Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday July 21 2018, @10:31PM   Printer-friendly
from the Replace-or-not-to-replace?-Have-the-people-vote-on-it! dept.

The project Protect Democracy is suing the state of South Carolina because its insecure, unreliable voting systems are effectively denying people the right to vote. The project has filed a 45-page lawsuit pointing out the inherent lack of security and inauditability of these systems and concludes that "by failing to provide S.C. voters with a system that can record their votes reliably," South Carolinians have been deprived of their constitutional right to vote. Late last year, Def Con 25's Voting Village reported on the ongoing, egregious, and fraudulent state of electronic voting in the US, a situation which has been getting steadily worse since at least 2000. The elephant in the room is that these machines are built from the ground up on Microsoft products, which is protected with a cult-like vigor standing in the way of rolling back to the only known secure method, hand counted paper ballots.

Bruce Schneier is an advisor to Protect Democracy

Earlier on SN:
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States (2018)
Want to Hack a Voting Machine? Hack the Voting Machine Vendor First (2018)
Georgia Election Server Wiped after Lawsuit Filed (2017)
It Took DEF CON Hackers Minutes to Pwn These US Voting Machines (2017)
Russian Hackers [sic] Penetrated US Electoral Systems and Tried to Delete Voter Registration Data (2017)
5 Ways to Improve Voting Security in the U.S. (2016)
FBI Says Foreign Hackers Penetrated State Election Systems (2016)
and so on ...


Original Submission

Related Stories

FBI Says Foreign Hackers Penetrated State Election Systems 81 comments

In the run-up to the USA's upcoming national election event:

The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

[...] [three days later] the FBI Cyber Division issued a potentially more disturbing warning, entitled "Targeting Activity Against State Board of Election Systems." The alert, labeled as restricted for "NEED TO KNOW recipients," disclosed that the bureau was investigating cyberintrusions against two state election websites this summer, including one that resulted in the "exfiltration," or theft, of voter registration data. "It was an eye opener," one senior law enforcement official said of the bureau's discovery of the intrusions. "We believe it's kind of serious, and we're investigating."

[...] six states and parts of four others (including large swaths of Pennsylvania, a crucial swing state in this year's race) are more vulnerable because they rely on paperless touchscreen voting, known as DREs or Direct-Recording Electronic voting machines, for which there are no paper ballot backups.

[...] the FBI warning seems likely to ramp up pressure on the Department of Homeland Security to formally designate state election systems as part of the nation's "critical infrastructure" requiring federal protection — a key step, advocates say, in forestalling the possibility of foreign government meddling in the election.

The reason designating election systems "critical infrastructure" requiring federal protection is important is that designation means the Feds devote resources to protecting it and threaten a heightened response to entities messing with "critical infrastructure."

[Continues...]

5 Ways to Improve Voting Security in the U.S. 59 comments

With the U.S. presidential election just weeks away, questions about election security continue to dog the nation's voting system.

It's too late for election officials to make major improvements, "and there are no resources," said Joe Kiniry, a long-time election security researcher.

However, officials can take several steps for upcoming elections, security experts say.

"Nobody should ever imagine changing the voting technology used this close to a general election," said Douglas Jones, a computer science professor at the University of Iowa. "The best time to buy new equipment would be in January after a general election, so you've got almost two years to learn how to use it."

  • Stop using touchscreen electronic voting machines without printers
  • Conduct more extensive pre-election voting machine tests
  • Put better election auditing processes in place
  • Hire hackers to test your systems
  • Ensure that strong physical security is in place

Voters worried about vulnerable voting machines can rest easy--the fix is in!


Original Submission

Russian Hackers Penetrated US Electoral Systems and Tried to Delete Voter Registration Data 86 comments

Russia's cyberattack on the U.S. electoral system before Donald Trump's election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

[...] The new details, buttressed by a classified National Security Agency document recently disclosed by The Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts. But they also paint a worrisome picture for future elections: The newest portrayal of potentially deep vulnerabilities in the U.S.'s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn't done meddling.

https://www.bloomberg.com/politics/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections


Original Submission

It Took DEF CON Hackers Minutes to Pwn These US Voting Machines 23 comments

DEF CON After the debacle of the 2000 presidential election count, the US invested heavily in electronic voting systems – but not, it seems, the security to protect them.

