Slashdot Mirror
California Testers Find Flaws In Voting Machines
quanticle writes "According to Ars Technica, California testers have discovered severe flaws in the ES&S voting machines. The paper seals were easily bypassed, and the lock could be picked with a "common office implement". After cracking the physical security of the device, the testers found it simple to reconfigure the BIOS to boot off external media. After booting a version of Linux, they found that critical system files were stored in plain text. They also found that the election management system that initializes the voting machines used unencrypted protocols to transmit the initialization data to the voting machines, allowing for a man-in-the-middle attack. Altogether, it is a troubling report for a company already in hot water for selling uncertified equipment to counties."
I guess they do run linux after all.
I have 2 solutions to all these problems.
1: Do like the rest of the world, and use a HB #2 pencil.
2: EFF and the rest of the American White hats get together and develop an Open Voting system, that are freely implementable by any state, that can withstand public scrutiny and peer review.
For the last time - issue a voter card and use the cash machines / ATM machines / or whatever you call it in ur location.
It will even print a receipt.
If it good enough for your money it is good enough for your vote
Do they really think this sounds more impressive than "paperclip" ?
Jolyon
Please read my Canon EOS tech blog at http://www.everyothershot.com
It's not actually that hard to find sources that say these voting machines are dreadful.
That said though, they do have a lot going for them, they just need to iron out the kinks.
Give me a pencil and paper any day though!
I'm sure it's hard to hack a sheet of paper and a cardboard box. Please, leave democracy "unhackable", because where there's no paper for voting, there's no hard proof that you really did it...
Those machines have been proven time and again that they're insecure, not reliable and that it takes special knowledge to even start verifying their results. Now we add ease of manipulation to the fold.
How much more does it take to see that it is a BAD idea?
Yes, paper voting is costy. But we're not talking something where cost is the deciding factor. Democracy is about two things: People participating in the government of their country, and people trusting the government of their country. In a democracy, people have (ok, should have) a say in their country's behaviour. And this in turn should give them a feeling of belonging, they should feel their country takes them serious and as more than just peons who can be ordered around, because they chose their government themselves. This usually means more trust and faith in their rulers, because they themselves chose them (not some divine right to rule or military force, they installed their government).
Especially the latter part is at risk. If you cannot easily debunk any claims of voting fraud, because the means to vote offer themselves for easy manipulation, you open your country for claims of illegal manipulations that cannot be disproved. You destroy the faith people have in their country and the support. Not that it was really necessary these days, people already started losing faith in the democratic process and democracy altogether. But this has the potential to be the last straw.
Cost is not an argument when it comes to voting. If you want people to support the government as wanted by the majority, you have to make sure that it will be seen as the will of the majority. If fraud is easy, dissenting people will always claim foul play and you will not have any chance to call them bad losers. You can't prove them wrong, quite the opposite, we have seen now time and again that they have every reason to be suspicious.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1 ban linux and paperclips
2 ???
3 profit!
Does it make paperclips and Linux illegal in Germany now that they can be used for hacking?
thank God the internet isn't a human right.
I believe the most important thing about e-voting is that you can't pic up a random person from the street, explain him how it works, and after it ask him if the process of voting was done correctly. Paper voting on the other side is so easy that manipulation is easy to realize. I mean the only point of e-voting is that some poor government officials can go home earlier. I want Democracy for everybody.
How do I uncompress my MD5 archive?
Alternatively, just use a whole brick.
I, for one, like seeing my vote on hardcopy.
It must have been something you assimilated. . . .
The paper seals were easily bypassed, and the lock could be picked with a "common office implement". After cracking the physical security of the device, the testers found it simple to reconfigure the BIOS to boot off external media. After booting a version of Linux, they found that critical system files were stored in plain text. They also found that the election management system that initializes the voting machines used unencrypted protocols to transmit the initialization data to the voting machines, allowing for a man-in-the-middle attack.
Well, sounds good enough! What are we waiting for to adopt this thing?! Do these guys make avionics software as well? Because I'd be delighted to put my life in the same hands we put our democracy in!
