Security Firm Shows How To Hack a US Voting Machine (bleepingcomputer.com) 209
An anonymous reader writes: "Three days before the US Presidential Election takes place, California-based security firm Cylance showed the world how easy it is to hack one of the many [electronic] voting machine models that will be deployed at voting stations across the US on Election Day." Bleeping Computer reports that "The machine that Cylance researchers chose for their test was the Sequoia AVC Edge Mk1, one of the most popular models... The technique researchers created modifies the Public Counter, but also the Protective Counter, which is a backup mechanism that acts as a redundant verification system to ensure the first vote results are valid." Physical access is needed to hack the machine, but the hack takes a short time to perform.
FBI Director James Comey said in September that America's voting machines would be hard to compromise because they're not connect to the internet, but these researchers simply used a PCMCIA card to reflash the machine's firmware. Comey also made the reassuring point that it's hard to "hack into" America's voting system because "it's so clunky and dispersed. It's Mary and Fred putting a machine under the basketball hoop at the gym."
FBI Director James Comey said in September that America's voting machines would be hard to compromise because they're not connect to the internet, but these researchers simply used a PCMCIA card to reflash the machine's firmware. Comey also made the reassuring point that it's hard to "hack into" America's voting system because "it's so clunky and dispersed. It's Mary and Fred putting a machine under the basketball hoop at the gym."
physical access to machine? (Score:4, Interesting)
Re:physical access to machine? (Score:5, Interesting)
They and a few hundred of their friends could register to vote?
Guaranteed physical access to at least one machine per person involved in the conspiracy. Flipping a few key precincts is all you need to have a high probability of changing a US presidential election outcome.
Re: (Score:2)
For the most part, they'd need to be registered in each precinct. Registering with a fake address is one of the easier forms of voting fraud to detect.
Re:physical access to machine? (Score:4, Insightful)
For the most part, they'd need to be registered in each precinct. Registering with a fake address is one of the easier forms of voting fraud to detect.
Yes. There is also little need to rig the precincts because the two-party system itself dominates the electoral landscape.
Here are your "choices", voters! Aren't you grateful you live in a free Republic?
Re: (Score:2)
You'll note that, apart from rigging the machine, I did not suggest any other form of voter fraud needed to be a part of the conspiracy. Your confederates could actually live in those precincts (or live there just long enough to establish residency and vote there).
I'm not suggesting this especially realistic, just that this is how one could gain physical access to many voting machines to tamper with an election, which was the question asked by the OP.
Re: (Score:2)
Yeah, moving the vote to the Internet is the easiest way to make it safer. It is a good thing that the Internet is a currently more secure than Fort Knox.
Re: (Score:2)
Physical access is physical. Thanks for pointing that out, most of us were completely unaware of that fact.
You're assuming I'm stupid, but you're the guy yelling in bolded text about something I didn't even suggest.
Re: (Score:2)
While some voting precincts have the machines out in the open, many still respect the tradition of privacy and have the machine in a booth, with a curtain.
Re: (Score:2)
Pay no attention to that man behind the curtain! He is almost certainly not rigging the election!
Re: (Score:2, Insightful)
How do bad actors accomplish that on a large scale?
For example, there are Democratic Party's employees in every single town in the US, they are very well funded and organized, and even an 80 year old drunkard can simply insert and remove a pre-configured PCMCIA card, there's no need for "hackers"...
Re: physical access to machine? (Score:4, Interesting)
Given the Wikileaks' revelations, if I had to guess which part vote rigging could ever come from, I would definitely opt for Clinton. If a person is financed by Goldman Sachs, Qatar and Saudi Arabia, surely ethics isn't really a big deal for her, not to mention that we've just discovered that the same person is allowed to illegally process classified information on a private computer, which used to be a federal crime until few months ago.
I would feel safer and more reassured if voting count was performed by Cosa Nostra, at least they have some sort of "honor" to preserve.
Re: (Score:2)
Except for the fact you have only seen emails from one side. There is nothing to say the Trump side isn;t just as corrupt, we just haven't seen it.
That is what I find interesting about the reaction to the Clinton email leaks. Most of what is reported is stuff I have assumed goes on on both sides for a long time (dirty tricks, collusion with Super PACs, name calling, etc.) The difference in this case is we have an inside view of one of the sides so we can see it being done. There was very little shocking, it
Re: (Score:2)
I always assumed the hacks were from a disgusted insider, Bernie Sander was totally screwed by the DNC. The leaks are likely retaliation for that.Trump simply doesn't have the Political machine to pull off the level of corruption you see from the Clinton campaign; it takes decades to get enough dirt on people to be able to bully them around like Hillary does.
