Slashdot Mirror
Bruce Schneier: Our Election Systems Must Be Secured If We Want To Stop Foreign Hackers (schneier.com)
Okian Warrior writes: Bruce Schneier notes that state actors are hacking our political system computers, intending to influence the results. For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention, and WikiLeaks is promising more leaked dirt on Hillary Clinton. He points out, quite rightly, that the U.S. needs to secure its electronic voting machines, and we need to do it in a hurry lest outside interests hack the results. From the article: "Over the years, more and more states have moved to electronic voting machines and have flirted with internet voting. These systems are insecure and vulnerable to attack. But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified. We no longer have time for that. We must ignore the machine manufacturers' spurious claims of security, create tiger teams to test the machines' and systems' resistance to attack, drastically increase their cyber-defenses and take them offline if we can't guarantee their security online."
For something as important as voting, how about paper only? And another thing, we should really do vote-by-mail nationwide just like Washington state does it.
In Canada we use standardized paper ballots across the nation. They're counted manually in each poll.
Foreign hackers? People who live here care far more one way or the other and are far more likely to do extreme things to influence the election. Russia is a false flag. Voter fraud is already a hallmark of our elections.
Nope. We're not allowed to require voters to produce identification.
"But there's no vote fraud!!!!"
HOW THE HELL CAN YOU EVEN KNOW IF THERE'S FRAUD WHEN YOU'RE NOT ALLOWED TO VERIFY WHO VOTES?!?!
The lack of positive voter identification means US elections don't meet UN standards for free and fair elections.
So, we won't then.
Trump is Russian money, just as Brexit was. America feels it won the Cold War, but Russia - still ever the dictatorship - played the long game. And well.
> For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention
Citation sorely needed. The DNC has suggested it's possible Russia was involved. A small security company called ThreatConnect pointed out that one of the tools used had some Russian language strings, meaning that the attacker used a tool which was written by someone who spoke Russian.
"US intelligence agencies" have announced no conclusions and there is scant evidence that "Russia", the Russian government, was involved.
How exactly is some random security researcher "US intelligence services", aside from the standard deflection mechanism?
Vote-by-mail, or any system where there is no voting booth with official overseer, lacks anonymity.
Voters need the right of keeping their vote secret, but that is not enough. If voters can show who they voted for, they can be intimidated or otherwise induced into voting for someone in particular. They can of course say who they voted for, but they cannot be allowed to prove it to someone else.
That is what the voting booth is for. With generalized vote-by-mail, we would see much more vote buying and small-scale intimidation such as “vote for my stepbrother if you want to keep your job”.
I am surprised that so few people make that connection when the issue arises.
If they somehow make a third party candidate win...
>> WikiLeaks is promising more leaked dirt on Hillary Clinton
Does anyone else remember when journalists actually did research like this? (In a free society, digging up "dirt" on politicians is a GOOD thing.) Where is the Watergate reporting crew when we need them?
If they somehow make a third party candidate win...
The whole point of electronic voting is so that its unsecure and the ruling elite can use that unsecurity to ensure they stay in power.
Now that foreign players have entered the fray theres no telling what will happen next. Perhaps the ruling elite in the USA may find themselves unseated in an electronic coup!
In the free world the media isn't government run; the government is media run.
=== If you really want to improve the election system, support Tim Canova. ===
1. I am more worried about domestic hackers than the foreign variety.
2. Unless you've been under a rock for the past decade, you know the current state of "network technology" cannot secure anything.
3. The primary application for "network technology" is not to gain security but rather to reduce labor costs.
4. The only thing we get by securing the election system is less whistle blowing and even more fraud.
5. If you really want to improve the election system, get rid of gerrymandering.
6. If you really want to improve the election system, get rid of restrictive voter ID laws.
7. If you really want to improve the election system, ask yourself why Wasserman Schulz still has a job.
Of course, when you ask a security guy how to improve anything, the answer is always better security.
That is all he knows!!!
The lack of positive voter identification means US elections don't meet UN standards for free and fair elections.
> For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention
Citation sorely needed. The DNC has suggested it's possible Russia was involved. A small security company called ThreatConnect pointed out that one of the tools used had some Russian language strings, meaning that the attacker used a tool which was written by someone who spoke Russian.
