Slashdot Mirror
Voting Machine Attacks Proven To Be Practical
An anonymous reader writes "Every time a bunch of academics show vulnerabilities in electronic voting machines, critics complain that the attacks aren't realistic, that attackers won't have access to source code, or design documents, or be able to manipulate the hardware, etc. So this time a bunch of computer scientists from UCSD, Michigan, and Princeton offered a rebuttal. They completely own the AVC Advantage using no access to source code or design documents (PDF), and deliver a complete working attack in a plug-in cartridge that could be used by anyone with a few private minutes with the machine. Moreover, they came up with some cool tricks to do this on a machine protected against traditional code injection attacks (the AVC processor will only execute instructions from ROM). The research was presented at this week's USENIX EVT."
They completely own the AVC Advantage using no access to source code or design documents
What do Source Code and Design Documents have to do with purchasing something?
What these "intellectuals" and "researchers" have to keep in mind, is that in reality, no one would ever dream of committing election fraud.
We all live in a utopia, where everyone has equal say, no one would ever coerce others and there's a kitten on every lap. That's why there are no such things as secret ballots. In every voting booth there will be three heavily armed guards who will watch you vote to ensure that you won't be doing anything you shouldn't do.
Have a cotton candy, drink your beer and turn on the TV. The shiny shiny is on again, you like that. You have always liked that.
</sarcasm>
to do anything.
Yours In Crime,
President-VICE Richard B. Cheney
It goes to show people should listen to computer nerds(no disrespect by any means)warning a lot more often rather then brushed them off.
Each voter will be accompanied by a "voter sanctity" representative who will supervise the voting process to ensure no one powns a machine.
To ensure the sanctity of the "voter sanctity" reps, a Voter Sanctity Workers Union should be established to ensure the highest standards in voter sanctity.
Americans today committed egregious acts of democracy to elect the next failed administration and the next failed Congress.
In a fabulous upset, almost no-one could bring themselves to vote directly for either of the official candidates, instead opting for a write-in vote. Popular write-ins included "the black guy", "the old guy", "McCain from 2000" and "Tina Fey." The seventeen votes for "The Invisible Man" were tallied for Joe Biden. Several tons of Liquid Paper needed to be scraped off voting machines.
The winning candidate turned out to be Noneof Theabove, 46, of Dogshit, Nebraska. Apart from the Presidency, Mr Theabove won 72% of Congressional seats and all Senate seats up for election this year.
Mr Theabove's policies include drinking, shouting abuse at the television and inchoate existential despair. "He completely embodies the national mood," said Nate Silver of FiveThirtyEight.com, just before applying for a new job flipping burgers.
A majority of US soldiers in Afghanistan stated the place was "just fine, really" and they were learning to speak Pashto rather than returning. Canada looked south and snickered, though not very much as they still had Stephen Harper to cope with. The Kingdom of Mexico stated its "regret" today that it has had to close its borders to American refugees.
http://rocknerd.co.uk
If you want to prove how secure your systems are, then show us the damn source. Either they're afraid we'll see crap code that's obviously hard to maintain (see: crappy coders cost time, time costs money.) That, or they know it's not secure. Linux has completely open source, and it does fine with security.
"Sorrow is better than laughter, for by sadness of face the heart is made glad." [Ecclesiastes 7:3]
deliver a complete working attack in a plug-in cartridge that could be used by anyone with a few private minutes with the machine.
It's not a bug! It's a feature!
Site is nearly unresponsive.
And it's just hosting a 3.1MB PDF...
Electronic bits do not have the quality of being static. Electronic votes can be changed without obvious physical evidence, and as long as they're purely electronic, it will always be like that.
Even an optical disk is more static than electronic bits that live in a database.
People need to demand paper ballots until electronic voting machines are all enhanced with built-in paper trails.
Check out my sysadmin blog!
So it if is so easy to hack a voter machine, why not make them all Dummy terminals?
Life takes interesting turns, but the most interest is when you're off the beaten path.
The nations new electronic voting system helps Obama secure a landslide victory on his historic third term.
People say my sig is the best thing about me.
That "USENIX EVT" is an anagram for "UNISEX VET"?
Thank you for reading One Man's Opinion. No participation necessary. Offer void where deemed by law or PATRIOT Act.
Where's my damn kitten?
I piss off bigots.
I really hope a politician of some sort with some tech savvy (mod funny lol) gets a hold of this and realizes that opensource is the way to go for voting machines.
With open source, diebold (or whomever) is still making money because someone needs to build the machines, and someone needs to manage the opensource project, but all those who are concerned about the integrety of the vote can contribute and find/fix exploits like this.
Or people can listen to a whistleblower who programmed voting machines that easily allowed fraud without a trace.
If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
Copy/paste, some formatting, no tables. Extra carriage returns (sorry)... "Implementing the gadgets" section stripped off...
Abstract
A secure voting machine design must withstand new attacks
devised throughout its multi-decade service lifetime.
In this paper, we give a case study of the longterm
security of a voting machine, the Sequoia AVC
Advantage, whose design dates back to the early 80s.
