Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday February 20 2018, @08:03AM   Printer-friendly
from the newer-is-not-necessarily-better dept.

The Intercept reports

The nation's secretaries of state gathered for a multi-day National Association of Secretaries of State (NASS) conference in Washington, D.C., this weekend, with cybersecurity on the mind.

Panels and lectures centered around the integrity of America's election process, with the federal probe into alleged Russian government attempts to penetrate voting systems a frequent topic of discussion.

[...] One way to allay concerns about the integrity of electronic voting machine infrastructure, however, is to simply not use it. Over the past year, a number of states are moving back towards the use of paper ballots or at least requiring a paper trail of votes cast.

For instance, Pennsylvania just moved to require all voting systems to keep a paper record of votes cast. Prior to last year's elections in Virginia, the commonwealth's board of elections voted to decertify paperless voting machines--voters statewide instead voted the old-fashioned way, with paper ballots.

[...] Oregon is one of two states in the country to require its residents to vote by mail, a system that was established via referendum in 1998. [Oregon Secretary of State Dennis] Richardson argued that this old-fashioned system offers some of the best defense there is against cyber interference.

"We're using paper and we're never involved with the Internet. The Internet is not involved at all until there's an announcement by each of our 36 counties to [the capital] Salem of what the results are and then that's done orally and through a confirmation e-mail and the county clerks in each of the counties are very careful to ensure that the numbers that actually are posted are the ones that they have," he said. "Oregon's in a pretty unique situation."

[...] In New Hampshire, the state uses a hybrid system that includes both paper ballots and machines that electronically count paper ballots with a paper trail.

Karen Ladd, the assistant secretary of state for New Hampshire, touted the merits of the system to The Intercept. "We do a lot of recounts, and you can only have a recount with a paper ballot. You can't do a recount with a machine!" she said.

America's paper ballot states may seem antiquated to some, but our neighbors to the north have used paper ballots for federal elections for their entire history. Thanks to an army of officials at 25,000 election stations, the integrity of Canada's elections is never in doubt.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Interesting) by Veyrdite on Tuesday February 20 2018, @08:25AM (16 children)

    by Veyrdite (6386) on Tuesday February 20 2018, @08:25AM (#640542)

    Processors copy and destroy data many, many times when doing their work. Every time you access data it's copied onto at least one bus or mem/cache location. Even deleting data isn't completely guaranteed: sometimes old copies of it get left on buses that you don't even know about.

    Fun example of the latter: 'Extracting the Game Boy Advance BIOS ROM through the execution of unmapped thumb instructions' in PoCoGTFO 16 [alchemistowl.org].

    The idea that any piece of information (eg a vote) should remain 'unique' and 'indestructible' or 'verifiable' is not a concept that a processor directly understands. Only through lots of processing can we attempt to emulate this, and even then I'm not sure if you can even prove or guarantee it (any thoughts here?).

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   2  
  • (Score: 2, Insightful) by Veyrdite on Tuesday February 20 2018, @08:35AM (6 children)

    by Veyrdite (6386) on Tuesday February 20 2018, @08:35AM (#640545)

    Possibly a better way to express this to people who are not familiar with CPU design:

    A computer's most common instruction is the 'copy' instruction, which copies information. Every possible way of trying to implement a voting system using computers will use 'copy' at least hundreds of times per vote and trillions (sic) of times overall. So that the computer does not run out of memory some of these copies are occasionally destroyed, depending on a varying and complex set of rules and chances.

    As such: computers have no place handling votes. They do not understand that a vote should not be copied. They do not understand that a vote should be guaranteed protected. They cannot be trusted to destroy every extra copy of a vote they make along the way. Nor can you know if they have destroyed too many. Even with the best programming they still make these decisions within a millionth of a second, and without human oversight.

    • (Score: 3, Insightful) by jimtheowl on Tuesday February 20 2018, @09:12AM (2 children)

      by jimtheowl (5929) on Tuesday February 20 2018, @09:12AM (#640558)
      I am not sure where this quote comes from but I do not buy it. Computers do not 'understand' anything in the first place. It is all about how you program it.

      A copy instruction is not some random operation that happens out of the control of the programmer. If you want a 'deep copy' it is so. If the program is using a database, as it should for this type of implementation, it is expected from the database engine does implement these operations correctly. It is what it is meant to do. Otherwise, not only voting machines, but banking operations would equally be affected.

      The issue is that the vendors are without oversight. They can cash in on both the sale of the machine and their result. Assuming they would resist temptation for the latter, they would apparently be justified to hide any breaches because of their legal obligation to shareholders for the sake of the bottom line.
      • (Score: 0) by Anonymous Coward on Tuesday February 20 2018, @09:55AM

        by Anonymous Coward on Tuesday February 20 2018, @09:55AM (#640568)

        If my bank makes many copies of the money on my account, I won't object as long as those copies end up also being on my account. ;-)

      • (Score: 1) by Veyrdite on Tuesday February 20 2018, @09:00PM

        by Veyrdite (6386) on Tuesday February 20 2018, @09:00PM (#640846)

        > Computers do not 'understand' anything in the first place. It is all about how you program it.