"US intelligence agencies" have announced no conclusions and there is scant evidence that "Russia", the Russian government, was involved.
'US Intelligence' is an oxymoron, especially when it comes to politics.
In the free world the media isn't government run; the government is media run.
There'd be nothing to leak if Hillary was w good person and not a lying criminal.
" U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails "
actually "u.s. intelligence agencies" and nsa director have NOT said anything so positive on the subject, deliberately.
here is clapper himself on hyperventilating media on this.
https://www.youtube.com/watch?...
i would be skeptical of conclusions of people making false statements such as the one quoted,without the qualifications.
Sure no evidence, except for the whole stack of damning digital forensics evidence. Trump is a treasonous idiot. Russia is at fault, and Snowden is complicit (and also a traitor). That is all.
I agree. The article conflates two separate issues: 1) the hacking of voting machines and 2) the leaking of DNC emails. The first is a real problem that needs to be avoided because it is a direct attack on a democracy.
But the hacking of the DNC servers led to more transparency and a more informed public, who were made aware of corruption within the Democratic Party. These are good things. Hopefully future DNC leaders will think twice before acting this way, and if they continue to do these things, hopefully there will be more leaks. The long-term result is that it makes the Democrats, and the US political system in general, better.
Sure, the DNC leak was a "biased" attack on one party, but so is any news article. Why does it matter if the information came from Russian hackers, an internal whistleblower, or the free press?
You don't carry water in sieves and you don't use computers to hold an election. Schneier certainly know this, so what's his angle?
Wonder what would happen if the BernOut Bros could somehow stage a DDoS attack on electronic voting machines across the nation? What a beautiful media circus that would be!
Error: NSE - No Signature Error
HOW THE HELL CAN YOU EVEN KNOW IF THERE'S FRAUD WHEN YOU'RE NOT ALLOWED TO VERIFY WHO VOTES?!?!
In scenic Camden, New Jersey, lots of folks who have been dead for years still vote. I think that is very liberally progressive from Camden, New Jersey, that they let Zombies vote.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Yep.
Pretty unbelievable one of the largest democracies in the world doesn't even verify who votes.
Every country in Europe requires voter ID. Why can't the US do this?
But ID is racis!!!!111!!eleven
The lack of positive voter identification means US elections don't meet UN standards for free and fair elections.
If that were true, you could push for reforms. However, none of the UN standards refer to a specific regulation for identification. What is your objection, then?
If anything, your mention of the word "free" is interesting... are there any forms of government identification that are free? I had to pay quite a lot of money for my passport, or driver's license, or state ID card.
I'd be all for voter ID laws... if the government automatically registered each eligible voter when they became eligble, and provided free ID to everyone.
The identity of the hacker(s) is not very relevant to Schneier's point. There are players out there who are quite interested in either influencing the results of the elections or just making mischief, and the US is not well-protected against these parties.
So something is a good thing because European countries do it? LOL.
If you want to stop being hacked, stop playing for Team 4th Reich...
Hitlery for PRISON!
Every country in Europe requires voter ID. Why can't the US do this?
Because big city machine democrats must cheat. Ends justify the means you know.
There are situations where technological advances do make life easier, and more accountable, and fairer for all. The democratic process is NOT such a situation. For fuck's sake, can we forget this voting computer bullshit and get back to PAPER ballots and HUMAN counters, which has been time-proven for the last two fucking millennia??
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
Quite often when Bruce Schneier speaks I end up a bit disappointed at the vapid empty generalities he shares with the world. And he's considered a "security guru"! So he's the best of a bad lot. But that doesn't make the lot better. It just disappoints. No wonder we're making very little headway with actually securing anything.
ID not required in England. Just a verbal confirmation of name and address, which is indelibly checked off a list as you are being passed your ballot and directed to the polling booth. You don't need ID for postal ballots either, which IMO is where the process breaks down since postal voting is a relatively new thing, designed to cater for the lazy and the fraudster. Ever worked in a mail office?? Any idea how many envelopes one person can stick and stamp in an hour??