This year at the DEF CON hacking conference in Las Vegas, 30 computer-powered ballot boxes used in American elections were set up in a simulated national White House race – and hackers got to work physically breaking the gear open to find out what was hidden inside.

In less than 90 minutes, the first cracks in the systems' defenses started appearing, revealing an embarrassing low level of security. Then one was hacked wirelessly.

"Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we've uncovered even more about exactly how," said Jake Braun, who sold DEF CON founder Jeff Moss on the idea earlier this year.

"The scary thing is we also know that our foreign adversaries – including Russia, North Korea, Iran – possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security."

As long as mission-critical systems like cable TV are secure, civilization will be safe.


Original Submission

Georgia Election Server Wiped after Lawsuit Filed 25 comments

We had submissions by two Soylentils about the wiping of drives on a voting server in Georgia (USA).

Georgia Election Server Wiped after Lawsuit Filed

A computer server crucial to a lawsuit against Georgia election officials was quietly wiped clean by its custodians just after the suit was filed, The Associated Press has learned.

The server’s data was destroyed July 7 by technicians at the Center for Elections Systems at Kennesaw State University, which runs the state’s election system. The data wipe was revealed in an email — sent last week from an assistant state attorney general to plaintiffs in the case — that was obtained by the AP. More emails obtained in a public records request confirmed the wipe.

The lawsuit, filed by a diverse group of election reform advocates, aims to force Georgia to retire its antiquated and heavily criticized election technology. The server in question, which served as a statewide staging location for key election-related data, made national headlines in June after a security expert disclosed a gaping security hole that wasn’t fixed six months after he reported it to election authorities.

[...] It’s not clear who ordered the server’s data irretrievably erased.

The Kennesaw election center answers to Georgia’s secretary of state, Brian Kemp, a Republican who is running for governor in 2018 and is the main defendant in the suit. A spokeswoman for the secretary of state’s office said Wednesday that “we did not have anything to do with this decision,” adding that the office also had no advance warning of the move.

[...] Plaintiffs in the lawsuit, mostly Georgia voters, want to scrap the state's 15-year-old vote-management system — particularly its 27,000 AccuVote touchscreen voting machines, hackable devices that don't use paper ballots or keep hardcopy proof of voter intent. The plaintiffs were counting on an independent security review of the Kennesaw server, which held elections staging data for counties, to demonstrate the system's unreliability.

Wiping the server "forestalls any forensic investigation at all," said Richard DeMillo, a Georgia Tech computer scientist following the case. "People who have nothing to hide don't behave this way."

[...] It could still be possible to recover relevant information from the server.

Want to Hack a Voting Machine? Hack the Voting Machine Vendor First 6 comments

Thousands of voting machine vendor employees' work emails and plaintext passwords appear in freely available third-party data breach dumps reviewed by CSO, raising questions about the security of voting machines and the integrity of past election results.

While breached sites, like LinkedIn after the 2012 breach, force users to change their passwords, a significant number of people reuse passwords on other platforms, making third-party data breaches a gold mine for criminals and spies.

For many years voting machine vendors have claimed that voting machines were air gapped — not connected to the internet — and were thus unhackable. Kim Zetter debunked that idea in The New York Times in February.

[...] CSO found five voting machine vendors in the third-party data breaches we reviewed, including more than two thousand credentials for the defunct Diebold, now owned by Dominion Voting.

[...] The breached credentials include key members of management, engineering, and operations teams for these companies. One case of password reuse over the last ten years would have been enough for an attacker to gain a foothold in a voting machine vendor's network and potentially compromise the integrity of voting machines — and election results.