The AVC Advantage was designed with promising security
features: its software is stored entirely in read-only
memory and the hardware refuses to execute instructions
fetched from RAM. Nevertheless, we demonstrate that an
attacker can induce the AVC Advantage to misbehave
in arbitrary ways--including changing the outcome of
an election--by means of a memory cartridge containing
a specially-formatted payload. Our attack makes essential
use of a recently-invented exploitation technique
called return-oriented programming, adapted here to the
Z80 processor. In return-oriented programming, short
snippets of benign code already present in the system
are combined to yield malicious behavior. Our results
demonstrate the relevance of recent ideas from systems
security to voting machine research, and vice versa. We
had no access either to source code or documentation beyond
that available on Sequoia's web site. We have created
a complete vote-stealing demonstration exploit and
verified that it works correctly on the actual hardware.
1 Introduction
A secure voting machine design must withstand not only
the attacks known when it is created but also those invented
through the design's service lifetime. Because
the development, certification, and procurement cycle for
voting machines is unusually slow, the service lifetime
can be twenty or thirty years. It is unrealistic to hope
that any design, however good, will remain secure for so
long.1
In this paper, we give a case study of the long-term
security of a voting machine, the Sequoia AVC Advantage.
The hardware design of the AVC Advantage dates
back to the early 80s; recent variants, whose hardware
differs mainly in featuring a daughterboard enabling audio
voting for the blind [3], are still used in New Jersey,
Louisiana, and elsewhere. We study the 5.00D version
The AVC Advantage voting machine we studied.
(which does not include the daughterboard) in machines
decommissioned by Buncombe County, North Carolina,
and purchased by Andrew Appel through a government
auction site [2].
The AVC Advantage appears, in some respects, to offer
better security features than many of the other directrecording
electronic (DRE) voting machines that have
been studied in recent years. The hardware and software
were custom-designed and are specialized for use in a
DRE. The entire machine firmware (for version 5.00D)
fits on three 64kB EPROMs. The interface to voters
lacks the touchscreen and memory card reader common
in more recent designs. The software appears to contain
fewer memory errors, such as buffer overflows, than
some competing systems. Most interestingly, the AVC
Advantage motherboard contains circuitry disallowing
instruction fetches from RAM, making the AVC Advantage
a true Harvard-architecture machine.2
Nevertheless, we demonstrate that the AVC Advantage
can be induced to undertake arbitrary, attackerchosen
behavior by means of a memory cartridge containing
a specially-formatted payload. An attacker who
has access to the machine the night before an election can
use our techniques to affect the outcome of an election by
replacing the election program with another whose visible
behavior is nearly indistinguishable from the legitimate
program but that adds, removes, or changes votes
as the attacker wishes. Unlike those attacks described
1
in the (contemporaneous, independent) study by Appel
et al. [3, 4] that allow arbitrary computation to be induced,
our attack
1. What form of electronic voting could not be compromised?
2. What form of paper voting could not be compromised?
It may be that we must accept that no form of voting is "secure" in the sense of cannot be gamed.
At least, people have been gaming votes for as long as democracy has existed, so I don't know if they're going to stop just because we make it slightly less convenient.
Futurist Traditionalism
can't access pdf. can anyone who has it (and blasphemed /. by rtfa) post some text?
O. M. G.
How fucking hard can it be to create a simple, secure voting machine?
Start with this: http://www.staples.com/Amplivox-Aluminum-Truss-Lectern/product_683093?cmArea=SEARCH
Weld a steel box under it, lock one of these in it: http://www.logicsupply.com/categories/mainboards/nano_itx
A simple touchscreen on the top: http://www.newegg.com/Product/Product.aspx?Item=N82E16824103028
A 2-ply receipt printer: http://www.posmicro.com/RECPRINTERS/SAMSUNG_PRINTERS/samsung_srp_270_receipt_printers.htm (Also locked in a box, with an extra-large roll of paper)
Then, have a secure server in a cage in the corner of the room. Have the voting terminals boot over network from the server. All they need to run is a simple interface that shows the names of the candidates and allows you to touch to select them. Then it prints a receipt for you, keeping the other copy internally.
Sure, there are details to iron out, but come on, it can't be that hard.
critics complain that the attacks aren't realistic
Step 1) Create tool to hack machine.
Step 2) Next election, reprogram the voting machine to play PacMan.
Step 3) Watch Cable News Networks spend weeks talking about the issue.
Step 4) Watch politicians scramble to pass something/anything to prove they care about this issue.
This will all work as long as you don't care about step 5.
Step 5) Go to jail. You do have to show ID to vote and if there is someone in line behind you at the booth, they will know real quick you hacked the machine.
Here's what I'm trying to understand.
We have this great thing called Public Key Crypto and the PKI to go along with it.
If you presume a custom processor that will only execute code signed by an election commission, that would be a first step - the system won't run anything that hasn't been specifically approved for installation on the machine. There would be no more "last minute fixes" as we've seen in the past, where code was installed without being vetted by an election authority.
For that matter, require the software developers to store their code on a state or federal election repository, and only sign code that's been compiled on those systems, from that repository. Require that anyone who makes changes sign them with their private key and state the reason for the change.
For the results, take each ballot, strip off the identifying information, and encrypt it to the election commission, and sign it with a pre-deployed per-machine private key that's known. It would of course also be important to have a reliable time source for the device, to include that in the result file.
