back to article A draft US law to secure election computers that isn't braindead. Well, I'm stunned! I gotta lie down

A law bill was introduced today to the US Senate designed to safeguard American elections from hacking by miscreants or manipulation by Russian or other foreign agents. The Securing America's Voting Equipment (SAVE) Act [PDF] would designate elections systems as part of the US national critical infrastructure, task the …

  1. Jonathan 27

    Man, I would not want to work at a voting machine company right now. Actual accountability? They didn't budget for that!

    1. Yet Another Anonymous coward Silver badge

      Actual accountability to a secret 3 letter agency that will ensure that any flaws are now classified at the highest level, it will be a serious offence to try and expose any flaws in your machines and any mention of any flaws in the media can be quashed for national security reasons.

      Plus you get to charge defense company levels for these new "critical infrastructure" machines - while presumably being as late and buggy as a typical fighter jet project.

      I suspect that there are conga lines forming in boardrooms at voting machine makers.

  2. Anonymous Coward
    Anonymous Coward

    Don't have the bloody things hooked up to the internet for a start!

    1. Anonymous Coward
      Anonymous Coward

      Silly boy...

      You don't need the internet to hack the election...

      You start with the machine's software before its placed on the machine.

      Of course you can still lock things down there to make it even harder. But you do realize that its the lowest bidder who wins these contracts, right?

      Security as an Afterthought.

  3. Someone Else Silver badge
    Devil

    Your Freudian Slip is showing...

    From the article:

    If passed by both the House of Reps as well as the Senate, and signed into law by President Pence [...]

    From your mouth to $DEITY's ear...

    1. This post has been deleted by its author

    2. GnuTzu

      Re: Your Freudian Slip is showing...

      Actually did a news search for "president", and you should see what President Clinton had to say.

    3. Logan
      Trollface

      Re: Your Freudian Slip is showing...

      Through me into a WTF moment? Did I miss a huge news story about Trump being lead away? Quick search proved nope I did not.... bummer.

  4. RareToy

    But the contract will still go to Diebold equipment because they've done government election equipment in the past. Therefore a preferred vendor. So how much will really change? The design specs will, in my opinion, probably be written in a way that only Diebold can win it, or by it's very nature be unsecure or have a backdoor.

    1. Anonymous Coward
      Anonymous Coward

      Diebold is not the only company making voting machines in the US, and while they'd almost certainly get some of the contract here it isn't like the US would ever end up with a single company's machines. Elections are run by the states, not the federal government. This bill is about setting standards and providing oversight to make sure the states can't just do whatever the hell they want.

    2. Daniel von Asmuth
      Coat

      watch us die boldly

      "States would also get a grant to buy new, and hopefully more secure, voting machines."

      Apparently the law does not state that the states will buy voting machines and prove their security before holding an election.

  5. Anonymous Coward
    Anonymous Coward

    I propose....

    The Ban on Retard Congressmen Proposing Shite Laws, Laden With Pork, Wrapped in a Shit Acronym Act.

    TBORCPSLLWPWIASAA for short.

    1. tfewster
      Facepalm

      Re: I propose....

      It seems like malice and incompetence cancelled each other out here, to produce a sensible result

      1. ecofeco Silver badge

        Re: I propose....

        Malice and incompetence do not cancel each other out except in childrens books.

    2. zhveurnq

      Re: I propose....

      That's almost pronounceable. In Welsh.

      1. John Smith 19 Gold badge
        Unhappy

        "That's almost pronounceable. In Welsh."

        Doesn't it have too many vowels for that?

    3. 404
      Childcatcher

      Re: I propose....

      Definitions.

      US House of Representatives= Congress Critters.

      US Senate= Lacy Panty Pansies.

      Bill = A proposed idea introduced to the House of Representatives, that if approved, is sent to the Senate.

      Law = What a Bill becomes after being folded, stapled, mutilated, and sabotaged, by the House and Senate's various committees, then signed into Law by El Presidente.

      1. Eddy Ito

        Re: I propose....

        an amendment to the definitions.

        Since Congress technically includes both the House and Senate I think Congress Critters should apply to both equally and cause confusion. I propose that Congress Critters be reserved as a more general term for a member of either body and the following more specific terms be adopted for the House:

        US House of Representatives = House Flies

        Speaker of the House = Lord of the Flies

      2. Hollerithevo

        Re: I propose....

        Boring homophobe.

  6. Anonymous Coward
    Facepalm

    Safeguard elections from hacking

    "A law bill has been introduced to the US Senate designed to safeguard elections from hacking or manipulation."

    Is as much use as recycled toilet paper .. what's needed is custom designed software running on custom designed hardware run on tamper-proof machines with no direct connection to the Internet that produce a paper record of each vote. Such voting machines are brought to a central counting center and tabulated in front of monitors. The count can be verified against the paper record. The various state lotteries manage to do this twice weekly.

