Virginia Scraps Electronic Voting Machines Hackers Destroyed At DefCon

Following the DefCon demonstration in July that showed how quickly Direct Recording Electronic voting equipment could be hacked, Virginia's State Board of Elections has decided it wants to replace their electronic voting machines in time for the gubernatorial election due on November 7th, 2017. According to The Register, "The decision was announced in the minutes of the Board's September 8th meeting: 'The Department of Elections officially recommends that the State Board of Elections decertify all Direct Recording Electronic (DRE or touchscreen) voting equipment." From the report: With the DefCon bods showing some machines shared a single hard-coded password, Virginia directed the Virginia Information Technology Agency (VITA) to audit the machines in use in the state (the Accuvote TSX, the Patriot, and the AVC Advantage). None passed the test. VITA told the board "each device analyzed exhibited material risks to the integrity or availability of the election process," and the lack of a paper audit trail posed a significant risk of lost votes. Local outlet The News Leader notes that many precincts had either replaced their machines already, or are in the process of doing so. The election board's decision will force a change-over on the 140 precincts that haven't replaced their machines, covering 190,000 of Virginia's ~8.4m population.

Let's face it

[mwvdlee]

Despite the ongoing efforts of all political parties; democracy is too important to entrust to for-profit organizations.

Re:Let's face it

[TWX]

Don't use the computer to take the voter input and then generate a paper receipt, use the paper ballot with on-site optical scan to record the result that the voter marked on the paper. If you want to get 1980s-fancy, implement an on-ballot print technique that puts one pattern of ink dot next to each entry that the voter filled-out correctly, and possibly another next to those that the voter did not fill-out correctly (like those pick 3 entries for county commissioners etc, or where the voter left the field empty) in case later manual review is necessary. Could even go so far as to generate serial numbers on the now-scanned-and-printed ballots, where those ballots that had issues have their serial numbers noted for manual review if necessary (ie, at a minimum if the voting is too close to call for some particular initiatives) and for that serial number to be machine-readable in the future (ie, also helps the computer know the ballot is already scanned, so that it doesn't tally multiple times if scanned multiple times). We had this technology with optical-scan "scantron" forms for school tests from at least the 1980s, if not the 1970s, so this should not be a hard thing to do.

If an election goes well then board of elections can perform a small audit, looking at perhaps a few polling places to confirm that the paper matches the electronic, and then perhaps a random sampling of ballots at other polling places, and then pat itself on the back. If an election goes spectacularly badly, the board of elections can hand-tally each and every paper ballot if necessary, because they were human-readable when marked by a voter. The ballots, not the computer, is the official result of the election. The computer merely helps speed-up the process of counting the results.

Re:Let's face it

[Opportunist]

WTF is the US' problem with paper ballots? Are you too stupid to count the votes or too lazy to carry the ballot to the voting committees?

I mean, for real, folks, why the hell is it that it works in third world countries in Africa (provided the local warlord doesn't stop it at gunpoint) but it's completely impossible for the country that pretty much invented process management?

Re:Let's face it

[Curunir_wolf]

The city of Richmond replaced all their touch-screen voting machines 3 years ago. The replacement? Paper ballots and scanners.

As an election officer, I prefer the paper ballots. Easy to track and easy to recount when necessary. I trust the system a lot more than the old touch screens. What's wrong with paper ballots? It's just as fast getting voters through and counting is actually easier.

Re:Let's face it

[Sique]

There is a fundamental problem with e-voting.

If we look at the conditions of a fair election, we have certain criteria to be met. Elections should be fair, meaning that voting should be no undue burden to each of the voters. Elections should be free, meaning no one should be able to force you to vote a certain way. Elections should be equal, meaning, that each vote counts the same, votes are not tampered with, and no additional votes should be added (e.g. ballot stuffing or changing invalid votes into valid ones).

