Software To Capture Votes in Upcoming National Election is Insecure

Hackers could have manipulated the results of the upcoming election in Germany by using "trivial" attacks against a program used to count and transmit voting results, researchers warned on Thursday. From a report: White hat hackers from the Chaos Computer Club (CCC), a well-known hacking organization in Germany, claim to have found a series of serious vulnerabilities in PC-Wahl 10, software used by German authorities to count and transmit voting results. The researchers said their attacks show the software is in a "sad state" and that malicious hackers could have compromised it with "one click." "The amount of vulnerabilities and their severity exceeded our worst expectations," Linus Neumann, one of the researchers who conducted the study, said in a press release. The good news, however, is that the researchers believe it would have been hard for malicious hackers to get away with such attacks during the upcoming German election on September 24 without anyone noticing. "Technically, manipulation would be possible in several ways, but it is unlikely that manipulation would remain undetected," Thorsten Schroder, another researcher involved in the study, wrote in an op-ed for the magazine Der Spiegel.

Oh, no, Russians!

No doubt if there's an unexpected outcome in the German election, this will be blamed on Russia. Just like in the United States, there's rampant racism against Russians in Germany. Rather than accepting that the people don't want leftist policies to continue lowering their standard of living, the left will turn to racism and blame the Russians. It's time we call out the left for their rampant bigotry, whether it's their hate of Christians or their constant blaming of Russians.

Re:Oh, no, Russians!

Please look up the definition of racism. During the cold war the US didn't hate Russians because of their race.

Re:Oh, no, Russians!

That must be why so few evil characters have Slavic accents

Re:Oh, no, Russians!

It's not racism, it's bigotry. Regardless, if an enemy of a thousand years resided on your doorstep, you would be a bit nervous too. This is something the Americans have no clue while they exhibit truly irrational bigotry against Mexico.

Pretty weak obvious troll you did there, by the way.

Re:Oh, no, Russians!

[Train0987]

Bigotry? How dare anyone oppose an invasion of their country! We're bigots if we don't embrace the invaders and give them our money!

Re:Oh, no, Russians!

Why is it that you only get worked up about is 'leftists' and their supposed bigotry, and not that the elections are hackable? The first danger is only in your head, the second is a real danger. Or is hacking ok as long as your side is doing it?

Re:Oh, no, Russians!

Found Putin's propagandist.

Re:Oh, no, Russians!

or because Russians have Slavic accents and they are evil, commie, fascists.

Re: Oh, no, Russians!

You sound bitter, honey bun.

- Creimer

Re: Oh, no, Russians!

Gee, Russia, a country run by an openly corrupt dictator, is suspected of malfeasance. What a tragedy. Maybe people wouldn't suspect them if they weren't actually guilty.

Besides, before last year, it was the right clamoring over how corrupt elections in the US were, and demanding that we take steps to correct it, not that they did anything except look for ways to discriminate.

Re:Oh, no, Russians!

"but it is unlikely that manipulation would remain undetected"
So the exploit that is "technically" possible but attempts to use the exploit will be noticed? And the exploit can be executed by "one click"? Exactly which "one click" would launch the exploit? Or is the "one click" launcher only available after the exploit code is created and deployed?

"elections are hackable"
The "leftist" only care about the hacks when their candidates lose. Just like they immediately attacked the Electoral College process. A process that would require a constitutional amendment to get rid of it. If Clinton had one the election this would have never been mentioned. If Clinton had one the election there would have been no investigations on foreign influences launched even though Clinton has spent the past 25 years meeting foreign representative in public and in private. The Clinton Foundation accepted millions of dollars from foreign countries and in return received access to the US Secretary of State to discuss any issues they had. Access to a high level US government official is limited. But there are ways to jump ahead the line so to speak. The real scandal in the US Presidential election drama was the amount of money funneled into Clinton's campaign. Why would a individual, business, lobbying group, or corporation donate millions if not billions to a particular party or candidate in a US Presidential election? What do these donors expect in return for their generous financial support when their chosen candidate wins? I am pretty sure they want more than a thank you card after the election. Clinton was co-President for 8 years, a US Senator, and the US Secretary of State over the past 25 years. These are all powerful positions that provide the means to do her financial supporters bidding. Getting rid of the 501c loophole in campaign finance would put a quick end to the practice of being able to buy US elected officials.

Re: Oh, no, Russians!

Who?

Re:Oh, no, Russians!

[cayenne8]

Why in the world, are we not keeping elections more "analog"??

I mean, seriously, can we not wait a day or so to get votes tabulated and backed up with manual counts of physical ballots?

Isn't getting the will of the people worth it taking a day or so to make sure it is real and accurate?

Re:Oh, no, Russians!

I live in Germany and I've literally never heard anyone blame "the Russians". If you confuse Putin's fascist regime with the people living in Russia you are the bigot.

Re:Oh, no, Russians!

Don't be stupid. Never once did Mexico invade the US, quite the opposite, the invasion was in the other direction. Looking for work is not an "invasion". And when they do work, yes, you are supposed to give them money (or other compensation), just like anybody else. Why should they work for free? you bigot! And besides, most of them are brought here, by rich Americans who want cheap labor, so STFU!

Re:Oh, no, Russians!

[mean+pun]

I agree that the campaign donations corrupt the US elections, but I fail to see why you single out Hillary Clinton. Just about every US politician, no matter what side of the isle, and from candidate dog catcher to presidential candidate, needs campaign donations. And yes, it's a real scandal that so much money is pumped into all those elections.