    1. Anonymous Coward
      Anonymous Coward

      Re: Safeguard elections from hacking

      "what's needed is custom designed software running on custom designed hardware run on tamper-proof machines with no direct connection to the Internet that produce a paper record of each vote."

      Yeah, we just call it a pencil.

      1. David Webb

        Re: Safeguard elections from hacking

        You just know that if .gov put out a tender for a pencil, it would go to one of the big defence firms who would charge £1,500 per pencil, but to get the pencil sharpened you would have to send it to a special facility in Washington State who would charge £400 to sharpen it and ensure it continues to meet current standards for pencils. Of course, it would require special tamper proof paper too at £75 per sheet.

      2. Blank Reg

        Re: Safeguard elections from hacking

        Pencil can be erased, it's got to be a permanent marker.

        If they really want to do it electronically then the end user terminals should be as dumb as possible so that there is nothing to tamper with.

        Really it could be nothing more than a card reader, as in old fashioned computer card readers. Make people fill out the card with their choices, the reader sends the info to the central server which then sends back a receipt that should match the input. Only one (very large) system to secure, which would be much easier if none of this is carried on the internet.

        1. Patched Out

          Re: Safeguard elections from hacking

          This is exactly what we have been using in New Hampshire for as long as I can remember. Paper ballots where you fill in ovals (like those standardized tests) with a special felt pen. The ballot is fed into the machine where it is optically tallied. The paper ballots are kept for audits/recounts.

          When the polls close, each town gathers up its machines and town trustees tally and certify the votes which then get reported to the state voting commission.

          I don't understand why other states make it so complicated.

      3. Pirate Dave Silver badge
        Pirate

        Re: Safeguard elections from hacking

        "Yeah, we just call it a pencil."

        Are we sure the folks in Florida know how to use pencils? I mean, there are two ends to those damn things - one for making squigglies, the other for erasing said squigglies. Might be too complicated...

    2. Mage Silver badge

      Re: Safeguard elections from hacking

      Printed recycled toilet paper and a pencil is actually a better solution than any electronic voting machine. The track record on computer security is such that if these are really secure, the designer should get a Nobel prize and design a phone, tablet, laptop, server etc OS.

    3. pcgeorge45

      Re: Safeguard elections from hacking - custom stuff

      Nah. custom hardware not absolutely required, nor is a paper record. A WORM record and an isolated mechanism for transmitting results to a central location should be sufficient. Avoiding hacked software and upgrades is a harder problem, particularly when the President of Diebold has stated he supported the GOP.

  7. Dr. Ellen
    Devil

    Paper ballots?

    Don't trust paper, either. Al Franken lost his election to the senate until somebody "found" a box of ballots in the recount.

    1. a_yank_lurker

      Re: Paper ballots?

      Many close elections over here have had conveniently 'found' ballot boxes and the donkeys say there is no voter fraud.

    2. Bear

      Re: Paper ballots?

      Joe Kennedy also managed to buy his son the presidency using paper ballots.

    3. Voland's right hand Silver badge

      Re: Paper ballots?

      Paper ballot elections are not secure from tampering either.

      They, however, allow something which is nearly impossible to achieve using a computer driven election without network connectivity. All candidates as well as registered independent observers can count, recount and tally the ballots. That is simply not on the menu with US elections at present - the election process is opaque. People vote, the tally is declared. You have to fight with a court order to get individual precinct data and/or recount (something Stein learned the hard way).

      From that perspective, the idea of "do not connect voting machines to the Internet" is actually counterproductive. Connect all of them. Disallow any incoming communication though (on multiple levels). Transmit the contents of the "ballot box" out via multicast multiple times (every few seconds until the election officials declare it over and turn them off) - so ANYONE can grab a copy and do the tally themselves. THAT is the only way to make a voting machine election approach a paper one in terms of document trail and ability to verify the tallies.

    4. Anonymous Coward
      Anonymous Coward

      Re: Paper ballots?

      It is far, far harder to steal a traditional paper ballot successfully, as there are too many people involved and it's much harder to avoid leaving a forensic trail.

      The real issues are proving identity and preventing false votes. Electronic systems are the worst possible solutions to both problems - honest humans and stiff penalties are the best ones, unless, of course, you think the answer is yet more technology layers, such as chip implants or biometrics. The industry lobby groups will love that, and there will be no shortage of "experts" claiming the answer is always more technology ("better" technology).

      But that doesn't actually alter the two basic issues. And if you haven't got honest humans, then the problem won't be fixed by electronics, merely better concealed.

      Why do politicians, demonstrably bright people, behave like complete idiots when they are in charge of something?

      Never mind. I've got some old submarine parts I need to get onto eBay this morning...

