Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bruce Schneier: Our Election Systems Must Be Secured If We Want To Stop Foreign Hackers (schneier.com)

Posted by BeauHD on from the matter-of-national-security dept.

Okian Warrior writes: Bruce Schneier notes that state actors are hacking our political system computers, intending to influence the results. For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention, and WikiLeaks is promising more leaked dirt on Hillary Clinton. He points out, quite rightly, that the U.S. needs to secure its electronic voting machines, and we need to do it in a hurry lest outside interests hack the results. From the article: "Over the years, more and more states have moved to electronic voting machines and have flirted with internet voting. These systems are insecure and vulnerable to attack. But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified. We no longer have time for that. We must ignore the machine manufacturers' spurious claims of security, create tiger teams to test the machines' and systems' resistance to attack, drastically increase their cyber-defenses and take them offline if we can't guarantee their security online."

24 of 204 comments (clear)

  1. Better idea by Anonymous Coward · · Score: 4, Insightful

    For something as important as voting, how about paper only? And another thing, we should really do vote-by-mail nationwide just like Washington state does it.

    1. Re:Better idea by Rockoon · · Score: 4, Insightful

      This. Paper ballots. Number 2 pencil. No chads.

      --
      "His name was James Damore."
    2. Re:Better idea by Dread_ed · · Score: 2

      Agreed. Bruce gets this completely wrong. The answer to security in this is not greater and more complex levels of security and secrecy. It is the exact opposite that will create the security we need, namely openness, transparency, and simplicity.

      I was also thinking that an "opt-in" secret ballot would be and interesting way to reduce the error bars on the problem. Since many are already rabidly dedicated to a certain party, why not give those brainwashed minions the option of grandstanding for their overlords by allowing them to cast a non-secret ballot?

      --
      When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
    3. Re:Better idea by Dread_ed · · Score: 2

      Election fraud could hand Trump the presidency and there will be no way to prove it. That is a fact.

      So you are only worried if election fraud helps Trump get elected? What is wrong with you??

      --
      When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
    4. Re:Better idea by DarkOx · · Score: 5, Informative

      The secret ballot is the only effective control anyone has come up with to prevent vote selling or exchanging.

      If you can't prove how you voted its difficult to sell you vote because nobody will trust you. Similarly its difficult for someone to coerce your vote because they can't control you while you are in the booth, and have only your word you did what you were 'supposed' to.

      This is why I am ardently opposed to all these absentee ballot early voting measures. Absentee ballots should be for people who can't be present at the polling place because they are away or infirm only. They should be rejected unless they carry a post mark from at least 20mi from your polling place or are accompanied by a signed statement on pain of prejury that you were physical unable to be present for medical reason (yours or someone you were caring for).

      What we should to make sure everyone can vote is split it over two days, and bar exit polling. Additionally make it a holiday and require all employers to make a 1/2 day of vacation available for all employees on one of the two election days, no exceptions.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    5. Re: Better idea by sirlatrom · · Score: 2

      You could do the same with electronic voting, e.g. by breaking the machines or not supplying them on time. Difference is, it's obvious that someone is cheating if when you show up there are not enough ballots, whereas glitches in the software may be either accidental or intentional, this making it much harder to call whether someone is manipulating the result.

    6. Re: Better idea by Anonymous Coward · · Score: 2

      Bruce is not calling for greater complexity and secrecy. He is calling for better security. And in this case that includes the most transparency.

    7. Re:Better idea by epyT-R · · Score: 3, Interesting

      Paper is simple, easy to understand, and hard to manipulate on a mass scale. Not so with crypto.

    8. Re:Better idea by CastrTroy · · Score: 3, Insightful

      The fear is that someone might swap out the pen for one with disappearing ink. That's why pencil is used.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    9. Re:Better idea by swillden · · Score: 2

      For something as important as voting, how about paper only?