You just got troll'd!
What, a service pack?
and all you need is one of them little kid things to rig the election.
I have excellent Karma and I am not afraid to Troll it.
"Common office implement" AKA: Paper clip and some whiteout I hear Richard Dean Anderson was on the testing team, so really, that's their own fault.
Slashdot is too nerdy for me.
Why are so many working so hard to prove how insecure these systems are? Is it not true that the current paper system and methods are less secure than any of these electronic systems? These researchers into the security of these systems should also use their smarts to improve and provide more secure systems rather than waiting for the next release of a voting machine to scan over and point out its flaws. It seems like the market is open for someone to actually put together a secure system. If they are smart enough to find the flaws in these systems then they should be able to put together a venture and build a real secure system. With their experience debunking other systems they can continue to use this skill to counter the claims of their competitors.
So much effort proving the system is faulty rather than working to improve it. If to much time is put in proving the electronic system is faulty we will never be able to move away from our existing faulty system.
If the machines have paper seals in an accessible place, then you could very easily DOS the vote of a district that is known to be unfavourable to you simply by slicing the seal with your thumbnail, without ever having to hack the machine at all!
If I defrauded a state and sold it uncertified voting equipment, I'd be in jail.
Why isn't this organization, which has clearly committed a criminal act, in jail?
|/usr/games/fortune
Anyone is free to come in, hang around, and watch the election. If it happens inside a black box, there ain't much to see. I've been a poll worker for many years here in the People's Republic of California, and you should see the tin-foil-hat-types that come in to be poll watchers. Comedy. That said, although all the precinct workers' primary goal seems to be upholding the integrity of the system, I don't think I'd advise any one to trust a system that CAN be gamed.
The cost of that cleanup, of course, will be borne by taxpayers, not industry.
Find me a machine that can't be hacked by a paperclip and I'll find you the episode of Mc Guyver that'll prove you dead wrong.
Ginga no Rekshiya Mata Each page.
Next authorities will be cracking down on the creators of vi for releasing software capable of hacking the electoral process.
Authorities will start cracking down on the creators of vi for releasing software capable of hacking the electoral process.
Well, obviously the solution is to ban all 'common office implements' since they constitute 'anti-circumvention devices'... sigh...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
I opt to kill a few trees to retain the paper method for now. I was forced to use an electronic voting machine (Diebold) in my district during the last local election in my state. I will not be using one regardless come the next election. Anyone can manipulate the machine behind the privacy fence surrounding the machine, without anyone knowing about it. Who is to say it cannot be tampered with even before the people are given access to the machine to cast their vote. I do not feel comfortable using an electronic voting device at this time.
I am almost 100% convinced that major elections do not matter anymore in this country in this day and age. The rich, and the corrupt have a strangle hold on our government and the media. Just look at the biased mass media coverage that is happening today. It is as if the media has already made the decisions for us about the elections, and those who own the media have very powerful ties to the government. There are no real debates between candidates, but they are still called debates. There are no tough questions, and there are no truthful straight forward consistent answers but from a couple of candidates, which are silenced and kept from the publics knowledge by powerful people whom are in control. I do have some hope, but it is fading fast.
I honestly feel that there will be another civil war in this country if things continue the way they are. It will not be the Whites against the Blacks, against the Hispanics, etc... It will be the poor against the rich. You know where the corporations and the corrupt politicians will stand when this happens. Change takes ballots or bullets. Sooner or later people will be tired of trying to make change peacefully with ballots.
It may not happen in my lifetime, but I think it will happen sooner than anyone thinks if the current path is followed. All it will take is someone high up in the military to finally get fed up with the corruption to take the action of cleaning house. We have already seen first hand the dissent in the military ranks all the way to the top. Several generals have peacefully resigned/retired and spoken in protest to the insane, illogical decisions made by the current administration and the path it has taken us down. Sooner or later someone with a bigger set of balls will do something about it if this continues.