Coins for Hillary (Score:5, Informative)
This woman won 6 of 6 coin tosses to beat Bernie in Iowa.
That is incorrect information that was pushed by the media in initial frenzy of reporting, but completely debunked. Here's the Iowa Register story, which I would the most accurate source for information in Iowa: http://www.desmoinesregister.c... [desmoinesregister.com]
According to the Register, the report of Hillary winning six coin flips came from social media. Of the seven coin flips to break ties that were actually officially reported through the voting app, Sanders won six, and Clinton one. http://www.cnn.com/2016/02/02/... [cnn.com]
Here's a more interesting question: since Clinton did not in fact win a majority of coin tosses, what are the statistical chances that coin flips that happened to get reported in on social media would suggest that she did?
Another link: http://www.theatlantic.com/pol... [theatlantic.com]
Re:Thank you for correcting the record. (Score:3)
Thank you for correcting the record.
You're welcome.
Did you read the leaks where the rest of the Clinton staff scorns CTR?
I don't particularly care about the campaign's click-through rate (CTR) [acronymfinder.com].
app (Score:2)
A statement from social media is wrong, here, the proof is in another candidate's social media app!
Uh, no.
The "app" mentioned in the article is the Microsoft app used to report precinct results to the state office; it had nothing to do with social media. This was deployed by the Iowa Caucus (and used by both Republican and Democratic caucus, for what it's worth), but only used by about half the precincts (the other half just phoned the results in)
The app, from what people say, was slow and crashed a lot, but don't blame the results on the app-- the app was just the means used to report results.
Re: (Score:2)
Re: (Score:3)
And that is different from the other candidate being sponsored by loans from other foreign countries? How? Should the USA get rid of foreign sponsorships for its national leader, should be the more appropriate question, and work for America!
We did make that illegal a while ago; now they have to launder the money through charitable foundations and speaker's fees.
Re: (Score:3)
If surveillance is peace, then Trump could build new relations with Russia by giving them access to all the domestic surveillance data to show we have nothing to hide.
I just choked on my sandwich. Is this a comedy routine you're putting together? Because that's hilarious. You should suggest that to Trump immediately, it is stupid enough for his next speech.
Re: (Score:2)
Everybody knows a four hundred pound hacker can cyber in and PCMCIA over the Internet. The security aspect of cyber is very, very tough.
Re:physical access to machine? (Score:4, Insightful)
Break into the warehouse where the machines sit for 4 years...
Re: (Score:2)
When they come out of storage, ready for election season, they're set to factory settings.
Factory reset isn't going to do you any good if the firmware has been flashed.
What I do object to is that the machine's hardware/code is not available to the public for scrutiny.
This isn't going to do you any good either as even if you have the source code and the machine code of what is suppose to be on one of the dozens of machines, how do you verify that one or more of the machines haven't been flashed with a modified firmware?
My county uses scantrons. This seems like a reasonable compromise between quick counting and accountability. There are multiple machines. It would be easy to run the entire st
Re: (Score:2)
I'm not as concerned, but hey, I live in Texas where the outcome of the election is rarely in doubt and where there is little to be gained by doing this.. However..
I seriously doubt that this kind of "hacking" would be a serious problem in all but the most corrupt areas, and even then, it is pretty much a given that it would be hard to get away with it. First you need to have the firmware that does what you want. How do you get a viable bit of firmware that is altered to your wishes? You are going to ne
Re: (Score:2)
Actually it would be good for Texas to rig some of the vote to the Dems and make it seem worth their while to spend some money in your state; I know in 2004 I was kind of pissed that Obama didn't even bother to come to Michigan and spend a little money in the local economy.
Re: (Score:2)
Where I like the way you think, I'm not ready to start rigging things to either parties advantage. Besides, as there is a huge influx of displaced liberals moving to Texas for work from places like CA which bring the same tax and spend mindset that displaced them in the first place, there is no need to rig things. They are making up more and more of the voters so, unless something drastic happens, Texas will be a swing state eventually.
Eventually they will kill this golden egg laying goose too and we will
Re: (Score:2)
Which is why I will ONLY support Paper Ballots. Further, I will ONLY support single day voting, and in person with Ink Stains on fingers (except for VERY rare cases).
