SoylentNews is people
SoylentNews
from the Replace-or-not-to-replace?-Have-the-people-vote-on-it! dept.
The project Protect Democracy is suing the state of South Carolina because its insecure, unreliable voting systems are effectively denying people the right to vote. The project has filed a 45-page lawsuit pointing out the inherent lack of security and inauditability of these systems and concludes that "by failing to provide S.C. voters with a system that can record their votes reliably," South Carolinians have been deprived of their constitutional right to vote. Late last year, Def Con 25's Voting Village reported on the ongoing, egregious, and fraudulent state of electronic voting in the US, a situation which has been getting steadily worse since at least 2000. The elephant in the room is that these machines are built from the ground up on Microsoft products, which is protected with a cult-like vigor standing in the way of rolling back to the only known secure method, hand counted paper ballots.
Bruce Schneier is an advisor to Protect Democracy
Earlier on SN:
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States (2018)
Want to Hack a Voting Machine? Hack the Voting Machine Vendor First (2018)
Georgia Election Server Wiped after Lawsuit Filed (2017)
It Took DEF CON Hackers Minutes to Pwn These US Voting Machines (2017)
Russian Hackers [sic] Penetrated US Electoral Systems and Tried to Delete Voter Registration Data (2017)
5 Ways to Improve Voting Security in the U.S. (2016)
FBI Says Foreign Hackers Penetrated State Election Systems (2016)
and so on ...
(Score: 5, Insightful) by bzipitidoo on Saturday July 21 2018, @11:26PM (8 children)
The technical aspects of security is easy compared to the political. Maybe we can't make perfectly secure voting machines. But we can do a whole lot better than the sick jokes vendors and politicians try to pass off.
The number one problem is that they don't seem to want real security. They really do want to be able to cheat. And they're so ludicrously obvious about it. Voting machine vendors keep getting caught using embarrassingly broken security, or no security at all. Diebold rebranded themselves as Premier Election Solutions to try to leave behind their abysmal reputation.
(Score: 5, Funny) by archfeld on Sunday July 22 2018, @12:45AM (7 children)
Diebold can make secure machines, just look to the ATM's they put forth. They make voting machines with holes you can drive mining trucks through because that is really what the purchasers want. What we need is an OSS system that can be verified clean by the local jurisdiction, and receipt system that leaves the voter with an ID number and voter tally to verify at a later date what their votes were and how they were counted.
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 3, Informative) by Anonymous Coward on Sunday July 22 2018, @03:11AM (2 children)
> Diebold can make secure machines, just look to the ATM's they put forth.
OK, I looked.
Security researchers hack ATM to make it spew cash [cnet.com]
(Score: 3, Interesting) by archfeld on Sunday July 22 2018, @06:33AM (1 child)
They only included USB at the request of some very LAZY and CHEAP banks that wanted quick access at the expense of ease of use. Admittedly it has been a while since I worked there but I was in a former life a tech at the R&D DC of a large financial institution and we had ATMS locked down VERY securely. Sadly the security required too much onsite intervention and the brainless idiots in management dreamed up an idea of remote access and centralized management that would cut the number of employees required to maintain the network of ATM's. Thus they introduced insecure network protocols and ports such as USB to allow for quick and dirty access, which results in the state of the ATM's today.
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 0) by Anonymous Coward on Sunday July 22 2018, @05:12PM
So you're saying they make ATMs with holes you can drive mining trucks through because that is really what the purchasers want?
(Score: 2) by Runaway1956 on Sunday July 22 2018, @06:19AM (1 child)
I'm not so sure about that. Mind you, I'm not a coder, I've never programmed anything that was even worth laughing at. But, I've read plenty of stories over the years about programmer's experiences with customers. I'm convinced that the customer doesn't know what he wants, and he's not even smart enough to go about figuring out what it is that he needs. The customer offers you, the programmer, some poorly thought out wish-list of things that the program should do. You make some tentative offers, the customer immediately balks at anything that requires a learning curve. You make less demanding offers, and the customer still balks at anything that isn't easy-peasy. Of course, there are communications problems involved. Generally, the customer is unable to even tell you what it is about your proposals that he doesn't like.