Integrity of a US politician seems to be determined by how much the campaign donations influence their politics. Some of them seem to be pretty clean despite the corrupt system; Sanders seems to be good example of this. Some of them are pretty obviously in the pocket of large donors. I have never seen any concrete evidence that Hillary Clinton is on the corrupt side of this scale.

But yes, taking money out to the US election process seems a pretty obvious thing to do to reduce corruption.

Re: Oh, no, Russians!

[F.Ultra]

Especially since the result won't go in effect for a few months anyway. So knowing the results in seconds is actually useless.

Re:Oh, no, Russians!

You have millions of Mexican citizens running across the border looking for work and a better life. Shouldn't the Mexican government be trying to turn their country into a place where their citizens no longer need to run for the border?

Re:Oh, no, Russians!

Hear, hear. Germany has been royally shafted by that evil communist Merkel. Why should the German people have to pay for over one million unwanted parasites, who will be living off the German people AND ruining their country as a way of saying 'thanks'.

Re:Oh, no, Russians!

Nah, The US is on its way to the shitter. The Mexicans are already on their way back. Now only the worst of the worst are going to the States, those from Central America. They're the real rapists and gang bangers. Nasty buggers they are. Trump should send all those fuckers back!

But of Course!

[clonehappy]

The globalists wouldn't want to have another Trump on their hands in the most powerful nation in Europe!

The only people who you really have to worry about hacking the vote are based out of Brussels, not Moscow.

Re:But of Course!

[number6x]

It has nothing to do with so called "globalists".

If Merkel's coalition doesn't win, then Justin Trudeau becomes the "Leader of the Free World".

That is not acceptable to anyone at this time.

Re: But of Course!

And by free, you mean free to do what the left tells you to do. Question anything and you'll be ridiculed as a racist or a Nazi. Freedom my ass.

- snruter rotsac

Re:But of Course!

[clonehappy]

At least we agree on the group of people who wish to remove the democratic element from the elections in Germany, whether or not we agree on their name.

Re:But of Course!

[mjwx]

The globalists wouldn't want to have another Trump on their hands in the most powerful nation in Europe!

The only people who you really have to worry about hacking the vote are based out of Brussels, not Moscow.

Don't worry about the "Globalists", or whichever conspiracy theory they came from. Trump has ensured that there isn't going to be a Trump in Europe. Far right parties have been doing spectacularly badly in recent European elections, Centre right and centre left are doing well.

I expect this to be a comfortable win for Merkel. That evil witch who has managed to keep the German economy strong throughout terrible economic conditions. Only the centre-left SPD has the chance to unseat her and they need to pick up over 100 more seats to do that so I don't see that happening. Last election the far right AfD didn't get a single seat.

I should applaud Trump for what he's done, he's made other countries realise just how stupid it is to vote in extremists and idiots. He's been a great boon for mainstream parties in Europe.

Re: But of Course!

I would expect nothing less from a bunch of European faggots like yourself. Someone who values freedom over one world government slavery is an "extremist". Lmfao.

Re: But of Course!

If you chant "White power" and "the Jews will not replace us", YOU ARE A NAZI!!!

People don't go calling random people nazis. If you are racist and believe in white power == nazi.

Get it? No you don't because you are too tied up in partisan bullshit. Ooooo the left called me names. Grow up.

Re: But of Course!

So the violent black-mask wearing antifa are all agent provocateurs according to every leftist I talk to, but people shouting anti-semitic shit at a right wing rally is obviously organic, yep, no federal agents there at all!

Re: But of Course!

People don't go calling random people nazis.

Are you sure about that

Re: But of Course!

Where 'freedom' is mainly the liberty to call somebody 'faggot', not the freedom to actually be a faggot as you so elegantly phrase it.

And this 'one world government slavery' persecution complex can't be healthy. Pity there are people feeding your paranoia rather than explaining how stupid it is to believe in these fairytales.

Re: But of Course!

You're right. How could I be so short-sighted?! I forgot about how Trump lined up all the gays on Inauguration Day and shot them all in the head. Because that's what happened in your reality, right schlomo?

No, the faggots are still here, along with everyone else that you pieces of shit said that Trump was going to execute or eradicate or whatever in your liberal hyperventilations. And yes, we still have the right to use whatever words we want to use unlike you useless cucked European shits.

Re:But of Course!

[rtb61]

What we all really agree on is election are about people not machines. Elections should be one hundred percent manual from go to whoa, pencil, paper, with officials manually counting the vote and representative from those running for government overseeing that count, with elections held on weekends to make sure everyone can participate, not just in voting but also in the https://en.wikipedia.org/wiki/... or https://en.wikipedia.org/wiki/... or http://www.girlscouts.org/en/c.... It should be a social event, where people directly interact with the electoral process. Not a hackathon for the deep state and shadow government who apparently got really busy in the last election keeping the Libertarians and the Greens out, with many US states terrified of a recount and breaking all kinds of laws to stop it happening but hey, they managed to steal in even prior to the elections in the primaries but the morons could not keep what they sold and lost it to Don Don, anyhow and they have been attacking the orange orangutan, desperately trying to stay out of jail ever since, after Don Don made the mistake of failing to sick the FBI on them the very first second he could.

The one and only reason to go electronic, to steal elections and that has pretty much been shown to be the truth.