The problem with e-voting is that it can't warrant free and equal at the same time. If voting is free, no one should be able to know how you have voted, and you should not be able to keep any proof how you voted. Because if you could prove your vote, a "voting enforcer" could either pay you if you provide proof to have voted correctly, or punish you for not having the proof. For e-voting that means that there should be no electronic or physic trail from a vote back to you. On the other hand, there has to be proof that all valid votes have been counted, no vote has been tampered with, and no additional votes have been added to ensure the equality of votes. How do you keep track of immaterial entities? You can't sign them with the voter's key, otherwise they aren't free anymore. If you sign them with another key, how do you ensure that this key is not used to add votes? And how do you ensure that the votes are really counted the way they were cast? And how do you watch the count? One important argument why to use computers in the first place is to speed up the counting process. I disagree. Counting should never be faster than the watchers can count.

It takes a team of specialists to go through the code of the voting application itself to ensure it does only what it is supposed to do. And the Underhanded C Contest shows how easy it is to hide side effects within code. And this only looks at the application itself. It doesn't even look at the operating system or hardware tampering. Who does audit the millions of lines of code for the operating system and the billions of transistors on today's processors and RAM chips?

Having people watching the sealing of the ballot box and people watching the ballot boxes during the voting process until the seal is broken and the votes are counted by hand, and then the resealing of the boxes and the transport to the central voting office together with the counting tabs, and then watching how the final tab is counted does not require any specialist knowledge.

Re:Let's face it

[Bob+the+Super+Hamste]

Those were some shitty ballots so I choose to blame Florida for that. Sane states would use paper ballots like what we have in Minnesota and have been using for ages. You get your ballot and a black sharpie and the ballot is basically a scantron sheet that everyone is already familiar with. Since scantrons have been around for ages now everyone should be familiar with them and even if not they are really simple compared to the disaster that was those Florida ballots. Add in that at some point you just have to say some ballots are disqualified because the person who filled them out was too incompetent. I know when I sign in to vote I have to sign stating that I am competent enough to vote and if you can't completely fill in the right bubble on a scan tron maybe you really aren't competent enough to be casting a vote. Add in that if you do fuck it up you can go and get a new ballot. Further more if you can't even read the ballot or can't physically fill out the ballot you can go get a couple of election judges and they can fill it out for you. Given all that if you are still having problems filling out your ballot correctly you really aren't competent enough to be voting and I am surprised you haven't choked on your own tongue.

Re:Let's face it

[Pascoea]

WTF is the US' problem with paper ballots? Are you too stupid to count the votes or too lazy to carry the ballot to the voting committees?

Pure speculation here, but thinking is that "we" don't like paper ballots because it doesn't give the news networks access to "real time" voting information. Elections are a spectator sport around here, complete with viewing parties, we need our information now dammit!

In reality though, I like the way my county does the voting. When I show up they cross my name off the list of registered voters or write my information down if I'm not on the list. I get a paper ballot, go into my little cubicle to fill in the bubble form, then cram it into a vote counting machine. The county/state/nation gets their fast counting information, and you have an auditable information trail to verify later.

Re:Let's face it

[Immerman]

Three things spring immediately to mind:

There's no blinkenlights - how can we claim to be the greatest country on earth if our voting doesn't even involve any blinkenlights?

It's too difficult to steal the election.

There's not enough money to be made by voting-related corporations. Do you want the Diebold executives to starve after all the bribes (sorry "lobbying") they've spread around?

Re:Let's face it

[Kohath]

Electronic voting machines were just a mistake some people in some places made historically. Elections are managed locally in the US, so there are 1000s of people making these decisions in different places across the country. Now that electronic voting machines are more-or-less universally understood to be a mistake, they are being gradually replaced with scanned paper ballots.

It's not very meaningful. People make mistakes. They get corrected. It takes time.

Re:Let's face it

[Immerman]

Why would it record it? I guess I wasn't clear enough that the paper ballot is what should be counted, the machine exists only to generate it. Just a more compact and easy-to-use version of the mechanical ballot-punchers.

I firmly believe that computers shouldn't be involved in official ballot-counting at all. At most it should do a redundant "sanity check" count, so that if the machine count disagrees with the official count by more than the accepted margin of error, you can know to look for "funny business" either in the machine (easiest target, but low benefit) or the chain of custody of the uncounted ballots.

We had paper ballots here in Virginia Beach

[fahrbot-bot]

In my Virginia Beach precinct, we had electronic voting machines a while ago, but have had paper -- fill in the bubble, then scanned -- ballots for the past several years including the 2016 election. The ballots are scanned on their way into the locked ballot box. This system is easier and faster than the electronic versions were, plus there's a paper trail.