The system is ripe for fraud, and there is just about no real way to detect it, because there is no mechanism to do so built into our current system.
Of course, there will be the requisite person saying "there is no fraud", which is why I voted six times already (since there is no fraud, it isn't fraud, right?)
Re: (Score:2)
Scantron is best. Easily and understandably verified by hand, quickly countable by machine. Random audits can verify paper and program count are in agreement.
I agree. I don't understand why anyone uses anything else. We do also have a digital screen for the handicapped but I believe even that prints a completed scantron for you and if it doesn't it should.
Re: (Score:2)
Every two years.
When they come out of storage, ready for election season, they're set to factory settings.
Are they? By whom?
That would be the clearly best time to compromise the machine; you even have a perfect excuse for opening it up and meddling with the settings. "I'm just re-initializing the flash, according to procedure." You think the poll watchers have the slightest expertise in telling whether you're initializing to factory settings, whether you're installing an approved security patch, or whether you're installing malware?
What I do object to is that the machine's hardware/code is not available to the public for scrutiny.
Yep.
Also the way the machine's are procured is highly diabolical!
Don't know how machines are procured, so I can't comment on that one.
They don't (Score:2)
And this isn't the only make of voting machine used in the US. Large scale voting fraud just isn't possible in the US. Thousands of jurisdictions, potentially unique ballots for each jurisdiction, several different types of voting machines, plus absentee and early voting.
Re: (Score:2)
You don't need large scale fraud, you only need to defraud key population centers in a state. Think of how the electoral college works, you have districts broken up geographically and weighted by relative population. Take my state of New York for instance, this place is a solid lock for Hillary but most people don't realize how red it is; because of the overwhelming number of people in NYC we always come up blue in the polls. There are literally millions of people elsewhere in the state that are die hard re
Re: (Score:2)
1) Corrupt registered voters in each of those population centers;
Law of large numbers. We're talking about millions of people here, some are certain to be enthusiastic participants in such a scheme. The problem is identifying them, and I'd argue the tools for doing so probably exist today.
2) Find a way of hacking the machines in each of those population centers without being caught;
Voting machines are often in booths with a curtain. If the hack takes just a few minutes, it's reasonable that a bad actor could compromise the machine with no one thinking anything is especially odd.
3) Hack the votes in a way that initial diagnostics on election day will not notice the changes;
Tamper after initial diagnostics. Show up early and be in the first 10% of voters.
4) Evade suspicion when the machines return votes that are significantly disproportional to all polling leading up to the vote, and exit polls;
M
Re: (Score:2)
Large scale voting fraud just isn't possible in the US
And you know this how? Because the fact is, you can't possibly assure me that there is no large scale fraud, because we have absolutely no way to detect and protect the vote against fraud. Just because you say it, doesn't mean it isn't happening.
My guess, is that fraud is happening in just about every precinct. Which means it is large scale. It may or may not be organized, we wouldn't know. Unless you watch Project Veritas which kinda shows it is organized and large scale.
Re: (Score:2)
True, but Bush/Gore vote count in FL aside, how many elections are really that close? MOST elections don't even require counting the absentee ballots to know who won. As much as some would like to cast our election vote counting processes in to doubt, there really isn't an issue.
Vote fraud still needs to be looked for and dealt with strictly when found, regardless of if it affected the outcome, but those who trot out voter fraud as a reason somebody won or lost really don't have a case in the vast majorit
Re: (Score:2)
it is virtually impossible to get a "hanging chad" while voting properly, with a single ballot. Both sides knew it, but didn't want their little secrets exposed, since both sides were culpable. Which is why we got the theater of inspectors looking at the ballots trying to determine "intention" of the voter, based on a Hanging Chad.
Florida was exposure of the fraud, it is just that too few people actually recognized it for what it was.
Re: (Score:2)
Which is why Bush went to court to stop the recounts... And Why the courts eventually agreed and rightly put a stop to all the foolishness... AND why they have electronic voting machines now.
Legally, Bush got FL's electors the moment FL's Secretary of State state certified the results, which was days before the courts got involved and the media frenzy hit full stride with their under vote, over vote, and dimpled chad stupidity. What amazed me was how many courts let the garbage continue, despite the clear
Re:physical access to machine? (Score:4, Insightful)
How do bad actors accomplish that [physical access] on a large scale?