I would even envision that this would be a good purpose for a federal election agency - hosting the code for all certified voting systems, and being the "root of trust" that signs certificates for the state election commissions, which can then sign local and county commissions, which can then issue keys to individual election machines.
Some patches to an open-source OS, say Linux, a PKI infrastructure (along with some HSM modules to store keys) and a processor with an integrated crypto engine and TPM module would take care of all of this.
Banks do this kind of stuff all the time - what's so hard about it?
I was just walking down the street, out of nowhere voting machines came and attacked me and stole my wallet.
Give me a few private minutes with a paper ballot box and I can stuff it full of ballots for my candidate. That's an old-school hack.
> Banks do this kind of stuff all the time - what's so hard about it?
Banks have money at stake... that's too important to be left unguarded... if, however, you have a shiny suit and some friends at the bank you can rob the place blind with dodgy loans (see recent wikipedia material related to iceland)... no hard hack required.
Elections are too important to allow the people to decide, enough holes have to be left so that it appears as if democracy is in action when in reality no such thing is happening... how does it go? "I will deliver Ohio to GWB" or some such.
Bama's recent victory is no doubt due to the fact that a 'steal' on that one would have been too blatant... the most effective vote tampering is when the race is close.
It's not that it's hard to do it. It's that they don't want to do it.
I like to think of online DRM as something akin to a college -- you pay for lessons until you learn something.
I would say switch to Steve Job's but the apple fanboys beat you to it.
What do Design Documents have to do with anything. Considering that most developers put them straight in the circular file, I fail to see how that would help you hack the system.
look, it's simple.... Digital voting machine swith 2 way paper validation. 1 copie prints out of the back of the voting machine with a unique "voter number" (identifies the ticket itself as a receipt number, and has NOTHING to do with the person voting). A second copy prints out on a large tape at central voting table from a seperate central machine and feeds into a scanner on a 3rd machine. Your voting record is also stored electronically indexed by the voting receipt number in the central machine that printed the second copy. An additional step validating the 2 printed copies match completes the cycle and certifies the vote in a 3rd system that has no network connection to the others.
Upon entering a booth, you vote electronically. It presents your vote summary on the screen and has you confirm. Once confirmed your machine and the central machine print a voting record. You take the paper tape, walk over to a second machine, and insert the paper tape. The 3rd machine already scanned the output from the central machine, and now scans your to ensure they match, based on the voting receipt ID as an index. This extra step validates that 2 machines received the same data, and that you verified this data visually, and that data was successfully recorded using no electronic connections. This also guarantees that we have not only 2 electronic records, but a complete validatable paper trail should anyone raise a stink about the voting accuracy.
This system is basically impossible to hack as even if the 3rd machine, that actually is the voting authority, was hacked, the paper trail from machine 2 and your voting machine would not match that record, and the paper trail would become the official vote. Because you have the ability to visually verify your individual vote both electronically and on paper, this is an unhackable system. It;s also relatively cheap to get printers to output this record, and also cheap to have a simple OCR scan for the known names on the voting paper (aka it's using a really small word list and thus would have amazing accuracy).
There is no contest in life for which the unprepared have the advantage.
Quick question, I don't know what I did, but why the hell is slashdot restricting the number of posts I can initially see to 5? I have to press "More" to load more posts and it's irritating as hell. For big discussions (eg. 200+) I have to click AT LEAST 40 times, waiting each time for the next 5 posts to completely load. ARGH! How do I fix this?
how is babby formed?
If you presume a custom processor that will only execute code signed by an election commission, that would be a first step - the system won't run anything that hasn't been specifically approved for installation on the machine.
If you had RTFPDF, you would have noticed they actually used a clever technique called return based programming, to reuse small parts of trusted code and implement their hack using them.
Why not just use internet voting from home? A secure web site directly tied to the election board's servers. Vote file gets some ridiculously large checksum before transmitting and you get a confirmation email with a confirmation code if successfully transmitted. You print out a copy and mail it in for backup.
I bank online without issue, and the vast majority of Americans are far more concerned about their money than their vote, so why not? I mean, what good is the Supreme Court if they aren't deciding elections, you know, like in Iran?
"Starting with no source code or schematics,
we reverse engineered the AVC Advantage and developed
a working vote-stealing attack with less than 16
man-months of labor. We estimate the cost of duplicating
our effort to be about $100,000, on the private market."
I wish I could buy 16 man-months of technical labor for $100k. Where I come from, that would cost four times as much.
Nothing will make the case better than the election of Senator Cmdr. Taco.
Just make it happen, and the rest will follow. Nobody who matters is going to listen to a bunch of hypothetical arguments from "academics." But the incumbent Senator who loses against Taco might be able to make things happen.
-fb Everything not expressly forbidden is now mandatory.
Yeah, that's no help. Steve Jobs has an anus is so blown out that it makes the Grand Canyon look like a pothole.
French presidential election in 2002.
You get a voter's card and then go to the city hall and show your ID.
Take as many pieces of paper with names as there are candidates, and an envelope.
Go to a booth, fold the piece of paper of your favorite candidate and put it in the envelope. You can also leave the envelope empty for a blank vote.
Go back to a table and hold that envelope above a transparent plexiglass box with a thin opening triggered by a button pushed by an employee on the other side of the bench. The envelope falls in, the guy yells VOTED and then I signed a register, there was already my name on it, I think they checked the ID again.
