Man, I would not want to work at a voting machine company right now. Actual accountability? They didn't budget for that!
A draft US law to secure election computers that isn't braindead. Well, I'm stunned! I gotta lie down
A law bill was introduced today to the US Senate designed to safeguard American elections from hacking by miscreants or manipulation by Russian or other foreign agents. The Securing America's Voting Equipment (SAVE) Act [PDF] would designate elections systems as part of the US national critical infrastructure, task the …
COMMENTS
-
-
Wednesday 1st November 2017 12:44 GMT Yet Another Anonymous coward
Actual accountability to a secret 3 letter agency that will ensure that any flaws are now classified at the highest level, it will be a serious offence to try and expose any flaws in your machines and any mention of any flaws in the media can be quashed for national security reasons.
Plus you get to charge defense company levels for these new "critical infrastructure" machines - while presumably being as late and buggy as a typical fighter jet project.
I suspect that there are conga lines forming in boardrooms at voting machine makers.
-
-
-
Wednesday 1st November 2017 13:48 GMT Anonymous Coward
Silly boy...
You don't need the internet to hack the election...
You start with the machine's software before its placed on the machine.
Of course you can still lock things down there to make it even harder. But you do realize that its the lowest bidder who wins these contracts, right?
Security as an Afterthought.
-
-
-
This post has been deleted by its author
-
-
Tuesday 31st October 2017 20:58 GMT RareToy
But the contract will still go to Diebold equipment because they've done government election equipment in the past. Therefore a preferred vendor. So how much will really change? The design specs will, in my opinion, probably be written in a way that only Diebold can win it, or by it's very nature be unsecure or have a backdoor.
-
Tuesday 31st October 2017 22:13 GMT Anonymous Coward
Diebold is not the only company making voting machines in the US, and while they'd almost certainly get some of the contract here it isn't like the US would ever end up with a single company's machines. Elections are run by the states, not the federal government. This bill is about setting standards and providing oversight to make sure the states can't just do whatever the hell they want.
-
-
-
Wednesday 1st November 2017 12:13 GMT 404
Re: I propose....
Definitions.
US House of Representatives= Congress Critters.
US Senate= Lacy Panty Pansies.
Bill = A proposed idea introduced to the House of Representatives, that if approved, is sent to the Senate.
Law = What a Bill becomes after being folded, stapled, mutilated, and sabotaged, by the House and Senate's various committees, then signed into Law by El Presidente.
-
Wednesday 1st November 2017 15:20 GMT Eddy Ito
Re: I propose....
an amendment to the definitions.
Since Congress technically includes both the House and Senate I think Congress Critters should apply to both equally and cause confusion. I propose that Congress Critters be reserved as a more general term for a member of either body and the following more specific terms be adopted for the House:
US House of Representatives = House Flies
Speaker of the House = Lord of the Flies
-
-
Tuesday 31st October 2017 21:05 GMT Anonymous Coward
Safeguard elections from hacking
"A law bill has been introduced to the US Senate designed to safeguard elections from hacking or manipulation."
Is as much use as recycled toilet paper .. what's needed is custom designed software running on custom designed hardware run on tamper-proof machines with no direct connection to the Internet that produce a paper record of each vote. Such voting machines are brought to a central counting center and tabulated in front of monitors. The count can be verified against the paper record. The various state lotteries manage to do this twice weekly.
-
-
Tuesday 31st October 2017 21:19 GMT David Webb
Re: Safeguard elections from hacking
You just know that if .gov put out a tender for a pencil, it would go to one of the big defence firms who would charge £1,500 per pencil, but to get the pencil sharpened you would have to send it to a special facility in Washington State who would charge £400 to sharpen it and ensure it continues to meet current standards for pencils. Of course, it would require special tamper proof paper too at £75 per sheet.
-
Wednesday 1st November 2017 11:57 GMT Blank Reg
Re: Safeguard elections from hacking
Pencil can be erased, it's got to be a permanent marker.
If they really want to do it electronically then the end user terminals should be as dumb as possible so that there is nothing to tamper with.
Really it could be nothing more than a card reader, as in old fashioned computer card readers. Make people fill out the card with their choices, the reader sends the info to the central server which then sends back a receipt that should match the input. Only one (very large) system to secure, which would be much easier if none of this is carried on the internet.
-
Wednesday 1st November 2017 12:23 GMT Patched Out
Re: Safeguard elections from hacking
This is exactly what we have been using in New Hampshire for as long as I can remember. Paper ballots where you fill in ovals (like those standardized tests) with a special felt pen. The ballot is fed into the machine where it is optically tallied. The paper ballots are kept for audits/recounts.
When the polls close, each town gathers up its machines and town trustees tally and certify the votes which then get reported to the state voting commission.
I don't understand why other states make it so complicated.
-
-
-
Wednesday 1st November 2017 18:28 GMT Mage
Re: Safeguard elections from hacking
Printed recycled toilet paper and a pencil is actually a better solution than any electronic voting machine. The track record on computer security is such that if these are really secure, the designer should get a Nobel prize and design a phone, tablet, laptop, server etc OS.
-
Wednesday 1st November 2017 20:06 GMT pcgeorge45
Re: Safeguard elections from hacking - custom stuff
Nah. custom hardware not absolutely required, nor is a paper record. A WORM record and an isolated mechanism for transmitting results to a central location should be sufficient. Avoiding hacked software and upgrades is a harder problem, particularly when the President of Diebold has stated he supported the GOP.
-
-
-
-
Wednesday 1st November 2017 07:25 GMT Voland's right hand
Re: Paper ballots?
Paper ballot elections are not secure from tampering either.
They, however, allow something which is nearly impossible to achieve using a computer driven election without network connectivity. All candidates as well as registered independent observers can count, recount and tally the ballots. That is simply not on the menu with US elections at present - the election process is opaque. People vote, the tally is declared. You have to fight with a court order to get individual precinct data and/or recount (something Stein learned the hard way).
From that perspective, the idea of "do not connect voting machines to the Internet" is actually counterproductive. Connect all of them. Disallow any incoming communication though (on multiple levels). Transmit the contents of the "ballot box" out via multicast multiple times (every few seconds until the election officials declare it over and turn them off) - so ANYONE can grab a copy and do the tally themselves. THAT is the only way to make a voting machine election approach a paper one in terms of document trail and ability to verify the tallies.
-
Wednesday 1st November 2017 10:22 GMT Anonymous Coward
Re: Paper ballots?
It is far, far harder to steal a traditional paper ballot successfully, as there are too many people involved and it's much harder to avoid leaving a forensic trail.
The real issues are proving identity and preventing false votes. Electronic systems are the worst possible solutions to both problems - honest humans and stiff penalties are the best ones, unless, of course, you think the answer is yet more technology layers, such as chip implants or biometrics. The industry lobby groups will love that, and there will be no shortage of "experts" claiming the answer is always more technology ("better" technology).
But that doesn't actually alter the two basic issues. And if you haven't got honest humans, then the problem won't be fixed by electronics, merely better concealed.
Why do politicians, demonstrably bright people, behave like complete idiots when they are in charge of something?
Never mind. I've got some old submarine parts I need to get onto eBay this morning...
-
Tuesday 31st October 2017 22:20 GMT Kev99
For over two hundred years there was no need to use networked computerised voting machines. Then the idiots in Washington decided the Gore-Bush election mandated them. There is no need for the machines to be connected to the internet or the cloud. Elections around the world do quite well with telephone lines, fax machines, and ballot boxes. The "solution" became the "cause".
-
Tuesday 31st October 2017 22:22 GMT Chairman of the Bored
Dont worry, no matter how good the law is...
...we will fsck it up before this is done.
A lot of pork has to be prepared and dished out before it leaves the senate and hits the house. And if it gets introduced into the house and goes to conference we are truly screwed.
And at the end of the day I'm sure Booz-Allen will be involved. That ALWAYS makes things sleaze up. Popcorn anyone?
-
Tuesday 31st October 2017 23:12 GMT find users who cut cat tail
"Our democracy hinges on protecting Americans' ability to fairly choose our own leaders."
Since no tampering was [apparently] necessary to put Mr. Trump into office, voting machine hacking prevention is currently an interesting but largely irrelevant problem. Miscreants have already moved on to hacking voters' brains...
-
This post has been deleted by its author
-
Wednesday 1st November 2017 03:03 GMT veti
Re: A burst of common sense from two common sense people
It took three (R) senators to stop Trumpcare - Collins, Murkowski and McCain. (Plus every single one of the (D)s. Let's not forget, they actually turned up to vote. Go them.)
And strangely enough, all three of them are now widely reviled in their party for it. Search for any of these names on breitbart.com, and you'll see no shortage of people clamouring that they need to be imminently deselected, or worse.
But you're right, it's a welcome reminder that not all politicians are the same, some are almost human. We do ourselves no favours when we damn them all and ignore the differences - Trump proves that...
-
-
Wednesday 1st November 2017 04:52 GMT Herby
Couple of things needed here...
There are TWO parts of an election with very different qualities needed.
First, there is the voting itself. Very "private" by its nature, and should remain so.
Second, there is the counting. It needs to be VERY public so we have some faith in the process.
The big problem is attempting to combine these two very different functions into one "device". It shouldn't be done AT ALL.
What to do? Have the "voting machine" accept nice inputs from a touch screen, and with a connected printer generate a both human and machine readable document that you stuff into a ballot box. Then anyone can tally up things and all is good. If the voter doesn't like the votes recorded (by inspection), tear it up and try again.
Will it be done this way? Probably not, but we can hope.
-
-
Wednesday 1st November 2017 09:22 GMT Voland's right hand
Re: Cut out the middle man
You are not far off. A number of Western Democracies use software written in Eastern Europe. Canada comes to mind - at least some of their voting software was written by Sirma in Bulgaria.
Nothing wrong with it too. I would trust it more than software written by a local company which has openly declared that it will deliver the victory to one of the candidates - I am leaving the actual US election year, the company in question and which of its execs said that as "exercise to the reader".
-
-
Wednesday 1st November 2017 10:23 GMT willi0000000
*sigh*
right-side-of-the-pond problems.
i've voted a lot of times (damn i'm old) and the best system i've seen is paper ballots where you fill-in a block (or other little shape) that are put into a ballot box and, at the end of the day, transported to the town hall for machine counting.
the system leaves a human-readable paper trail that can be recounted by precinct for spot checks or entirely recounted is shenanigans is suspected.
that secures the votes . . . now, can we solve the voter suppression problem?
[ . . . and, just maybe, confine campaigning to the two months preceding one national designated day for all primary elections . . . and hold the election one month later ]
-
-
Thursday 2nd November 2017 01:08 GMT Eddy Ito
Of course there's also the easy thing of getting rid of the crazy Tuesday non-holiday. Then you can have the election take place over the course of a week so people aren't so inconvenienced by lines that are 40+ minutes long at the end of a long work day. Take the next week tallying the vote and slap the news media for announcing anything ahead of the official totals. FFS, the inauguration isn't until late January there isn't much need to determine the winner before the Thursday Turkeyfest and folks could get a chance to wind down after a few bottles of wine, slices of pie, pounds of turkey, taters, and gawdknowswhatt and folk will be calm, fat, dumb, and happy, and looking forward to a nap after a nice digestif. What could be better than announcing the election results during the halftime show of either Dallas or Detroit or perhaps even during one of the parades.
-
-
-
Wednesday 1st November 2017 11:37 GMT MonkeyCee
postal votes
Personally I don't understand why there needs to be an election "day" and physical presence to do my democratic duty. Make it easier to postal vote, perhaps even allowing you to vote, online, in advance.
I've also seen (but can't for the life of me recall where) a theoretical system where a total vote tally is publicly visible, your individual vote is only visible with your own key. Thus you can check your vote is still correct whilst still preserving some anonymity.
Not that it really matters, the big political parties are very good at predicting what issues affect you individually and what will (and won't) persuade you to vote.
-
Wednesday 1st November 2017 12:45 GMT John Smith 19
Yes the US is big. Yes it has a lot of people. But..
Ballot boxes are not that heavy. Like pharmaceutical packaging they don't have to be tamper proof, they just have to make it impossible to tamper with them without it being obvious.
Ballots can be counted fairly quickly by humans.
Yes it might take whole hours more to do but SFW?
Comm links from counting sites are good enough. What do you need? 4 or 5 numbers at most from each site?