Source: CSO


Original Submission

Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States 47 comments

Submitted via IRC for Sulla

The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software ... to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the[sic] New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees, ... including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said.

Def Con 26 Voting Village Sees an 11-Year-Old Crack a Voting Machine 35 comments

Another item from Def Con 26, which ended the other day, an 11-year-old was easily able to change tallies on real electronic voting equipment within minutes. These machines are designed not to leave any evidence when tampering happens so it was useful that there were many witnesses present for her demo.

Election hackers [sic] have spent years trying to bring attention to flaws in election equipment. But with the world finally watching at DEFCON, the world's largest hacker conference, they have a new struggle: pointing out flaws without causing the public to doubt that their vote will count.

This weekend saw the 26th annual DEFCON gathering. It was the second time the convention had featured a Voting Village, where organizers set up decommissioned election equipment and watch hackers [sic] find creative and alarming ways to break in. Last year, conference attendees found new vulnerabilities for all five voting machines and a single e-poll book of registered voters over the course of the weekend, catching the attention of both senators introducing legislation and the general public. This year's Voting Village was bigger in every way, with equipment ranging from voting machines to tabulators to smart card readers, all currently in use in the US.

In a room set aside for kid hackers [sic], an 11-year-old girl hacked a replica of the Florida secretary of state's website within 10 minutes — and changed the results.

Earlier on SN:
Georgia Defends Voting System Despite 243-Percent Turnout in One Precinct
South Carolina's 13k Electronic Voting Machines Vulnerable, Unreliable
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Insightful) by bzipitidoo on Saturday July 21 2018, @11:26PM (8 children)

    by bzipitidoo (4388) on Saturday July 21 2018, @11:26PM (#710606) Journal

    The technical aspects of security is easy compared to the political. Maybe we can't make perfectly secure voting machines. But we can do a whole lot better than the sick jokes vendors and politicians try to pass off.

    The number one problem is that they don't seem to want real security. They really do want to be able to cheat. And they're so ludicrously obvious about it. Voting machine vendors keep getting caught using embarrassingly broken security, or no security at all. Diebold rebranded themselves as Premier Election Solutions to try to leave behind their abysmal reputation.

    • (Score: 5, Funny) by archfeld on Sunday July 22 2018, @12:45AM (7 children)

      by archfeld (4650) <treboreel@live.com> on Sunday July 22 2018, @12:45AM (#710619) Journal

      Diebold can make secure machines, just look to the ATM's they put forth. They make voting machines with holes you can drive mining trucks through because that is really what the purchasers want. What we need is an OSS system that can be verified clean by the local jurisdiction, and receipt system that leaves the voter with an ID number and voter tally to verify at a later date what their votes were and how they were counted.

      --
      For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
      • (Score: 3, Informative) by Anonymous Coward on Sunday July 22 2018, @03:11AM (2 children)

        by Anonymous Coward on Sunday July 22 2018, @03:11AM (#710651)

        > Diebold can make secure machines, just look to the ATM's they put forth.

        OK, I looked.

        Security researchers hack ATM to make it spew cash [cnet.com]

        A simple hack of an exposed USB in one of Diebold Nixdorf's popular Opteva ATMs allowed researchers at security company IOActive to get it to spew out cash until it was empty.

        • (Score: 3, Interesting) by archfeld on Sunday July 22 2018, @06:33AM (1 child)

          by archfeld (4650) <treboreel@live.com> on Sunday July 22 2018, @06:33AM (#710681) Journal

          They only included USB at the request of some very LAZY and CHEAP banks that wanted quick access at the expense of ease of use. Admittedly it has been a while since I worked there but I was in a former life a tech at the R&D DC of a large financial institution and we had ATMS locked down VERY securely. Sadly the security required too much onsite intervention and the brainless idiots in management dreamed up an idea of remote access and centralized management that would cut the number of employees required to maintain the network of ATM's. Thus they introduced insecure network protocols and ports such as USB to allow for quick and dirty access, which results in the state of the ATM's today.