One of them asked me if I wanted to be part of the counting of the votes. I said yes and came back later.
Counting the vote is pretty straight forward, several tables, half dozen people per table.
To make the job easier , one opens the envelope, and another one read the name out loud and put it face up on the table, one stack per candidate, the rest make a mark on a piece of paper, and there is a frequent checksum, and we rotate the jobs. People standing walk around and look over your shoulder.
So I can tell that the part of the counting process I was involved in was very transparent, I had a good feeling. I don't know what happens after that, but I'm pretty sure that you can follow the ballots and the counts as they add up to the national total.
I've read some recent news that some people are trying to implement electronic voting machines in France, that saddens me because I feel like the counting process and its reporting must be transparent and, to me, this is as important as the right to vote.
This means that politicians will have to go back to old fashioned fraud, like ballot box stuffing, having bums vote for dead people, registering phantoms from empty lots, and on and on.
In the land of the blind, the one-eyed man is king.
Some patches to an open-source OS, say Linux, a PKI infrastructure (along with some HSM modules to store keys) and a processor with an integrated crypto engine and TPM module would take care of all of this.
Or they could use a smartcard. I'm sure a credit card is harder to crack than this machine.
Looks like return-oriented programming is a nice way to own various pieces of locked down hardware, eg. region-coded DVD drives, carrier-locked phones etc.
This is not a signature.
I volunteered to run a polling place this past election cycle, so I have a few thoughts on this:
1) One of the reasons that the electronic voting systems have so many problems is that the local and state elections board are *not* IT shops. They don't spend the time on IT to really get it, and probably won't for a good many years to come. (For example, my local election board had not considered that there would be a pretty significant failure rate on UPS' between election cycles...the UPS' to run the voting machines were a repeating problem across our district.)
2) The polling volunteers are not IT people, either. Well, some of them are, since people like me were volunteering...but the IT-aware folks were a small minority. There were many polling places that had no geeks at all to help them. For the average voting volunteer, you want to minimize the complication...these are the folks that call Geek Squad for help. Don't make them have to call Geek Squad to set up a polling place.
3) PKI is hard to get right, and fails pretty catastrophically if you get it wrong. If a simpler system can get you to a manageable risk level, why bother with the complication of PKI?
I worked as an Elections Clerk. I was the person who hired the Elections Judges (poll workers) and was phone triage on elections day when they didn't know what to do with a voter.
First, 99.99% of the EJs are good people, but there are also bad seeds. You must guard against the EJ's as much as the voter. We had an EJ voting every day of early voting, until the Alternate Judge discovered what he was doing and reported him to us. We reported him to the County Commissioners and County Prosecutor who declined to prosecute the person for whatever (probably politically motivated) reason.
With paper ballots, the fraud would be easier to spot statistically. But any EJ that could figure out how to upload a virus to their voting machine, and get it onto the tabulating machine, could possibly edit results in a way that would make it very hard to discover.
Second, an attacker could possibly find a way to defeat a tamper seal, or could break into the storage facility of the voting machines before election day, or I am sure there are a multitude of other attacks where someone could have a short time of unsupervised access to the voting machine that wouldn't be detected by tamper proof seals.
I guess until the critics get in their heads they are flawed, we will have to go to great lengths to show them it does not compute,
I am thinking of adding a new partisan in the running that stands for Al Quidae being in control for our government, and then using
the tricks talked about here to actually make the votes go their way....and then 2 minutes before the actual meltdown, when everyone on CNN is seeing the impossible...call in and explain the prank to any who will listen.
THENNNNNNN.....they would get it.
I did RTFPDF, and I read that this is an 80's-era system running on a Z80 processor. Nowadays, we have chips with memory management, lockable pages, execute-only pages, and other nice things. If you require that the contents of any card inserted be signed by the election commission before you'll even touch them, it would be a bit difficult to get an interface to the system in the first place, now wouldn't it?
Best quote from the paper:
The absence of a paper audit trail means that the vote modification will not be detected.
... much less corrected.
You can have a very hackable machine with an immutable, hand-countable, voter-verified paper trail (i.e. printed ballots) and you'll be okay*, assuming multiple mutually-hostile parties are keeping an eye on the paper trail.
You can have a very difficult to compromise machine without a paper trail and you'll never know with certainty your results are accurate.
*There may be difficulties where a machine is needed to provide voter-verification, such as when reading back a filled-in printed ballot to a blind person. In most elections, the numbers of such ballots are less than the margin of victory. However, in some, such as the Florida Presidential race of 2000 or the Minnesota Senate race of 2008, this may not be the case. A way to handle this is for the read-back machine to be made, installed, and supervised independently of any machine that helps cast votes/print filled-in ballots.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Here's a system I can trust:
User uses a machine to prepare a printed ballot. In addition to printing the ballot the machine records a running tally. Of course, both are subject to fraud.
The user inspects the printed ballot. If the printed ballot is bogus it is invalidated and the user votes again. If the user is blind he has a trusted friend or a machine read the ballot back to him. If he uses a machine, it will be a machine developed independently from the ballot-printing machine. There is an opportunity for fraud by the friend or the ballot-readback machine but the odds of a successful collusion with the ballot-preparing machine are greatly reduced.