Voting machines are stored when they are not in use, and in general, the places they are stored are not guarded by armed guards. (And, more to the point, are not guarded by pairs of armed guards.)
To get physical access to the machines, you just need to get a key to the warehouse that they're kept in. Try the janitor.
There are a large number of people associated with each voting precinct. You just need to insert one person. And you don't need to alter all the machines-- just a few.
Re: (Score:2)
To get physical access to the machines, you just need to get a key to the warehouse that they're kept in.....And you don't need to alter all the machines-- just a few.
I think you're overstating the ease of this. I have absolutely no idea where they keep the voting machines in my city between elections. I don't know if it's in one location or many. I don't know if they are somewhat distributed based on where they are used, or all in one central location. I'm guessing that only a small handful of people know these details. How do you propose figuring that out without arousing suspicion? Take all the janitors out for drinks and ask them about the warehouse contents? How do
security by obscurity approach to voting (Score:2)
You just proposed the "security by obscurity" approach to voting machine security.
You said it's hard for you to know what the security-- if any-- is for the physical location of voting machines, and since you don't know how to find out, that means they're secure!
Note that you haven't pointed to any reason to think at all that this information is being kept secret-- you just stated that you don't know, and therefore since you don't know, you "guess" that only a handful of people know.
Re: physical access to machine? (Score:2)
Pay residents (or even better, just ask rabid supporters of one party amd tell them they can help their party win) of different voting districts to register and then do the 'needful' on voting day.
Considering recent fraud operations ny syndicates have managed to withdraw funds from 1400 ATMs in 2 hours (e.g. http://money.cnn.com/2016/05/2... [cnn.com]) it really shouldn't be significantly more difficult to swing an election result.
Re: (Score:2)
Unfortunately with the state of politics in the US, it is so stupidly divisive and partisan that few places have a margin of more than 3-5% on a presidential election.
Re: (Score:2)
Re: (Score:2)
Re:physical access to machine? (Score:4, Interesting)
You don't need to do it on that large a scale, especially for the Presidential elections. In 2012, which wasn't a particularly close election, flipping 63 electoral college votes would have let the Republicans win. Either Washington State or Colorado and California turning red would have changed the election outcome. Changing California red (by one vote) would have required changing 1,507,164 votes. Los Angeles alone had enough votes for Obama that compromising it and making it around 80% Romney would have been enough to flip California. It would probably be quite suspicious if polling were that wrong, but scattering a few attack devices throughout Democrat-voting areas and reducing the majority there would probably not have been picked up, and if it's only two states where the polling is particularly different from the eventual outcome then people won't be too suspicious.
2000 was a lot closer. Changing only 5 Electoral College votes would have changed the outcome. If Al Gore had carried his home state, no one would have been particularly surprised and that would have ensured that he won with a fairly large margin. Rigging the voting machines so that 40,115 Republican votes across the state were counted as Democratic wouldn't have raised any eyebrows, but would have inverted the outcome of the national election. The election was hotly contested because Bush won Florida by a mere 537 votes, giving him all of the state's 24 Electoral College votes. A single compromised voting machine could easily have moved 269 votes from Bush to Gore and changed the election outcome. Of course, some will claim that compromised voting machines did flip around that number in the opposite direction...
Re: (Score:2)
Indeed, Al Gore only got 543895 votes more than Bush, so Bush would have had to compromise only a few machines to switch 275000 votes in order to win.
Wait a minute! Your electoral system is fricking retarded, so Bush didn't have to change anything!
Re: (Score:2)
How do bad actors accomplish that on a large scale?
You don't need to do it on a large scale, with the Electoral College Electors allocated on a all or nothing basis in all but 2 states, a small amount of fraud conducted in a few swing-states is enough to change a national election. Basically all you have to do is look at where the candidates are conducting rallies in the last 2 weeks, and you'll see where a little fraud will go a long way.
Re: (Score:3)
Kinda like the could by switching good paper with bad paper ballots?
Re:physical access to machine? (Score:5, Insightful)
Except the US government does not have custody of or access to the machines. The machines are owned, operated, and secured by local governments.
Thus an effort to by the US government to hack the machines would entail clandestine physical access to the machines -- a "black bag job". And to throw the electoral college you need to do a lot of burglaries in a big state, or a lot of burglaries distributed across multiple small states. In 2000 it could have been done by hacking a single precinct (about 2500 voters in FL), but nobody could have known it would be quite that close; so you'd really need to hack a lot of machines to be sure, and if you're doing something like that you want to be very sure. It's a cost/benefit calculation: hack too little you risk getting caught and undermining a legitimate victory; hack too much and your risk of getting caught goes up rapidly as more people and places are involved. Nobody could know in 2000 that the margin would come down to 537 out of eight million registered voters.