It would not be a good thing to have this happen, but if things continue the way they are I would sadly be in support of it. It would be a rough road, but change is needed in a bad way. We are currently on a path of assured economic destruction, which will have effects far and wide around the world. We should learn from the past history of other, once large and powerful Republics. It seems to me that we are doomed to repeat history unless there is change.
I hold the hope though, that this vast information highway called the internet will tip the field in the favor of the people in due time. The option to see and read more news from many sources, rather than the few sources force fed to the masses controlled by the powerful and corrupt few. The internet has broadened my view of things. This too may not happen in my lifetime, but I hold hope that it will foster a peaceful change in time.
I hope for a peaceful change, but I am very afraid of what could and might happen.
"This is America... where the will of the few outweigh the outrage of the many..." - Unknown
Every vote is assigned to an ID. Not your ID, but a relatively random numerical one. When the voting is done, the entire votes database is made available on DVD (or whatever medium is appropriate to storing 300 million records. I wouldn't expect much space at all, I'd bet the IDs take up more space than the actual data.
Then independent organizations can tally the votes themselves and verify that the election was on the up and up. They can also allow people to check their votes in the database to verify individually that the database itself is correct. Assuming the database has been distributed in whole to all of the various organizations, mis-votes should be easy enough to discover.
Then it only remains that you need to protect people's anonymity. A ticket that can be used to verify an individual vote on behalf of a person can also be used to verify that vote to the satisfaction of a vote-buying machine (or worse.)
A solution is to obscure the information by giving each voter not one, but a list of ID numbers and told which one is theirs privately. That way, nefarious organizations wouldn't be able reliably say they've been given the correct number, which should kill their scheme. It's not a perfect solution, though, and I can already see flaws in it, but that just means it needs a bit more work before it's ready for prime time.
Can you be Even More Awesome?!
..really. computerized voting is not needed, a waste of resources (cash, manufacturing effort, etc, maintenance), inherently insecure (there is no possible way for a set of normal voters eyeballs to verify a count), it allows for the potential for widescale vote tampering,way way beyond any previous efforts where it had to be done precinct by precinct by corrupt individuals en masse, costs bundles of cash compared to paper and an empty box, and already has a track record of being possibly implicated in massive vote fraud that lead to profound differences in the apparent wishes of the electorate (using exit polls) and what allegedly happened (the alleged accurate vote count). Just look at Ohio in the last presidential race there. That badboy was hacked, no getting around it.
Computers have a place in our society, using them for elections is not one of them. Sometimes the complicated method is not the preferred method, ie, using howitzers to shoot down flies. Look at the wishlist of complicated crap you want to try and make it secure. I mean, really, just don't use computers in the first place. Make the vote a 24 hour period, and a national holiday so there is little excuse to not vote, and use paper ballots. Every fix the computers scheme out there always falls back on a paper trail. duh, just use paper then! Eliminate that complicated middleman. That and instant runoff voting or something like that combined with severe caps on campaign financing (it shouldn't take hundreds of millions of dollars to run campaigns, and face reality, these are almost pure bribes once you look at them hard, set a hundred dollar cap on all combined contributions per human per election cycle) would improve the political process immensely, Computerized voting machines are designed to be voting manipulation devices,and taxpayer cash suckers, fullstop. It's just generally a totally bad idea, this trying to fix computerized voting is turd polishing.
I'm very curious to know. Are the vendors of voting machines just cynical, and believe that nobody really cares about security and that they can pull the wool over the eyes of the people who make the buying decisions?
Or do they find that the people who buying voting machines are equally cynical, and really just want cheapjack machines, paying only lip service to protecting the public that uses them?
Or, if the truth were known, are ATM machines really just as bad?
(Anyone know what the relative cost is? Judging by general appearance, size, weight, and geek guesswork, I'd think an ATM might cost $50,000 exclusive of installation, an electronic voting machine might cost $5,000, a "traditional" levers-and-counters no-electricity mechanical voting machine about the same, and a punched-card voting machine $500... anyone know the real numbers?)
"How to Do Nothing," kids activities, back in print!
Those were _HACKERS_! They booted a linux CD!
Ocean found to contain water.