        Yes, I probably wrote this the wrong way around. Perhaps the understanding problem relies between the programmer and the computer: the programmer believes the computer understands instructions in a certain way, but in practice copies of data get left around the place and sometimes accidentally used.

        > I am not sure where this quote comes from

        Self. Didn't twig to me that the CSS for blockquotes here makes them look like quoting other users whilst I was previewing. FTP; LTL; apologies.

        > Otherwise, not only voting machines, but banking operations would equally be affected.

        My understanding is that banking systems have problems all of the time. Luckily money isn't like votes: it's (mostly) not anonymous, so people notice when it goes missing or does something strange.

    • (Score: 0) by Anonymous Coward on Tuesday February 20 2018, @05:23PM (1 child)

      by Anonymous Coward on Tuesday February 20 2018, @05:23PM (#640740)

      That makes as much sense as:

      As such: computers have no place handling paychecks. They do not understand that a paycheck should not be copied. They do not understand that a paycheck should be guaranteed protected. They cannot be trusted to destroy every extra copy of a paystub they make along the way. Nor can you know if they have destroyed too many. Even with the best programming they still make these decisions within a millionth of a second, and without human oversight.

      • (Score: 1) by Veyrdite on Tuesday February 20 2018, @09:11PM

        by Veyrdite (6386) on Tuesday February 20 2018, @09:11PM (#640854)

        Paychecks that are outputted by a paycheck system are checked by people to make sense. Workers (sometimes) notice when they are underpaid, and admins (sometimes) notice when people are overpaid. Errors in paycheck and financial systems are not unheard of.

        Vote results that are outputted by a vote collecting or tallying system cannot be checked against anything unless the votes are also written on physical media such as paper. When the numbers come out: anything within +-20% of the real vote might still look realistic and acceptable.

        Arguably you could implement parallel processing using different computer architectures and codebases in a single voting-machine box. This would be a good step forward. Unfortunately it still only attacks the "prevention" side of the problem rather than the "verification of results" part; ie the same exploit vectors (similar CPU bugs, intentional bad code) still exist and cannot be quantified.

    • (Score: 0) by Anonymous Coward on Tuesday February 20 2018, @08:10PM

      by Anonymous Coward on Tuesday February 20 2018, @08:10PM (#640812)

      They do not understand that a vote should not be copied.

      It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever.

      Paper, or plastic? asked the bag-boy.

  • (Score: 2) by Wootery on Tuesday February 20 2018, @11:48AM (4 children)

    by Wootery (2341) on Tuesday February 20 2018, @11:48AM (#640593)

    even then I'm not sure if you can even prove or guarantee it

    Prove or guarantee what, though? Voting is interesting because we want it to be impossible to prove which way a particular person voted, in order to prevent vote-selling, backlash against unpopular votes, etc. At the same time, we want maximum assurances that all votes are tracked and counted correctly.

    • (Score: 3, Insightful) by VLM on Tuesday February 20 2018, @02:27PM (3 children)

      by VLM (445) Subscriber Badge on Tuesday February 20 2018, @02:27PM (#640640)

      An excellent analogy to what you're talking about is the technology and mathematics of metrology. Although it sounds like metrology is the study of metrosexuals or some such funny nonsense, its actually the study of the math and protocols and procedures to design, prove, test and build accurate measurement tools, both the tools and standard test conditions. Its somewhat complicated yet interesting.

      I'm just saying the math and algorithms for how to really accurately measure the diameter of a diesel engine piston oddly enough work pretty well for measuring voters in a precinct. You manufacture realistic test cases from live data to feed to multiple competing gear makers and the math for evaluating the quality of their gear was all figured out a century or so ago in the industrial era.

      Its pretty much a solved problem.

      Now if The Powers That Be permit the solution to be deployed or opposed is the real problem, because they have an agenda. Also you're spending a lot of money on something that usually doesn't mean very much in practice due to gerrymandering and simple bribery and various other illnesses of a republic.

      • (Score: 2) by Wootery on Tuesday February 20 2018, @03:36PM (2 children)

        by Wootery (2341) on Tuesday February 20 2018, @03:36PM (#640672)

        I'm afraid I don't see where you're going with this.

        • (Score: 0) by Anonymous Coward on Tuesday February 20 2018, @05:13PM

          by Anonymous Coward on Tuesday February 20 2018, @05:13PM (#640735)

          What's the problem, VLM even gave you a car analogy (grin)...

        • (Score: 2) by VLM on Tuesday February 20 2018, @11:57PM

          by VLM (445) Subscriber Badge on Tuesday February 20 2018, @11:57PM (#640938)

          You question asked how to scientifically mathematically validly measure stuff. Thats old WRT precision machine tools, etc.

  • (Score: 1, Redundant) by VLM on Tuesday February 20 2018, @02:11PM (3 children)

    by VLM (445) Subscriber Badge on Tuesday February 20 2018, @02:11PM (#640634)

    Hardware write protection via a switch was a thing on the Altair back 40 years or so.

    Immutable data is also a high level language construct, see Clojure. There are multiple problems with doing this immutable:

    1) Shutting off the garbage collector for forensic reasons will require a wee bit more memory and its gonna be slow to copy entire data structures every time you do something

    2) You can write the worst styles of Fortran / Basic / Perl in Clojure its just not idiomatic good Clojure anymore. So you can do imperative, everythings-mutable coding in Clojure if you abuse the language badly enough. I mean, obviously, you can write a software simulator of a Z80 that runs MS Basic in Clojure and it'll work and easily do things the "wrong" way.

    3) Its easier to implement massively redundant small systems than one highly complicated large system. Make two dozen competitive systems and deploy them in parallel and after each election statistically rub them up against each other to find problems, way cheaper and more reliable than trying to make the one true unbreakable system. Where I live we already run two systems in parallel, the same physical vote gets optically scanned by closed source probably hacked hardware and then volunteers from both parties (well, any party, really) spend some time after the election hand counting to verify the machines. Despite the machines being hackable easily, they aren't because the SHTF if they're discovered the next day in hand count.

    Also its easier to hack the election by busing in illegal aliens to vote or have dead people vote or whatever, than it is to write code. For us it would be easier to write code than to bus in 100s of illegal aliens but for 99.99% of the population its easier to drive a bus than write code. Thats why "Tech" web sites have a somewhat irrational fixation on hacking elections via writing code; for us its easy. Presumably there's a human chemistry pharmacology board out there fretting and hand wringing constantly about a theoretical "right wing drug" (oral testosterone? Or left wing drugs could exist too, estrogen I suppose) being dumped into the water supply before elections to influence voting for nefarious purposes and it would be so easy for the average organic chemistry mad scientist to synthesize up a couple kilos because ya know that kind of work is their boring day job and they're very good at it, although as said above for 99.99% of the population it would be a heck of a lot easier and more technologically realistic to drive a bus full of illegal voters to a polling site so thats why drugging the water supply to influence elections is technically possible, but impractical and not a real threat. Its very hollywood to suggest "they" or (((they))) encouraged the "lead in the drinking water" fiasco in Flint MI to tip election results to the Democrats, likewise a bit hollywood to suggest lots of people can blink a LED on an arduino so a subset of them could really F with electronic voting.

    • (Score: 5, Insightful) by Immerman on Tuesday February 20 2018, @02:56PM

      by Immerman (3985) on Tuesday February 20 2018, @02:56PM (#640654)

      I think the "fixation" on hacking elections is a lot more justified than you make it out.

      Busing in illegal voters requires that you find lots of people willing to commit a serious crime in front of lots of witnesses. If it happens there will be lots of available evidence of the fact. If you aren't being shown the actual, solid evidence, it's probably just scaremongering.

      Dead people voting may not be quite as obvious - it might involve similar fraudulent voters, but more likely it'll probably involve ballot stuffing at some point when the voting machines or ballot boxes are under-supervised - but that's easy to avoid if you actually implement decent chain-of-custody over the boxes/machines (and if you *don't* have that, then your vote is completely untrustworthy regardless of anything else).

      Hacking though can often be done from 5,000 miles away with no evidence, or at best, by anyone competent left alone with the voting or tallying machine for 2 minutes at any point prior to the election. Either way, if it's done even halfway competently there'll be no evidence it happened other than a discrepancy with exit polls.

      And yeah, for 99.9% of people, maybe the bus thing would be easier - but it's also very risky. Meanwhile that remaining 0.01% translates to 4 million potential hackers in the US alone, several of whom are already in the pocket of one criminal enterprise or another (political parties of all stripes included), and any *one* of which could potentially hack *every* remotely hackable voting machine in the country, as well as training anyone capable of using a screwdriver how to apply a ready-made hack to those machines that need physical access to compromise.

    • (Score: 1) by khallow on Tuesday February 20 2018, @03:33PM

      by khallow (3766) Subscriber Badge on Tuesday February 20 2018, @03:33PM (#640667) Journal

      for 99.99% of the population

      Even if we just restrict ourselves to the developed world, that's well over a billion people. 0.01% of that is still 100,000 people. I think the man power can be managed, especially if the voting gear is designed to allow for hacking.

    • (Score: 1, Interesting) by Anonymous Coward on Tuesday February 20 2018, @09:55PM

      by Anonymous Coward on Tuesday February 20 2018, @09:55PM (#640876)

      That would be a federal felony.
      If it was happening, the prisons would be full of such offenders.
      Oddly (going by your speculation), no such condition exists.

      Secretary of State Kris Kobach of Kansas (KKK) spent a bunch of time and money attempting to demonstrate that that sort of thing was happening.

      We previously had a related story which included the results of that.

      U.S. President Establishes Commission on Election Integrity [soylentnews.org]
      [Previously,] After considerable investigation [years and years] and prosecution, Kobach secured six convictions for voter fraud; all were cases of double voting and none would have been prevented by voter ID laws.

      -- OriginalOwner_ [soylentnews.org]