Wired: America’s Electronic Voting Machines Are Scarily Easy Targets
https://www.wired.com/2016/08/americas-voting-machines-arent-ready-elect...
And this is yet another way a once-democracy commits suicide. In Europe, despite their own very high technological level, ballots are done old school, with marked paper and a solid paper trail and the votes counted in full view of all candidates and the public. This is one of the areas when the low-tech, rock solid way of doing things is still the right way, because for a democracy to be legitimate, there must be full trust and consensus about the integrity of the elections.
Especially in a country as bitterly divided, mistrustful and economically depressed as the United States is right now.
This is hardly the first time tech experts have brought up this issue, and it's come up here a bunch of times before, and yet TPTB don't care because it gives them another potential avenue to keep up the "troublemakers" who actually act in the interests of the American people as opposed to the plutocrat special interests and corrupt thieveing oligarchs who now openly bribe the politicians. RIP US democracy, it was a nice experiment at least.
Comments
We had a talk last night on voter fraud
since our voter ID will be changed post court decision for the current election. Interesting - should improve things. The permanent solution will be released this soon, and then our legislature will go back to take another stab at destroying it again come January. Sigh.
So, I asked about Election Fraud and the speaker said neither the local nor the national organization she's with is looking at that at all - she seems to think it's not yet a crisis. I sent her a couple articles last night. Will forward this one, as well.
Thank you.
'What we are left with is an agency mandated to ensure transparency and disclosure that is actually working to keep the public in the dark' - Ann M. Ravel, former FEC member
It's easier to dismiss you than
do the work required to delve into the possibility of voter fraud, of voters party being changed without their knowledge, of voting machines being manipulated. Stay with her. Encourage her to do the right thing at every turn. Don't let her off the hook. Help her be the change that needs to happen.
"The “jumpers” reminded us that one day we will all face only one choice and that is how we will die, not how we will live." Chris Hedges on 9/11
We've known of the ease of hacking
of these "voting systems" since practically Day One, when they went into service.
We freak out over unsolicited emails but we don't give a shit about our e-ballot. There's something very, very wrong with that picture.
Run away! Hide your eyes!
The truth is not to be trusted - EVER!
"The “jumpers” reminded us that one day we will all face only one choice and that is how we will die, not how we will live." Chris Hedges on 9/11
"Software is not to be trusted"
The article contains a link to a slide deck by Ron Rivest (the "R" in RSA encryption) that features this quote prominently. As a long time professional in the discipline, I have to say he is spot on. Software quality assurance is a hard problem - and the formal methods used in hardware design are difficult to apply.
My main concern with the article is that it made no mention of more recent evidence of tampering.
We can’t save the world by playing by the rules, because the rules have to be changed.
- Greta Thunberg
Actually, from in infosec standpoint
The software is seldom the weakest link. Typically it's policy & procedure. Implementing a secure system includes physical security and that is expensive. I remember having to fly to another city along with several team members from different departments all spending a day there, plus days in advance to write up procedural documents and days after to review logs and video tapes. All of that was to do something that in my lab I could do at the push of a button in a few minutes.
Just to give you an idea...
Step 1: Write out overall policies and procedures which mandates this activity happen every 3 months.
Step 2: Prior to activity, document down to the keystroke level what, exactly, was going to be done... keystroke by keystroke.
Step 3: Review said documentation... by groups not involved in the writing of it.
Step 4: Do the deed... one of the roles identified was simply observer. That person was responsible for knowing what was written, what was actually typed, and keeping a manual log of same.
Step 5: Review video, written log by observer, access logs from security systems, and software logs of operations. Ensure that all are identical and all match the written documentation... review done by group not involved.
All told we tied up hundreds of hours and had to educate people from multiple different business groups so that they were knowledgeable enough to do these jobs. There were enforced separations (for instance, if you were a reviewer then you could never have actual physical access to the machines. Network access to them was limited and nothing significant could be done without physical access anyway.