Saying your "phone ran out of batteries" is like saying your "car ran out of gas tanks".
You guys are all tech-inclined so you care about whether or not somebody can boot a voting machine into Linux and in what format the files are saved.
Seriously, this is not how voter fraud happens in this country. I keep saying this every time some idiot posts an article like this. Voter fraud in the U.S. consists of people signing the poll-book for voters who did not show up, and then voting on the machine for that voter. There is no booting into fucking Linux.
(By the way, this happens no matter whether you're using computer systems, lever machines, or an "HB #2 pencil.")
Welcome to the real world, kids.
Because I am the worst and most evil party you can imagine, and all I need to do is to pay fewer and fewer people .. find out yourself if I payed voting machine companys or only for IC manufactures that deliver to voting machine companys .. maybe I also only payed one single programmer within one of those companys .. well, hopefully you'll never find out so I CAN RULE THE WORLD!
How about a ballot like this, marked with a pencil? And after you mark it, you fold it and present it to a poll worker, who looks at the folded ballot and verifies there is only one, valid ballot and initials it, then hands it back to you and you put it in a simple cardboard ballot box. The votes are counted at each polling place by the poll workers, and representatives of each candidate can observe, and it is open to public observation. Is this just too simple?
Atheism is a religion to the same extent that not collecting stamps is a hobby.
Electronic voting machines don't have to be secure at all. If they make a paper trail, you can hack every single one of them and not affect the outcome of the election. The push for "more secure" eelctronic voting systems is completely missing the point. Using electronic voting should be required. They have options not available to paper voting. And, yes, electronic voting is more reliable (even if every single machine is hacked) than paper voting (presuming it isn't a DOS, in which case paper can be used). So whenever someone complains about them not being secure and their suggestions are either that electronic voting is bad or that electronic voting security can be improved, I can only think they completely missed the answer.
Learn to love Alaska
This report IS talking about paper voting. The system they hacked is an optical scan reader. The only difference with your HB #2 is that they use a pen instead.
There was never any e-voting here. In fact, this system (the article calls it the "inkavote" system) doesn't even have anything to with counting votes! It just makes sure that the ballot was marked properly so that the problem can be caught before the ballot is brought to the central vote counter. All it is is a simple system to help make sure people don't vote for 2 presidents or something like that.
Then don't even get me stared on the "selling uncertified equipment" FUD. The equipment in question was certified by the federal government for a insignificant change and when a new politician stepped up in California suddenly the federal certification wasn't good enough. And again the machine in question wasn't there to count votes, just to help people make sure they voted correctly (I think it was for disabled people at that).
I just don't get it, there are a bunch of engineers working to make these voting machines, and its all the politicians who are creating all this FUD... this is slashdot, usually aren't people biased on the engineer's side?
The first round of tests focused on the physical security of the Polling Ballot Counter (PBC), which the Red Team researchers were able to circumvent with little effort. "In the physical security testing, the wire- and tamper-proof paper seals were easily removed without damage to the seals using simple household chemicals and tools and could be replaced without detection," the report says. "Once the seals are bypassed, simple tools or easy modifications to simple tools could be used to access the computer and its components. The key lock for the Transfer Device was unlocked using a common office item without the special 'key' and the seal removed."
You can stop reading the article here. Once physical security has been breached it's all over. With the machine open, you now have complete control over it, even to the point of changing out the hardware. This also applies to any machine that handles money, including ATM's.
All the software security measures in the world won't protect you if physical security is breached. So, if the physical security of a voting machine cannot be maintained at least as well as an ATM, or better yet a slot machine in a casino (constant surveillance), then using the voting machine in the first place is NOT secure.
I have a better solution.
Every voting machine should print out a receipt for the voter with a unique number printed on the receipt that is also associated with the votes cast and retained on the storage card. The vote number can be a combination of the serial number of the voting machine coupled with the date and a simple sequence number (or a function of the sequence number)
The votes collected should then be hosted in an online database that can be searched by the receipt number. This would allow any voter to review the vote cast and ensure that what was received on the receipt is the same as what was officially cast.