          --
          For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
          • (Score: 0) by Anonymous Coward on Sunday July 22 2018, @05:12PM

            by Anonymous Coward on Sunday July 22 2018, @05:12PM (#710810)

            So you're saying they make ATMs with holes you can drive mining trucks through because that is really what the purchasers want?

      • (Score: 2) by Runaway1956 on Sunday July 22 2018, @06:19AM (1 child)

        by Runaway1956 (2926) Subscriber Badge on Sunday July 22 2018, @06:19AM (#710680) Journal

        that is really what the purchasers want

        I'm not so sure about that. Mind you, I'm not a coder, I've never programmed anything that was even worth laughing at. But, I've read plenty of stories over the years about programmer's experiences with customers. I'm convinced that the customer doesn't know what he wants, and he's not even smart enough to go about figuring out what it is that he needs. The customer offers you, the programmer, some poorly thought out wish-list of things that the program should do. You make some tentative offers, the customer immediately balks at anything that requires a learning curve. You make less demanding offers, and the customer still balks at anything that isn't easy-peasy. Of course, there are communications problems involved. Generally, the customer is unable to even tell you what it is about your proposals that he doesn't like.

        Ultimately, the customer gets some Microsoft-like GUI that is pleasing to the eye, simple enough for any idiot, and sorta almost gets the job done. Then, when he gets the software installed on his own machine, he disables any features that get in his way.

        • (Score: 3, Insightful) by VanessaE on Sunday July 22 2018, @10:57PM

          by VanessaE (3396) <vanessa.e.dannenberg@gmail.com> on Sunday July 22 2018, @10:57PM (#710929) Journal

          I am a programmer, or I was (though not professionally), but speaking as a user...

          You make some tentative offers, the customer immediately balks at anything that requires a learning curve.

          Because customers have more important things to think about, plain and simple.

          It's the computer's job to handle the complicated stuff.

          In most cases, if security appears complicated to the customer or end user, or just results in a bad UI, the programmer did something wrong, plain and simple.

          We're talking voting machines for crying out loud. For a voter, there should be nothing to do besides press some buttons on-screen.

          For the volunteers who manage the machines, do like my state does: require the volunteer to escort the voter to the machine, and for her to insert a small access key device to enable it (I don't know what this device consists of, though).

          For those who handle offloading the voting data, I see no reason why it has to be any more complicated than them inserting and turning a key (just to trip an internal switch), triggering a pop-up message "To close-out voting on this machine, enter volunteer SSN and plug in your offload device now", where such a device would contain crypto hardware, and either a small amount of non-volatile storage to receive the voting data, or wireless hardware or a plain old modem, and tamper-evident seals over the seams.

          Offloading the data should automatically wipe the machine's memory and any temporary storage, reset the machine to as close to "factory-fresh" as possible, make an appropriate mark on the receipt, and mark the voting data as "closed" on the offload device (if it's storage-based), on success. In other words, the result should be functionally identical to closing-up and sealing a box of cast ballots, and opening up a fresh box.

          For those who service the machines, I don't see a reason why anyone should be allowed to do anything more than swap a defective machine for a good one, and tag-out the defective machine so that it can be returned to the manufacturer the next day, without any outside person so much as looking at the fancy security screws (that should surely be there) holding the case together. If the defective machine has voting data that needs offloaded, do so before returning it. If the offload can't be completed, then pull the official receipt and use that. If the official receipt is unusable, pull the backup receipt and use that one (there ARE two receipt recorders being driven independently, right?). If all of that fails, then I guess the votes would be lost. :-(

          A returned machine should be evaluated and investigated, then destroyed in full if the defect requires opening the machine to the point of potentially allowing motherboard or hard drive access.

          Of course, I recognize the underlying OS or hardware can complicate things at the code level, and customers can have totally unrealistic expectations, and physical access to a machine guarantees that it'll eventually be cracked/hacked, and people can be just plain stupid with how they manage their hardware, but there's rarely a reason for good security to result in a shitty UI.

