SoylentNews is people
SoylentNews
I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming
In 2016, I bought two voting machines online for less than $100 apiece. I didn't even have to search the dark web. I found them on eBay.
Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online.
If getting voting machines delivered to my door was shockingly easy, getting inside them proved to be simpler still. The tamper-proof screws didn't work, all the computing equipment was still intact, and the hard drives had not been wiped. The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted. Worse, the "Property Of" government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.
[...] I reverse-engineered the machines to understand how they could be manipulated. After removing the internal hard drive, I was able to access the file structure and operating system. Since the machines were not wiped after they were used in the 2012 presidential election, I got a great deal of insight into how the machines store the votes that were cast on them. Within hours, I was able to change the candidates' names to be that of anyone I wanted. When the machine printed out the official record for the votes that were cast, it showed that the candidate's name I invented had received the most votes on that particular machine.
This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines—those that were used in the 2016 election—are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were before—dispersed, disorganized, and susceptible to manipulation.
(Score: 3, Interesting) by JoeMerchant on Thursday November 15 2018, @03:02PM (4 children)
This isn't security at all, this is a simple adding machine wrapped up in an operating system with well known vulnerabilities.
At a minimum, the system should require a password which unlocks the encrypted drive, and upon sale of the device the password should be changed/destroyed, requiring the device to be initialized to an "as new" state. At least with that, a meddler would need the the password to inject bogus votes into the count. Bonus points if you create a system with multiple user accounts and access logging.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Thursday November 15 2018, @05:02PM (1 child)
You mean like Windows?
(Score: 2) by JoeMerchant on Friday November 16 2018, @02:55PM
Only if they actually use the user accounts, separate passwords, and secure log login activity.
🌻🌻 [google.com]
(Score: 2) by edIII on Thursday November 15 2018, @08:50PM (1 child)
Considering the fact that nobody has demonstrated a truly tamper-proof infallible system for voting, it should be highly highly highly highly highly fucking illegal to vote with anything BUT PAPER.
Paper ballots are far more secure than anything electronic. I remember talking about different systems and being lambasted because my idea allowed people to prove votes after the fact, therefore helping people sell their votes. With these midterm elections, I had stubs from my paper ballot with numbers on them. I assume that allows me to look up my vote somehow?
If people are voting electronically, I have about no confidence in that system whatsoever, and I can pretty much assume that somebody else is deciding their vote is worth 100k other votes.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 4, Interesting) by JoeMerchant on Thursday November 15 2018, @10:11PM
I've polled in a bunch of different places, and the median age of poll workers around the country, based on that experience, seems to be about 72. Most of these poll workers seem barely capable of using the computer systems they have been trained on, much less understand how they work. Now, this cuts both ways, crafty septuagenarians are probably much more capable of cheating a paper based election, and lots of them have access - not so many computer savvy individuals are hanging out in the polling places for long days and hours thinking about how they might make the election more likely to go the way _they_ want it to.
I have very little confidence in the fine detail outcome of modern elections, whether paper or electronically voted - if it's down to less than 0.5% margin, graft and corruption likely influenced the election sufficiently to change the outcome. I have very high confidence that there is enough integrity in the system to deliver the correct result when the margin is 10% or more. I would very much like for the system to call for a re-vote on issues and races that result in a very tight margin, and for the revote process to employ enough rotation of responsibilities from the first election to expose fradulent activities through statistical analysis.
🌻🌻 [google.com]