SoylentNews is people
SoylentNews
from the Replace-or-not-to-replace?-Have-the-people-vote-on-it! dept.
The project Protect Democracy is suing the state of South Carolina because its insecure, unreliable voting systems are effectively denying people the right to vote. The project has filed a 45-page lawsuit pointing out the inherent lack of security and inauditability of these systems and concludes that "by failing to provide S.C. voters with a system that can record their votes reliably," South Carolinians have been deprived of their constitutional right to vote. Late last year, Def Con 25's Voting Village reported on the ongoing, egregious, and fraudulent state of electronic voting in the US, a situation which has been getting steadily worse since at least 2000. The elephant in the room is that these machines are built from the ground up on Microsoft products, which is protected with a cult-like vigor standing in the way of rolling back to the only known secure method, hand counted paper ballots.
Bruce Schneier is an advisor to Protect Democracy
Earlier on SN:
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States (2018)
Want to Hack a Voting Machine? Hack the Voting Machine Vendor First (2018)
Georgia Election Server Wiped after Lawsuit Filed (2017)
It Took DEF CON Hackers Minutes to Pwn These US Voting Machines (2017)
Russian Hackers [sic] Penetrated US Electoral Systems and Tried to Delete Voter Registration Data (2017)
5 Ways to Improve Voting Security in the U.S. (2016)
FBI Says Foreign Hackers Penetrated State Election Systems (2016)
and so on ...
(Score: 3, Insightful) by Thexalon on Sunday July 22 2018, @08:43PM
I feel like we need a version of the old-school spam solution checklist [craphound.com] for voting security. Because a wide variety of proposals for "fixing" voting have a small set of common flaws, and it's abundantly clear folks aren't thinking these things through. Without further ado, here's my attempt, with the flaws in your plan highlighted:
-----------------------------------------------------------
Your post advocates a
(X) technical ( ) legislative ( ) market-based ( ) vigilante
approach to securing voting. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws.)
( ) Voters can't be sure their vote was counted
(X) Politicians can find out how each voter voted and act accordingly
(X) Individual voters' choices can be verified and/or demonstrated to a third party, allowing coercion and vote-buying
(X) It is defenseless against insider attacks
( ) It is defenseless against brute force attacks
( ) Politicians will not put up with it
( ) Requires too much cooperation from scammers
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for elections
(X) Asshats
( ) Jurisdictional problems
(X) Willingness of under-trained poll workers to install OS patches
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Extreme profitability of election hacking
( ) Identity theft
(X) Technically illiterate politicians and bureaucrats
(X) Failures of poorly-designed encryption methods undetectable to technically illiterate persons
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
(X) Any scheme based on a method of verifying any individual's vote is unacceptable
(X) Why should we have to trust you and your servers?
( ) Feel-good measures do nothing to solve the problem
(X) I don't want the government knowing my votes
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
The only thing that stops a bad guy with a compiler is a good guy with a compiler.