      • (Score: 0) by Anonymous Coward on Sunday July 22 2018, @05:26PM (1 child)

        by Anonymous Coward on Sunday July 22 2018, @05:26PM (#710814)

        ... and receipt system that leaves the voter with an ID number and voter tally to verify at a later date what their votes were and how they were counted

        Good idea, that way I can make sure my employees vote the way I tell them to.

        • (Score: 2) by archfeld on Sunday July 22 2018, @06:33PM

          by archfeld (4650) <treboreel@live.com> on Sunday July 22 2018, @06:33PM (#710834) Journal

          Or I could just anonymously report my employer as attempting voter intimidation and fail to reveal how I voted. More than a couple of reports would surely trigger an investigation. I personally could also see mailing the receipt to myself thus having recourse while failing to keep a receipt that could be taken from me. There is always going to be a weak spot, but the ability to perform an outside audit makes that the lesser of the evils I think. YMMV of course...

          --
          For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
  • (Score: 2) by edIII on Saturday July 21 2018, @11:30PM (5 children)

    by edIII (791) on Saturday July 21 2018, @11:30PM (#710607)

    I would say the only way to go is a cryptographically signed vote. All votes are made public. There is a large file for the politician containing all the votes, which can be downloaded anonymously. Anybody curious about their vote only has to search the public database for the vote to see if it is counted to the right politician. If you find your vote in the wrong "pile" you have proof from a cryptographically signed receipt proving you voted for a different politician.

    The most important part is that you leave with the receipt, and yes, that would be on paper. Encode the information is something like a QR code with maximum protection (meaning it can degrade a little without losing data). Even then, that's only going to work as long as the cryptography is strong. That's increasingly doubtful, and quantum cryptanalysis will eventually break all conventional crypto.

    Paper ballots are by far the simpler, and almost foolproof method, to conduct voting. All we really need to do is make them easier, faster, and more verifiable during counting. I've thought of going to thin metal pieces made of aluminum. Your vote is hole punched, with a metal tag per vote. It peels apart into two pieces, one to be counted, one you can walk away with. Counting can be done by machine and verified by "eye". Imagine a stack of them that could only stack if every single vote were the same, with long metal rods through the punched holes. This could be automated by machine, with an entire stack easily seen by all as to be in the same configuration, and a configuration for that politician. Votes could probably be counted by height, and it they would be much easier to rapidly count into a database with a machine. Also worth noting, that there are perforations or risks of hanging chad. The hole punches should be validated by machine before you even leave.

    You could still imprint data onto the metal plates. Bonus, if you used a TRNG and used OTP which is the only 100.00% secure cryptographic method known in existence. Download all the metal plates for the politician, and then safely verify if your OTP key is inside it.

    Anything less than paper ballots is just designed to ultimately bring down democracy. Anybody can say whatever they want, but Orange Anus is illegitimate. We still don't know the extent of the hacking, and anywhere were the race was tight needs to be looked at intently. I sincerely doubt anyone here, on any side of the political arguments, trusts Diebold with jack diddly shit right? How much of the last election was done electronically? None of it can be trusted. Those machines keep getting hacked, but they survive. Like Microsoft POS keeps surviving on everything despite the vulnerabilities and hacking.

    The only two times I voted, which the first time I missed, the results were already largely in favor of the person I voted for. If I were in some place where the races were tighter, and there was electronic voting, I would be suspicious as fuck and feel that democracy as probably denied me.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 0) by Anonymous Coward on Sunday July 22 2018, @12:02AM (2 children)

      by Anonymous Coward on Sunday July 22 2018, @12:02AM (#710611)

      Blockchain, dude, blockchain.

      • (Score: 1, Touché) by Anonymous Coward on Sunday July 22 2018, @12:32AM

        by Anonymous Coward on Sunday July 22 2018, @12:32AM (#710617)

        Ethereum! Then it can be a series of contracts!