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
One problem is the "Solutions" to your issue:
*Costs Millions of dollars to solve a problem which largely doesn't exist (ballot fraud exists, 'voter fraud' is itself a scam)
*Results in stripping the right to vote from millions Americans,
*Is widely admitted to by the people who push this, for being a tactic they rely on to deliver election results.
*Results in stripping the right to vote from millions Americans,
They shouldn't have the right to vote when they don't vote for who I want them to vote for.
"David Bismark has co-developed an electronic voting system that contains a simple and reliable method of verification." http://www.ted.com/talks/david...
We've never abolished paper ballot, and our method of execution - until we stopped doing executions - was hanging. In both cases the USA has abandoned the traditional methods to be 'up to date' and 'modern', and as a result made a pig ear of things; no hanging chads in a British election, and no extended, messed up executions with hanging as long as the rope is long enough when the person drops that their neck is broken by the drop. But no, our rebellious ex-colonists think they know better ;)
The problem here is proof of voting without the mess sticky problem of identifying who voted for what.
In Australia for an election they using computer voting. Turns out that the machines were not counting votes but instead drawing conclusions from voting patterns. The company has refused to releaese the source code. Scary.
I didn't read the article this way. He is just pointing out popular, direct evidence of hacking political activities to build support for increasing security of the election infrastructure.
I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
The identity of the hacker(s) is not very relevant to Schneier's point. There are players out there who are quite interested in either influencing the results of the elections or just making mischief, and the US is not well-protected against these parties.
Quite probably some of those parties were involved in its creation and deliberately set it up to be unsecure. So then what? They are supposed to put aside their vested interest and allow it to be secured so they can't fuck with it? Hardly likely!
In the free world the media isn't government run; the government is media run.
Instead of treating the symptoms. The DNC and Hillary "Rotten" Clinton decided to play a dangerous game. Now they are reaping what they sow.
Sure no evidence, except for the whole stack of damning digital forensics evidence.
What stack of evidence?
"First they came for the slanderers and i said nothing."
Hopefully future DNC leaders will think twice before acting this way, and if they continue to do these things, hopefully there will be more leaks.
They will think twice, but not about changing their actions. They will just become more clandestine and untraceable in their actions. They learned from Nixon (why didn't he just burn the tapes?) to cover their tracks well (disappearing hard drives, wiped severs, documents stolen from the national archives, etc. ad nauseum.)
However, as the American people increasingly choose and support partisan-ism as a surrogate for law, order, and justice the need for our leaders to conceal their misdeeds becomes less relevant. What I mean by this is that each time we allow our elected officials to get away with actions that even appear improper (much less that are violations of law) not only do we embolden them to engage in further abuses, but we anesthetize ourselves to the abuse. They become part and parcel of the landscape, eventually we internalize those abuses, and we learn to live with it, accept it. Furthermore, and most horribly, when someone in government does something even more outrageous than the last debacle, it is not compared against an absolute reference point like the law, or decency, or even what is acceptable. Increasingly, bad actors and their misdeeds are compared against the worst actions of past leaders and politicians.
How can a nation continue to improve when the reference points for the future actions of our leaders are the failures of our previous leaders?
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
The only thing that most electronic voting systems "secure" is funding; lots and LOTS of money. The voting machines are trivially hackable, provide no possible way to do an audit trail, are quirky and failure prone, and HIDEOUSLY expensive.
We need to go back to paper ballots and require positive identification in order to vote. The only thing that the Democrats are trying to accomplish in opposing voter ID requirements is to encourage voter fraud.
While this link refers to another event, evidence that includes routing that leads to Russia is not scant when taken in context. Is it proven? No. Is it overwhelmingly likely including all evidence including context? Yes.
https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-trump/2016/06/14/cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html
Here in AZ, you can have a permanent early ballot.
I get the ballot in the mail and return it. I've never had anyone try to coerce me in any way, but it's optional, you can always go to a polling place if you want.
And I suspect it's illegal to do what you say, so you could always report them... or just mark the ballot as 'spoiled' on the envelope before mailing it depending on just how careful the people were being.
Honestly, I don't want Russia hacking anything in the U.S., but if the information they release tells the truth about a candidate, whether it be Trump Or Clinton, then more power to Wikileaks for releasing it. I want to know what kind of dirt bag I'm voting for. Problem is, in this country, people treat there respective candidate like a sports team. They don't care whether the players used steroids to win, they just care that there team won.