Ultimately, the customer gets some Microsoft-like GUI that is pleasing to the eye, simple enough for any idiot, and sorta almost gets the job done. Then, when he gets the software installed on his own machine, he disables any features that get in his way.
Abortion is the number one killed of children in the United States.
(Score: 3, Insightful) by VanessaE on Sunday July 22 2018, @10:57PM
I am a programmer, or I was (though not professionally), but speaking as a user...
Because customers have more important things to think about, plain and simple.
It's the computer's job to handle the complicated stuff.
In most cases, if security appears complicated to the customer or end user, or just results in a bad UI, the programmer did something wrong, plain and simple.
We're talking voting machines for crying out loud. For a voter, there should be nothing to do besides press some buttons on-screen.
For the volunteers who manage the machines, do like my state does: require the volunteer to escort the voter to the machine, and for her to insert a small access key device to enable it (I don't know what this device consists of, though).
For those who handle offloading the voting data, I see no reason why it has to be any more complicated than them inserting and turning a key (just to trip an internal switch), triggering a pop-up message "To close-out voting on this machine, enter volunteer SSN and plug in your offload device now", where such a device would contain crypto hardware, and either a small amount of non-volatile storage to receive the voting data, or wireless hardware or a plain old modem, and tamper-evident seals over the seams.
Offloading the data should automatically wipe the machine's memory and any temporary storage, reset the machine to as close to "factory-fresh" as possible, make an appropriate mark on the receipt, and mark the voting data as "closed" on the offload device (if it's storage-based), on success. In other words, the result should be functionally identical to closing-up and sealing a box of cast ballots, and opening up a fresh box.
For those who service the machines, I don't see a reason why anyone should be allowed to do anything more than swap a defective machine for a good one, and tag-out the defective machine so that it can be returned to the manufacturer the next day, without any outside person so much as looking at the fancy security screws (that should surely be there) holding the case together. If the defective machine has voting data that needs offloaded, do so before returning it. If the offload can't be completed, then pull the official receipt and use that. If the official receipt is unusable, pull the backup receipt and use that one (there ARE two receipt recorders being driven independently, right?). If all of that fails, then I guess the votes would be lost. :-(
A returned machine should be evaluated and investigated, then destroyed in full if the defect requires opening the machine to the point of potentially allowing motherboard or hard drive access.
Of course, I recognize the underlying OS or hardware can complicate things at the code level, and customers can have totally unrealistic expectations, and physical access to a machine guarantees that it'll eventually be cracked/hacked, and people can be just plain stupid with how they manage their hardware, but there's rarely a reason for good security to result in a shitty UI.
(Score: 0) by Anonymous Coward on Sunday July 22 2018, @05:26PM (1 child)
Good idea, that way I can make sure my employees vote the way I tell them to.
(Score: 2) by archfeld on Sunday July 22 2018, @06:33PM
Or I could just anonymously report my employer as attempting voter intimidation and fail to reveal how I voted. More than a couple of reports would surely trigger an investigation. I personally could also see mailing the receipt to myself thus having recourse while failing to keep a receipt that could be taken from me. There is always going to be a weak spot, but the ability to perform an outside audit makes that the lesser of the evils I think. YMMV of course...
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 2) by edIII on Saturday July 21 2018, @11:30PM (5 children)
I would say the only way to go is a cryptographically signed vote. All votes are made public. There is a large file for the politician containing all the votes, which can be downloaded anonymously. Anybody curious about their vote only has to search the public database for the vote to see if it is counted to the right politician. If you find your vote in the wrong "pile" you have proof from a cryptographically signed receipt proving you voted for a different politician.
The most important part is that you leave with the receipt, and yes, that would be on paper. Encode the information is something like a QR code with maximum protection (meaning it can degrade a little without losing data). Even then, that's only going to work as long as the cryptography is strong. That's increasingly doubtful, and quantum cryptanalysis will eventually break all conventional crypto.