This is what real security looks like and it is very manual and very labor intensive. The odds are very good that if there is a breach, it isn't going to be some esoteric exploitation of prime number algorithms. It's going to be me, grabbing a big empty box, looking harried and over-burdened, and asking that other helpful employee if they could please "get that door for me".
A lot of wanderers in the U.S. political desert recognize that all the duopoly has to offer is a choice of mirages. Come, let us trudge towards empty expanse of sand #1, littered with the bleached bones of Deaniacs and Hope and Changers.
-- lotlizard
almost sounds like
Prepping for a key signing ceremony, except the every-three-months part. Unless ... spooks? Or just overly paranoid management?
Now interviewing signature candidates. Apply within.
LOL.. good spotting
CRL signing but yeah, close enough.
So yes, we are talking about some pretty high-end security there. But when you consider the stakes on the table for the American election system I would argue that the needs for security easily eclipse anything any certificate authority might need... including Verisign and similar companies who "protect" user-level banking.
A lot of wanderers in the U.S. political desert recognize that all the duopoly has to offer is a choice of mirages. Come, let us trudge towards empty expanse of sand #1, littered with the bleached bones of Deaniacs and Hope and Changers.
-- lotlizard
You are quite correct
And I appreciate your perspective.
My one comment would be that these voting systems are often so poorly designed that "esoteric exploitation of prime number algorithms" would be nice if it was the only vulnerability. In practice you see dumb things like 4 character passwords and other trivial access issues. You are quite right that this stuff is hard, but these clowns aren't anywhere near the point where rigorous procedural approaches would even be applicable. To build on your analogy, the door has a motion sensor, no one is in the room, and there isn't even a list of boxes.
I'm with you too on the impracticality of electronic voting. Paper ballots with strong chains of custody are known to work, are much simpler to implement and can be explained to just about anyone from all of the political parties.
We can’t save the world by playing by the rules, because the rules have to be changed.
- Greta Thunberg
*nod* Of course
I bring it up because I fear that someone will make a new, more secure, voting machine with paper trails and lord knows what else and people will think that solves the problem. It doesn't. It won't. It can't until policy & procedure is a part of the solution and that P&P includes serious consideration to internal, well-placed attackers.
Fundamentally, the problem with electronic voting is the potential for a single point of attack and the size of the prize if you succeed. Paper ballots are "more secure" not because you can't cheat that system, but in order to do so you must do it precinct by precinct. That scales up the number of people involved in the crime dramatically thereby reducing the odds that you will keep it all secret. It also scales down the rewards of a successful intrusion to just one precinct rather than an entire state.
In plain English, if you're going to put a lock on a door, it has to cost more to break the lock than the value of the contents protected by it. How, exactly, do you make a lock that is capable of protecting against the value of winning US elections?
A lot of wanderers in the U.S. political desert recognize that all the duopoly has to offer is a choice of mirages. Come, let us trudge towards empty expanse of sand #1, littered with the bleached bones of Deaniacs and Hope and Changers.
-- lotlizard
No one appreciates the friction of physical objects
I still write checks because it's hard to steal more than a few at a time so no one bothers.
Stealing an entire precinct's physical ballots requires a truck and a couple of strong dudes. Not so for electronic records.
We can’t save the world by playing by the rules, because the rules have to be changed.
- Greta Thunberg
Even open source software can't be trusted.
Despite the fact that machines using open source code performed more accurately than more hackable, closed voting devices, it is possible to interject code with a timer so it does its thing fast and then disappears itself.
Old school is really the only way to go.
Realizing this actually made me sad for more reasons than vote tampering. I used to think that because all Americans now have or can have access to the internet that we could have a true democracy rather than a representative democracy. The basic job of all Americans would be to decide where to allocate public funds (with agreed minimums). It could allow initiatives coming directly from the public.
But computers are entirely too hackable and probably always will be. Too bad because the "representative" part of our democracy is what is giving us problems. Our representatives are also hackable - all it takes is a bit more cashola than the average citizen could ever afford.
No electronic system is ever secure
all by itself. That's why in the admittedly very high security example I gave above, there were multiple different and independent audit trails and they were validated against each other every single time.
No opensource software can ever stop a sysadmin from just going and tweaking a value in a database if that sysadmin has unmonitored access to the database. To do that takes policy & procedure. It also takes a suspicious mind designing the system to be secure against internal attack (think SOS) as well as external attack.
I've been pondering this ever since I had an exchange with Adam B over at GOS. Normally I like Adam and being a lawyer his legal opinions have merit. But he and I disagreed vehemently on electronic voting. I claimed it could never be secured and he thought it could be. In hindsight, I think you could, with herculean effort, secure it. But we don't even begin to try.
A lot of wanderers in the U.S. political desert recognize that all the duopoly has to offer is a choice of mirages. Come, let us trudge towards empty expanse of sand #1, littered with the bleached bones of Deaniacs and Hope and Changers.
-- lotlizard
You are absolutely right.
Adam B has the same view that most Americans have. There is something that makes them think there is a certain infallibility about computers. A sociological study about American attitudes toward computers and computerization would be a very interesting. I'm beginning to think it is only programmers and software engineers who understand how ridiculously stupid and inaccurate computers are capable of being.
It would be far cheaper to just do manual votes/counting than it would be to do everything you can think of to make electronic voting reliably reflective of the truth. And even when all your herculean efforts are in place, you would still be left wondering what you might have missed.
What gets to me is how obvious some of these electronic shennanigans are YET NO ONE DOES ANYTHING ABOUT IT! What is this sleep state? I guess most of us are too busy trying to pay the bills with too many jobs to even think about it much less research as we political junkies have done. I wonder if some programmers weren't actually trying to alert the public, because of the inelegance of their manipulations; they left glaring clues, but no one acts upon them.
In my state, I recall that when I worked in a public (like a county) computer shop, the election software was sent very hush hush to a single programmer in the house by management for every election. Although most of us were aware, none of us thought to challenge that in the least. I guess we all assumed it was to change the names on ballots only. The room for abuse was astonishing, in retrospect, I recall the tiniest spiderey sense telling me something was wrong with this picture.
Next to the TPP, I consider this the premier issue facing Americans. Citizens United can come behind the integrity of our votes every day of the week.
I want citizen oversight of all elections. Our system is lax only because we trusted it for so long. We believed all Americans believed in voter integrity and voter's rights. We had laws that most people don't know have been overturned by the
corporatist Supreme Court.
Some people have seriously taken advantage of that trust. I'm thinking LTE'S if only because helping awareness is really our only option now as it always has been. Our job is even harder than ever, thanks to the capitulation of all mainstream media to some corporate imperative. Gawd what a horrible loss that has been.
We'd know if we had a real news media
Because they would be reporting on these election problems big time. That really sucks that we don't.
Beware the bullshit factories.
Grad students easily hack voting machines
https://www.youtube.com/watch?v=rYnUksWt5HQ
about 5 min
“Until justice rolls down like water and righteousness like a mighty stream.”
Grad students easily hack voting machines-edit
sorry for the double post so I'll edit this duplicate with an interview with Robert Fitrakis about the fraud this season. Recorded at the Green Convention this weekend - 17 min
https://www.youtube.com/watch?v=Gg9cauzuEsw
“Until justice rolls down like water and righteousness like a mighty stream.”
It's a feature not a bug.
Remember Diebold machines...
When I was cashiering at a grocery store, people insisted on paper receipts when they bought a gallon of milk. But every one and every turn of my registration fraud just gets dismissed.
Paper Ballots. Count each one. Kill the delegate and electoral college shenanigans.
"Love One Another" ~ George Harrison
Now Dominion voting machines.
First, Diebold changed its name to Premier Election Solutions. A few years later Election Systems and Software acquired Premier. The D of J required ES and S to divest, so ES and S sold to Dominion.
https://en.wikipedia.org/wiki/Premier_Election_Solutions
New name, then new owners; problem solved.