Re:But of Course!

[DNS-and-BIND]

The entire concept that we need a "leader" is the whole problem. Who came up with this idea? As far as I can tell, the Americans came up with it so they could play World Police. The Americans have done an absolutely hideous job being "world leader", starting wars left and right. Millions of poor brown people died. The most recent US president spent his entire time in office at war, and yet was honored as a man of peace by these same globalists.

Maybe it's time we retired the "world leader" thing. And the whole "free world" existed in contrast to the Communist world, which doesn't exist any more. It's time to rid ourselves of harmful old thinking, and forge boldly into a progressive future where nobody can dominate others.

This is insane

[jd]

It is not difficult to build a highly secure e-voting system with highly robust, highly secure reporting.

This is the minimum standard that should be considered acceptable.

Ok, so how do you do this?

1. A system is no better than the platform it is on. So you want a formally verified, tamper-proof platform with no extraneous physical connections.

2. The software should be designed using formal methods (coloured petri nets will work because there are only a fixed number of well-known arcs under well-known conditions, learning from SEL4 won't kill anyone either).

3. Votes should be retained in encrypted form, each voter's public key being on their voter registration card in a computer-readable form (but not remotely readable), and stored in multiple locations. This eliminates the possibility of any database admin trying to delete or insert votes, as the hashes won't tally. Blockchain can be used to ensure majority consent on the hashes, thus excluding corrupt institutions.

4. The server that generates the public/private key pairs should feed the private keys only to official Orange Book A1 servers for counting.

Re:This is insane

[fustakrakich]

Sorry, e-voting will never be secure. It will always be black box mysticism.

Re:This is insane

[Train0987]

It may not be difficult but it sure as hell is expensive. Most voting equipment is only used once every several years. The added expense is unnecessary and is only wanted by the media so they can get better ratings on election night. There's nothing wrong with waiting a few hours for results.

Re:This is insane

[CrimsonAvenger]

3 & 4 above seem to imply that anyone who gets hold of a voter registration card will be able to vote on the owner's behalf.

Was this intended? If so, you might want to rethink this proposed standard....

Re:This is insane

It is impossible to build an e-voting system that satisfies all requirements of a democratic election, particularly the secret ballot. None of the technological masturbation that you list can fundamentally prevent manipulation, but the more technology you throw at the problem, the less verifiable the entire method becomes. A democratic election must not be so complicated that ordinary people can't understand how it prevents manipulation. Public key cryptography is arcane math. It is trivially easy to question the legitimacy of an e-voting result, with no way of reassuring people that the result is free from manipulation.

Re:This is insane

Governments are incapable of creating secure systems.
They have conflicting goals and conflicting interests at every level either causing the project to be abandoned, or compromising leading to a worst of both worlds situation where in an attempt to please everyone, you follow the letter of the rules, and creating an insecure pile of shit.

Re:This is insane

It is impossible to build an e-voting system that satisfies all requirements of a democratic election, particularly the secret ballot.

Nailed it. Course, we could give up the secrecy, and exchange it for pretty much secret, but acktshully...

Wouldn't it'd be "good enough" if it were just a pain in the ass to figure out which random string of numbers matched up with which voter who was in a random booth at a specific timestamp? Sure! And that sure is easy to say when you're not seriously concerned about being put up against a wall and shot for voting incorrectly.

'sides, the real manipulation happens in the voter rolls. Which doesn't happen at all, ever, in spite of admissions and prison sentences, because please pay no attention to the corruption of elections.

Re:This is insane

You have the voter enter their data, the voter submits the data and a ticket is printed. the voter is required to confirm that the receipt printed, readable, and accurately reflects their choice. If no, a light on the outside of the booth illuminates indicating a service request and further use of machine is prohibited until paper, thermal, head or toner is changed. At end of the day poll IT, uses the thumb drive he found in he parking lot to transfer the digital record to a pc for upload to election bureau

Re:This is insane

[mean+pun]

Governments are incapable of creating secure systems.

The paper system is pretty secure, if it is implemented and executed properly. In stable democracies it is. In corrupt democracies it is, well, corrupt.

Re:This is insane

[dgatwood]

It is impossible to build an e-voting system that satisfies all requirements of a democratic election, particularly the secret ballot.

Not remotely. You just have to design the system in a way that makes it infeasible to falsify results without detection.

Step 1: The voting booth. Vote for a candidate. The vote is recorded on a flash card and cryptographically signed by the voting machine and simultaneously sent to a central server and stored locally on the machine.

Step 2: The verifying booth. Verify your votes. The signed vote is read from the flash card, then either invalidated or verified on the central server, and in either case, the decision and the vote are stored locally on the machine. If canceled, the user goes back to the voting booth, inserts the card, and steps through the people, correcting votes as necessary, before coming back to the verifying booth.

Step 3: Collecting the flash card. The poll workers stick the card into a machine that lights up a light to confirm whether the vote was verified on the central server, and if not, the poll workers send the voter to the verifying booth, which the voter obviously missed.

Step 4: The tally.:

• The voting data from each voting machine is collected independently and compared against the central server data. Short of somebody walking out with a flash card in hand (without verifying the vote on it), it should be possible to reconstruct the central server data using only the audit trail from the voting booths.
• The voting data from each verifying machine is collected independently and compared against the central server data. Again, it should be possible to reconstruct the central server data using only the audit trail from the verifying machines.