      We actually have solutions that are much better than that. This wasn't true a few years ago when the whole voting machine fiasco started, but that discussion provoked a fair amount of research into secure voting systems, and security and cryptography experts have proposed a number of systems that provide verifiable end-to-end integrity. Each voter can verify that his or her vote was actually included correctly in the final count -- but without being able to prove to anyone else how he or she voted (important to mitigate vote buying/coercion). Each candidate/party can fully audit the ballots before the vote and the count after the vote, and audit results are provably correct.

      The most thoroughly developed system is Chaum and Rivest's (this is the Rivest who is the "R" in "RSA") "Scantegrity" system. It actually does use paper ballots, slightly modified traditional "Scantron" forms. Rather than just filling in the bubble with a #2 pencil (though you can do that, and that will work, and it will only sacrifice one form of verifiability), instead bubbles are filled with a special marker that reveals a code. That code can be recorded by the voter and used by the voter after the election to verify that the voter's vote was counted correctly. Ballots are counted by normal Scantron scanners, and can easily be verified by hand.

      But, thanks to the additional auditing steps (which rely on serial numbers on ballots and some carefully-defined processes) it's not possible to inject additional ballots into the process (no ballot box stuffing), nor to "lose" ballots, without detection. The system does make allowances for absentee and mail-in ballots, and has been used in a real election to verify that it's fully practical.

      For more details about Scantegrity, see http://scantegrity.org./

      And another thing, we should really do vote-by-mail nationwide just like Washington state does it.

      There are signficant risks in that. OTOH, it doesn't seem like Washington is actually seeing them. Still, I'd move very carefully on that one.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  2. Paper ballots in Canada by diodeus · · Score: 5, Informative

    In Canada we use standardized paper ballots across the nation. They're counted manually in each poll.

    1. Re:Paper ballots in Canada by PolygamousRanchKid+ · · Score: 2

      In Canada we use standardized paper ballots across the nation. They're counted manually in each poll.

      So what happens with the manually counted votes afterwards . . . ? They get entered into a computer system somewhere.

      Back to square one.

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  3. Hell, we're not even allowed to verify *WHO* votes by Anonymous Coward · · Score: 4, Insightful

    Nope. We're not allowed to require voters to produce identification.

    "But there's no vote fraud!!!!"

    HOW THE HELL CAN YOU EVEN KNOW IF THERE'S FRAUD WHEN YOU'RE NOT ALLOWED TO VERIFY WHO VOTES?!?!

    The lack of positive voter identification means US elections don't meet UN standards for free and fair elections.

  4. No, vague DNC spin, not US intelligence agencies by raymorris · · Score: 4, Informative

    > For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention

    Citation sorely needed. The DNC has suggested it's possible Russia was involved. A small security company called ThreatConnect pointed out that one of the tools used had some Russian language strings, meaning that the attacker used a tool which was written by someone who spoke Russian.

    "US intelligence agencies" have announced no conclusions and there is scant evidence that "Russia", the Russian government, was involved.

  5. Lack of anonymity by Cigaes · · Score: 5, Interesting

    Vote-by-mail, or any system where there is no voting booth with official overseer, lacks anonymity.

    Voters need the right of keeping their vote secret, but that is not enough. If voters can show who they voted for, they can be intimidated or otherwise induced into voting for someone in particular. They can of course say who they voted for, but they cannot be allowed to prove it to someone else.

    That is what the voting booth is for. With generalized vote-by-mail, we would see much more vote buying and small-scale intimidation such as “vote for my stepbrother if you want to keep your job”.

    I am surprised that so few people make that connection when the issue arises.

    1. Re:Lack of anonymity by StillAnonymous · · Score: 4, Insightful

      You shouldn't be anonymous for the voting process, otherwise you'll get all kinds of shenanigans occurring. People voting twice, ineligible people voting, using someone else's vote, etc. Who you voted for is all that needs to be anonymous.