The user deposits the printed ballot in a ballot box just as he would a hand-filled-in ballot. In fact, some voters may choose to use a hand-filled-in ballot, although those voting in languages other than English or heavy-minority languages may be forced to use the ballot-marking machine, as might those who cannot see and who do not have someone with them.
The numbers collected by the ballot-preparation machine are unofficial and incomplete. They may have utility for spotting statistical anomalies in the official result, which of course would generate a recount.
The printed ballots are then counted, either locally or at a central location, by two machines, each developed independently and used by different teams of counters. If the results vary by enough to sway any race, a third count, probably by hand, will be done.
There, that's a system that
* I can trust, provided I can trust the people conducting the election**
* A system that has machine voting, or should I say, machine-assisted voting
**yeah yeah I know, "trust the people conducting the election" is probably impossible, but I can dream, can't I?
--
Advantages of such a system over manual-fill-in bubble-sheets:
* Arbitrary numbers of languages can be supported easily without wasting paper
* Arbitrary number of different elections can be held at the same location without wasting paper
Disadvantages:
* Cost
* Complexity
* Requires more poll watchers
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Besides this being a very nice piece or work in Computer Science, it appears the point of this study is that in order for a software device to be considered "secure", it needs to stand up to exploits that have yet to be discovered at the time of release. This is, of course, seemingly impossible to do since undiscovered exploits are, well, undiscovered.
Return-oriented programming defeats security measures like DEP, but there are other measures that may be effective against attacks of this sort, such as Address Space Layout Randomization (ASLR) and Stack-Smashing Protection (SSP). Of course, these measures weren't yet invented when the voting machines were created according to the very best security practices of the time. The lesson is there can be no guarantee that employing the very best security measures we know today will stand up for the lifetime of a device. Very interesting implications...
Wait until near the end of the day and find a polling place that leans heavily toward "the other guy."
Enter the building and set off an explosive that utterly destroys the ballot boxes and their contents, including their memory chips.
Method #2, which is likely to fail due to the election being canceled and rescheduled:
Find a way to prevent people hostile to your candidate from getting to the polls. Engineer car crashes on the roads leading to the polls. Engineer long lines at the polls. If those hostile to you vote late in the day, arrive before they do and take hostages. Yes, the voting time will be extended but a lot of would-be voters will give up and go home.
You may successfully change the outcome by a few dozen votes. In a close election, particularly one with low turnout like a bond election or dog-catcher election, this may be all you need.
Oh, be prepared to be arrested and spend many years in jail, or die before the day is out. But hey, nobody ever said leading the revolution would be without cost.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The problem is that no one seems to be willing to sell such a machine.
No, that's not it. It would be exceptionally easy to find a contractor willing to build you such a system, provided the government's paying and you know what you want. The schemes are out there, some of them proven to be unexploitable. This means that the decision makers either are dangerously ill-informed or gain something from building an insecure one. Respectively, they should be either immediately removed from their offices or mediately moved to prison.
Here's a several trillion bucks and counting glaring example about how most reps and senators give not crap one what their constituents want: Public opposition including phone calls, faxes, emails, snail mails and buttonholing was running well over 90% against the casino bankers bailouts. Yet it passed, both under the shrub admin and continues today under the yomama admin. People just wanted normal bankruptcy to occur, let the real free markets sort out those ludicrous collateralized debt obligations and hedged derivatives bets and all those other pseudo financial "products" and other forms of mass leechery from the real working folks. People said in huge numbers "No, we don't need to offer millionaires and billionaires welfare when they bet wrong, they should eat their own megacapitalist dogfood..we'll deal with whatever happens, but don't subsidise those people". But nope, the US public got put on the hook to bail them out.
GM and Chrysler, again, decades of getting it wrong in the auto industry, all the chance in the world for management, unions and investors to get it right..nope, they kept screwing up. People really didn't want to bail them out, again in huge numbers, just let them go bankrupt like normal, but, the quasi bailout happened anyway, and now we have some precedent that the executive branch can just seize corporations and run them. Seems like we fought a big fat war over that economic and governmental "blend" two generations ago, we were against that back then, and actually hung some of the high level proponents after that war. Now, it is *policy*, despite most folks being against it.
Look at the dumb wars..I sincerely doubt there is even close to a majority opinion anymore to continue these wars....but they still go on.
The bottom line is "government" doesn't give a rat's ass what "the people" want, they just go ahead and do whatever they want to do, or what they have been bribed and blackmailed into doing.. I can't give you an exact date when it happened, but voting and "representative democracy" has been broken on many levels for a long, long time now.
Now I still vote, inertia mostly and all, but I think it stopped having much meaning at the larger scales. Local elections I think your vote can make a little difference, at state and above levels though, you have your choice of the globalist screw the middle class party that subsidizes a.b and c over there at your expense, or the globalist screw the middle class party, who subsidizes x,y and z over thataway, again at your expense.
I *wish* it was different, really, I sincerely do, but not seeing it. Until such a time as the two corrupt major parties are abandoned or outlawed for major racketeering, just not seeing things getting any better. Just way too corrupt, for way too long now, it is just "business as usual", and neither party has any incentive to eliminate themselves or the other party, because they are equally corrupt, so they just are never going to go there.
