Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States

Kim Zetter, reporting for Motherboard: The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software ... to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees -- including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said. ES&S did not respond on Monday to questions from Motherboard, and it's not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.

wow digging

if you dig any further maybe reach china.

Re:wow digging

[Penguinisto]

Personally, I'm not as worried about Oregon's voting computers as I am the potential for fraud across the far weaker link - all of Oregon votes by mail. All it would really take is a properly-bribed postman or two to collect a few spare ballots (and discard a few ballots from parts of his route that vote heavily for The Other Guy), a handful of pencils, a roll of stamps, and a few cohorts willing to help you 'vote'. The voter would never know that anything was amiss.

(there's other ways that mail-in ballots are open for fraud, but this is one that comes to mind. The envelopes are unique, big, and easy to pick out.)

Re: wow digging

Donâ(TM)t forget the voter rolls being significantly larger than the voting populatuon

Re: wow digging

But removing dead people from the voter roles is racist! Somehow. According to liberals.

There's so much wrong with the voting system in the US that worrying about remote access software on machines that weren't even Internet connected is way at the bottom of the list. (People have physical access to the machines anyway. If you want a more dangerous attack vector: there you go.)

It's not even at the top of the list of problems with electronic voting. Who cares if the machines are hacked? It's not like you can verify the results anyway. Maybe hackers could change results. Maybe there are bugs so that certain votes are silently dropped or changed. Who knows. It can't be audited anyway.

And all of this pales to the fact that we don't even bother checking if the people voting are who they claim they are! No other nation in the world lets you go in, say "oh yeah, I'm a registered voter" and then just trusts you on that. But we do.

There are so many things wrong with the US voting system that remote access software is just not a worry.

Re: wow digging

"But removing dead people from the voter roles is racist! Somehow. According to liberals."

WTF are you babbling on about magasnowflake? The list of things that republicans terrified of brown or poor people do to suppress the vote is long and well documented.

"No other nation in the world lets you go in, say "oh yeah, I'm a registered voter" and then just trusts you on that. But we do."

Citation please, mister expert on every voting process in the world...

Should we worry that this company thinks it is ok to routinely tell blatant lies about their security related practice?

Re: wow digging

But removing dead people from the voter roles is racist! Somehow. According to liberals.

No whats racist is that they seem to only remove "dead" people that are black, with no notification, 6 months before the election, and then oops turns out those people were still alive but it's too late for you to re-register because election day is today.

And all of this pales to the fact that we don't even bother checking if the people voting are who they claim they are! No other nation in the world lets you go in, say "oh yeah, I'm a registered voter" and then just trusts you on that. But we do.

You've never actually voted in the USA have you? They generally do verify your identity at the poles when you go to vote.

Re:wow digging

and yet after spending millions of dollars on dozens of investigations, no one has found any significant voter fraud in recent memory.

but the right has demonstrably suppressed minority and democratic likely voting through stacks of well documented dirty tricks including bogus voter purges ( based on matching first and last names alone, as if those never are shared ), removing polling places, reducing machines in those voting places, etc... not to mention gerrymandering voting districts past any semblance of rationality.

Re: wow digging

You've never actually voted in the USA have you? They generally do verify your identity at the poles when you go to vote.

No, they don't. They verify that the name you gave them is a registered voter. And that's all they do. No check to make sure the name you gave them matches.

It's a well known open secret that liberals routinely bus "voters" around on election day thanks to the fact that all you need to vote is know the registered voter list. Combine that with refusing to remove dead people from the voter roles and - well, you should be able to figure this out.

Re:wow digging

[layabout]

Personally, I would be more concerned about a properly bribed election official or two losing votes in a voting machine or even worse, a voting machine with remote access https://www.newsweek.com/elect....

This article from Vox highlights one of vote-by-mail strengths which is that it is very distributed and hard to tamper with at large scale. It's second strength is that is a fair process making voting accessible to anyone who is registered to vote. No need for polling places or special times and days, only a voting deadline of when your vote must be in an order to be counted. https://www.vox.com/policy-and...

of course, if you want to steal an election, here's your how to: https://foreignpolicy.com/2018...

Re: wow digging

[Train0987]

"No whats racist is that they seem to only remove "dead" people that are black, with no notification, 6 months before the election, and then oops turns out those people were still alive but it's too late for you to re-register because election day is today."

Except that never happens, it's just agit-prop for people who won't bother to check it out. Voter roles are culled based on specific criteria, usually based on voter inactivity. There are exactly zero verifiable instances of just black people being removed from the voter roles. Those stories are aimed at very stupid people with confirmation bias.

