back to article US voting systems (in Oregon) potentially could be hacked (11 years ago) by anybody (in tech support)

A US voting machine manufacturer has admitted some of its systems sold in the early 2000s had a remote access tool installed. In a letter (PDF) sent to Senator Ron Wyden (D-OR) in April, and revealed today, voting systems vender ES&S said that, from 2000-2006, a handful of machines it sold to local governments in Wyden's home …

  1. Anonymous Coward
    Anonymous Coward

    What did we expect?

    ES&S is the same group that produced hacker-friendly voting machines under the Diebold name. The negative press previously surrounding Diebold's voting products caused them spin off their election software unit and rename it to ES&S in an attempt to sweep it all under the rug.

    Well, color me unsurprised to learn that ES&S is just as shitty as the Diebold of yesterday, and politicians have learned nothing.

    1. elgarak1

      Re: What did we expect?

      I have a sneaky suspicion that a lot of politicians know exactly how vulnerable the voting system is, and they actually wanted it that way.

      I mean, I see no other way the GOP has been able to win an election the last few years without cheating. They cheat already blatantly with gerrymandering and other voter registration manipulation anyway. No wonder they do not want paper ballots, logs, proper audits...

      1. JCitizen
        Meh

        Re: What did we expect?

        Pfftt!! Both parties cheat anytime they get a chance.

        http://www.politifact.com/punditfact/statements/2014/apr/10/dick-morris/dick-morris-theres-proof-over-1-million-people-vot/

  2. GBE

    Security through obscurity?

    PCAnywhere is not exactly bulletproof when it comes to security. In 2012 hackers revealed they had stolen the source code for PCAnywhere back in 2006, prompting Symantec to advise customers to disable some older versions of the software.

    In what sort of crap design is disclosure of the source code a security problem? What century _is_ this?

    1. kain preacher

      Re: Security through obscurity?

      "In what sort of crap design is disclosure of the source code a security problem? What century _is_ this?"

      The state of California had the same reaction when die bold pitched a fit at having Standford and UC Berkley exam the code .

    2. Kabukiwookie

      Re: Security through obscurity?

      It's Symantec, did you have any other expectation?

      1. Anonymous Coward
        Anonymous Coward

        Re: Security through obscurity?

        With Symantec I suspect the security comes from hogging so much resources that nothing else can run

  3. Steve Aubrey
    Thumb Down

    Your lying eyes (and ears)

    ES&S is saying "Listen to what I'm telling you now, not what I told the NYT earlier!".

    Fool me once . . .

  4. eswan

    Also equally valid--

    "It is also critical to understand that this remote connection support model was never used, nor was it ever possible to be used, on any printer, as printers do not contain the required operating system or remote connection software necessary to enable a remote connection," the vendor tells Wyden.

    "To be clear, ES&S never installed remote connection software on any printer it has ever delivered to a customer, nor has it ever been possible to do so- either before or after the creation of the EAC."

    Now the device that manages, configures, and controls the printer....

  5. JohnFen

    Details

    "The software was not in the voting machines themselves, but rather in the election management system (EMS) terminals"

    This is a given.

    Oregon started vote-by-mail in 1995, before the time period that ES&S is talking about, and never used electronic voting machines in any form. If you want to vote "in person", you can -- but the voting machine you use is still not electronic.

    1. paulf
      Big Brother

      Re: Details

      "election management system"

      With the current ongoing revelations about Facebook, Cambridge Anal, the Trump/Brexit campaigns and the like, I suspect this phrase is now used to describe something a lot more chilling...

      1. Mark 85

        Re: Details

        Maybe it should be phrased "vote management system" but that has it's own implications.....

        Didn't these used to just be called "voting machines and systems"?

  6. a_yank_lurker

    Solution

    How about paper ballots with a Scantron or similar device? Hell, punch cards could used. Electronic voting as done over here is a recipe for enhanced voter fraud and stealing elections.

    1. J. Cook Silver badge
      FAIL

      Re: Solution

      Flordia did that in 2000, and I have two words for you: 'hanging chad'

      Arizona (bastion of conservative hatred for anything not republican, white, and rich) at least uses sensible paper ballots that require the voter to draw a line across a gap to indicate what candidate they think should be in office. (I'm assuming the ballots are either then fed into what looks like an optical scanner, but is in fact a silent paper shredder, and the votes are tallied up by whoever had paid out the largest bribes.)

      How else would we get no less than two governors impeached for fraud, and a county sheriff that would be arrested for human rights violations the instant he steps foot outside US soil?

      (interesting side note: Mister arpaio is running for the US Senate for Arizona. I'm sure he breaking some laws by still using the 'sheriff joe' moniker.)

      1. J. Cook Silver badge

        Re: Solution

        This is also known around here as "politics as usual", although it would bring a smile to my jaded features and warm my blackened, shriveled heart if the usual suspects got handed their asses on a plastic tray during the election.

      2. Mark 85

        Re: Solution

        Go back further. LBJ's first election as a state official. The state police were breaking down the front door of the election commission while the staff were burning the ballots in the basement.

        And then there's Chicago....

    2. redpawn

      Re: Solution

      This is done in Hawaii. The scanning machine will let you know ahead of time if it reads a spoiled vote and give you the choice to get your ballot back or to send it through anyway. The machine reports the votes but the ballots are human readable.

      1. jmch Silver badge
        Thumb Up

        Re: Solution

        Sensible solution. Why the hell are they so rare?

        It should be clear to the voter that his vote has been understood as intended. It should also be possible to do a manual tally, both for audit purposes (should be mandatory that a percentage of boxes are selected at random and counted manually to ensure they match the computer tally), and in case a system registers a Total Inability To Sum Up Preferences.