      • (Score: 5, Interesting) by edIII on Sunday July 22 2018, @02:11AM

        by edIII (791) on Sunday July 22 2018, @02:11AM (#710636)

        Actually, no. The benefit of stamping OTP onto both side of the metal tag before splitting it, is that the level of math required to verify it is elementary school simple. Just add up every number, or treat at is if it needs to be equal strings.

        The danger of a blockchain, or conventional cryptography is that we need a very small percentage of our population to verify it. So small, that it wouldn't be possible to verify it all even if that were their full time jobs. It has to be something simple and accessible by the masses, which given the piss poor state of America across the board, necessitates a rather low bar. Addition might be too much, which is why just verifying the first and last 10 digits as the same would probably be LCD for America at this point.

         

        --
        Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 1, Insightful) by Anonymous Coward on Sunday July 22 2018, @12:18PM

      by Anonymous Coward on Sunday July 22 2018, @12:18PM (#710733)

      If you can verify that your vote was counted correctly you can also prove to someone else what your vote was. That means that someone else can put you under pressure to vote for the candidate of his choice and not yours. A good voting system is designed to prevent that, not to facilitate it.

    • (Score: 3, Insightful) by Thexalon on Sunday July 22 2018, @08:43PM

      by Thexalon (636) on Sunday July 22 2018, @08:43PM (#710881)

      I would say the only way to go is a cryptographically signed vote. All votes are made public. ...

      I feel like we need a version of the old-school spam solution checklist [craphound.com] for voting security. Because a wide variety of proposals for "fixing" voting have a small set of common flaws, and it's abundantly clear folks aren't thinking these things through. Without further ado, here's my attempt, with the flaws in your plan highlighted:
      -----------------------------------------------------------

      Your post advocates a

      (X) technical ( ) legislative ( ) market-based ( ) vigilante

      approach to securing voting. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws.)

      ( ) Voters can't be sure their vote was counted
      (X) Politicians can find out how each voter voted and act accordingly
      (X) Individual voters' choices can be verified and/or demonstrated to a third party, allowing coercion and vote-buying
      (X) It is defenseless against insider attacks
      ( ) It is defenseless against brute force attacks
      ( ) Politicians will not put up with it
      ( ) Requires too much cooperation from scammers

      Specifically, your plan fails to account for

      ( ) Laws expressly prohibiting it
      (X) Lack of centrally controlling authority for elections
      (X) Asshats
      ( ) Jurisdictional problems
      (X) Willingness of under-trained poll workers to install OS patches
      (X) Armies of worm riddled broadband-connected Windows boxes
      (X) Extreme profitability of election hacking
      ( ) Identity theft
      (X) Technically illiterate politicians and bureaucrats
      (X) Failures of poorly-designed encryption methods undetectable to technically illiterate persons

      and the following philosophical objections may also apply:

      (X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
      (X) Any scheme based on a method of verifying any individual's vote is unacceptable
      (X) Why should we have to trust you and your servers?
      ( ) Feel-good measures do nothing to solve the problem
      (X) I don't want the government knowing my votes

      Furthermore, this is what I think about you:

      ( ) Sorry dude, but I don't think it would work.
      (X) This is a stupid idea, and you're a stupid person for suggesting it.
      ( ) Nice try, assh0le! I'm going to find out where you live and burn your
      house down!

      --
      The only thing that stops a bad guy with a compiler is a good guy with a compiler.
  • (Score: 1, Funny) by Anonymous Coward on Sunday July 22 2018, @12:35AM (3 children)

    by Anonymous Coward on Sunday July 22 2018, @12:35AM (#710618)

    They have electricity?

    • (Score: 2, Interesting) by Anonymous Coward on Sunday July 22 2018, @12:49AM (1 child)

      by Anonymous Coward on Sunday July 22 2018, @12:49AM (#710620)

      In the white parts of the state.

    • (Score: 2) by MostCynical on Sunday July 22 2018, @01:20AM

      by MostCynical (2589) on Sunday July 22 2018, @01:20AM (#710624) Journal

      Hand cranked generators - you have to crank for an hour - failing to do a full hour means you don't get to vote.

