Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
United States Politics

DARPA Is Building a $10 Million, Open Source, Secure Voting System (vice.com) 232

samleecole writes: For years security professionals and election integrity activists have been pushing voting machine vendors to build more secure and verifiable election systems, so voters and candidates can be assured election outcomes haven't been manipulated. Now they might finally get this thanks to a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.

The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems. The system will use fully open source voting software, instead of the closed, proprietary software currently used in the vast majority of voting machines, which no one outside of voting machine testing labs can examine. More importantly, it will be built on secure open source hardware, made from special secure designs and techniques developed over the last year as part of a special program at DARPA. The voting system will also be designed to create fully verifiable and transparent results so that voters don't have to blindly trust that the machines and election officials delivered correct results.

This discussion has been archived. No new comments can be posted.

DARPA Is Building a $10 Million, Open Source, Secure Voting System

Comments Filter:
  • by cayenne8 ( 626475 ) on Thursday March 14, 2019 @01:08PM (#58273442) Homepage Journal
    ...still keep the votes anonymous and untraceable back to the US citizen that is doing the voting?

    That is very important and didn't see that listed in there in the top level checkoff marks.

    • The 1960 John F. Kennedy vs. Richard Nixon election is widely acknowledged to have been rigged [newsweek.com]

      There have been no changes in the law to prevent exactly the same thing from happening now and there are no efforts to determine if it still happening.

      • I mean, I would go for the actually legally determined example from 2018, not the rumor from 1960, personally. You know, the one in North Carolina that was so bad they are re-running the election.

  • building us a voting system?

    That would be like the Fox counting the Chickens.....

    • Re: (Score:3, Informative)

      by willy_me ( 212994 )

      The US wants stability (because it is more profitable) so it promotes freedom and democracy around the world. A secure voting machine sounds like exactly what is required. Without some way of maintaining a democracy after the fact, what point is there in military intervention?

      Good luck getting these machines used in the US. There is too much money pushing for existing proprietary solutions. So I think one should not assume that this system is designed solely for us. Their target will be global.

    • Apparently they have an open source secure computing initiative and were casting about for a non-classified application to show off their new toys. I guess?
    • by Actually, I do RTFA ( 1058596 ) on Thursday March 14, 2019 @04:18PM (#58274698)

      The Department of Defense does a lot of things that are designed to promote democracy, under the theory that democratic countries just don't declare war on one another (or at least, are far less likely.) Notably, they were (are?) heavily involved in TOR.

      Also, current voting machines are a clear threat to the US,and their job is to deal with those threats.

    • Well, but the fox can easy make an easy recount.

  • Overcome by events (Score:3, Interesting)

    by Anonymous Coward on Thursday March 14, 2019 @01:16PM (#58273506)

    Vote by mail is growing rapidly and in many places exceeds polling place voting. VBM increases voter turnout and solves so many problems that polling place voting probably isn't worth salvaging.

    • Re: (Score:3, Informative)

      by eaglesrule ( 4607947 )
      Vote by mail also leaves a paper trail in the form of the ballot. I also find it very convenient to take my time researching the candidates, time that is better spent than waiting in line at a polling station. Personally delivering the ballot to the county clerk on election day also helps ensure it doesn't get 'lost'.
    • by MightyYar ( 622222 ) on Thursday March 14, 2019 @01:37PM (#58273616)

      Vote by mail only works when things are going along quite well. We just witnessed what can happen when things do not go well in North Carolina, where the handful of mail in ballots spoiled the entire election. Vote by mail allows voter intimidation and vote buying - makes them almost trivial, in fact. People act as if "The Machine" in Chicago never happened, as if we somehow matured away from that sort of thing. No, we implemented hard-fought voting reforms that corrected the problem - some of which vote by mail now eliminates.

    • by sycodon ( 149926 )

      Voting by mail has no Chain of Custody controls. None.

      You drop the envelope in the mail and it's open season on fraud from that point on.

    • Colorado voter here. I sat at my kitchen table with my kids and made a big show of looking up information as I filled out my ballot (I had already done the research). Dropped off my ballot at one of the boxes along my way to work and was able to verify it was received in 2 days. Colorado had the 2nd highest participation in the 2018 mid-terms behind Minnesota. You can go vote in person if you want to but this is so much easier.
  • Hey DARPA.... (Score:2, Interesting)

    by Anonymous Coward

    This special 'secure' open hardware: Will you actually ensure there is a reference platform available, for less than say 500 usd to the average consumer, so that we can develop on, test, diagnose, and verify this hardware ourselves, or use it to ensure the security and authenticity of our own application code?

    If not, then it is just a 10 million dollar sham. The software, even if perfectly secure by itself, is not trustworthy unless the underlying hardware is trustworthy, and the underlying hardware isn't t

  • by Dixie_Flatline ( 5077 ) <vincent@jan@goh.gmail@com> on Thursday March 14, 2019 @01:22PM (#58273540) Homepage

    What's next, letting EVERY citizen vote?

  • The voting system will also be designed to create fully verifiable and transparent results so that voters don't have to blindly trust that the machines and election officials delivered correct results.

    And ... it comes with a free unicorn!

  • by Albanach ( 527650 ) on Thursday March 14, 2019 @01:50PM (#58273688) Homepage

    I've posted this before, but it's worth saying again.

    In the early 2000s, there was a GNU project [gnu.org] to build a secure online voting system. They ceased work in 2002, citing the project as being at best difficult and at worst, impossible. They quoted Bruce Schneier, one of the foremost experts in computer security as saying "a secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers... [B]uilding a secure Internet-based voting system is a very hard problem, harder than all the other computer security problems we've attempted and failed at. I believe that the risks to democacy are too great to attempt it."

    I see no evidence that Schneier has changed his mind or that any other comparably qualified expert has suggested he's wrong.

    • by nuckfuts ( 690967 ) on Thursday March 14, 2019 @02:10PM (#58273802)

      In the early 2000s, there was a GNU project [gnu.org] to build a secure online voting system.

      The article has nothing to do with online voting. It is talking about more secure and verifiable systems than are currently used at polling stations.

      To cite one example from the article:

      In a voting system, this means the hardware would prevent, for example, someone entering a voting booth and slipping a malicious memory card into the system and tricking the system into recording 20 votes for one vote cast, as researchers have shown could be done with some voting systems.

      • The article has nothing to do with online voting. It is talking about more secure and verifiable systems than are currently used at polling stations.

        Which is a fair point, but raises others.

        1) What is the problem we're trying to solve here? In most functional democracies, votes are easily verifiable through chain of custody either of paper votes themselves or paper audit trails.

        2) Many of the same concerns still exist. If these devices record votes or verify voters, they need to be secured. That's something

        • What is the problem we're trying to solve here? In most functional democracies,

          Hmmm....why would the Defense Department be interested in voting systems......perhaps something about the country not being a functional democracy post-invasion.

          Also, there's still plenty of places within 'functional democracies' with direct electronic recorded votes with no paper trail.

          In other words, securely computerizing the polling booth is, to an extent, even more challenging than where you try to implement networked voting.

          You're kidding, right?

          "Hey Bob....what's that angle grinder for?"
          "Oh, just like carrying it around"
          *Poll worker ignores incredibly loud racket as the hardened case is cut open*

          • "Hey Bob....what's that angle grinder for?" "Oh, just like carrying it around" *Poll worker ignores incredibly loud racket as the hardened case is cut open*

            Why would they cut it open? They could just wait until the polling station is closed, hack into the software running the voting machine, and alter the votes recorded. Or are you not aware that the most likely people to want to modify the outcome of the vote are those running the vote counting process?

            • Why would they cut it open? They could just wait until the polling station is closed, hack into the software running the voting machine

              :facepalm:

              So, the voting machines are only rolled out on election day. At the end of election day, the data is copied off the machines and they are rolled back into a locked/guarded warehouse. Where altering the totals in the machines don't do any good.

              They are not just sitting their 365 days a year.

              Or are you not aware that the most likely people to want to modify the outcome of the vote are those running the vote counting process?

              Which is why that part of the process is observed by members of the political parties on that ballot. If the poll workers try to alter the votes to favor one party, observers for the other party are standing

    • Harder than secure online banking? Come off your high horse buddy.
    • The key difference between that project and this one is the DARPA project does not use the Internet. Heck, it isn't even a 'networked application'. Thus reducing the attack surface to locations that can be physically monitored by adversarial parties.

  • real problems (Score:5, Insightful)

    by Tom ( 822 ) on Thursday March 14, 2019 @01:53PM (#58273700) Homepage Journal

    The real issue with electronic voting isn't even the hackability of the system. Or the fact that an exploit scales to an entire country. The real problem is that there's no assurance anymore. A very simple process turns into something opaque.

    For you americans who don't understand how voting is done properly in the rest of the world, it goes like this:

    You put an X in the circle or box of your choice (sometimes several X in several boxes, but nothing too complicated). Then you seal that paper in an envelope or you simply fold it. Then you drop it into a box. That box is watched over by volunteers from all the major parties and basically everyone who cares to spend his time checking that the election is done properly. These same people at the end of the day open the box and count the votes.

    At no point is anything not accounted for. At no point is there an attack vector. The whole thing is so simple that an idiot can understand it and that's the point - because it means that every idiot or non-idiot can check it and verify that all is well. Think the box has been tampered with? Go and check the box. Think the paper is special? Go and check the paper. Think some votes were thrown into the box at the beginning of the session? Check the box at the beginning, then seal it, and at the end count the number of paper slips against your very simple tally sheet of people who voted.

    There are ways to fuck with the system, of course, there always are. But the low-tech approach also means they are low-tech and can be spotted. Tell me how you'll find the kernel-level backdoor in the voting system that knows which bits to flip in-memory without leaving any traces on the disk. And the number of people capable of validating a system at such a level are low enough to be pressured or bribed.

    A highly distributed low-tech system is exactly what we want for something like elections.

    • For you americans who don't understand how voting is done properly in the rest of the world, it goes like this:

      Hate to damage your arrogance, but about 80% of the US votes in the way you described. The other 20% bought expensive machines that they haven't replaced yet. But they are being replaced.

      Also, the massive gaping hole in your system that you didn't bother to think about is what do disabled people do? That actually was the primary selling point of all-electronic voting systems - handling disabled voters is far simpler. Blind people are gonna have a teensy bit of a problem marking a paper ballot, but a pai

      • In order to understand whether it is worth addressing your primary point we need to know how large the problem is. So, what percentage of eligible voters are disabled in a way which makes getting to the polling station and casting their vote excessively difficult?

        Beyond a certain point, and the U.S. is beyond that point, making it easier to vote is a bug not a feature. As one illustration of this, people who are not willing to make sure that they are on the rolls to vote a week or more in advance of the
        • In order to understand whether it is worth addressing your primary point

          Protip: Primary points do not start with "Also".

          So, what percentage of eligible voters are disabled in a way which makes getting to the polling station and casting their vote excessively difficult?

          To rephrase your question, "what percentage of people don't deserve their rights because they had bad luck?". And then you might notice just how awful your line of thinking is.

          Beyond a certain point, and the U.S. is beyond that point, making it easier to vote is a bug not a feature.

          Yes, those pesky voters might not choose the properly ordained candidate!!

          As one illustration of this, people who are not willing to make sure that they are on the rolls to vote a week or more in advance of the election (how far in advance is another question) are unlikely to have spent the time to understand who and what they are voting for.

          First, there's not particular time limit for removing someone from the voter rolls. Go ahead and do it on the day before the election so that you can get your preferred outcome while blaming the voters you disenf

      • Blind or otherwise disabled voters have a counselor who votes with them together.

        And, now the american system is not similar/the same, you punch holes into the paper. And the first as well as second Bush vote counters disregarded all votes for "the other one" where the paper had no full hole as: unclear vote.

        • Blind or otherwise disabled voters have a counselor who votes with them together.

          And that is far inferior to that person being able to fill out their own ballot. Plus, blind is not the only disability.

          And, now the american system is not similar/the same, you punch holes into the paper.

          :facepalm:

          First, there is no "American" system. Our elections are run by the states. There are 50 election systems in the US.

          Second, a minority of states ever used punch cards, and none have used punchcards since 2000.

          You have absolutely zero idea of what you are complaining about.

    • And the people who come voting are counted/registered.
      So if you have more or less papers in the ballot than people on the sheet of paper, you know something is wrong.

  • I'd bet 100 dogecoins that they're using blockchains. Trendy. That part about transparency kind of tips it off. Whatever happened to paper ballots, anyway?
    • Whatever happened to paper ballots, anyway?

      What, you actually believe that paper ballots are secure? Apparently you've never lived in a place where, now and then, a box full of ballots is replaced with another box full of ballots. With different votes....

      • Would not be possible in Germany.
        The votes are counted at the place of voting, in the same room. The box never moves anywhere.

    • LOLZ the art of throwing paper ballot elections was honed to perfection here in Chicago over 120 years ago. Of course, voting machine with handles were the solution! Yeah they'd tie Republic lever to Democrat one inside with rubber band or women's stocking....

      This message brought to you by the City of Chicago, where the dead vote early and often.

    • I'll bet 100 dogecoins that you didn't read the article. Cause the system uses printed paper ballots (retained for security/verification), fed into a scanner.

  • I don't understand how nobody ever mentions this but voting machines can't be both anonymous AND verifiable.
    The only way to check on the count is to ask the machine itself so it's no verification at all.
    That should be obvious to anyone thinking about it for more than 2 minutes.

  • But whatever a man can make, a man can break.
  • by superdave80 ( 1226592 ) on Thursday March 14, 2019 @02:57PM (#58274194)

    1. First machine is a touch screen. Voters make selections on screen.

    2. Once done a paper ballot with their selections is spit out, and they can visually check the ballot

    3. Second machine is a optical reader from a different vendor, and must use a different OS from the 1st machine. Paper ballot is inserted and read.

    4. Results from both machines are fed to a computer to be compared. If they match, vote goes through. If they do not match, vote is scrubbed and voter asked to try again.

    You have verification from two independent systems AND a paper ballot at the end.

    You are welcome.

    • so we compromise #4 and your idea becomes just as useless as an insecure voting machine

      thanks for playing

      • so we compromise #4

        I'm not really sure what you think that would accomplish. The original machine is still going to have the first tally. And the 2nd machine (reader) will have IT'S tally as well. Guess what happens when #1 and #2 say candidate Smith won and #3 says candidate Hacker won? You'll know something is up. And there is still a ballot printout of each vote that you could run through the scanner again if you like.

        thanks for playing

    • So, you read the article and quoted it here. Except #4 doesn't happen automatically (the optical reader tabulates, checked against a human count of the paper ballots). And the whole system is made by one company.

      • So, you read the article...

        Uh, nope. You must be new to /.

        ..and quoted it here

        Nope again. I had this idea a while back. And mine is actually better because their idea wastes the tallying of the first machine.

        I actually went back and read the article to see what else they had for their idea. I'm kind of surprised at this statement:

        Kiniry said they’re aiming to design their system without barcodes.

        Well, I hope so. Why would you use barcodes in this day and age? Any descent text reading program, especially on a ballot that is going to be consistently printed by you in whatever text/size you want, could handle this

  • I read this entire comment thread and was both surprised and disappointed at the lack of the obligatory xkcd. [xkcd.com]

  • by AHuxley ( 892839 ) on Thursday March 14, 2019 @05:46PM (#58275070) Journal
    and witnesses to watch over the local count.
    Candidates suggest some of their own trusted witnesses, gov has a few witnesses, civil society has some witnesses.
    Then count the nations votes in front of many witnesses.
    Everything adds up as each vote is seen and counted in front of many people.
    No code, computers to vote with are needed.
    Computer systems are liked by failed nations governments that want to subtly flip votes.
    Use paper to vote and photo ID every citizen.
    Enjoy some democracy without computers and illegal immigrants voting.

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...