    2. Re:Lack of anonymity by MyFirstNameIsPaul · · Score: 2

      Your conclusion is wrong, due several factors:

      There is no perfect system (nirvana fallacy) and your discussion does not compare the advantages and disadvantages of each system, and instead arrives at a conclusion based on listing disadvantages.

      Voters can already be intimidated and provide proof of their vote with MMS, or any of the myriad photo-sharing apps, many of which are now providing end-to-end encryption.

      The elimination of the voter being able to prove how they voted through official documentation removes the voter's ability to perform an audit of their own vote's tabulation. Voters uncovering elections fraud outweighs the very small (non-existent? - provide a link to cases of these claims, ever? Appeal to probability much?) vote-buying instances.

      --

      I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.

  6. Remember when journalists dug for the truth? by xxxJonBoyxxx · · Score: 5, Insightful

    >> WikiLeaks is promising more leaked dirt on Hillary Clinton

    Does anyone else remember when journalists actually did research like this? (In a free society, digging up "dirt" on politicians is a GOOD thing.) Where is the Watergate reporting crew when we need them?

    1. Re:Remember when journalists dug for the truth? by Anonymous Coward · · Score: 3, Interesting

      What I find funny is everyone is calling Trump a traitor, but no one is going to investigate the illegal handling of campaign contributions the DNC did?

      We live in a world where a DNC candidate can take bribes from Russia, lie under oath in Congressional hearings, and illegaly get campaign donations while using her party to prevent her rival from having a chance of winning. She goes free, but anyone who points it out or releases evidence of her wrong doings is the evil person.

      I wonder what Clinton has to actually do to get into trouble at this point.

    2. Re:Remember when journalists dug for the truth? by HiThere · · Score: 2

      You don't understand the degrees of right-wingness. I think of Hillary as right wing, but among US politicians she's rather centrist.

      Your point about the, neutrality, of the media is, however, quite valid. What people don't seem to understand is that the reporters tend to be leftists, but the editors tend to be slightly right wing, and *their* policies are controlled by the owners to tend to be much more right wing. This produces a stream of news with a variety of different spins applied to the politics, and every single one of those spins is designed to make the stories more "news worthy".

      This compounding of distortions of the news generally makes the news less reliable than a magic eight-ball...but a lot more spectacular and specific.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  7. Re:What is there to protect? by myowntrueself · · Score: 4, Funny

    If they somehow make a third party candidate win...

    The whole point of electronic voting is so that its unsecure and the ruling elite can use that unsecurity to ensure they stay in power.

    Now that foreign players have entered the fray theres no telling what will happen next. Perhaps the ruling elite in the USA may find themselves unseated in an electronic coup!

    --
    In the free world the media isn't government run; the government is media run.
  8. Secure Voting Systems? by kenwd0elq · · Score: 2

    The only thing that most electronic voting systems "secure" is funding; lots and LOTS of money. The voting machines are trivially hackable, provide no possible way to do an audit trail, are quirky and failure prone, and HIDEOUSLY expensive.

    We need to go back to paper ballots and require positive identification in order to vote. The only thing that the Democrats are trying to accomplish in opposing voter ID requirements is to encourage voter fraud.

  9. But it wasn't the russians who compromised your by Punto · · Score: 3, Insightful

    it wasn't the russians who compromised your elections, it was one of the political parties, by sabotaging itself, and "the russians" (yet to be clear if it was actually the government) are the ones who exposed it. This is a pretty bizarre spin on the actual facts. If anything failed you, it was the FEC and the journalists whose job was to investigate and expose this, the foreign actors actually helped you out.

    --

    --
    Stay tuned for some shock and awe coming right up after this messages!

  10. US Intelligence... by Bartles · · Score: 2

    ...has said no such thing. James Clapper said. ""I don't think we're quite ready yet to make a call on attribution," Clapper said at the Aspen Security Forum in Colorado. "There are just a few usual suspects out there." Additionally, he said, "We don't know enough to ascribe motivation regardless of who it might have been.""