Re:We had paper ballots here in Virginia Beach

[swillden]

In my Virginia Beach precinct, we had electronic voting machines a while ago, but have had paper -- fill in the bubble, then scanned -- ballots for the past several years including the 2016 election. The ballots are scanned on their way into the locked ballot box. This system is easier and faster than the electronic versions were, plus there's a paper trail.

With a bit more it's possible to go a step further, and get election systems that not only have a verifiable paper trail, but which are end-to-end verifiable, allowing any voter to check after the fact whether or not their vote was included in the tally (but without being able to prove to anyone how they voted), and allowing anyone to verify the correctness of the tally. The method relies on applying the concepts and methods of modern cryptographic proofs to the problem of voting. It not only ensures that ballot scanning is not less secure than non-automated methods, it achieves a provable level of election integrity that has never before been possible.

Check it out.

Re:We had paper ballots here in Virginia Beach

[hey!]

I have a theory why some districts may prefer voting machines to electronically scanned paper ballots. Voting machines make it possible to manipulate election results without actually hacking the machines themselves. You just have to hack the wait times in districts unfavorable to you. Lest that seem far-fetched, note that studies have shown that waits in minority-dominated precincts are on average almost twice that of white districts.

For the price of a single voting machine you can put up a dozen of those cheap pop-up voting booths. This means the marginal cost of scaling up an overloaded precinct's capacity is extremely low. I live in a state that uses scanned paper ballots, and the voting places have so many booths that in 45 years of voting I've never had to wait more than five minutes to vote -- and that's for checking in with the elderly volunteers. There's always free booths, no matter how heavy the turnout.

Manual counting only in Norway last night

[Terje+Mathisen]

Here in Norway we just had a general election last night:

Just 2-3 weeks ago Jan T Sanner, the minister with responsibility for elections, decided that every single vote had to be counted manually, including all early voting ballots. Previously those votes had been counted using optical scanners but with the news about how hackable most voting machines have turned out to be, he decided that we won't trust them.

Voting booths closed at 21:00 and the trend (our current prime minister will almost certainly get another 4 years) was immediately clear even though many of the details were less settled. This is mainly due to our voting setup with 169 representatives from 19 counties, where each party is supposed to get a total number which corresponds as closely as possible to the total vote counts, but with a cutoff of 4.0%: If a party gets less than that they will not get any of the final 19 slots which goes to the parties which have gotten too few direct representatives.

This morning at 07:00 we had passed 95% of total votes counted and a couple of the smaller parties had just managed to lift safely above the 4.0% cutoff point, so now the result is for all practical purposes final.

The key idea is that in all countries with "one person - one vote" the effort needed to do a full manual count (which is actually a dual count and verification) is exactly proportional to the size of the country, so it should be just as easy to do this in the US as in Norway!

Terje

Re:Manual counting only in Norway last night

[DrXym]

Ireland has paper ballots however the nature of the voting mechanism can have a huge impact on the time taken to count votes. Basically there are two or three seats up in every constituency and voters have to list their preferred candidates in order of preference - 1, 2, 3, 4 etc. as many as they like. First all the 1 preferences get counted up and if candidates pass a % threshold then they become elected, but if they don't then all the ballots are dumped back out and then the nr 2 preference is counted, then number 3 and number 4 and number 5 etc.

It takes days sometimes to figure out who got elected which is why Ireland looked at e-voting solutions about 15 years ago. Unfortunately they ordered a bunch e-voting machines which had no paper trail and the whole lot was withdrawn and is sitting in a warehouse somewhere. E-voting machines can work but only if they print a paper ballot and there are sufficient audit checks and balances to prevent tampering and any recount is via the paper ballot.

Re:Manual counting only in Norway last night

[TheRaven64]

That doesn't sound right. As I understand it, Ireland has a Single Transferable Vote (STV) system. Under STV, you count all of the first votes, and if no one wins outright then you eliminate the least-popular candidate and redistribute their votes to their second choice. If there's still no clear winner then you eliminate the least-popular remaining candidate and redistribute all of their votes to their second choice if they're still there or to their third choice if they aren't. You repeat this until someone has 50%. You never dump all of the votes out, you only redistribute them from the least-popular candidate.