Paper ballots are by far the simpler, and almost foolproof method, to conduct voting. All we really need to do is make them easier, faster, and more verifiable during counting. I've thought of going to thin metal pieces made of aluminum. Your vote is hole punched, with a metal tag per vote. It peels apart into two pieces, one to be counted, one you can walk away with. Counting can be done by machine and verified by "eye". Imagine a stack of them that could only stack if every single vote were the same, with long metal rods through the punched holes. This could be automated by machine, with an entire stack easily seen by all as to be in the same configuration, and a configuration for that politician. Votes could probably be counted by height, and it they would be much easier to rapidly count into a database with a machine. Also worth noting, that there are perforations or risks of hanging chad. The hole punches should be validated by machine before you even leave.
You could still imprint data onto the metal plates. Bonus, if you used a TRNG and used OTP which is the only 100.00% secure cryptographic method known in existence. Download all the metal plates for the politician, and then safely verify if your OTP key is inside it.
Anything less than paper ballots is just designed to ultimately bring down democracy. Anybody can say whatever they want, but Orange Anus is illegitimate. We still don't know the extent of the hacking, and anywhere were the race was tight needs to be looked at intently. I sincerely doubt anyone here, on any side of the political arguments, trusts Diebold with jack diddly shit right? How much of the last election was done electronically? None of it can be trusted. Those machines keep getting hacked, but they survive. Like Microsoft POS keeps surviving on everything despite the vulnerabilities and hacking.
The only two times I voted, which the first time I missed, the results were already largely in favor of the person I voted for. If I were in some place where the races were tighter, and there was electronic voting, I would be suspicious as fuck and feel that democracy as probably denied me.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Sunday July 22 2018, @12:02AM (2 children)
Blockchain, dude, blockchain.
(Score: 1, Touché) by Anonymous Coward on Sunday July 22 2018, @12:32AM
Ethereum! Then it can be a series of contracts!
(Score: 5, Interesting) by edIII on Sunday July 22 2018, @02:11AM
Actually, no. The benefit of stamping OTP onto both side of the metal tag before splitting it, is that the level of math required to verify it is elementary school simple. Just add up every number, or treat at is if it needs to be equal strings.
The danger of a blockchain, or conventional cryptography is that we need a very small percentage of our population to verify it. So small, that it wouldn't be possible to verify it all even if that were their full time jobs. It has to be something simple and accessible by the masses, which given the piss poor state of America across the board, necessitates a rather low bar. Addition might be too much, which is why just verifying the first and last 10 digits as the same would probably be LCD for America at this point.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Insightful) by Anonymous Coward on Sunday July 22 2018, @12:18PM
If you can verify that your vote was counted correctly you can also prove to someone else what your vote was. That means that someone else can put you under pressure to vote for the candidate of his choice and not yours. A good voting system is designed to prevent that, not to facilitate it.
(Score: 3, Insightful) by Thexalon on Sunday July 22 2018, @08:43PM
I feel like we need a version of the old-school spam solution checklist [craphound.com] for voting security. Because a wide variety of proposals for "fixing" voting have a small set of common flaws, and it's abundantly clear folks aren't thinking these things through. Without further ado, here's my attempt, with the flaws in your plan highlighted:
-----------------------------------------------------------
Your post advocates a
(X) technical ( ) legislative ( ) market-based ( ) vigilante
approach to securing voting. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws.)
( ) Voters can't be sure their vote was counted
(X) Politicians can find out how each voter voted and act accordingly
(X) Individual voters' choices can be verified and/or demonstrated to a third party, allowing coercion and vote-buying
(X) It is defenseless against insider attacks
( ) It is defenseless against brute force attacks
( ) Politicians will not put up with it
( ) Requires too much cooperation from scammers
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for elections
(X) Asshats
( ) Jurisdictional problems
(X) Willingness of under-trained poll workers to install OS patches
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Extreme profitability of election hacking
( ) Identity theft
(X) Technically illiterate politicians and bureaucrats
(X) Failures of poorly-designed encryption methods undetectable to technically illiterate persons
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
(X) Any scheme based on a method of verifying any individual's vote is unacceptable
(X) Why should we have to trust you and your servers?