And in 2016 the risk/benefit math is dominated by this fact: if you add up all the safe states for each candidate, Clinton has to win just 18 EVs from the remaining contended states; Trump needs to win 107. If Clinton wins just one of the five largest contested states she wins the electoral college; this amounts to five rounds of single elimination for Trump. On top of this there is a massive disparity in ground game. Trump only started to organize get-out-the-vote (GOTV) infrastructure in the final weeks of the campaign, making it difficult for him to score upsets over polling. Clinton has been preparing her ground game for years.
So it makes no sense for Clinton (supposing she had friends in the FBI or CIA to help her) to risk undermining the legitimacy of an election she is very, very probably going to win.
All that said, voting machines DO pose a serious threat to the legitimacy of local elections. Also, voting machine malfunctions could well throw the presidential election one way or the other.
Re: (Score:3)
Electronic voting doesn't solve any "fraud", it just opens up new avenues. And since there is no way to validate the vote afterwards, it is an easy point to attack.
And this is why you see "calibration" error videos where picking one candidate actually selects the other. It isn't "fraud" without intent, and you can't prove intent with a machine. And since it is a machine, any fraud actually happened elsewhere.
America can be saved embarrassment (Score:2)
Re: (Score:2)
Odds are largely determined by where people are placing their bets. The house always wins...they're not guessing. Sanders has 66/1 odds because some morons actually put money there. But nobody's betting on aleppo-man, so he's got worse odds.
Bullshit defense (Score:3)
"Comey also made the reassuring point that it's hard to "hack into" America's voting system because "it's so clunky and dispersed..."
Did the FBI just use "clunky and dispersed" as an excuse to dismiss the lack of security surrounding the very core of our democratic process?
What kind of ignorant fuckery is this shit?
How about we properly mitigate security risks with a common sense approach that's a bit better than relying on Mary and Fred under the basketball hoop.
Did he recently meet someone out on a tarmac or something? Just curious...
Re: (Score:2)
How is that a bullshit defense?
I've heard the self-appointed security experts scream about how bad "monocultures" are for security, and Comey basically just said that there isn't a monoculture in the voting systems. That should be a good thing.
Re: (Score:2)
Mono-cultures are bad, but heterogenic IT environments are not inherently good - they still need to be otherwise safe, and not merely rely on being "varied".
Re: (Score:2)
How is that a bullshit defense?
I've heard the self-appointed security experts scream about how bad "monocultures" are for security, and Comey basically just said that there isn't a monoculture in the voting systems. That should be a good thing.
Because it would be fairly easy to buy off a few "Marys and Teds" in a few key districts. You likely wouldn't even need to buy them off. Becoming a janitor at the place where the machines are stored would probably be sufficient. Clunky and dispersed is not a security strategy. It does make it slightly harder to coordinate a large scale attack but only slightly. You lose the advantage of doing it all at once but you gain the advantage that each place has it's own security and my guess is that many of th
Re:Bullshit defense (Score:5, Interesting)
its not ignorant just because you don't understand the point being made.
theyre making the point that because we don't have a uniform centralized system controlled from the top down anyone who actually wants to attack the electoral process would have to expend a tremendous amount of resources to have any affect.
my county uses paper ballots, that go into a scantron type scanner permanently attached to a large pelican case. the scanner is non-networked. the next county over still uses punch cards (hopefully of a better quality than Florida's). in both cases the final tally is only accessibly by authorized personnel who must physically transcribe the number, with multiple person verification, onto a form that's reported to the sec state.
the clunky and dispersed nature of the system IS a form of security, rather than a lack of it.
an attacker might be able to exploit a flaw in the machines or even the people used by one county, but that's it. the attack can't proceed any further than that one county. to scale up requires an equal level scaling up in the size of the conspiracy and it simply becomes unworkable and unreasonable to actually pull off.
Re: (Score:2)
Re: (Score:2)
you still missed the part where its not "the attack" but the "several dozens of different attacks".