My big hope, really..I hope the USA does a USSR and just dissolves as a bad idea, past prime, with no bloody revolutions. I want some real honest choice. If a regional bloc or state wants joe government to run all aspects of their lives, cradle to grave, and stay taxed at 90% with a herd of commissars overseeing them all the time...swell, let them try that, see how it works. If another wants just about no government at all, private everything, no rules except ferengi "profit at all costs!", fine, let them try that and see what happens.
Somewhere, some state or group of previous states will go "gee..ya know..the original Constitution and bill of rights actually seems well thought out..wonder what will happen if we really, REALLY follow those guidelines and not just lie about it all the time??". THAT place I *will* move to, even if I have to fight every step of the way there.
First, 99.99% of the EJs are good people, but there are also bad seeds. You must guard against the EJ's as much as the voter.
Indeed you must. In my state there are four of us, representing at least two different political parties. It seems unlikely to me that you could get four randomly assigned people from different political parties to all agree to rig an election.
We had an EJ voting every day of early voting, until the Alternate Judge discovered what he was doing and reported him to us.
Sounds like the system worked if he got caught. My only question would be why did it take so long? Our machines have always kept a running count of the votes cast that day that must match up with the number of people we've signed in. There are two different people who handle the signing in process (one who handles the poll book and the other who keeps a running handwritten list of the people who have voted thus far) so it wouldn't be easy to do a fake sign in to keep the numbers matching. If you tried this at my polling place I would know about it pretty quickly as I always make a point of checking the running total throughout the day.
We reported him to the County Commissioners and County Prosecutor who declined to prosecute the person for whatever (probably politically motivated) reason.
Well, that's bullshit right there. As far as I'm concerned messing with the electoral process should be regarded as a felony and punished accordingly.
But any EJ that could figure out how to upload a virus to their voting machine, and get it onto the tabulating machine, could possibly edit results in a way that would make it very hard to discover.
They could, but the machines are randomly audited and you have no way of knowing if yours is going to be one of them or not. I don't know what else you can do to protect the system at this point. You could audit every single machine but that would require manpower and resources that most Election Boards just don't have.
Second, an attacker could possibly find a way to defeat a tamper seal, or could break into the storage facility of the voting machines before election day, or I am sure there are a multitude of other attacks where someone could have a short time of unsupervised access to the voting machine that wouldn't be detected by tamper proof seals.
You've got an awful lot of "coulds" there. People could do any number of things. All you can do is make the system as secure as possible. At least with regards to New York State I haven't seen any glaring holes in the security of our electoral process or anything that I would do differently if I was in charge of the whole show.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
If academicians have access to surce code and design plans then it's safe to assume hackers have access to source code and design plans imho.
Voting machines elect one of their own as President - http://www.theonion.com/content/video/voting_machines_elect_one_of
Thank you for a very lucid description of how controls, checks and balances are implemented. In -any- voting system, adults have to get together and put into place what can only be described as basic accounting controls. This is not black art. It's well understood; every bank and most phone companies have years of experience in how to put processes in place to keep people from stealing. At least most of the time. But they manage to do it well enough, often enough, that none of us worries about putting our paycheck in a bank or audits our cell phone bill.
In the diatribes against electronic voting systems, we rarely focus on asking -how- we could put into place a working, economical, trustable voting process that extends the voting franchise more widely and trustably than what we have today. It used to be impossible to think we could have a free operating system. We did that.
I was taught to respect my elders. The trouble is, it's getting harder and harder to find some.
Here's the thing, you don't even have to hack any machines to throw an election. You just have to cry "foul", and then everyone gets in a tizzy about a recount. Not to mention all the dead people voting.
I saw a stat(can't remember source) that showed out of 100% of registered voters in one particular area something like 120% actually voted.
When you can create a paradox like that who cares who can hack what. And I don't think this is some sort of propaganda from some sort of special conspiracy theory group. I grew up in Lake County, Indiana, and dead people voting has happened many times in my lifetime there.
When I rule the world, I'll have squads of flame throwers fanned out around me, and for me, winter shall cease to exist
The attack described in the paper has no problems whatsoever working with executing only signed code. It used only the original ROM code - having it signed would change nothing.
Banks cannot really be compared to voting, as there is no requirement for logs to be anonymous. Instead banks have multiple redundant logs, all of which tend to have all the identification for reconstructing who did what where and when.
This isn't about GNU/Linux zealotry or any kind of idealism, it's about basic accountability, especially for something so fundamentally important to democracy. Everyone needs to be able to see how the system works (99.99% of people won't understand/bother to read the source, but the public will trust 30000 individuals that all confirm whether the source is good or bad and the public will not trust three or four spokesmen from some closed-door auditing companies). A good open system is physically impossible (or very very*10^126 difficult) to crack even with full code access. There is, of course, the added problem of ensuring that the source and only the source runs on the machine, but these two conditions are linked with an AND, not an OR - if the code is not definitely valid it doesn't matter what else is going on - it's not secure, period.
The coulds seem to happen rather frequently. I'd encourage you to spend some time browsing through www.blackboxvoting.org to see just what kind of things are going on in some districts.
I did RTFPDF, and I read that this is an 80's-era system running on a Z80 processor. Nowadays, we have chips with memory management, lockable pages, execute-only pages, and other nice things.