You know, all that testimony of the DNC and Hillary! s staff that said it's the Russians. That evidence. And it's digital evidence because you can read their claims on the Internet!
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
I like to make facts up in my head also. I know it was a simbonese hacker using russian software to create an escalation. OR not. Unfortunately Russia is a deflection from the racist anti semitic emaIls that do actually exist, as well as the clear intent to undermine Sanders. When your enemy tells the truth, it's still the truth. Russia even if evolved didn't write the emails.
OMG Ponies!!! with Glitter!!!! I miss Pink
So the real content of anti semitic racist emails doesn't matter at all? The DNC hasn't even tried to claim them as fake. Truth is truth no matter the messenger.
OMG Ponies!!! with Glitter!!!! I miss Pink
let's secure our election systems from outside tampering (something that has been proved to happen) so that our government can continue to rig and influence the elections from inside in peace and quiet. Good man.
Crowdstrike, FireEye, and a few other higher profile security companies have also implicated named Russian APT groups. You are however correct that no US intelligence agency has made any public statement about attribution, nor any private ones that have been made public.
All the government/intelligence community has said officially is that "they're investigating it."
it wasn't the russians who compromised your elections, it was one of the political parties, by sabotaging itself, and "the russians" (yet to be clear if it was actually the government) are the ones who exposed it. This is a pretty bizarre spin on the actual facts. If anything failed you, it was the FEC and the journalists whose job was to investigate and expose this, the foreign actors actually helped you out.
--
Stay tuned for some shock and awe coming right up after this messages!
...has said no such thing. James Clapper said. ""I don't think we're quite ready yet to make a call on attribution," Clapper said at the Aspen Security Forum in Colorado. "There are just a few usual suspects out there." Additionally, he said, "We don't know enough to ascribe motivation regardless of who it might have been.""
There is no security, only obstacles in excess of the value of the successful assault.
Anything secure will need non electronic verification, which will fail if voters don't confirm their ballot. Which they won't.
Paper can't be compromised so easily. Writing the numbers down in a public process could work. . We just have to adopt transparent elections.
And in the words of a brilliant realist, "yeah, like that's gonna happen".
deleting the extra space after periods so i can stay relevant, yeah.
> Every country in Europe requires voter ID. Why can't the US do this?
(I believe) Every country in Europe requires everyone to have an ID already.
That makes for a very different starting-point, requiring ID when certain groups are much more likely to not have one has indeed severe discrimination issues.
Now you could argue if not everyone in the US should be required to have ID, but that would make for a very different and probably even larger discussion.
There is no point hacking electronic voting computers if the result is not plausible. That's why anyone rigging the election will not make their candidate win with 99% of the votes. But even a candidate winning with 50.5% of the votes is implausible if he normally gets 5% of the votes. And implausible results trigger investigations, lawsuits... and reelections. That's no good.
So the first step is to rig the campaign so that the result you want will at least seem plausible. You can do that by helping your candidate, disrupting its opponents, or at least causing enough of a disturbance to make the result seem uncertain.
Hacking the DNC can do all that: discreetly leaking select information to his team can help them optimize their communication without even realizing who is the source ; the gathered information can also been used another team to disrupt the Democrats campaign ; and then making the leak public when it's no longer useful can cause enough of a disturbance to further muddle things up. No well softened, the public will be ready to accept any result.
Of course this is just a conspiracy theory. But today Trump is seen as having a good chance of winning the elections which seemed totally unrealistic not so many months ago. Just saying... So if he wins you'll now stage 2 was successful too ;-)
http://2.media.collegehumor.cvcdn.com/7/f/collegehumor.f72a079790f7d855c4c0fcef265c2142.jpg
"Bruce Schneier .. points out, quite rightly, that the U.S. needs to secure its electronic voting machines, and we need to do it in a hurry lest outside interests hack the result"
Well then, you shouldn't have handed the contract to Diebold *, who ran the voting machines on Microsoft Windows with no full irrevocable paper audit, so anyone and his dog could delete ballots.