40-50 people wouldn't even get you one state.
no, the voting machines simply aren't a practical workable attack vector.
no, I think the best place to try to influence the instead is a single point of failure, say, a single person, easily corruptible.
like say the person who runs the state elections, the state Secretary of State.
and oddly enough, it seems that's exactly what has been done, such as the one in North
Re: (Score:2)
...and that's assuming nobody notices a voter shutting down the machine, opening the case, installing a PCMCIA card, and bringing it back up... Pretty dubious, if you ask me. The level of conspiracy required to give someone enough time to not be detected while doing that would almost require a totally compromised election process to begin with--and if you have that, why bother compromising the machines?
Re: (Score:2)
The way the election works you don't need to rig it in a massive number of systems. There's no point in rigging an election in Illinois.
Find a battle ground state.
Find a battle ground county.
Flip a small few hundred votes.
Re: (Score:2)
That only works if the state's results is determined by a few hundred votes
See also: Al Gore. Florida. 2000.
Re: (Score:2)
Re: (Score:2)
Comey is quite correct actually. The USA is very large, with thousands of voting stations. Compromising one or two machines may be easy, but compromising thousands, not. Maybe you should come out for fresh air more often for a reality check.
Here's a breath of fresh air for you. The wealthy and powerful spend millions of dollars to essentially buy (the legal term is fund) an election to ensure their selected candidate wins, so never underestimate the effort many take to ensure a win. A Secretary of State used connections to threaten Attorney Generals on tarmacs to avoid prosecution, forensically nuked evidence, ensured all those involved were untouchable with an unprecedented amount of immunity deals, and then lied to the American people abou
Re: (Score:2)
How clunky and dispersed was Hillary's email server?
Re:Bullshit defense (Score:4, Insightful)
Comey is the guy who's come out and said Hillary Clinton is basically innocent of any criminal wrongdoing. You'll forgive me if I don't have too much faith in his opinion.
Re: (Score:2)
He basically said she was "not charged", and incompetent. The problem is, liberals only see that as "innocent" and not the "incompetent" part.
Any sufficient level of incompetence is indistinguishable from malice. (apologies to Arthur C Clarke)
(NO, I am not voting for Trump either)
Comment removed (Score:3)
Re:Best solution I ever heard (Score:4, Insightful)
and your boss can force you to vote their way with that as well.
Re: (Score:2)
The receipt can be some soft of salted checksum/encrypted key of your vote. It should be easy for the system to verify that your vote counted without revealing how you voted.
This would solve both problems of verifying your vote counted, and keeping it secret.
Re: (Score:2)
This is kinda an asinine criticism about electronic voting. There's all sorts of illegal things your boss can do. It's up to you to turn him in to the police, same as you would if he was committing any other federal crime.
Actually it's a very real outcome. Most companies are very easy to figure out how they lean. So with a receipt they will require you to prove you voted by showing it to them. Then while they can't outright terminate you then and there without opening themselves to a legal mess, you can certainly expect to see yourself getting worse jobs, lower bonuses/raises, not getting promotions, higher on the list for layoffs, etc..
That kind of stuff was done before and is what led to all the voter protection laws that
Re: (Score:2)
If you're in this sort of relationship, the least of your worries is which of the two candidates becomes the president. It's a terrible thing for anybody that it happens to, but I don't think there's enough to sway the vote one way or the other.
Secret ballot is important (Score:5, Insightful)
An abusive spouse is just one of thousands of scenarios of voting coercion.
The U.S. adopted secret ballots for a reason: to make it harder to implement vote buying and coercion. Maybe you're thinking that in modern times when everybody is trustworthy and nobody had bad motives, we don't need this safeguard.
But nevertheless, there is a reason for the secret ballot, and we shouldn't undermine it.
Re: (Score:2)
I've very much in support of the secret ballot, but I don't see spousal coercion being a relevant argument about why we should keep the secret ballot. I'm much more worried about the current government in power being able to determine who I vote for for than other individual entities like my boss or my spouse. Things like that have a much more likely scenario of changing the result.
Worst solution I ever heard (Score:3)
"Vote for $CANDIDATE or your daughter has an accident. Bring me your ballot receipt on Tuesday night and we can forget this conversation ever happened."
We have secret ballots for a reason.
Re:Best solution I ever heard (Score:4, Insightful)
Scantron is fine since it combines a simple, reliable, non-networked and relatively hard to hack scanner at each polling location with easy to read paper ballots as a backup in case of mischief. That combines the basically instantaneous and accurate results of a machine with the
The receipt of who you voted for is a disastrously bad idea though. First of all, there's no way that receipt could ever be used in a recount for obvious chain-of-custody reasons so it doesn't reduce fraud at all. Second of all, it makes it so that a black voter in Philly better show that he voted for Hillary or else -- or that a white voter in rural Alabama better show he voted for Trump or else. Nobody (ok, nobody with any integrity) wants that.
Re:Best solution I ever heard (Score:4, Insightful)
*Sigh* - the voting system shouldn't have a receipt you can use to prove who you voted for. This leads to (a) vote selling and (b) coercion. This is a simple basic requirement of the voting system. Please don't make recommendations until you learn the basics.
Re: (Score:2)
We already have the ability to do all that anyway. Somebody forces you to use your phone to take a picture. You may counter that taking a picture in a voting place is illegal, but so is vote selling and coercion.
But there are people in the polling place watching for you to be doing something like that. During the primaries I got chewed out by the staff in my polling place because I pulled my phone out to check a text message. So they are (or are supposed to be) watching for that kind of stuff and doing something about about it.
Hell, I vote by mail. How is there any proof my employer or whoever didn't force me to sign up to vote by mail, then supervise me as I filled out my ballot?
Very true and one of the many reasons I disagree with mail in ballots. They serve a valid purpose, but are far too over used by people that were never meant to use them. Counties should have
Re: (Score:2)
I totally disagree with mail in ballots especially for those working overseas. Those working overseas are not affected by the decisions congress makes so they should not have a say in who goes to Congress. Same for mail in ballots. If you cannot be bothered to come to a polling station to vote than you don't care enough for democracy and your vote should not count. Same for old and invalid folks. They are no longer contributing to society so they will only vote for the ones who promise the most free giveawa
Re: (Score:2)
I can only assume you're being sarcastic.
Most of your suggestions are labeled as "discrimination", "Voter intimidation" and "disenfranchisement" of minorities (and why I think you're being sarcastic). But, consider what this message actually says about minorities, that they are INCAPABLE of being educated enough to vote. Let that sink in for a moment.
That is the real racism of low expectations.
Re: (Score:2)
Instant voter fraud protection because if your vote mysteriously goes from Clinton to Trump or vice versa
Vote swapping is far from the only type of voter fraud out there and this wouldn't address the others.
It also gives rise to voter intimidation. Currently there is the one copy of the vote and the voter is the only person that actually knows who they voted for. So if someone is intimidating them to vote one way or another, they can still vote as they want and tell the intimidator whatever they want to hear. Add in receipts and not the intimidator can verify that they voted as directed and take action if they
Re: (Score:2)
This would work if instead of giving the receipt to the voter the receipt was put into a ballot box and the ballot boxes stored. If anyone disputes the electronic count as they find it not matching their expectation you file a challenge and the stored ballot boxes are counted manually. This also solves the issue of pushing the wrong button. As the vote is printed out the voter can see they pushed the worng button so they can cancel the vote and do another. Machine will store which votes were cancelled so du
Re: (Score:2)
You press down hard and get a carbon copy of your ballot to take home.
I don't WANT a carbon copy to take home; so after the revolution the other side finds my old ballots and puts me up against the wall.
I want the electronic voting machine to spit out a receipt summarizing my choices that I can look over and drop in the guarded box on the way out. If fraud/bugs/whatever is suspected in the machine's tally then the election officials can manually add up the papers from the box.
Future statement by FBI Director James Comey... (Score:2, Funny)
... some months from now, regarding the alleged vote-rigging through hacked voting machines during the 2016 presidential elections:
"Although we did not find clear evidence that Hillary Clinton or her colleagues intended to violate laws governing federal elections, there is evidence that they were extremely careless in the handling of voting machines...".
Following the above statement, and after riots and protests in the streets, the FBI reopens the investigation, analyzing 650K contested votes in Florida whi
What is not mentioned in the article. . . . (Score:2, Informative)
Is wireless access to the machines. A machine does not have to be connected to the internet to be hacked remotely. How many of these machines have wireless cards? Then, all a hacker (or insider) needs to do is pull up to the voting location with a laptop that has a wireless connection and all the right passwords and . . . . code adjusted! There are reports of this happening in Virginia when Mitt Romney went up against Ron Paul in 2012. It was a very close election at one precinct that was going up and
Paper... (Score:5, Insightful)
The paper and pencil voting system with manual counting is even more unhackable, and easily verifiable whilst still being anonymous and immune to vote selling ad coercion ...and is used all over the world with no real issues ....
Re: (Score:3)
The paper and pencil voting system with manual counting is even more unhackable, and easily verifiable whilst still being anonymous and immune to vote selling ad coercion ...and is used all over the world with no real issues ....
Yes, this is correct. As Stephen Spoonamore says, "Paper ballots, please".
These touch-screen voting machines cannot be trusted. If for no other reason than their code is proprietary. If they can't be independently audited, they can't be trusted. In some cases machines have been observed to flip votes and count backwards. Why would a voting machine need to be able to subtract or process negative numbers? In short, they shouldn't.
Paper ballots, please.
Re: (Score:3)
Who is going to be able to verify all the lines of code? Even if you had a million programmers looking at it, something will probably still slip through, after all there are contests every year on making code that looks legit but is actually nefarious.
Who makes the compiler? Can you trust them? Has the code for the compiler been checked into? There's a legend
Re: (Score:2)
Re: (Score:3)
The paper and pencil voting system with manual counting is even more unhackable, and easily verifiable whilst still being anonymous and immune to vote selling ad coercion ...and is used all over the world with no real issues ....
Agreed. And in most of the rest of the world they require 1) a photo ID and 2) dye a finger. Put all that together and elections are are pretty easy to do. It's odd that there's one party that is against common-sense voting laws.
Re: (Score:3)
The "dye a finger" thing has some concerns. In some elections, you really want a certain class of person to just not vote. The dyed finger is proof that you voted - and it's hard to wash off (intentionally, obviously). So the bad guy can threaten to beat the crap out of people who voted and still gain an edge. This isn't a theoretical problem.
Of course, you can achieve a similar effect by simply hanging out outside the voting location and noting which people went inside.
But the easier you make it, th
Re: (Score:2)
The paper and pencil voting system with manual counting is even more unhackable, and easily verifiable whilst still being anonymous and immune to vote selling ad coercion ...
But you cannot sell expensive machines at a large markup if you used reliable paper-and-pencil voting.
Re: (Score:2)
Boring (Score:2)
Modifies the public and protective counter? *FAIL* (Score:2)
Geez, it's like no one ever thought of protecting the counters by making a hand-written backup of those numbers after the machines have been certified, but before voting begins.
I am a volunteer poll worker in Virginia. Not only do we record in pen those numbers when we open the equipment, we do a running comparison of the public counter totals to the total number of people who were checked-in on the poll books, every hour. If those numbers are off by even 1, it is a major event, we have to make an immediate
Re: (Score:2)
So if someone shows up, checks in, then doesn't actually vote...it throws you into chaos? I think that's something you might not want to advertise too widely!
Re: (Score:2)
Thanks for the info. Let's go a bit deeper.
Say the totals don't match by a couple. What happens to the votes from that particular machine (or the polling place in general)?
Could these type of activities be used not to alter the results of an election, but for disruption?
Universal Hack (Score:2)
So to pull this off you need (a) a voting machine to play with to learn the techniques and (b) physical access to every voting machine you need to influence.
My approach is to make a completely fake voting machine, with the same interfaces as the real thing - and just swap the whole machine out when I have physical access to it.
This thought-experiment shows that with those two things (a machine to play with and physical access) there is no conceivable security measure that'll be 100% effective. So control
Let's spread some more FUD, why don't we? (Score:2)
Let's see, OH, yes, Wired ran a guide yesterday to how to rig an election in 10,000 easy steps:
https://www.wired.com/2016/10/wireds-totally-legit-guide-rigging-presidential-election/?mbid=social_twitter
Way easier just to pay off your special interest groups.
Re:Humans != Good Vote Counters (Score:2)
Machines do not make integer mistakes. Humans make them frequently, even when they are not biased. And every human is biased.
Humans can screw up simple integer addition programming -that is true. But, again, it's a human problem not a machine problem.
Humans, when looking at the scale of 100 million operations, are wildly more costly than computers
Humans have a much shorter MTBF than any well engineered machine - and shorter than many poorly engineered machines
Humans are specifically the reason that machines
Re: (Score:2)
We have people the need the machines languages various disabilities etc etc etc. It's trivial to make a machine that print human readable ballots that can be machine and human tallied. It's very hard to hack that if you assume the humans will actualy check the printed ballot before casting it. Rules that the human readable portion is the one of note is trivial. In the end all of he good parts of machine voting without any of the bad parts.
Re: (Score:2)