  8. Anonymous Coward
    Anonymous Coward

    Is it now a legal requirement in the US that legislation has to start with the acronym and then work backwards?

    1. diodesign (Written by Reg staff) Silver badge

      It's been like that for aaaages. Eg, the 2001 USA PATRIOT Act:

      Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act.

      C.

      1. Aladdin Sane
      2. willi0000000

        it helps if the acronym lies about what is in the bill.

        1. tfewster
          Facepalm

          > it helps if the acronym lies about what is in the bill.

          From "Yes, Minister", as true today as it was 30 years ago: always dispose of the difficult bit in the title

    2. Anonymous Coward
      Anonymous Coward

      Yes, that was required by the 2001 COCK Act (Creating Pointless Acronyms For All Legislation Act). Which was the last Act that wasn't an acronym of itself, Congress just wanted to use the word COCK.

    3. Mark 85

      It must be. Once upon a time and for decades the bill was named after the authors... Taft-Hartley as an example.

  9. Kev99 Silver badge

    For over two hundred years there was no need to use networked computerised voting machines. Then the idiots in Washington decided the Gore-Bush election mandated them. There is no need for the machines to be connected to the internet or the cloud. Elections around the world do quite well with telephone lines, fax machines, and ballot boxes. The "solution" became the "cause".

  10. Chairman of the Bored

    Dont worry, no matter how good the law is...

    ...we will fsck it up before this is done.

    A lot of pork has to be prepared and dished out before it leaves the senate and hits the house. And if it gets introduced into the house and goes to conference we are truly screwed.

    And at the end of the day I'm sure Booz-Allen will be involved. That ALWAYS makes things sleaze up. Popcorn anyone?

  11. fidodogbreath

    So, problem solved, then

    Now if we can get to work on the one where sheeple will mindlessly believe any stupid crap, no matter how outrageous or obviously false, just because it aligns with their biases / hatreds / pre-conceived notions / etc.

    1. Anonymous Coward
      Anonymous Coward

      Re: So, problem solved, then

      Yeah, but if we did that, nobody would ever win again.

      1. fidodogbreath

        Re: So, problem solved, then

        Yeah, but if we did that, nobody would ever win again.

        And that's a bad thing because... ?

      2. GBE

        Re: So, problem solved, then

        "Yeah, but if we did that, nobody would ever win again."

        Sure looks nobody (in the US) is winning now...

  12. find users who cut cat tail

    "Our democracy hinges on protecting Americans' ability to fairly choose our own leaders."

    Since no tampering was [apparently] necessary to put Mr. Trump into office, voting machine hacking prevention is currently an interesting but largely irrelevant problem. Miscreants have already moved on to hacking voters' brains...

    1. Aladdin Sane

      How can you hack something that evidently doesn't exist?

  13. This post has been deleted by its author

    1. veti Silver badge

      Re: A burst of common sense from two common sense people

      It took three (R) senators to stop Trumpcare - Collins, Murkowski and McCain. (Plus every single one of the (D)s. Let's not forget, they actually turned up to vote. Go them.)

      And strangely enough, all three of them are now widely reviled in their party for it. Search for any of these names on breitbart.com, and you'll see no shortage of people clamouring that they need to be imminently deselected, or worse.

      But you're right, it's a welcome reminder that not all politicians are the same, some are almost human. We do ourselves no favours when we damn them all and ignore the differences - Trump proves that...

  14. Anonymous Coward
    Anonymous Coward

    safeguard American elections from hacking by miscreants or manipulation by Russian or other foreign agents.

    I see they forgot to mention the NSA as a likely source of manipulation of results to enable then to get what they want next time round.

  15. John Smith 19 Gold badge
    Unhappy

    This seems a sensible, reasonable law with fairly modest goals which everyone agrees with

    So what will stop it being passed fairly quickly?

    I'm sure something will.

    1. ecofeco Silver badge

      Re: This seems a sensible, reasonable law with fairly modest goals which everyone agrees with

      The answer is in your title.

  16. erikj

    It seems sensible and is thus doomed

    I'm expecting IBM to first lobby convince Congress that an federally mandated "National Blockchain" will solve the problem.

    1. Eddy Ito

      Re: It seems sensible and is thus doomed

      A.k.a. mining for votes.

      1. Mark 85

        Re: It seems sensible and is thus doomed

        A.k.a. mining for votes.

        Cheaper probably to buy votes... maybe the historical method of two beers per vote.

        1. fidodogbreath

          Re: It seems sensible and is thus doomed

          Cheaper probably to buy votes... maybe the historical method of two beers per vote.

          Or the Chicago method of holding voter registration drives in the cemeteries. Dead men drink no beer.

          1. Anonymous Coward
            Anonymous Coward

            Re: It seems sensible and is thus doomed

            In LA it's a pack of cigs and a fifth. Not sure which is more expensive in LA at this point but I think both probably cost less than cigs in NYC.

  17. Herby

    Couple of things needed here...

    There are TWO parts of an election with very different qualities needed.

    First, there is the voting itself. Very "private" by its nature, and should remain so.

    Second, there is the counting. It needs to be VERY public so we have some faith in the process.

    The big problem is attempting to combine these two very different functions into one "device". It shouldn't be done AT ALL.

    What to do? Have the "voting machine" accept nice inputs from a touch screen, and with a connected printer generate a both human and machine readable document that you stuff into a ballot box. Then anyone can tally up things and all is good. If the voter doesn't like the votes recorded (by inspection), tear it up and try again.

    Will it be done this way? Probably not, but we can hope.

  18. Winkypop Silver badge
    Joke

    Cut out the middle man

    Just appoint a Russian software firm!

    1. Voland's right hand Silver badge

      Re: Cut out the middle man

      You are not far off. A number of Western Democracies use software written in Eastern Europe. Canada comes to mind - at least some of their voting software was written by Sirma in Bulgaria.

      Nothing wrong with it too. I would trust it more than software written by a local company which has openly declared that it will deliver the victory to one of the candidates - I am leaving the actual US election year, the company in question and which of its execs said that as "exercise to the reader".

  19. willi0000000

    *sigh*

    right-side-of-the-pond problems.

    i've voted a lot of times (damn i'm old) and the best system i've seen is paper ballots where you fill-in a block (or other little shape) that are put into a ballot box and, at the end of the day, transported to the town hall for machine counting.

    the system leaves a human-readable paper trail that can be recounted by precinct for spot checks or entirely recounted is shenanigans is suspected.

    that secures the votes . . . now, can we solve the voter suppression problem?

    [ . . . and, just maybe, confine campaigning to the two months preceding one national designated day for all primary elections . . . and hold the election one month later ]

    1. Mark 85

      Paper ballots are probably best as you suggest. However the pressure created by the media (Latest results and projected winner within 30 minutes of the polls opening on the east coast) push for faster results and pushed the public to accept this stuff.

      1. Eddy Ito

        Of course there's also the easy thing of getting rid of the crazy Tuesday non-holiday. Then you can have the election take place over the course of a week so people aren't so inconvenienced by lines that are 40+ minutes long at the end of a long work day. Take the next week tallying the vote and slap the news media for announcing anything ahead of the official totals. FFS, the inauguration isn't until late January there isn't much need to determine the winner before the Thursday Turkeyfest and folks could get a chance to wind down after a few bottles of wine, slices of pie, pounds of turkey, taters, and gawdknowswhatt and folk will be calm, fat, dumb, and happy, and looking forward to a nap after a nice digestif. What could be better than announcing the election results during the halftime show of either Dallas or Detroit or perhaps even during one of the parades.

  20. MonkeyCee

    postal votes

    Personally I don't understand why there needs to be an election "day" and physical presence to do my democratic duty. Make it easier to postal vote, perhaps even allowing you to vote, online, in advance.

    I've also seen (but can't for the life of me recall where) a theoretical system where a total vote tally is publicly visible, your individual vote is only visible with your own key. Thus you can check your vote is still correct whilst still preserving some anonymity.

    Not that it really matters, the big political parties are very good at predicting what issues affect you individually and what will (and won't) persuade you to vote.

  21. ecofeco Silver badge

    Don't lie down too long...

    ...or you'll miss the part where they make it brain dead.

  22. John Smith 19 Gold badge
    Unhappy

    Yes the US is big. Yes it has a lot of people. But..

    Ballot boxes are not that heavy. Like pharmaceutical packaging they don't have to be tamper proof, they just have to make it impossible to tamper with them without it being obvious.

    Ballots can be counted fairly quickly by humans.

    Yes it might take whole hours more to do but SFW?

    Comm links from counting sites are good enough. What do you need? 4 or 5 numbers at most from each site?

    1. keith_w

      Re: Yes the US is big. Yes it has a lot of people. But..

      doesn't everyone, municipal, state and federal get elected on the same day? Dog catcher to president if it that point in the election cycle?

  23. Yet Another Anonymous coward Silver badge

    What's wrong with the exiting system?

    Jut count the number of "likes" for each candidate on Facebook

    1. EnviableOne

      Re: What's wrong with the exiting system?

      I'm sure Zuk or @Jack wil suggest this soon (for a modestly high fee)

      1. Yet Another Anonymous coward Silver badge

        Re: What's wrong with the exiting system?

        Or just put it on ebay.

        Surely the free market suggests that the party that deserves to win is the one that spends most - just make it official

  24. cysec

    President Pence ?? ..do you know something we don't ??

  25. Daniel B.
    Coffee/keyboard

    President Pence

    Now that made my day! And also buy a new keyboard!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon