Bruce Schneier: Our Election Systems Must Be Secured If We Want To Stop Foreign Hackers

Okian Warrior writes: Bruce Schneier notes that state actors are hacking our political system computers, intending to influence the results. For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention, and WikiLeaks is promising more leaked dirt on Hillary Clinton. He points out, quite rightly, that the U.S. needs to secure its electronic voting machines, and we need to do it in a hurry lest outside interests hack the results. From the article: "Over the years, more and more states have moved to electronic voting machines and have flirted with internet voting. These systems are insecure and vulnerable to attack. But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified. We no longer have time for that. We must ignore the machine manufacturers' spurious claims of security, create tiger teams to test the machines' and systems' resistance to attack, drastically increase their cyber-defenses and take them offline if we can't guarantee their security online."

Better idea

For something as important as voting, how about paper only? And another thing, we should really do vote-by-mail nationwide just like Washington state does it.

Re:Better idea

[Rockoon]

This. Paper ballots. Number 2 pencil. No chads.

Re:Better idea

[DarkOx]

The secret ballot is the only effective control anyone has come up with to prevent vote selling or exchanging.

If you can't prove how you voted its difficult to sell you vote because nobody will trust you. Similarly its difficult for someone to coerce your vote because they can't control you while you are in the booth, and have only your word you did what you were 'supposed' to.

This is why I am ardently opposed to all these absentee ballot early voting measures. Absentee ballots should be for people who can't be present at the polling place because they are away or infirm only. They should be rejected unless they carry a post mark from at least 20mi from your polling place or are accompanied by a signed statement on pain of prejury that you were physical unable to be present for medical reason (yours or someone you were caring for).

What we should to make sure everyone can vote is split it over two days, and bar exit polling. Additionally make it a holiday and require all employers to make a 1/2 day of vacation available for all employees on one of the two election days, no exceptions.

Paper ballots in Canada

[diodeus]

In Canada we use standardized paper ballots across the nation. They're counted manually in each poll.

Hell, we're not even allowed to verify *WHO* votes

Nope. We're not allowed to require voters to produce identification.

"But there's no vote fraud!!!!"

HOW THE HELL CAN YOU EVEN KNOW IF THERE'S FRAUD WHEN YOU'RE NOT ALLOWED TO VERIFY WHO VOTES?!?!

The lack of positive voter identification means US elections don't meet UN standards for free and fair elections.

No, vague DNC spin, not US intelligence agencies

[raymorris]

> For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention

Citation sorely needed. The DNC has suggested it's possible Russia was involved. A small security company called ThreatConnect pointed out that one of the tools used had some Russian language strings, meaning that the attacker used a tool which was written by someone who spoke Russian.

"US intelligence agencies" have announced no conclusions and there is scant evidence that "Russia", the Russian government, was involved.

Lack of anonymity

[Cigaes]

Vote-by-mail, or any system where there is no voting booth with official overseer, lacks anonymity.

Voters need the right of keeping their vote secret, but that is not enough. If voters can show who they voted for, they can be intimidated or otherwise induced into voting for someone in particular. They can of course say who they voted for, but they cannot be allowed to prove it to someone else.

That is what the voting booth is for. With generalized vote-by-mail, we would see much more vote buying and small-scale intimidation such as “vote for my stepbrother if you want to keep your job”.

I am surprised that so few people make that connection when the issue arises.

Re:Lack of anonymity

[StillAnonymous]

You shouldn't be anonymous for the voting process, otherwise you'll get all kinds of shenanigans occurring. People voting twice, ineligible people voting, using someone else's vote, etc. Who you voted for is all that needs to be anonymous.

Remember when journalists dug for the truth?

[xxxJonBoyxxx]

>> WikiLeaks is promising more leaked dirt on Hillary Clinton

Does anyone else remember when journalists actually did research like this? (In a free society, digging up "dirt" on politicians is a GOOD thing.) Where is the Watergate reporting crew when we need them?

Re:What is there to protect?

[myowntrueself]

If they somehow make a third party candidate win...

The whole point of electronic voting is so that its unsecure and the ruling elite can use that unsecurity to ensure they stay in power.

Now that foreign players have entered the fray theres no telling what will happen next. Perhaps the ruling elite in the USA may find themselves unseated in an electronic coup!