They would have used up to date machines, but the manufacturers were too scared ro let them. So DEFCON had to make do with eBay finds
It took DEF CON hackers minutes to pwn these US voting machines
After the debacle of the 2000 presidential election count, the US invested heavily in electronic voting systems – but not, it seems, the security to protect them. This year at the DEF CON hacking conference in Las Vegas, 30 computer-powered ballot boxes used in American elections were set up in a simulated national White House …
-
Saturday 29th July 2017 16:28 GMT Anonymous Coward
The security of voting machines
Apart from the security vulnerabilities in the voting machine, a more serious issue is that they don't provide a paper record. Just how difficult can it be to have them print out a digitially signed ticket. Generate a hash from the ticket details + random number, print ticket details + hash as a bar code. The various state lotteries manage to do this twice weekly.
-
Sunday 30th July 2017 06:36 GMT tom dial
Re: The security of voting machines
Many, perhaps most, voting machines do produce a paper record that can, at need, be used for a recount.
Two observations may be pertinent, however. First, it is not obvious that the code could not be altered so that the information recorded in the internal memory device used for counting differed from what was presented on screen and on the printed tape. It would have to be done pretty far upstream and would have to be done carefully, and probably would be possible to discover by doing a hand recount of the paper tape from corrupted machines. (Absent the paper tape, of course, all bets are off, and those who sold, and bought, such machines should be ashamed if they are capable of feeling shame). Second, hand marked paper ballots as used for a couple of centuries, more or less, also do not provide a receipt. Trust is reinforced by evident physical controls like tamper-evident seals and padlocks, as well as oversight by election officials generally required to represent at least two political parties.
-
Sunday 30th July 2017 19:27 GMT Sir Runcible Spoon
Re: The security of voting machines
Iirc, the main reason to bring in electronic machines was to reduce the number of votes discounted due to 'hanging chads' or whatever.
The answer then, is simple. Press the screen for the candidate of your choice, machine prints out ticket with your vote on it - you then put it in a box so that it can then be counted later on.
Some things just shouldn't be too modernised. See Stainless Steel Rat for multiple reasons why.
-
-
Saturday 29th July 2017 16:59 GMT Not also known as SC
Why Electronic Voting?
I think it was a Tree House of Horror where Homer Simpson tries to vote for one candidate but ends up with multiple votes for the other? Because voting is carried out on a state by state basis why don't they just have paper votes and count them manually? With any black box system there is going to be suspicion that things aren't honest - isn't that why lottery machines are transparent?
-
Saturday 29th July 2017 16:59 GMT Anonymous Coward
There's a fix for this
1. Require all electronic voting machines to produce a paper trail that the voter can see to verify the vote was properly recorded.
2. Require that every state do a full recount of a few percent of randomly chosen precincts
3. If error is found over an acceptable margin (I'll leave it to the statisticians to determine the proper criteria for how many precincts to randomly recount and what the acceptable margin is) require a full statewide recount of all precincts
If you do this, hacking into the voting machines doesn't let you change votes, which mostly eliminates the incentive for anyone to try. Hackers could still DoS the machines, but that's not something that can happen under the radar like changing electronic vote totals, so it couldn't silently swing the election.
I think the place to be worried about hackers isn't hacking the individual machines one at a time since doing enough of them to matter would require a massive coordinated effort which would be impossible to keep secret. Where you need to worry about it is hacking at the voting machine's vendor (if you don't do the paper trail and random recounts above) or even worse, hacking whatever system they are using to receive, tabulate and report the totals from the precincts.
-
Saturday 29th July 2017 21:10 GMT ITS Retired
Re: There's a fix for this
The problem with electronic voting machines is that the "paper trail" doesn't have to agree with the real vote either. They are computers, after all. We need to go back to hand counted, pencil and paper ballots.
Who care if we don't know the winner until the next day? Other counties can do this for millions of votes, why can't we?
-
Sunday 30th July 2017 13:46 GMT Anonymous Coward
Re: There's a fix for this
"The problem with electronic voting machines is that the "paper trail" doesn't have to agree with the real vote either. "
Back in the distant past we had tape punches and tape verifiers. The puncher punched; the verifier entered what (almost always she) read as the same data and if there was a mismatch it was flagged up.
It is 1950s technology to be able to run the paper trail through a tape reader and verify that the result is exactly the same as the machine vote record. For proper security, the generator and reader of the tape should come from different vendors using different programs on different hardware but it is not hard. I vaguely recall having to produce pseudocode for just such a program many years ago.
-
-
Sunday 30th July 2017 05:55 GMT tom dial
Re: There's a fix for this
1. Is not an effective fix against those who can corrupt the code far enough upstream.
2. Hand recount of a selected small sample is not immune to manipulation by suitably placed election officials who may know which machines were tweaked.
The realistic solution is hand marked paper ballots. There is no need for, and at best marginal benefit from use of machines, although there may be some cost saving. The primary beneficiaries are the newsreaders of the nighttime news shows, and the election night shows that can "call" the elections before most of the people have gone to bed. There really is no good reason, though, that we all cannot wait until sometime the following day, especially as the official results normally are not posted for a week or ten days (or sometimes more) anyhow, to accommodate such things as legally required recounts, other recounts, and absentee ballots received after election day.