There are a couple of additional requirements:

• The verifying boxes in a given polling place cannot be built by the same company as the voting machines in that polling place
• The source code for the verifying machines must be open source (and thus readily audited.
• Each voting or verifying machine must have its own private key that must be generated when the device first boots up with a UI to show the newly generated key fingerprint that appears *only* when the device boots the *first* time.
• Poll workers must verify that the UI appears on first power-on (or else the machine must be discarded because someone could have pre-cast a bunch of votes on flash cards), and must manually write down that key fingerprint as a sanity check, and each key fingerprint in the log book must be verified by the signatures of at least 2 poll workers (maybe more).
• Each device must register its key fingerprint with the central server, too.
• Votes cast by devices that are not on the list stored in the central server must be validated by hand against the log book and rejected if there is no entry for that device.
• When a device is taken out of service, it must be immediately reset to a factory-clean state by holding down a button that disconnects power to the battery-backed RAM where the key is stored.

And you're done.

Re:This is insane

Who signs what? How do you ensure that the cryptography isn't fake/intentionally weak? How do you expect the general public to understand this system enough to believe that the result hasn't been manipulated? How do you prevent the poll worker from learning your vote in step 3? An attacker in control of the software/hardware of the voting system can manipulate without any discrepancies turning up, unless every voter can prove the vote after the election, which must not be possible.

Come on, that system is so full of holes I'm not even sure there is enough material to hold up all that empty space.

There is no way around the fundamental problem that electronic voting must rely on a machine that cannot be inspected to the necessary degree, not by the voter and not even by an expert. All systems which try to eliminate the need to trust a machine without being able to inspect it necessarily use some form of "verification" based on some "clever" concept, but all they really do is violate the secret ballot requirement. A public vote doesn't need all that technological hocus pocus, and a secret ballot can't work with it.

Re:This is insane

[dgatwood]

Who signs what?

I think I already covered that. Each device signs the data at each point in the audit trail and maintains copies at each step. There is no "who" here. It's a "what" doing the signing.

How do you ensure that the cryptography isn't fake/intentionally weak?

Because the verification systems are open source, and thus can be audited (including the choice of crypto).

How do you expect the general public to understand this system enough to believe that the result hasn't been manipulated?

All that the average person needs to know is that there are three independent totals stored on systems produced by at least two (and possibly three) different manufacturers that can be independently verified.

How do you prevent the poll worker from learning your vote in step 3?

The "step 3" sanity check device is a black box with a red light and a green light that verifies that the vote on the device was reported to the server before wiping the flash card. How would the poll worker learn your vote from a single, colored light that merely tells whether the vote stored on the flash card was properly completed/reported?

Pedantically, the step 3 sanity check box could do its job without even connecting to the server by confirming that the verifier station marked the vote as complete before wiping the flash card for the next user. However, if it does the verification offline, it should additionally keep a count of the number of votes reported as complete, to ensure that the verification station can't (for example) cancel every 10th vote for a Democrat and mark it as having been submitted. And really, that device probably needs to not be made by the same company as the verifier. Though realistically, a non-zero vote loss between the voting and verifying stage should set off red flags anyway.

An attacker in control of the software/hardware of the voting system can manipulate without any discrepancies turning up, unless every voter can prove the vote after the election, which must not be possible.

No, they can't. By law, voting hardware (at least in the U.S.) has to be a locked box, and nobody can modify its software once certified (I'm ignoring the possibility of hacks here). And the existence of multiple verifications of the data by hardware and software created by multiple independent companies makes it nearly impossible for any single person or group to tamper with the data without causing very obvious discrepancies.

BTW, it goes without saying that each signing event in the log must have both a time stamp and an event number that increments by one per signing event so that even if someone somehow managed to simultaneously take control of the central server and the independent computers that process the accumulated data in a dump from each of the voting machines and verifier machines, it would still not be practical to purge votes except en masse from the end of the day, which again would set off obvious red flags when nobody voted in the last three hours of polling.

Re:This is insane

[dryeo]

The problem with electronic voting will always be that to the average voter, it is just a black box (or 3 in your example). Ideally the whole process needs to be transparent. When I vote, I can watch the whole process, from the empty ballots showing up at the polling station to the count at the end of the day, if I so choose (and assuming there's room, which is almost always the case) and the process is simple enough that the average 3rd grader can understand and verify it.
 

Re:This is insane

It is fundamentally impossible to inspect a computer to a degree that you could know what it does without trusting someone who says that it does what it's supposed to do. Everything you described rests on the notion that you can know what a particular computer does, but you can't. Your system requires the voter to trust that there are no manipulations of the machines. That is an unacceptable burden for a voting system which needs to defend against state-level bad faith actors.

Re:This is insane

[dgatwood]

No disagreement there. If people want to, they should be able to obtain a dump from every voting machine and see all the votes that were cast, but with the time stamps scrubbed. (The time stamps would presumably be from a timestamping server anyway, so it would be a separate wrapper signature that could be stripped without affecting the ability to do crypto verification of the voting logs.) Not that anyone sane would ever take the time to verify the paper trail, but it should be possible to do so. :-D

Re: This is insane

[jd]

Claims without proofs are worthless. And spineless.

I can prove this system has 100% integrity, that nobody gets illegally excluded, that no vote is altered, injected or deleted, that nobody behind the scenes can tamper with results, that the results can be certified after the fact, that it cannot be hacked, that test data cannot be "accidentally" left there, that votes for opponents don't get magically stuffed behind radiators and office furniture.

In other words, I can prove you wrong.

Re: This is insane

[jd]

Waiting for results is good. It prevents election rigging.

I'm not interested in reducing delays, I want them increased.

What I absolutely want is to prevent election officials excluding people illegally (a common practice in the Bible Belt where, for twenty pieces of silver, you can have an election murdered) and for said officials to stop stuffing ballot papers for the "wrong people" behind office furniture, claiming innocence.

I want independent observers to be able to verify that the votes cast equals the votes counted and that no vote has been altered, and for official observers to be able to verify that the tallies they get match the tallies of the official count and that there are no unlawfully rejected votes.

I want to be able to proactively prevent gerrymandering by detecting attempts to pervert the course of elections. Again, this is a serious problem. There aren't fake voters but plenty of forged boundaries.

This will prevent ballot box stuffing by megacorps, but it's corrupt Republican officials that are the serious problem.

Re: This is insane

[fustakrakich]

In other words, I can prove you wrong.

Only if there a paper copy of the vote that I can verify before putting into the box to count the old fashion way. Without it there is no such proof, only speculation. In other words, you can't. Your claim is equally worthless, and spineless. Your only "proof" is attempted insults, water off a duck's back in this case.

If you could prove what you say, computer malware could not exist, much less run for years without anybody noticing.

Re: This is insane

[jd]

First, where did I say there wasn't a paper copy?

Second, if the software is peer-reviewed and proven to be correct, and you can compare your copy of the digital signature with that in any of the observer databases, I'd say there's a bit more than speculation.

Third, computer malware exists because 99% of all the software out there is written by morons and 99% of what's left is written by enthusiasts who like coding but hate testing or documenting. Name one formally proven A1+ OS that has malware. You're trying to argue that Internet Exploder is automatically equivalent in coding quality to aviation software because they're both programs. For chrissakes, I've seen some stupidity in my time but yours exceeds all expectations. What are you, Donald Trump's IT advisor?

I can very easily prove what I say, because formal methods are something I am very, very good at. You, on the other hand, are clearly a gibbering idiot.

Re: This is insane

[fustakrakich]

Nice troll! I like it!

I can very easily prove what I say, because formal methods are something I am very, very good at.

You should be rich then, and making headlines. Pretty good at blowing your own horn, aren't ya?

Paper ballots & manual counting fine by me

[dstyle5]

Sure it will take longer to count votes with people instead of software, but I'm fine with that. I'd rather it take hours for paper ballots to be counted than have the possibly of government officials or hackers corrupting the voting system. Politicians will bend over backwards to stay in power, giving them an easy way to manipulate votes in their favor makes me uneasy.

So far here in Alberta all federal and provincial elections I've participated in have used paper-based voting systems and been counted by hand (AFAIK), hopefully it stays this way.

Re:Paper ballots & manual counting fine by me

Yep. Over here in the Netherlands we found all kinds of security problems.
Then we decided it would never be truly secure and went back to 100% paper.

Re:Paper ballots & manual counting fine by me

Please read the article.

Germany does use paper ballots and manual counting. The insecurities that have been found are in an application that transfers the results of the manual counting to the next higher level.

Re:Paper ballots & manual counting fine by me

[Solandri]

I've always wondered. What mechanisms are in place to prevent someone taking high-res photos of their ballot while voting, going home and duplicating large quantities of them, mark the candidates they want to win, and passing them off to co-conspirators who palm them and drop them into the ballot box at the same time they're dropping in their real ballot?

The allure of paper ballots always seemed to me to be based on fear and ignorance. Supporting an old system not because it's actually superior, but because you fear the problems and challenges a new system, while you're comfortable with the problems in the old system.

Between two-factor cryptography, hashes, and blockchains, it seems to me there's gotta be some way to combine these into a digital method of tallying votes which can't be manipulated.

Re:Paper ballots & manual counting fine by me

>I've always wondered. What mechanisms are in place to prevent someone taking high-res photos of their ballot while voting, going home and duplicating large quantities of them, mark the candidates they want to win, and passing them off to co-conspirators who palm them and drop them into the ballot box at the same time they're dropping in their real ballot?

That plan highlights the value of using actual, physical voting. Doing such a thing leaves a long string of _physical_ evidence...even leaving aside the large number of co-conspirators, any of which could spill the beans on the plan. You can analyze the ink on the ballots, look for givaways in printing errors, differences in paper, similarities in marking on the ballots, etc. There's a huge number of loose strings that can be pulled to unravel the conspiracy.

Get something in purely digital form, it becomes a lot easier to screw with tracelessly. No amount of end-to-end security is going to help you if, eg, the computer at the final end is compromised.

Re:Paper ballots & manual counting fine by me

[mean+pun]

The allure of the paper system is that everyone understands it, not just he high priests of computer technology.

Regarding that ballot stuffing scenario: it is an old trick with many variations, but that's why there are observers in voting stations, preferably from multiple parties in the election.

Re: Paper ballots & manual counting fine by me

Paper trail method:
My grandma sits in front of the ballot box and checks that you only throw in a single paper ballot, together with other people who volunteered for this. Easy to secure against your photocopied ballots, as you can't slip them in.

Your method:
Something something tech voodoo that you don't understand yourself, is not actually proven secure, and even it it were mathematically proven, my grandma surely wouldn't know if she can believe that or not. That's not verifiable for the layman.

Re:Paper ballots & manual counting fine by me

[AHuxley]

Take some random paper vote nation.
People in some small town or small area from different political parties watch the vote, paperwork and the counting.
All voters are real citizens and allowed to vote, fully registered and can only vote once. No illegal migrants can vote, no citizen returning to vote many, many times.
One real citizen, one vote counted on paper.
They see a final number and that count is sent up the system. That number is passed up to a region. The people who count and observe in a region agree on a final number from all the vote counts sent in.
A lot of numbers are then sent for a big federal count. All along the way party members and observers know the number for their local elections area and the later counts.
All the numbers flowing in are certified from small human watched sets of votes up to the federal level. A thousand votes feed into millions of votes. Changes don't add up when counted and seen by all who know their local numbers. Humans can add up when they see lists of confirmed numbers in front of them.

The new ways of cheating are very much the same as the old ways. Money, support and faith groups, cults and blocks of one issue voters.
A candidate does a deal with a community, cult, faith, region and then enjoys a flow of votes to them. Just enough to sway a vote and get them elected.
No need to fake votes. Every vote is real, just the people voting do what they have been told by their community leaders, faith group weeks or months before the vote.
The elected representative then has to be responsive to that community. If a faith group, cult can get out 10 or 20% of a vote that becomes a powerful group that attracts political support. The cheating is done long before the vote by the community.

Re:Paper ballots & manual counting fine by me

[tlhIngan]

I've always wondered. What mechanisms are in place to prevent someone taking high-res photos of their ballot while voting, going home and duplicating large quantities of them, mark the candidates they want to win, and passing them off to co-conspirators who palm them and drop them into the ballot box at the same time they're dropping in their real ballot?

Absolutely nothing.

But, you have to be careful because boxes are often serialized, and how many people put votes in a box is tallied. If the count gets out, then fraud has happened. I mean, if a box is supposed to have 1000 votes in it, and it has 1010, you know something is screwy.

They count votes box by box, recording the votes in each box, then sealing it back up. Thus "ballot stuffing" a box happens only on a small scale (depending on the voting system, ballots vary by region - you may not get the same ballot across a province or a state).

Electronic voting systems generally aren't as robust - if you can alter the vote, you can make sure the audit trail stays perfect - you can bump up the vote of your candidate and then subtract a vote for another candidate, and the counts still match. And since these are often done by computers talking to computers, you can alter the vote over a wide region very easily, whereas ballot stuffing is generally on a small scale.

Plus, most electronic voting systems don't have a paper trail, so if you need to recount, there's no way to do it. Paper ballots are an audit mechanism too. And security paper used on ballots can render even high-res scans invalid (just inserting random colored fibers can fingerprint a ballot, so you need to digitally edit it out and print it on similar paper.

But the fact that we don't really need to generally shows the incidents are usually quite tiny and quite isolated, even in the most corrupt of countries where they send international observers to observe the voting.

In general though, the easiest way to influence the vote is voter intimidation, and you actually see this even in the most developed of first world nations - it's happened in the US (think Jim Crow laws, voter identification laws, etc), Canada (phone calls - "robocall scandal"), and many other places where voters can be shuffled around to wrong voting locations (dress up in a nice suit and say you're from the election authority and you can redirect people to non-existent locations - especially people you don't want voting).

Re:Paper ballots & manual counting fine by me

[sad_]

And manual counting of votes by people is failproof because people can't be corrupted/bribed/...?

Re:Paper ballots & manual counting fine by me

The manual counts are done in teams. Vote falsification is a felony. And the ballots can be recounted in case of doubts. And the efforts for falsification only apply at small scale: if you can mess with electronic devices, you mess with millions of votes at once.

Worth noting that there is no electronic voting

In Germany, we use paper ballots which are counted manually. The software is only used for transmitting and aggregating results. Every part of the process that is handled by the software is observable by the public and can be verified by the public. If the people who do the counting at the polling places make a note of the result and check that it matches what is published upstream and that the aggregation is done correctly upstream (from public input to public output according to defined, simple algorithms), then any manipulation that a hacker could inject through the flaws in this software is detectable.

Re:Worth noting that there is no electronic voting

[Train0987]

Do they not have telephones in Germany yet? Why is specialty network software required to read off vote totals?

Re:Worth noting that there is no electronic voting

Relaying long lists of numbers over the phone is error prone. Digital transmission and aggregation reduce the error rate and are faster.

Re:Worth noting that there is no electronic voting

[Nidi62]

In Germany, we use paper ballots which are counted manually. The software is only used for transmitting and aggregating results. Every part of the process that is handled by the software is observable by the public and can be verified by the public. If the people who do the counting at the polling places make a note of the result and check that it matches what is published upstream and that the aggregation is done correctly upstream (from public input to public output according to defined, simple algorithms), then any manipulation that a hacker could inject through the flaws in this software is detectable.

Arguably it is better for the manipulator that it is detected. Sure, by manipulating the tally secretly you might get your preferred candidate elected but it would still have to be a one of the leading candidates otherwise you rouse suspicion, meaning the damage is limited. If you can invalidate the government in such a public way then you start undermining the trust the population has for the government. Shake the population's confidence in government and you have done real damage.

Re:Worth noting that there is no electronic voting

Verification is done in that manner. This is just for fast preliminary results, not for the official tallies. So the worst we are talking about are hilarious election evening reporting and events.

It's corruption

[Baron_Yam]

Everyone involved hopes to exploit the system to their own benefit, they're not interested in a fair, honest, open system. That's why ballot stuffing is a thing and why we have secret ballots so people can't be reliably threatened or bribed for their votes.

Then there's the fact that there is a lot of money on the line, and you can bet lobbying (both honest and dishonest) is going on to keep that money flowing.

It seems very strange that there's so much wrangling over how to create a ballot until you recognize that the parties involved WANT it to be confusing because they're hoping they'll have enough name recognition to be the default choice.

It's pretty simple:

* Allow each person on the ballot to have a representative at every polling station if they wish.

* Have a ballot with a list of names with empty circles beside them. (Include party affiliation under the name if required).

* Give voters a pencil to mark one appropriate circle (per section of ballot if adding a referendum or something).

* Have the voter feed the ballot through a scanner that empties into a secure ballot box.

* If you have reason to think the scanner system has been corrupted... manually count ballots the old fashioned way.

* If you're worried about people voting multiple times under fake IDs... go that route so wonderfully demonstrated in Iraq - one vote, one purple-stained finger.

Re:It's corruption

[HornWumpus]

The UN has established 'best practices'. It's time the first world accepts that those standards are not just for the 'stans' and banana republics.

Paper ballots, see through ballot boxes (so they aren't half full at the start), tracked chain of custody of the boxes, ID requirements and stained fingers. All interested parties can have a representative in the counting rooms and polling stations. Done.

Re: It's corruption

Give voters a pencil to mark one appropriate circle

Gee, I hope no corrupt officials can get their hands on a dreaded pencil eraser!

Re: It's corruption

[Baron_Yam]

Believe it or not, it's really difficult to cleanly erase a mark left by a pencil. If someone is scrutinizing ballots looking for tampering, the indentation of the previous mark will be visible even if every speck of graphite is lifted from the paper.

Re: It's corruption

[HornWumpus]

Hanging chads.

Leaving any discretion in the hands/eyes of the counters is a very bad outcome.

If you fuckup your ballot with ink, you ask for another. Pencils have no advantage.

Re: It's corruption

[Baron_Yam]

>Pencils have no advantage.

They don't dry out, they don't leak if broken, and their marks don't run if the paper gets wet.

In other news

Water has been confirmed to be wet by leading scientists.

But Why

[sdinfoserv]

Given:
1) The critical importance of voting in Democratic societies,
2) The ease at which eVoting devices appear to be compromised,
3) The effectiveness paper voting as proven over untold millennium
4) The inherent lack of accountability in current eVoting ,
No logs, Insecurely stored, No validation, etc

It begs the question, why even bother with eVoting machines? Just because it’s “new”, “electronic”, can be “web enabled”, seems insufficient to perch the entire construct of Democracy on such weaknesses

Re:But Why

Germany uses paper ballots. The real threat is the ever increasing number of absentee ballots cast by postal vote: It's completely impossible to maintain the requirements of a democratic election with those.

Re:But Why

[AHuxley]

re "It begs the question, why even bother with ..... machines? "
Pure profit. Money is flowing for new machines, secure networks, support services, repairs, staff support and further education. Cryptography and "private sector" academic certification.
All costs that some federal or state gov can be expected to pay in full for again and again.
Then later updates, upgrades, support for all the different levels of politics in a nation. The cash keeps flowing and the few trusted brands can then sell internationally?
The gov is "sold" on been cheaper and more secure than all that old paper counting on the day. No need to print paper, move paper, count paper. The big news networks get instant results for their prime time. No need to wait up for results to be counted by hand. Thats traditional ads on TV get sold and seen.

But its all about the security. Is the machine secure at the local level? Its easy to stand around with different party members watching that paper count.
Flip a few votes in a machine with an election that is almost 50/50? That becomes very tempting. No paper count to worry about. The machine number locally is final and passed up as that trusted and confirmed areas result.

Germany needs help!

Quick, send them the Voter Integrity Commission, Kris Kobach, Mike Pence, and the rest.

I'm sure they have a prison or something in Germany.

FTP

[jeti]

The voting records are uploaded to a central server using FTP. All clients use the same credentials, which are hidden in the software. Once you extracted the credentials, you can change the records of current and past elections at will.

The update process is completely unsecured as well. However, the current problems are not a real issue since the software will receive an online updare that fixes the discovered vulnerabilities before the upcoming election.

Re:FTP

[HornWumpus]

Also not an issue as long as the totals are kept at the counting stations and the numbers are cross checked after.

Any shenanigans would be easily found with a routine audit.

Dear Editors...

[SeaFox]

Slashdot is a website read around the world. When posting an article of this type about a "national election", it would make a shitload of sense to add, in the title, the name of the country the election is for.

Re:Dear Editors...

[HornWumpus]

You're obviously bucking for a job as /. editor.

Didn't even RTFS, qualified! But spelling and grammar are too good, work on it.

Re:Dear Editors...

[SeaFox]

I read the summary, and am aware of the country is Germany from it -- thank you.

But, that does little for those of us looking at the titles on our RSS readers. In a normal news source, if the country is not mentioned then readers will assume the location is the home country of the publication, and Slashdot is a U.S. site. I'd argue in the case of an internationally read website it would be more logical to always list the country of origin.

It's true

[hhawk]

It's true but this has been well known in the security industry for years, if not decades..

You are a bigot

In the US, if you are a liberal supporting the DNC you are a racist.
-DNC started war to keep slavery in place
-DNC put in Jim Crow laws to keep blacks oppressed
-DNC attempted to keep blacks from voting
-DNC opposed civil rights
-DNC senator, Robert Byrd, was KKK leader and a top DNC senator for life
-DNC nominated Al Gore Jr for president, son of well known racist Al Gore Sr
-DNC nominated H. Clinton for president, who claimed her hero and mentor was Robert Byrd (the KKK Senator)
-DNC supports planned parenthood, an organization whos founded wanted to rid the US of blacks through abortion
-DNC president JFK spied on MLK illegally and labeled him a troublemaker

Sorry, but the current "globalist" in the US at least, are the racists. They have a long history of it and it still appears to be continuing today.
If you support the DNC and call people who don't support the DNC "A NAZI!!!" you are a racist. Support the bigots, you are a bigot.

Re:You are a bigot

In the US, if you are a liberal supporting the DNC you are a racist.
-DNC started war to keep slavery in place

Is that why a majority of elected Northern Democrats didn't join the South?

Also, do you believe they are alive today, or some sort of vampires controlling the DNC?

-DNC put in Jim Crow laws to keep blacks oppressed

Republicans ignored Jim Crow laws that oppressed blacks to keep winning elections. After all, they wanted Hayes as President.

DNC attempted to keep blacks from voting

Nope, that's the Republicans in Alabama, Texas, North Carolina, and other states where they have been found to have violated the Voting Rights Act.

DNC opposed civil rights

Like Barry Goldwater? Who very quickly declared it a violation of States' Rights. Or Ronald Reagan, who spoke in Mississippi to declare it unlawful. Or Jefferson Sessions, who considers Civil Rights to be an abomination?

DNC senator, Robert Byrd, was KKK leader and a top DNC senator for life

Dixiecrat Senator, Strom Thurmond, was embraced by the GOP after he decided the Democrats supported Civil Rights too much for him, and they told him he had to go. So he found a welcoming home elsewhere.

DNC nominated Al Gore Jr for president, son of well known racist Al Gore Sr

Attainder is illegal in the United States. Even if you proved your allegations, the sins of the father do not apply to the son.

-DNC nominated H. Clinton for president, who claimed her hero and mentor was Robert Byrd (the KKK Senator)

Nope, the Democrats in the primary picked a woman who made some pointless praise of an old fuddy who had repudiated the KKK decades ago. At most, you can condemn her for her lack of genuine sentiment. Which is better than the GOP in their primaries who voted for the man who wants to force Mexico to build a wall, who wanted to ban Muslims from entering the country, and who only "didn't admit" he committed racial discriminatory renting practices.

DNC supports planned parenthood, an organization whos founded wanted to rid the US of blacks through abortion

Planned Paranthood was formed by Margaret Sanger for her own Jewish immigrant community to get access to contraceptives, didn't expand to Harlem for 20 more years, and didn't perform abortions until the 1970s.

-DNC president JFK spied on MLK illegally and labeled him a troublemaker

No, that was J. Edgar Hoover.

Sorry, but the current "globalist" in the US at least, are the racists. They have a long history of it and it still appears to be continuing today.

Sorry, but your fraudulent examples only show your lack of integrity. You have a long history of it, in order to conceal your own perfidy and deception, which continues today.

If you support the DNC and call people who don't support the DNC "A NAZI!!!" you are a racist. Support the bigots, you are a bigot.

If you continue to present this worthless criticism, and call the DNC racists, especially because of the Civil War, none of whose participants are alive today, then you are a fraud, and you support frausters. Because, well, lies are easy for you, I guess.

Re:You are a bigot

They don't care about blacks. Look at what Rham Emmanual has done about the massive black on black violence in Chicago?
NOTHING!

You support racists, you are a racist. You have been told about the DNC preventing the Civil Rights act from being passed sooner, by a KKK leader that was a DNC member for life. Instead of SAYING it was wrong you try and blame the people who did PASS the civil rights act.

Not only do you support racists, you attack those who historically (AND FACTUALLY), supported blacks. You are a disgusting human and should be ashamed of yourself.

I like your reference to S. Thurmond. If you want to admit Dixicrats are evil bigots, congratulations! Of the 53 Dixicrats 51 went back to the DNC for LIFE! 1 went to the GOP. So going by %s on that, DNC is 98% bigot, GOP is 2% bigot. Once again you prove my point, you bigot.

DNC = Bigots

A more fundamental problem

[jandersen]

Which voting technology is the most secure is secondary, really, when the whole process is fundamentally flawed by the fact that voters can't be bothered to learn the actual facts or even turn up to vote, and when elections are completely overwhelmed by deliberate misinformation campaigns. As it is, it would be fairer to play dice for the presidency. Simpler too, and it might even engage people more.

The Robinson Method of Voting

http://www.paul-robinson.us/index.php/2008/10/25/the_robinson_method_a_really_simple_way_?blog=5

Every time I post this up, nobody comments on it, as if it's too much to comprehend - a simple, hackproof method of voting.
All the results would be streamed live on video on the internet, so thousands (or more) people could capture each stream onto their PC, and all the results would be available as VIDEO, within one hour (at most) of the end of polling. With no ability to cheat.