There are other problems with STV, including some quite odd failure modes. For example, if you have four candidates, A, B, C, and D and 30% vote ABCD, 25% vote CBDA, 24% vote DBCA, and 21% vote BCDA, then candidate A will win. B is eliminated in the first round (because he receives the fewest votes) and all of his votes are redistributed to A. Now A has 51% and so wins, in spite of being there last choice for 70% of the electorate, and B never gets to see any of the second-choice votes in spite of being the first or second choice for 100% of the electorate. Of course, the same problem happens with first past the post, but there you don't have the information required to know that it's happened.

There are some variations on STV that avoid these corner cases, but they make counting harder.

Re:Manual counting only in Norway last night

[Immerman]

The biggest most obvious weakness - how do you tell if there's a need? And if there is cause for suspicion, but the incumbent party won the official tally, what are the odds that there will be a recount?

Why americans don't care?

[gl4ss]

I mean other countries manage to do the important ballots with just plain pen and papers and multiple parties observe them.

why the country that prides on democracy has so few volunteers to make it? ..also why the fuck just 2 parties while at it...

Re:Why americans don't care?

[NoNonAlphaCharsHere]

We use first-past-the-post voting, for a single representative, which Duverger's Law tells us inevetably results in a two-party system. In other words, the two-party problem is systemic and isn't going to go away simply by wishing it would, or especially, by voting for some quixotic can't-possibly-win third-party candidate, on the theory that that will somehow change things.

Re:Why americans don't care?

[TheRaven64]

The problem in the US is that they vote on vast numbers of things. At most, in the UK, I'm voting for 3-4 offices at a time (MP, MEP, devolved parliament / assembly representative, local councillor) and these rarely line up so I typically only vote for 1-2 at a time. In the US, they vote for everything from local dog catcher on up. This increases the complexity of the elections considerably (and has secondary effects, such as politicising the judiciary - which in other countries is intended to be apolitical - by making both the judges and the district attorneys elected positions).

Re:Manual vote counting

[Sooner+Boomer]

... it should be just as easy to do this in the US as in Norway!

mmmmm....yeah

Norway - population ~5.2 million total

Ireland - population ~6.4 million total

Virginia - population ~8.5 million total
Two countries vs one state

Bit of a difference in scope, donchathink?

Use paper and a pen

[MoarSauce123]

Use paper ballots and a pen, list all candidates / parties and have voters make one cross at the candidate they want to vote for. Then collect all those ballots in sealed ballot boxes and after voting ended do a manual count that is open to the public. Sure, it will take some time, but I rather have reliable results slowly than wrong results fast. This is not the case where failing fast is a good thing.

Re:Manual vote counting

To count the ballots you need X counters per million people. The Us is ~60 times larger than Norway, so would need 60 times as many counters, but has 60 times as many taxpayers to pay for the counters. The overall cost and complexity of manual counting per citizen is exactly the same.

The attack vector for that

These bubble counting machines themselves have an attack vector that's been well exploited.

In Florida, they did an analysis of faulty misaligned ballot counters and there was a statically higher number of mis-calibrated counting machines in Democrat districts. Those machines rejected votes as invalid that were valid.

Really, lots of people, done under surveillance of representatives of the candidates standing for vote is the way to do vote counting.

When you have elections run by political groups, you have opportunities for corruption of the voting system.

Re:Blockchain!?

[l0n3s0m3phr34k]

No, for logistical reasons. There are around 235,000,000 eligible voters in the US, across 3,797,000 square miles. There is no "federal ID" or "drivers license", each State "does it's own thing". This is per the US Constitution, in the 9th Amendment. Something like that would require a Constitutional amendment, and a Constitutional Convention. The last time was 1933, and would NEVER happen in the current US political climate.

As of September, 2016, 13% of US adults still don't use the Internet, so this would have to be addressed first. Maybe, if there was some giant national "push" this could be fixed in the next 10 years. So no, this idea is unworkable in the US.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Is fake news. Machines fine.

[mnemotronic]

Not possible to be hacking great American voting machines. Ignore fake news. Continue make use of wonderful machines.