( ) Feel-good measures do nothing to solve the problem
(X) I don't want the government knowing my votes
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 1, Funny) by Anonymous Coward on Sunday July 22 2018, @12:35AM (3 children)
They have electricity?
(Score: 2, Interesting) by Anonymous Coward on Sunday July 22 2018, @12:49AM (1 child)
In the white parts of the state.
(Score: 3, Funny) by realDonaldTrump on Sunday July 22 2018, @05:48AM
Then it's very easy. All they need to do is put the machines in those areas.
(Score: 2) by MostCynical on Sunday July 22 2018, @01:20AM
Hand cranked generators - you have to crank for an hour - failing to do a full hour means you don't get to vote.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 5, Interesting) by drussell on Sunday July 22 2018, @03:16AM (2 children)
Democracy 101:
Open enough polling places so that ALL of your citizens can vote easily and quickly at a polling place close to where they live. Have enough election officials available to properly tally a simple paper and pencil vote which is easily traceable, re-countable, etc.
That's the model that we use here in Canada.
Don't spend tons of money on unreliable, hackable, expensive crony-friend-company-supplying voting "machines" when you can just hire and train enough of your citizens to actually properly man polling stations for your electorate to vote efficiently at. It is a few weeks work to be trained and certified to take part in things like enumerating voters or working a polling place, but it is money well spent on a few part time jobs every few years instead of wasting money on dubious commercialized, for-profit voting machine purchase scams and shenanigans. :facepalm:
(Score: 2) by HiThere on Sunday July 22 2018, @05:21AM (1 child)
It's reasonable, and when we did that, election fraud also happened. It *is* a harder than trivial problem. But the real problem seems to be that they don't want to solve it.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by dry on Sunday July 22 2018, @10:09PM
Yea, even in our system there are weaknesses such as the absentee voters who don't usually matter but here in BC last election they did matter. Election was close enough that it took a month to finish counting vs the usual couple of hours and then the government had to be voted out by the 2nd and 3rd place parties who between them had one more seat.
Another big difference is that most of our elections are simple. One Federal election, one Provincial election on a different day in each Province, both where we just vote for a representative. Municipal are more complex.
This allows different political parties at the Provincial level and even regional parties at the Federal level and here, no parties at most of the municipalities.
(Score: 1, Interesting) by Anonymous Coward on Sunday July 22 2018, @03:28PM (1 child)
the biggest problem we are facing with intellectual property law in the modern age. Which is that public domain protocols, do in fact have value, and that the corruption of those protocols does in fact cause harm. Voting machines are actually the most glaring example of oversight in the way the USPTO and Copyright office consider public domain intellectual property.
There are only a few technically correct solutions to this problem, and millions of incorrect ones. If the buyer can't tell the difference, then the cheaper solution wins. Which is to say, that this is only ever going to get done correctly by the FOSS community, because the state is both unable and unwilling to do this correctly. The singularity of vision required to solve the problem, is statistically impossible in any comittee based organization.
The problem the state is perhaps able to fix, is that the USPTO and Copyright Office generally do not regard protocols as being protectable intellectual property. In this case, IF a FOSS project was built that turned out to be a bulletproof solution, the inevitable next step would be a third party fork getting produced that was insecure and corrupt. That fork would be touted as being the same or better as the actual secure solution, and our right to use a secure voting systems would boil down to a trademark and copyright spat.
The offending product would win in court in such a case. The insecure system would be considered "new art" by the intellectual property courts. Which is to say the state has no legislative basis for defending its citizens intrinsic right to a mathematically proven voting system under current law.
It doesn't matter what you build, if you can't defend it. And the state has made no real effort to provide for the common defense when it comes to public domain intellectual property assets. In particular those assets that assert the right to vote. This is not a matter of blame, but a structural failure in the way federal and state statutes function.
(Score: 0) by Anonymous Coward on Monday July 23 2018, @06:11PM
your post's stupidity is so depressing. your solution for the ills of government is more government?