one senior law enforcement official said of the bureau's discovery of the intrusions. "We believe it's kind of serious, and we're investigating."

[...] six states and parts of four others (including large swaths of Pennsylvania, a crucial swing state in this year's race) are more vulnerable because they rely on paperless touchscreen voting, known as DREs or Direct-Recording Electronic voting machines, for which there are no paper ballot backups.

[...] the FBI warning seems likely to ramp up pressure on the Department of Homeland Security to formally designate state election systems as part of the nation's "critical infrastructure" requiring federal protection — a key step, advocates say, in forestalling the possibility of foreign government meddling in the election.

The reason designating election systems "critical infrastructure" requiring federal protection is important is that designation means the Feds devote resources to protecting it and threaten a heightened response to entities messing with "critical infrastructure."

[Continues...]

Related / more info:

Have you considered the impact on the US if the election for president is disrupted, with the winner unknown because the results are dependent upon the votes in one or more of the states with electronic-only voting systems? Some people might find it beneficial if the US election is disrupted or contested.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by JNCF on Tuesday August 30 2016, @01:42AM

    by JNCF (4317) on Tuesday August 30 2016, @01:42AM (#395054) Journal

    It's inherently a horrible idea based simply on the inevitability that, just like everything else, the technology will not be designed and perfected by passionate geeks seeking perfection, but by the cheapest excuse for programmers the bosses can find, using unsuitable tools, without any formal 'design' phase at all.

    Then put devlux in charge of it! He's passionate enough to write a whitepaper about it.

    Oh and there are similar problems with the hardware as well. A system like that can never be secured.

    That depends on what you mean by secured.

    Are you worried about it recording an incorrect vote? If so, devlux has that figured out already. The individual voter can verify that the vote recorded on the blockchain was the one they intended to cast. Any discrepencies would be immediately apparent to the people who cast the votes, which is not true of paper ballots which can be switched with other ones later; we have more gaurantees with a blockchain-recorded vote, not less (and you could print out an extra paper version if it mattered, it just wouldn't). You have to find an issue with the blockchain or this isn't a concern. If simply having red flags pop up when votes are recorded incorrectly isn't good enough, each voter could be given a dedicated piece of hardware that physically connects to the voting machine and sends a vote in the format proposed in the Votabit whitepaper, already cryptographically signed. The dedicated piece of hardware wouldn't need to accept any data from the machine, only send it. This should cost quite a bit less than $100 per voter, and is only necessary if you aren't satisfied with red flags popping up. This should totally isolate the private keys from the voting machines, which means that the individual TREZOR-knockoffs would need to be tampered with -- and if they were tampered with, that should be apparent and detectable after the fact when the voter walks out of the booth with their TREZOR-knockoff in hand. The failure point is placed back on the centralised organization(s) responsible for identity verification, not the hardware.

    If you're talking about surveillance concerns, those should all apply equally to paper ballots.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Insightful) by Arik on Tuesday August 30 2016, @01:53AM

    by Arik (4543) on Tuesday August 30 2016, @01:53AM (#395059) Journal
    You're missing the point. I don't have the power to put him in charge, and neither do you.

    The people that do have that power in our society have neither the knowledge nor the motivation to make, nay *let* this work the way it should.

    They were always going to do exactly what they're doing, doling out projects to the well connected, buying whatever they are told to buy, and sticking their fingers in their ears when informed of problems.
    --
    If laughter is the best medicine, who are the best doctors?
    • (Score: 2) by JNCF on Tuesday August 30 2016, @02:05AM

      by JNCF (4317) on Tuesday August 30 2016, @02:05AM (#395066) Journal

      The people that do have that power in our society have neither the knowledge nor the motivation to make, nay *let* this work the way it should.

      As I stated originally, I'm not really interested in the problem of large-scale democracy. I wholeheartedly agree that the system is fucked, but that isn't an argument for the blockchain being a more tamper-prone way to record votes than a box full of paper ballots. If I were trying to argue for reforming this mess, I'd argue that voting should be done on a blockchain. I took your original post to be partly concerned with the difficulties of implementing the system securely, and I don't think those concerns are valid. I agree that the system which currently exists wouldn't put devlux in charge of implementation, but that's a problem of politics not a technical issue.

      • (Score: 2) by Arik on Tuesday August 30 2016, @03:35AM

        by Arik (4543) on Tuesday August 30 2016, @03:35AM (#395103) Journal
        I don't doubt it's *technically* possible to make this work, but it's absolutely not possible *politically.*

        The powerful have no particular interest in fair elections and little fear of seeing them rigged, as they'll generally be the ones doing the rigging not the other way around.

        Combine that with the general technical incompetence and it's simply impossible, in reality this is exactly what you should expect from it:

        http://www.counterpunch.org/2016/05/16/clinton-does-best-where-voting-machines-flunk-hacking-tests-hillary-clinton-vs-bernie-sanders-election-fraud-allegations/
        --
        If laughter is the best medicine, who are the best doctors?