* "I am committed to helping Ohio deliver its electoral votes to the president next year.", Walden O'Dell CEO Diebold
How To Rig An Election In The United States
You FBI fucking cunts need to die soon and painfully.
Mother fucking cunts you know it is a sham election and you hijack Slashdot with bullshit.
Hillary Clinton is dead. It is her body double vs. a guy with slot machines OR a Semite Jew with ties to all media and Israel.
You stupid stupid mother fuckers need to just swim for an island. Get the FUCK out of USA.
Maybe Trump didn't win the GOP primaries, but his Russian friends hacked the election machines.
and take them offline if we can't guarantee their security online
It's astonishing to me that anyone would even consider connecting a voting machine to the internet.
At the very least, we must implement an immediate federal ban on providing internet access to any voting machine, and require the operators (if necessary) to fall back to the procedures for handling the case where no internet access is available at the polling place.
future Wikileaks voicemails may include some of the codewords for the Dems voter fraud programs.
Why Electronic Voting is a BAD Idea
All electronic voting is more or less a disaster. Put in a quarter, pull the handle and hope for luck. Paper has problems, but it is safer. The problem with voting is that a power shift may render wealthy people unhappy with democracy, hence they got us electronic voting. Every memory chip has a processor that can be reprogrammed for desired results.
The voting system would be more secure,if it had duplicate polling stations, and the results tallied separately and then compared.
Exit polls should also be used. If there's a hint of trouble recounting and re-voting should take place. Counting should not be behind closed doors, but open and transparent, with more cameras than a Las Vegas casino.
If electronic voting was registered so I could go online and look at my vote, and others, hashes out, maybe that could be harder to fake.
You cannot see electricity thats why paper is better.
Voting should be on weekends and be a national holiday.
Voting != Democracy
http://m.timesofindia.com/indi...
Casteism
How about outsourcing the whole thing to India? You'll get crappy results[1] but it'll be much cheaper.
It's not like you voters have been doing such a great job picking leaders anyway. Nor do you seem to care about getting it right (remember Diebold?) and showing that it's done right (many still talking about electronic voting systems).
[1] And maybe not that crap, there are better options than Clinton or Trump. If the Indian guy rolls the dice and you get them, he'd be doing better than you idiots. If he doesn't and just picks one of the two, he wouldn't be doing worse.
I don't see anything in that link that suggests voter identification is important.
I've lived, worked and voted in two countries, both of them with a higher 'democracy ranking' than the USA, and neither one of them has any voter ID requirement at the point of voting.
does. The "U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails" links to a story about what the DNC's consultants said, not a "U.S. intelligence agency".
The DNC hack was a threat to democracy. It is necessary for political organizations to be able to discuss things in secret. Leaks are always going to show the people whose email is hacked in an unfavorable light, since private expressions are less sanitized than public ones. Since the DNC was hacked in this case, that makes the DNC look bad. If the RNC emails had been hacked, the RNC would doubtless look roughly as bad, perhaps better, perhaps worse.
The DNC is a political organization, and it was pretty obvious that they favored the Democrat in the race, as opposed to the Independent, and the more electable of the two. (Clinton has had crap thrown at her for decades, while Sanders hasn't faced the same level of lies, half-truths, and general vituperation, and would be vulnerable to attacks on eeevil soshulists.) Their purpose is to help come up with the best nominee.
There's evidence the DNC hacks came from Russia, and Wikileaks is a foreign organization. It looks to me like there's people outside the US who badly want Trump to win, enough to do dirty tricks, and I'm not happy about it.
Otto von Bismarck said that people who like laws and sausage should watch neither being made. The leaks provided us with very graphic pictures of the sausage factory.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Are you implying that law, order, and justice are violated by not being strictly neutral in a nomination race?
If you think this sort of thing doesn't go on all over, you're painfully naive. If you think a political organization can function with full transparency, you're overidealistic. If you let crimes and misdeeds committed by foreigners to influence you during the electoral process, you're unpatriotic.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
If I knew more about you, I could no doubt construct a completely true narrative that would make you look like an asshole. You can lie with the truth; it just takes more skill. Goebbels wanted to have truth in his propaganda, because it made it more convincing.
It simply isn't true that we're better off the more true statements we know, if the statements have a systemic bias.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes