SoylentNews is people
SoylentNews
I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming
In 2016, I bought two voting machines online for less than $100 apiece. I didn't even have to search the dark web. I found them on eBay.
Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online.
If getting voting machines delivered to my door was shockingly easy, getting inside them proved to be simpler still. The tamper-proof screws didn't work, all the computing equipment was still intact, and the hard drives had not been wiped. The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted. Worse, the "Property Of" government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.
[...] I reverse-engineered the machines to understand how they could be manipulated. After removing the internal hard drive, I was able to access the file structure and operating system. Since the machines were not wiped after they were used in the 2012 presidential election, I got a great deal of insight into how the machines store the votes that were cast on them. Within hours, I was able to change the candidates' names to be that of anyone I wanted. When the machine printed out the official record for the votes that were cast, it showed that the candidate's name I invented had received the most votes on that particular machine.
This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines—those that were used in the 2016 election—are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were before—dispersed, disorganized, and susceptible to manipulation.
(Score: 2) by Virindi on Thursday November 15 2018, @01:21PM (5 children)
Yeah, the fact that you can buy them is not "alarming". The public has a right to know and inspect how the voting process works, and what better way is there than being able to buy an old voting machine and examine it yourself? This is how vulnerabilities are found...and preventing this does not prevent the bad guys from finding vulnerabilities, only the good guys. The bad guys can just steal one.
Beware anyone who claims it should only be examined by "selected experts". Any system like that is highly vulnerable because you cannot trust the person who chooses the 'experts', and you cannot prevent political pressure on said 'experts'. Letting any Joe willing to buy an old machine examine it and publish their findings as they please solves this at little cost to anyone.
(Score: 3, Interesting) by bzipitidoo on Thursday November 15 2018, @02:07PM
Another thing I thought alarmist was the wailing about the lack of encryption. Paper ballots really can't be encrypted, so how is unencrypted "on a computer" worse? And, what "voter information" was on the machines? The article didn't say any personal info was present. And why should there be? I've never had nor heard of a voting machine asking for voters' name and address. Seems the article might be running with the notion that the votes themselves, anonymized though they are, constitute personal and private info.
As for "tamper proof screws", come on, anyone with any sense ought to realize that such things are almost entirely security theater, really only able to delay tampering by a few seconds, which could be vital. The author had all the time and privacy he needed, no kind of physical lock could possibly last against that. It's like expecting a safe to stay unbreached after it had been stolen, and defeat all the machinery that can be brought to bear on it. Likely all that's needed is a diamond edged power saw. Some of the best such security I'd heard of is in old video games. In at least one case, the machine was set up to wipe the ROMs if it was tampered with. And that was still defeated. So to screech "insecurity!" about that is unfair and disingenuous.
Securing electronic voting is a hard problem. And Diebold has showed they are not trustworthy. There are tough real problems here. Don't need to be diverted with unrealistic, impractical, and unnecessary expectations.
(Score: 2) by DannyB on Thursday November 15 2018, @02:49PM
The public has a right to know and inspect how the insecure the voting process is.
The anti vax hysteria didn't stop, it just died down.
(Score: 1) by khallow on Thursday November 15 2018, @03:17PM
You're thinking of it from the rural point of view where misusing a voting machine means merely that one damages one's own property. A terrorist could turn one of these into a significant weapon by dropping it out a window from a ten story window onto a busy traffic area. Just like any other heavy object, it should be banned from high rises, bridges, balconies, and anywhere else that terrorists can drop such objects onto unsuspecting victims.
(Score: 0) by Anonymous Coward on Thursday November 15 2018, @05:58PM
So why not open source all the code?
(Score: 2) by Runaway1956 on Friday November 16 2018, @03:09AM
Yet, we hear this routinely from OS vendors (closed source), automakers, aviation, and more. We even see it outside of computing/electronics fields. "No consumer serviceable parts inside." We are accustomed to seeing and hearing the warnings.
https://en.wikipedia.org/wiki/Blinkenlights [wikipedia.org]
Abortion is the number one killed of children in the United States.