So?
If you really read the RTFPDF article you would have seen that this 80's technology would only let you execute code that was in ROM. I'll spell that out for you: Read Only Memory. It's the same thing as lockable pages, execute-only pages and other nice things; only simpler, more secure and very inflexible. Yet, it still did not prevent the attack.
If you require that the contents of any card inserted be signed by the election commission before you'll even touch them, it would be a bit difficult to get an interface to the system in the first place, now wouldn't it?
It will only make attacks harder for every one but those with the most to lose: the incumbents.
Pre 2008 elections, when there were so many Slashdot stories on EVSes and their deficiencies, it seemed every story had at least one post where someone pointed out an Elections expert recommending changes (such as requiring proprietary EVSes to publish their source, or starting an open source EVS based on commodity hardware), or mathematicians looking at theoretical solutions to the problem.
I think the real problem is we don't have the political will to toss the apple cart.
In my state there are four of us, representing at least two different political parties. It seems unlikely to me that you could get four randomly assigned people from different political parties to all agree to rig an election.
In Texas we have an EJ, an alternate EJ, and 2 poll clerks. The EJ should be the majority party in the precinct, the AJ is the minority party, and the clerks are hired by the EJ and I believe can be any party. The EJ and AJ weren't randomly assigned, but chosen from precinct residents that volunteered. They had to be accepted by the county party chairman of their party.
Occasionally there were not volunteers from both parties in the precinct, so we had to allow the AJ to be the same party. In some of our rural and one-sided precincts especially, this is ripe for gaming and abuse. If you knew there were unlikely to be volunteers from the opposing party, you could change your party affiliation and pretty much be guaranteed to be the AJ.
Sounds like the system worked if he got caught. My only question would be why did it take so long?
It worked, but it was too close for comfort. As I recall he was choosing people off the precinct roster that didn't vote in the last election. In the flurry of activity of setting up the polling location, I think he was signing the poll book real quick, then voting shortly thereafter. The AJ just happened to see him messing with the poll book as she was setting something else up. This was in the days of scantron ballots, so there isn't a ballot counter on any machine. It is all manual.
the machines are randomly audited and you have no way of knowing if yours is going to be one of them or not. I don't know what else you can do to protect the system at this point.
There have been some attacks that are likely to be invisible to an audit of a machine, unless you disassemble the compiled code and study it in detail. I also don't like relying on a random audit where even one instance of fraud isn't acceptable. Elections Boards rarely have the knowledge or time to effectively identify mathematically or technically sophisticated attacks. This is why I think all EVS must have completely published source code, or they should be open sourced, so any interested party can come in, request records, and have a fighting chance identifying fraud.
You've got an awful lot of "coulds" there. People could do any number of things. All you can do is make the system as secure as possible.
I saw the inside of the system. I don't think I am particularly clever, and I didn't spend a lot of time thinking about novel attacks. But what I saw was disturbing. And not because I think the Elections Office I worked at was poorly run, or unconcerned with fraud, but because there is a dearth of technically savvy security knowledgeable people willing to work for the low wages in an Elections Office. And there are a decent number of scary smart morally depraved people in the world. We should guard against them as best as possible.
Right now EVSes are not demonstrably safe from known attacks. We must make them so to the point we can, and not count on physical and process security to keep them safe. You need as many layers of safety as you can.
Occasionally there were not volunteers from both parties in the precinct, so we had to allow the AJ to be the same party.
Hmm, in NYS they don't require the Inspectors to be from the same election district. In fact they rarely are. I managed to get assigned to my own election district when there was an opening (mainly so I wouldn't have to leave my post to drive across town and vote) but that's a rarity.
Right now EVSes are not demonstrably safe from known attacks.
I've never advocated for electronic voting systems. But I do think there is a distinction between a DRE (direct electronic record) system and a system that relies on paper ballots and which only uses a machine to tabulate them.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
The whole "getting voted out" part, the approval or disapproval by the voters. Say this current rep doesn't do what his constituents want, so he gets voted out, joe new guy gets in. Now is the cycle supposed to be self repairing now, or just self perpetuating? Joe new guy who gets voted in because he claims he will do what his constituents want reneges on those promises after election and does the same thing as the old guy, ie, doesn't represent the wishes of his constituents. What's the point of this little election soap opera then, why even bother?
How many iterations of this "elect people who do not represent your wishes" cycle need to occur before the obvious dumbness of even having the charade of a representative and a vote are apparent? Why even bother at all if they are never going to follow the wishes of those that elected them?
That's the system we have now, and I still contend is it way past broken, because we can see the proof that we are getting just too many bad results, precisely *because* a lot of these representatives do not follow the wishes of their constituents (and you can now go back to my original examples).
And I will also contend that if anyone "you", individually or collectively, keep doing this same thing over and over again and are expecting different results, at a gross gestalt level, that that is pure insanity, crazy.
If "we the people" simply can not get representation at the highest levels that really represent our viewpoints, then there is no further need to even have that particular organizational body or structure or practice. None whatsoever. IMO, we don't need a dictatorship, even if it tries to pass itself off as a benign one. but..let's explore that idea a little bit, shall we?