For those who need background, I recommend reading the whole article. Also: https://en.wikipedia.org/wiki/Hacking_Democracy ; http://gizmodo.com/200693/how-to-steal-an-election-with-a-diebold-machin... ; http://www.salon.com/2011/09/27/votinghack/ and http://www.politico.com/magazine/story/2016/08/2016-elections-russia-hac...
Democrats have claimed stolen elections more than once, yet Democratic majority Congresses have never brought this to a vote, even after holding hearings. Ask yourself why.
a couple of links on election fraud
Bob Fitrakis, atty in Columbus with suits underway
Bob Bites Back: Fear and hacking at the Democratic National Convention
and trustvote.org
http://trustvote.org/
and
EXCLUSIVE: Interview With Ohio Election Fraud Lawyer Cliff Arnebeck
Bob and Cliff better watch themselves, less they fall victim
to a terrible accident like this poor attorney...
These are disturbing times.
"I used to vote Republican & Democrat, I also used to shit my pants. Eventually I got smart enough to stop doing both things." -Me
According to snopes...
He was just a process server.
http://www.snopes.com/2016/08/04/dnc-lawsuit-process-server-shawn-lucas-...
However, if you read the whole article, they use the word Conspiracy Theory a lot, but never mention how he died. In fact the company doesn't mention it either. You'd think after a month it would be common knowledge, right? Or at least they'd have a press release or something.
I do not pretend I know what I do not know.
Hi DonMidwest!
Thank you so much for posting that interview with Cliff Arenbeck. I read it a couple of days ago - chilling! These are the things that are not being reported in the media, as they are complicit in undermining our democracy as we speak. This needs to be on social media. When will the citizens truly have had enough?
"The “jumpers” reminded us that one day we will all face only one choice and that is how we will die, not how we will live." Chris Hedges on 9/11
A bunch of states are abandoning electronic voting machines.
http://thehill.com/policy/cybersecurity/222470-states-ditch-electronic-v...
Instead, they're going to paper. Paper is more difficult to mess with, although it's possible, especially in San Diego and a bottle of White Out. But I think that with paper, fraud is more likely to be localized and not systemic.
I suspect this change was brought on by Republicans who saw what Hillbots did to Bernie.
Life is strong. I'm weak, but Life is strong.
Then they get machines to count the paper, so.....
Where humans are in charge,
if cheating is possible then someone is doing it. Many of these machines were made to be easy to influence. The concerns have been there from the start and for good reason. We need to mandate the paper ballot and triple levels of security on that system. If someone is caught messing with vote counts the punishment should be swift and severe.
Where is Alan Turing
when you need him?
"I can't understand why people are frightened of new ideas. I'm frightened of the old ones."
John Cage
Tormented into suicide
By a country that may have owed it's very survival to him.
We can’t save the world by playing by the rules, because the rules have to be changed.
- Greta Thunberg
I know
It is a great sadness and a great stain upon Britain.
"I can't understand why people are frightened of new ideas. I'm frightened of the old ones."
John Cage
Very true, but...
...those machines are ever so much more profitable than paper ballots, so, you know...
This is my favorite de-bunking tool for voting machines
This video effectively kept the Netherlands from using E-voting back when it was first being trotted out. I love how it runs like a NASCAR pit stop. 60 seconds of stomping the "secure e-voting" myth FLAT.
https://youtu.be/EowKalRT3lc
"Capitalism is the extraordinary belief that the nastiest of men for the nastiest of motives will somehow work for the benefit of all."
- John Maynard Keynes
If there is to be electronic polling then
there must be a paper receipt issued to each and every voter. A receipt that is serialized and made with durable bonded paper; as secure at least as a 100 dollar bill. The information of the cast vote on the receipt should be easily read by humans as well as a matching QR code. The voters actual personal information not being easily read by humans.
"I can't understand why people are frightened of new ideas. I'm frightened of the old ones."
John Cage