SoylentNews is people
SoylentNews
from the Replace-or-not-to-replace?-Have-the-people-vote-on-it! dept.
The project Protect Democracy is suing the state of South Carolina because its insecure, unreliable voting systems are effectively denying people the right to vote. The project has filed a 45-page lawsuit pointing out the inherent lack of security and inauditability of these systems and concludes that "by failing to provide S.C. voters with a system that can record their votes reliably," South Carolinians have been deprived of their constitutional right to vote. Late last year, Def Con 25's Voting Village reported on the ongoing, egregious, and fraudulent state of electronic voting in the US, a situation which has been getting steadily worse since at least 2000. The elephant in the room is that these machines are built from the ground up on Microsoft products, which is protected with a cult-like vigor standing in the way of rolling back to the only known secure method, hand counted paper ballots.
Bruce Schneier is an advisor to Protect Democracy
Earlier on SN:
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States (2018)
Want to Hack a Voting Machine? Hack the Voting Machine Vendor First (2018)
Georgia Election Server Wiped after Lawsuit Filed (2017)
It Took DEF CON Hackers Minutes to Pwn These US Voting Machines (2017)
Russian Hackers [sic] Penetrated US Electoral Systems and Tried to Delete Voter Registration Data (2017)
5 Ways to Improve Voting Security in the U.S. (2016)
FBI Says Foreign Hackers Penetrated State Election Systems (2016)
and so on ...
(Score: 3, Insightful) by VanessaE on Sunday July 22 2018, @10:57PM
I am a programmer, or I was (though not professionally), but speaking as a user...
Because customers have more important things to think about, plain and simple.
It's the computer's job to handle the complicated stuff.
In most cases, if security appears complicated to the customer or end user, or just results in a bad UI, the programmer did something wrong, plain and simple.
We're talking voting machines for crying out loud. For a voter, there should be nothing to do besides press some buttons on-screen.
For the volunteers who manage the machines, do like my state does: require the volunteer to escort the voter to the machine, and for her to insert a small access key device to enable it (I don't know what this device consists of, though).
For those who handle offloading the voting data, I see no reason why it has to be any more complicated than them inserting and turning a key (just to trip an internal switch), triggering a pop-up message "To close-out voting on this machine, enter volunteer SSN and plug in your offload device now", where such a device would contain crypto hardware, and either a small amount of non-volatile storage to receive the voting data, or wireless hardware or a plain old modem, and tamper-evident seals over the seams.
Offloading the data should automatically wipe the machine's memory and any temporary storage, reset the machine to as close to "factory-fresh" as possible, make an appropriate mark on the receipt, and mark the voting data as "closed" on the offload device (if it's storage-based), on success. In other words, the result should be functionally identical to closing-up and sealing a box of cast ballots, and opening up a fresh box.
For those who service the machines, I don't see a reason why anyone should be allowed to do anything more than swap a defective machine for a good one, and tag-out the defective machine so that it can be returned to the manufacturer the next day, without any outside person so much as looking at the fancy security screws (that should surely be there) holding the case together. If the defective machine has voting data that needs offloaded, do so before returning it. If the offload can't be completed, then pull the official receipt and use that. If the official receipt is unusable, pull the backup receipt and use that one (there ARE two receipt recorders being driven independently, right?). If all of that fails, then I guess the votes would be lost. :-(
A returned machine should be evaluated and investigated, then destroyed in full if the defect requires opening the machine to the point of potentially allowing motherboard or hard drive access.
Of course, I recognize the underlying OS or hardware can complicate things at the code level, and customers can have totally unrealistic expectations, and physical access to a machine guarantees that it'll eventually be cracked/hacked, and people can be just plain stupid with how they manage their hardware, but there's rarely a reason for good security to result in a shitty UI.