Anyone skeptical of the e-voting method would obviously jump right on this chance to participate in this kind of scrutiny. More importantly, any report of a discrepancy would result in a flood of voters checking on their cast votes.
Anyone trying to tamper could not know who will check to confirm their vote, and would have to allow every cast vote to be retained as cast. Solid verifiable evidence of widespread tampering would either result in demand for a revote, possibly using a different method like a paper ballot , or would result in civil uprising.
To prevent ballot stuffing, the people working the election booths would be required to count the number of voters that use each machine and enter that number with the date and the machine number. This number would be entered independently in the online database (perhaps through a secure login). From the searchable database, the number of votes for any given machine could be calculated from the recorded vote ID numbers and compared to the independent count for the date. Third party oversight could be as simple as allowing people to watch a machine from a distance and count the number of voters that step in the booth. Because all of this information would be made immediately available to everyone, the number of eyes scrutinizing the data would make it difficult to screw with an election with any significance.
Seriously, how can someone implement electronic voting without making at least EAL5 for all involved components as well as for the system as a whole a mandatory requirement? (I'd demand EAL6, but let's stay somewhat realistic.) If I'd be the lawmaker, I'd be pretty paranoid about e-voting; I'd let at least three reknowned e-security experts draft up lists of requirements independently of each other and then combine them together in the most restrictive way possible. Encrypted transmissions, encrypted file storage, encrypted everything. Steel casings locked down with combination physical/induction key locks (the key contains an induction dongle), complete with tampering detection hardware. Mandatory submission of the device to several security shops at least one year in advance; if any feasible attacks (whether compromization or DOS) are found until three months before the election, the devices get red-lighted.
My voting machines would make mil-spec computers look like $199 Walmart junk. Of course the user interface would undergo similarly rigorous testing before being standardized - if there's any chance any reasonable voter can get confused the whole UI and, by extension, all voting machines aren't worth jack.
Then again I'm not a politician. They know best what's in their interest; certifiably secure elections might not be.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
Yes the ES&S machines may be vulnerable, but who honestly cares, consider, during election, these machines are never left with one person. The machine are dropped at the beginning of the election, empty. VST protocol requires the technician to verify that nothing is stored on the machines, with another poll worker. The VST will then load the ballot to the machine for the day. During the day, there is no way someone could physically hack these machines, between poll workers, poll watches, and voters, i think i would be noticed booting linux from a CD or using paper clips, etc. etc. After the election is closed, the master PEB is placed in each machine and the votes are all removed. Results are printed, and PEB's are placed in a box, sealed with a plastic seal which is serial numbered and recorded by the SOE. The PEB's are taken to a drop point, and the seal is broken, and data is extracted off the PEB's and combined with all precincts. I think the biggest problem is that the people do not understand the procedures used in these voting machines. After working in elections multiple times as a VST in South FL, i would say unless the entire precinct is in on rigging the machines, (we're talking 10-15 people) then it would not be feasible. Consider who works elections, (55+ crowd + linux = no profit)
If we standardize the format of the paper ballots and the marking devices (say, #2 pencil), then multiple parties can independently develop optical scanners for that ballot format. If each political party provides its own scanner, and each of those scanners is used to scan the ballots, and if all of them agree on a count, then we can be pretty sure that the count is accurate.
An additional level of verification is possible if some of the scanning devices capture the image of each page into a file. A file containing the photographic images of the ballots for a precinct could be put on a server, to be downloaded and counted by anyone who wants to do so. Each party could provide the images from its own scanner on its own server. If multiple sets of images are provided by different parties, any manipulation of the image files could be detected.
If any of the several independent counts disagrees with the others, we can easily see which one does not agree. That one party would then be on the spot to explain why their machine got the count wrong. In reality, the incentive to cheat is removed, because of the extremely high probability that any cheating will be discovered.
This can provide better verification that is possible with hand-counted paper ballots. With hand counted paper ballots, the number of people who can actually see each ballot is limited to the number of people who can fit in the room during the counting. As a practical matter, only a few people can be close enough to actually see the marks on each ballot.