Also, provisional ballots exist for folks who show up to vote and discover their names aren't on the list (for whatever reason). They are given provisional ballots to use and then their eligibility is determined after the fact.

What's really racist is the idea that minorities are just incapable of getting an ID.

Re:wow digging

So what you are saying that there are people standing at polling locations keeping people from walking in and casting a ballot? I have never had a problem registering to vote or walking into a polling station. All I need to do is follow the directions and the law. Its not that hard folks. But when you mean minority you probably mean illegal alien.

Re: wow digging

It's a well known open secret that liberals routinely bus "voters" around on election day...

If by "open secret" you mean bullshit, then you nailed it.

Re:wow digging

and yet after spending millions of dollars on dozens of investigations, no one has found any significant voter fraud in recent memory.

We have a secret ballot. There's no way to catch these because we don't bother verifying that the people voting are who they say they are. This is like not recording any server logs and saying your server can't possibly be hacked because the logs don't say it was.

We have no way of knowing how bad the voter fraud problem is because we don't have the tools to look for it.

Re: wow digging

[Rhipf]

What's really racist is the idea that minorities are just incapable of getting an ID.

The problem is what ID is required. If all that is required is "driver's license or state-issued ID card, a U.S. passport, or a copy of a utility bill, bank statement, or paycheck." Then there really shouldn't be too much of a problem since it shouldn't be too hard to get "a copy of a utility bill, bank statement, or paycheck."

If your state has a strict photo ID requirement and only accepts "driver's license or state-issued ID card, a U.S. passport" there could be a problem. All of these require an outlay of money. Money some voters (minorities included) may not be able to afford.

Re: wow digging

[Jesus+H+Rolle]

What's really racist is the idea that minorities are just incapable of getting an ID.

I support voter ID, but a California driver license costs $35. A California ID card (drinker's license) is $30. At the very bottom of the socioeconomic ladder are those for whom this is too much of an expense. Demanding payment in exchange for the privilege of voting is an illegal poll tax. Either change the Constitution or offer free IDs.

Re: wow digging

[jeff4747]

It's not just the ID itself, but the supporting documentation.

A new copy of my birth certificate costs $50, or I have the option of traveling 2000 miles to get a free copy at the county's offices.

Re: wow digging

[davide+marney]

The USPS is not a guaranteed delivery system. A mailed-in ballot cannot be guaranteed to have been filled out by the voter, nor delivered on time, nor delivered without having been manipulated on transit. It's a terrible way to cast a vote.

Re: wow digging

Republicans have been trying to protect our voting system for years with a simple ID check.

Democrats have been violently fighting this because they know that almost all voter fraud favors them. The whole race baiting issue is exactly that: "You can't protect our voting system! That's racist!"

The only racism here is from the Democrats.

Now with their retarded Russian panic they're looking like total morons, stuck between wanting illegal voting but needing to blame someone for losing anyway.

Re:wow digging

[jeff4747]

All it would really take is a properly-bribed postman or two to collect a few spare ballots (and discard a few ballots from parts of his route that vote heavily for The Other Guy), a handful of pencils, a roll of stamps, and a few cohorts willing to help you 'vote'.

All that, and you've change 0.02% of the vote.

Yes, there rarely are elections which are that close, but you wouldn't know this is one of those situations beforehand.

Intercepting vote-by-mail from the voter is hard because it's so distributed. You'd need a lot of people involved in your conspiracy. Instead, you'd alter the vote it in the election offices, where you need far fewer people....just the guy who patches the software on the tabulators. However, that's the same with traditional voting systems.

Re: wow digging

[Train0987]

Basic gov't-issued photo ID is free at every state DMV that I know of. How can anyone function in life without an ID anyway? It's a myth that there's a large population of legal citizens that don't have an ID.

Re: wow digging

[Train0987]

California offers a fee waiver now for basic ID.

Re: wow digging

It's a well known open secret that liberals routinely bus "voters" around on election day thanks to the fact that all you need to vote is know the registered voter list.

What you describe is illegal. I must assume that at least a small percentage of these frauds are caught, so of course you can provide some documentation of convictions for this, right?

I should note that one of the first things DJT did after he became president is to start a committee to investigate voter fraud. It has been disbanded recently, and I am not aware of any reports from this committy. Why? I think I can make a pretty good guess.

Re: wow digging

You dummy, never mailed anything? It's called registered return receipt.

Re:wow digging

There's no way to catch these because we don't bother verifying that the people voting are who they say they are.