    3. Anonymous Coward
      Anonymous Coward

      Re: Solution

      What's wrong with an X in the box like many other countries do?

      or 1,2,3 etc for proportional representation elections.

      Sure in most cases it means manual counting of votes etc but as these are doing in local polling stations they are on a much smaller scale and feed up to the total making fraud much more difficult as the votes come in from so many other locations.

      1. 2Nick3

        Re: Solution

        "Sure in most cases it means manual counting of votes etc but as these are doing in local polling stations they are on a much smaller scale and feed up to the total making fraud much more difficult as the votes come in from so many other locations."

        There are often highly localized items on the ballot, so that one nefarious counter could change an outcome. I've seen town council seats won with less than 80 total votes tallied, and I'm in a fairly populous area.

        Plus there is the sad fact that there are otherwise quite intelligent people who have problems counting past 10 (unless not wearing shoes, then they can hit 20 with some regularity). That's why the whole electronic tabulation thing took off to begin with.

    4. JohnFen

      Re: Solution

      Oregon uses a Scantron-like system.

  7. Adam 1

    not best practice

    Shirley the remote assistance platform should have been upgraded to the latest offering from that other Russian vendor.

  8. Palpy

    Urrghgh. You mean...

    ... my mail-in ballot in 2004 may have been compromised in some way on the county tabulation machine? But nobody knows if that actually happened, or if the Bush over Kerry win was illegitimate because of my vote being hijacked by an as-yet undocumented hack?

    WELL!

    I vote for Ron Wyden. And Jeff Merkley. And in the House, Peter DeFazio ... I must say, I have called upon DeFazio's office three times when in need of aid, and his staff have responded immediately. This actually made a difference in my personal life. Me, personally, mind you!

    The USA was not established as a democracy. In the days of the Founders, only about 6% of the population were allowed to vote -- the white, land-owning males, usually. So it is gratifying to me, an heir of these oligarchic, slave-whipping arseholes, when democracy seems to be coming to the USA.

    Trump is a setback. I hope it's temporary. But I have a current passport, and Costa Rica looks sane.

    1. Dal90

      Re: Urrghgh. You mean...

      >my mail-in ballot in 2004 may have been compromised

      It was compromised by definition.

      Mail in ballots are not, and can not be, considered secret under any circumstances.

      Far too many ways to manipulate them from intimidation over a kitchen table to outright cash-for-ballots.

      In-person, paper ballots (while the best system) have some pretty significant security issues, too. You need some strong controls in place so folks cast them privately and anonymously. You need a box designed so there is at least some randomness in the order the ballots are later read -- otherwise the privacy is compromised by simply aligning the ballots with the order folks deposited them to be read. In my town the privacy screens are vastly inferior to the privacy curtain the old mechanical voting machines afforded, and most people do not bother with a privacy sleeve to help conceal their ballot between the table and inserting into the tabulating machine.

      The reality are both parties are, and historically have been, engaged in manipulating voting to their own benefit. Pennsylvania's Democrat controlled Supreme Court replaced a visually flagrant Republican gerrymander with their own more subtle but statistically consistently Democratic gerrymander.

  9. Anonymous Coward
    Anonymous Coward

    US voting equipment the best in the world!

    Even my friend in Russia and was able to log in and vote as many times as he liked.

  10. Version 1.0 Silver badge

    It's the USA

    If you are going to get the election results you want, then you work on getting access to the machines that tabulate the votes - the actual "votes" are irrelevant.

  11. Anonymous Coward
    Anonymous Coward

    Now what is weird is my State of Alabama if there is a recount they erase what the machine recorded and then count the paper ballet that the machine read. Would't want to know if there is a mismatch between what the paper record said and what the machine says ?

    1. Version 1.0 Silver badge

      Most of the readers here would want to know if there was a difference because it would indicate a problem - however the officials really don't want anyone to know that there are problems - so they just delete and recount.

  12. Anonymous Coward
    Anonymous Coward

    For those interested in discussion around a long-standing archive of evidence of the many contemporary mechanisms used for election fraud in the us, I’d suggest browsing over to blackboxvoting.org.

  13. O RLY

    As always,

    there's a relevant XKCD

    https://xkcd.com/463/

  14. StudeJeff

    Misleading headline

    The headline is misleading. The voting machines themselves were not compromised, neither they nor any other voting machine I've head of has a connection to the internet. If there is any question about the outcome of an election the individual machines can be checked, and while I don't know how they do it in Oregon here in North Carolina we have paper ballots that are tabulated by an electronic machine. If there is any question as to its accuracy the paper ballots can be checked.

    The problem with elections isn't the counting and tabulation of votes, it's people voting who have no right to vote (convicted felons, illegal aliens), people voting multiple times by either using someone else's name (IE someone registered to vote but hasn't, or someone who died), or registering in multiple precincts.

    1. JohnFen

      Re: Misleading headline

      "The problem with elections isn't the counting and tabulation of votes, it's people voting who have no right to vote"

      Please supply evidence to back this up. Every impartial study that I'm aware of indicates that this isn't a real problem.

      1. Anonymous Coward
        Anonymous Coward

        Re: Misleading headline

        NC resdident here: He can't, because there is none. Meanwhile there'a mountain of evidence of intentional voter suppression and plenty of anecdotal accounts of ballots being destroyed in advance of audits in a number of states. Voter fraud by citizens is not the problem. The problem is election fraud by officials.

  15. Anonymous Coward
    Anonymous Coward

    Told you so

    People in the tech community warned against electronic voting machines from the beginning, but few would listen. The press was a complete tool on the issue and the same parties who have engineered mass disenfranchisements like the 2016 primary purge in Brooklyn got their potentially ultimate means to effect meaningful election fraud. At this point I no longer care, so don't bother asking for citations. You've got Google, use it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like