-
Sunday 30th July 2017 21:09 GMT bombastic bob
Re: There's a fix for this
"Require all electronic voting machines to produce a paper trail that the voter can see to verify the vote was properly recorded."
paper trail for auditing purposes, period. it would be needed for doing a recount. I think the machines already have that capability but it might not be mandatory. Collecting the printouts once per hour might help, like they way old-style ballot boxes are typically collected [multiple times throughout the day].
Seriously, though I think the electronic voting thingies are just "new, shiny". Old school paper ballots, with optical counting machines, work really well. My ballot had circles on it that you darkened with a blank felt pen. It's obviously read/counted by computer, and the overall design is hard to screw up.
-
Monday 31st July 2017 05:06 GMT Rattus Rattus
Re: There's a fix for this
No need for optical counting machines anyway. No need for machines at all. Vote the way we still do it here in Australia: Use a pencil to mark the box next to your candidate on a paper ballot and count them by hand, supervised by officials and representatives of all major parties.
-
Monday 31st July 2017 07:22 GMT Pompous Git
Re: There's a fix for this
"supervised by officials and representatives of all major parties"
Smaller booths might not have scrutineers from every party. In any event, there's much haggling over questionable votes: "I'll let you count that ballot if you allow this one..." And with preferential voting it's a matter of assessing probable preferential flow whether the trade is "fair". Hare-Clark is even harder to assess the value in a trade. Glad I don't do that shit no more :-)-
-
Monday 31st July 2017 18:49 GMT Anonymous Coward
Re: There's a fix for this
That's why you rely on machine counts for the unofficial results, and sanity check them to see if you need to do a full recount. Even if you choose to do a full manual "count" (it would really be a recount if you publish the machine count as unofficial) it wouldn't matter if it took a few days to complete it for the official results.
The only chance the result would be changed is if a state had very close results or there was hacking of the machines to try to change the results. There's no point to hacking if you know there's a paper trail that will definitely be used, so it really only matters in the case of a close election. The US survived not knowing who was going to be president for over a month in 2000, so waiting a few days in suspense once every century or so when the whole election hangs on a single close state isn't much to ask. Most of the time it doesn't matter, unless you care whether your guy won by 60 electoral votes or 40 electoral votes...
-
Saturday 18th November 2017 20:09 GMT Charles 9
Re: There's a fix for this
"The US survived not knowing who was going to be president for over a month in 2000, so waiting a few days in suspense once every century or so when the whole election hangs on a single close state isn't much to ask."
That very incident PROMPTED the push for electronic voting. And yes, people ARE that impatient, to the point Election Day is no longer a federally-mandated holiday anymore (mandated holidays are discouraged by things like the hospitality industry that DEPEND on holidays).
-
-
-
-
-
Monday 31st July 2017 06:09 GMT Anonymous Coward
@bombastic bob - paper trail for auditing
Obviously I meant that the paper trail would be used for auditing (that's the only proper way to conduct a recount that takes hackers out of the picture) but it is important that it is something the voter can see to verify his vote was recorded properly on the paper. Otherwise hackers program the machine to indicate a vote for Bob on the screen, but print Doug on paper a few percent of the time and a close election is swung my way that survives a recount.
I agree with you about paper ballots. I think the hanging chad thing and issues with overly complicated 'butterfly ballots' made people think "oh hey computers are great, let's have them solve all our problems" and went to the most advanced tech. It really isn't any more difficult to hand recount the 'filled circle' ACT/SAT test style ballots. That's what a computer would have to output to make it human readable, if it printed text and used OCR that's needlessly complicated, if it printed bar codes a person couldn't verify that the vote they cast for Bob wasn't changed to Doug on paper.
So why not skip a step and just give people the paper ballots? Where I live we've been using these every election I've ever voted in, so the technology is proven. Having a touch screen computer at every station instead of a #2 pencil just wastes money to acquire/secure them that could be used to pay the election workers to come back on Wednesday for the random recounts (or hell, mandatory full recounts since we probably saved enough money we could afford to do that)
-
-
-
Saturday 29th July 2017 19:14 GMT Bruce Ordway
Which models?
>>Diebolds to Sequoia and Winvote equipment
>> were bought on eBay or from government auctions
I wonder how old these voting machines were, when/where they were in service?
I do remember Diebolds as being notoriously insecure... a long time ago.
I wouldn't know about today... would not be surprised if they've been improved, are still junk or both.
-
Sunday 30th July 2017 17:10 GMT Bruce Ordway
Re: Which models?
>> When/where used
Per http://www.politico.com/story/2017/07/30/hackers-voting-machines-las-vegas-241130
- used until just two years ago.
- a model still used in parts of seven states, as well as all of the state of Nevada.
And this was nice too....
>> Though the device was supposedly wiped before it was sold by the government at auction
>>the hackers were able to uncover the results the machine tallied in 2002.
-
-
Sunday 30th July 2017 04:30 GMT willi0000000
the electronics are lovely but useless when casting your vote.
probably the safest method is manually marking a paper ballot . . . if a human can mark it a human can read and count it.
when it comes time to tally the vote a machine does it faster, and probably more accurately, than a human.
recounts can also be done by using other machines to get a first look and comparing it to the count by a human panel . . . if there is a discrepancy, the source should be relatively easy to find.
[ when all is said and done, i worry more about masses of people (olds, non-whites, poors) being disenfranchised by the various cures for non-existent voter fraud ]
-
Sunday 30th July 2017 06:49 GMT tom dial
It is "known" that vote fraud is (nearly) nonexistent primarily because there seems not to have been a diligent search for it. Suggested use cases include college students registering and voting where they attend school and also where they live when not attending school; and those who recently moved from one state to another, who might remain eligible in both states for several election cycles due to widespread sloppiness in registration list maintenance, combined with extreme resistance to efforts to compare registration lists between states. I thought about doing this the first time when I attended graduate school in Michigan while my legal residence remained in Ohio, and again when I moved from Ohio to Utah a few years ago.
Hand marked paper ballots, whether counted by hand or machine, are obviously superior to any voting machine.
-
Monday 31st July 2017 00:51 GMT Alan Brown
> It is "known" that vote fraud is (nearly) nonexistent primarily because there seems not to have been a diligent search for it.
Actual _voter_ is nearly nonexistent because it's unlikely to make a difference except in the most marginal seats - which get a lot of recounts and where any suspicion of multiple voting will get investigated. Personation (casting a vote using someone else's identity) is a bit harder to detect if they haven't voted, but otherwise is readily detected.
On the other hand _vote_ (counting) fraud is both hard to audit and difficult to detect. There's a saying attributed to Stalin along the lines that you don't need to control your voters, merely the people counting the votes.
This is why stealing ballot boxes and box stuffing are both actions that happen regularly in parts of the world and is _why_ every ballot has a serial number. If there's a box-stuffing incident you can check the serial numbers issued against the serial numbers in the box.
The best defence against electoral fraud is a vigilant public. Anyone can attend the counts and witness them.
-
Monday 31st July 2017 02:48 GMT Charles 9
But at that point, how can they be sure it's really their votes that were counted? It's not like a really good adversary would have two of everything, including voter rolls. Plus, there is an intractable voter problem: the conflict between two equal yet opposite needs, a free vote and a true vote. A free vote is required to be able to truly vote one's conscience, yet it prevents really being able to detect a covert swap outside of a "small enough that everyone intimately knows everyone else" village scenario. That can be prevented with a true vote, but that always raises the specter of voter pressure, preventing it being truly free.
-
-
-
Sunday 30th July 2017 22:11 GMT Tom Paine
Meanwhile, back at the story --
"Commonwealth of Virginia, Official Ballot
County of Fairfax
Special Election
Tuesday August 19th 2014"
Nice, not only did they not DBAN them, they didn't even nuke the software's most recent config . Anyone imaged one of these and pulled it into EnCase or suchlike disk forensics tools? Sounds likely there'd be considerable lulz to be had...
-
Monday 31st July 2017 20:49 GMT martinusher
No danger in our county
Well, if I came up to a terminal that announced itself as "WinVote" I'd avoid it like the plague. Its going to be hackable.
The machinery we use is a lot older and its not networked so its really difficult to hack. Most voters vote using optically read cards. The reader not only tabulates the votes but stores the cards so that we've got a check on the actual numbers if we need it. We do have electronic terminals, they're quaint and appear to be based on an ancient laptop running vxWorks. They not only tabulate the votes but keep a printed record of each vote. I could detail how everything is sewn up so that actually tampering with the results would be difficult, if not impossible, but its a bit long winded. Suffice to say that the memory packs in the optical readers are about the size of a pack of playing cards with a decidedly non-standard interface. The touch terminals are a bit more modern, they've got a PCMCIA memory card. I might have some junk somewhere that could read it but the chances are that the card's not formatted in any way that's recognizable to standard equipment. (But then......I can't get the pack out without breaking seals, I can't take it off to a corner and work on it because there's always more than one poll worker with the equipment and votes at all times.....and so on.......)
(Statistics and exit counts are the easy way to check up on voter fraud. Its just a bit sophisticated for the rubes that get their daily does from Fox and the like.)
-
Tuesday 1st August 2017 21:27 GMT Anonymous Coward
same voting machines elected the last President too
but now, not then but only just in November, did they get pwned by communists...err...Russians sneaking behind every tree and out of every alley.
If a system is truly compromised, it doesn't maintain legitimacy at ANY time during its use. Just being aware of it now doesn't change that.
-
Saturday 18th November 2017 05:27 GMT zzx375
Connectin a voting machine to the internet merits termination of one's employeement
Seriously. I don't care how little time it takes to break into a voting system at a hacking conference. This a time to take a step back and use the voting machine that takes a scanned paper ballot (doesn't matter front or back). The machine gives a tally tape and the paper ballots are audit-able proof if a hand count should be required. The state election board secretary, governor, whomever implemented the internet connected systems in the states using them should hand in their resignations if still in office.
Biting the hand that feeds IT
