Stories
Slash Boxes
Comments

SoylentNews is people

I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming

posted by chromas on Thursday November 15 2018, @12:00PM   Printer-friendly
from the ¯\_(ツ)_/¯ dept.

upstart writes for SoyCow1984:

I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming

In 2016, I bought two voting machines online for less than $100 apiece. I didn't even have to search the dark web. I found them on eBay.

Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online.

If getting voting machines delivered to my door was shockingly easy, getting inside them proved to be simpler still. The tamper-proof screws didn't work, all the computing equipment was still intact, and the hard drives had not been wiped. The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted. Worse, the "Property Of" government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.

[...] I reverse-engineered the machines to understand how they could be manipulated. After removing the internal hard drive, I was able to access the file structure and operating system. Since the machines were not wiped after they were used in the 2012 presidential election, I got a great deal of insight into how the machines store the votes that were cast on them. Within hours, I was able to change the candidates' names to be that of anyone I wanted. When the machine printed out the official record for the votes that were cast, it showed that the candidate's name I invented had received the most votes on that particular machine.

This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines—those that were used in the 2016 election—are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were before—dispersed, disorganized, and susceptible to manipulation.

Original Submission

 
This discussion has been archived. No new comments can be posted.
I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming | Log In/Create an Account | Top | 74 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by Anonymous Coward on Thursday November 15 2018, @05:17PM (1 child)

    by Anonymous Coward on Thursday November 15 2018, @05:17PM (#762246)

    Face it, if the system can reasonably secure financial transactions it can also secure votes.

    There one important issue that elections have which is very different from financial transactions.

    Most modern democracies are set up so that your vote is secret. This has two aspects: first, nobody can find out how you actually voted, and second, you can't prove to anyone how you actually voted. This secrecy is in place because coercion and buying votes have been a real problem.

    Any kind of absentee vote (online or otherwise) violates the second aspect. You can prove how you voted by actually filling out your ballot while someone is watching. So normally people can only do absentee ballots after demonstrating that voting by other means will be impractical. This is also the same reason why it is normally verboten to take selfies with a filled-out ballot.

    On the other hand for financial transactions you normally do want someone to know about your transaction. "Hey Joe, I sent you the money, please give me the car now".

    Starting Score:    0  points
    Moderation   +3  
       Insightful=2, Informative=1, Total=3
    Extra 'Insightful' Modifier   0  
    Total Score:   3  

  • (Score: 2) by Bot on Monday November 19 2018, @04:59PM

    by Bot (3902) on Monday November 19 2018, @04:59PM (#763917) Journal

    Ok, what if: at the voting office you pick randomly a usb card with a privkey.
    The office ties the key to you by etching your data on it and have you sign it.
    The corresponding pubkey is in the hands of the counting system.
    Your key signs the vote transaction. The transaction is numbered and the vote outcome is kept private, when you vote the system shows you your transaction number plus a transaction number for any other choice. You can write it down the one who you prefer to tell the mafia guy coerces you out of it.
    The mafia guy cannot simply check all transactions numbers online with the vote result, he needs to show up at the voting office with the key, impersonating you.

    You could also vote from home, just have the cellphone recording you live to avoid the mafia guy collecting keys from voters.

    Besides, in a totally transparent society, which will not happen because whoever the elite is, they need privacy and would rather have WWIII and send us all back to stone age, the mafia guy would have lost his job already because it's not possible to steal or coerce already.

    Again, this seems to explain why the corporations and governments happily let private info be collected and leaked. They want YOU to value privacy so that they can abuse it, the magic word being national security.

    --
    Account abandoned.