Now, if collectively the people really do want a dictatorship, then be open and honest about it and stop wasting time with the ludicrous vote. If it is going to be meaningless anyway, that no matter what all the little peeps want the few selected and anointed and appointed big peeps will just do whatever, just cut that fake out scam vote part out of the system entirely. Just have government declare one day that to save time and to stop wasting resources, they are just now going to be running everything,. and no further future votes will be needed. Just follow orders and diktats.
And to get more personal, because your contention is most annoying and..juvenile and overly simplistic to me, we'll go where you want to go.
Your quote "Government should never do what the people want"... as a hard declarative statement leaves me rather cold. This statement indicates to me two things: 1) you are in favor of pure fascism, because the "people are as dumb as dogshit", and 2) obviously you are one of these people by default (unless at this time you are a high level "elected representative" who is obviously just so much smarter that they just "know better").
I will go on the probably quite safe assumption that you are not, that you are just one of the vast herds of "we the dogshit stupid people". This is correct, yes?
So... someone who is admittedly as dumb as dogshit is in favor of fascism, so that is supposed to be a compelling argument in favor of that system.....
Uh huh, that's really convincing! ;)
Hmm, in NYS they don't require the Inspectors to be from the same election district. In fact they rarely are.
Inspectors in TX rarely live in that precinct, but the poll workers do (EJ, AJ, and poll clerks). I believe we would occasionally have out of precinct workers at the discretion of the party chairmen, when we didn't have enough in precinct volunteers. It has been a long time since I had that job.
I've never advocated for electronic voting systems.
It was my impression that your parent post was saying inherent weaknesses in DREs weren't a primary concern, due to physical and process controls by the Elections Office. I was making the argument that the controls aren't sufficient to protect a poorly designed DRE, and we must insist DREs be as safe as we know how to make them. I agree with the rest of your statement. Sorry if I misunderstood the grandparent post.
Guess Stalin has been right all along: 'It's Not the People Who Vote that Count; It's the People Who Count the Votes'.
The thing is, the people that count no longer matter, they have been replaced by software(It doesnt matter if officials still count aswell, when the used software is malicious).
Princeton University Exposes Diebold Flaws
Original research paper
Maybe we just like repeating history so much that people just dont care anymore..
Inspectors in TX rarely live in that precinct, but the poll workers do (EJ, AJ, and poll clerks).
In NYS the Inspector has the same rule as your EJs. We sign voters in, handle any challenges that may arise, etc, etc. Generally we don't have poll clerks except in the really busy urban districts -- where they exist their job is to assist the inspectors and help to ensure that the polling place continues to operate smoothly. They don't have any vote on disputes or any authority beyond that granted to them by the Board of Inspectors.
It was my impression that your parent post was saying inherent weaknesses in DREs weren't a primary concern
DREs scare the hell out of me. I'm glad that my state hasn't adopted them. I was mainly trying to respond to the tin-foil hat crowd that thinks anything electronic must be bad. I don't see a problem with a system that relies on paper ballots and which only uses the electronic side of things as an assistance mechanism for handicapped voters and a tabulation device.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Thanks for taking my razz in the good natured spirit it was offered (the smiley was the clue there)
As to the mob rule versus the enlightened aristocratic rule, I understand what you are saying. That's the original reason here for having direct elected Representatives, and then state appointed Senators. This was the best balance they could come up with. We screwed up royally going to direct elected Senators. The senators are supposed to really dig into the details and just go with what they think, our reps are supposed to do exactly what we tell them to do. Now..neither do that, the Reps have stopped listening to the people and the balance of power has swing so far to the command authority that it is right now a defacto dictatorship. There are worse dictatorships, but that doesn't mean this isn't one either, and all the trends and signs point to it going all the way, past [godwin or stalin level] reference. And soon..
I'll have to keep saying that it has swung way too far and the people, on some rather large issues, are not getting the government they want or are entitled to by our most basic and simple laws and tenets. A lot of examples, the ones I used previously, or how about just simple things medical marijuana and industrial hemp? Passes referendums in the states all over to legalize it, yet the Feds keep blocking that. Tons of stuff like that. Hell, our founders used the stuff, it's just a crop, how blatantly wrong can our current laws enforced by our "rulers" be then?
The US is unique, as in the only one among all nations past and present "unique", in that *we put the sovereignty of the individual first*, despite all the potential downsides there. We wanted more freedom, and less security or effectiveness, *if* the latter two conflicted with the previous and primary.
No other nation even comes remotely close to this structure and ideology. And a lot of us still like that idea. We accept the potential downside of failure for the freedom to excel.
The original design is to always err on the side of freedom and the wishes of the individual and the people at all times, as long as this or that does not remove freedom from others.
We fought the revolution precisely to avoid the dictates of the central power authority, because they inevitably become corrupt and then tyrannical. It has happened in every centralized command governmental structure in the past, the founders knew this, so they ran some serious skull sweat and came up with this "sovereign individual" idea. Which is rather cool. We (are supposed to) tell them what to do, they-government-are our employees, they are not supposed to tell us what to do.
Now, that concept is broken, hideously broken, and it it is and will continue to cause a lot of problems because of that. It could very well lead to a rather nasty big problem if you get my drift. You can just piss off and abuse and disenfranchise the people for so long before they "just say no".