SoylentNews is people
SoylentNews
I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming
In 2016, I bought two voting machines online for less than $100 apiece. I didn't even have to search the dark web. I found them on eBay.
Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online.
If getting voting machines delivered to my door was shockingly easy, getting inside them proved to be simpler still. The tamper-proof screws didn't work, all the computing equipment was still intact, and the hard drives had not been wiped. The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted. Worse, the "Property Of" government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.
[...] I reverse-engineered the machines to understand how they could be manipulated. After removing the internal hard drive, I was able to access the file structure and operating system. Since the machines were not wiped after they were used in the 2012 presidential election, I got a great deal of insight into how the machines store the votes that were cast on them. Within hours, I was able to change the candidates' names to be that of anyone I wanted. When the machine printed out the official record for the votes that were cast, it showed that the candidate's name I invented had received the most votes on that particular machine.
This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines—those that were used in the 2016 election—are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were before—dispersed, disorganized, and susceptible to manipulation.
(Score: 3, Interesting) by bzipitidoo on Thursday November 15 2018, @02:07PM
Another thing I thought alarmist was the wailing about the lack of encryption. Paper ballots really can't be encrypted, so how is unencrypted "on a computer" worse? And, what "voter information" was on the machines? The article didn't say any personal info was present. And why should there be? I've never had nor heard of a voting machine asking for voters' name and address. Seems the article might be running with the notion that the votes themselves, anonymized though they are, constitute personal and private info.
As for "tamper proof screws", come on, anyone with any sense ought to realize that such things are almost entirely security theater, really only able to delay tampering by a few seconds, which could be vital. The author had all the time and privacy he needed, no kind of physical lock could possibly last against that. It's like expecting a safe to stay unbreached after it had been stolen, and defeat all the machinery that can be brought to bear on it. Likely all that's needed is a diamond edged power saw. Some of the best such security I'd heard of is in old video games. In at least one case, the machine was set up to wipe the ROMs if it was tampered with. And that was still defeated. So to screech "insecurity!" about that is unfair and disingenuous.
Securing electronic voting is a hard problem. And Diebold has showed they are not trustworthy. There are tough real problems here. Don't need to be diverted with unrealistic, impractical, and unnecessary expectations.