      --
      "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
  • (Score: 5, Interesting) by drussell on Sunday July 22 2018, @03:16AM (2 children)

    by drussell (2678) on Sunday July 22 2018, @03:16AM (#710653) Journal

    Democracy 101:

    Open enough polling places so that ALL of your citizens can vote easily and quickly at a polling place close to where they live. Have enough election officials available to properly tally a simple paper and pencil vote which is easily traceable, re-countable, etc.

    That's the model that we use here in Canada.

    Don't spend tons of money on unreliable, hackable, expensive crony-friend-company-supplying voting "machines" when you can just hire and train enough of your citizens to actually properly man polling stations for your electorate to vote efficiently at. It is a few weeks work to be trained and certified to take part in things like enumerating voters or working a polling place, but it is money well spent on a few part time jobs every few years instead of wasting money on dubious commercialized, for-profit voting machine purchase scams and shenanigans. :facepalm:

    • (Score: 2) by HiThere on Sunday July 22 2018, @05:21AM (1 child)

      by HiThere (866) Subscriber Badge on Sunday July 22 2018, @05:21AM (#710671) Journal

      It's reasonable, and when we did that, election fraud also happened. It *is* a harder than trivial problem. But the real problem seems to be that they don't want to solve it.

      --
      Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
      • (Score: 2) by dry on Sunday July 22 2018, @10:09PM

        by dry (223) on Sunday July 22 2018, @10:09PM (#710909) Journal

        Yea, even in our system there are weaknesses such as the absentee voters who don't usually matter but here in BC last election they did matter. Election was close enough that it took a month to finish counting vs the usual couple of hours and then the government had to be voted out by the 2nd and 3rd place parties who between them had one more seat.

        Another big difference is that most of our elections are simple. One Federal election, one Provincial election on a different day in each Province, both where we just vote for a representative. Municipal are more complex.
        This allows different political parties at the Provincial level and even regional parties at the Federal level and here, no parties at most of the municipalities.

  • (Score: 1, Interesting) by Anonymous Coward on Sunday July 22 2018, @03:28PM (1 child)

    by Anonymous Coward on Sunday July 22 2018, @03:28PM (#710777)

    the biggest problem we are facing with intellectual property law in the modern age. Which is that public domain protocols, do in fact have value, and that the corruption of those protocols does in fact cause harm. Voting machines are actually the most glaring example of oversight in the way the USPTO and Copyright office consider public domain intellectual property.

    There are only a few technically correct solutions to this problem, and millions of incorrect ones. If the buyer can't tell the difference, then the cheaper solution wins. Which is to say, that this is only ever going to get done correctly by the FOSS community, because the state is both unable and unwilling to do this correctly. The singularity of vision required to solve the problem, is statistically impossible in any comittee based organization.

    The problem the state is perhaps able to fix, is that the USPTO and Copyright Office generally do not regard protocols as being protectable intellectual property. In this case, IF a FOSS project was built that turned out to be a bulletproof solution, the inevitable next step would be a third party fork getting produced that was insecure and corrupt. That fork would be touted as being the same or better as the actual secure solution, and our right to use a secure voting systems would boil down to a trademark and copyright spat.

    The offending product would win in court in such a case. The insecure system would be considered "new art" by the intellectual property courts. Which is to say the state has no legislative basis for defending its citizens intrinsic right to a mathematically proven voting system under current law.

    It doesn't matter what you build, if you can't defend it. And the state has made no real effort to provide for the common defense when it comes to public domain intellectual property assets. In particular those assets that assert the right to vote. This is not a matter of blame, but a structural failure in the way federal and state statutes function.

    • (Score: 0) by Anonymous Coward on Monday July 23 2018, @06:11PM

      by Anonymous Coward on Monday July 23 2018, @06:11PM (#711359)

      your post's stupidity is so depressing. your solution for the ills of government is more government?

(1)