This is simply not true, there is verification.

Re: wow digging

[Pascoea]

Basic gov't-issued photo ID is free at every state DMV that I know of.

Not Minnesota. You heed to have a qualified disability, verified by a medical professional:

“The fee for a Minnesota identification card is 50 cents for a person who is either: developmentally disabled as defined in Minnesota Statutes, section 252A.02; physically disabled as defined in Minnesota Statutes, section 169.345, subdivision 2; or has serious and persistent mental illness as described in Minnesota Statutes, section 245.462, subdivision 20, paragraph (c).”

source

On your other two points, 100% in agreement. No ID=No bank account=no job=no car=no renting=no [basically, anything]. I just can't fathom being a functioning adult and not being able to scrape together $50 to get an ID card. But I guess if I were in that situation, the ability to vote would probably be pretty low on my priority list.

Re: wow digging

[Train0987]

I have no problem with the state providing a free basic ID to everyone.

Re: wow digging

It wonâ(TM)t make a difference in federal or possibly state elections but a very small number of votes have swung local elections.

Iâ(TM)d argue that local elections have a greater impact on quality of life than federal or state elections.

They control which streets get paved, where the sewage plant is built, if a grocery store gets built in your neighborhood, how much teachers get paid, etc.

(This is an American view point, YMMV for other countries.)

Re: wow digging

[jeff4747]

No, they don't. They verify that the name you gave them is a registered voter. And that's all they do

Actually, they verify name and address, and that you have not voted yet.

Btw, think voter ID is gonna fix it? Guess what you need to produce a fake id? Name and address.

It's a well known open secret that liberals routinely bus "voters" around on election day

If this was actually happening at a large scale, it would be easy to catch and result in a lot of convictions. Yet there have been 0 people caught transporting false voters.

In-person voter fraud is extremely rare. Those that do it and are caught are not all members of one political party. In fact, there's been slightly more Republicans caught doing it in the last few years, largely because of false claims like the one you make here.

Re: wow digging

[Bruinwar]

What's really racist is the idea that minorities are just incapable of getting an ID.

My step son turned 18 & never got an I.D. He didn't drive (or fucking work) so he never bothered. He wanted to vote. Getting all the documents together & getting him to the office to get a state I.D. was quite challenging. His dad had no idea where his birth certificate was so we had to get a copy. Without a car & financial resources, we would not have been able to do it.

When we needed a marriage license I had no birth certificate. I had to go quite a long way to pay for a copy of it. I had a valid license, a passport, but no, they had to have the birth certificate. No public transportation would get me there & there was no way to get it for free.

So it does not matter if your a minority or the color of you skin. What matters is the resources or the lack thereof. Voter I.D. laws & voter registration purges absolutely & veritably suppress the vote. That & lack of funding in poor areas helps a ton to keep the poor from voting. 2 hour waits only to find you're no longer registered. Florida 2000.

Re: wow digging

[Bruinwar]

Exactly. Impossible for someone without resources.

Re:wow digging

Jill Stein demanded a recount in Michigan. Half way through they cancelled it because it was OBVOUS how much fraud had happened in Detroit (which went for Clinton much higher than it should have). Nothing was investigated after.

Sessions attempted to look into it, but the DNC refused to corporate because they know what they did there. DNC = election fraud. Just ask Donna Brazile who ran the DNC and said they rigged their primary to have Hillary win.

Re: wow digging

[Bruinwar]

Doesn't help if you can't get the documentation.

Re: wow digging

[Pascoea]

You must be one of them socialists!

Totally joking, I'm completely on-board with that idea. Unfortunately there are certain demographics that are worried about "illegals" coming here and getting IDs then stealing everybody's jobs and milking the system for free money.

Re: wow digging

[jeff4747]

but a very small number of votes have swung local elections.

Very small numbers of votes have swung elections at all levels. But again, it is extremely rare that the election is actually that close and you won't know it is that close ahead of time.

So you assemble a very large army of conspirators, and get caught because the more people, the more leaks.
Or you assemble a very small number of conspirators, over and over again until the election is that close. But doing it over and over again makes it far more likely that you will get caught.
Or you assemble a very small number of conspirators and affect one election....and don't change the result because 99% of the time the result isn't narrow enough.

Or you take the money you would use to assemble your conspiracy, and donate it to the politicians. Thus getting the actual policy results you want no matter the election results. As and added bonus, it's legal.

Re:wow digging

[SirSlud]

We have no way of knowing how bad the voter fraud problem is

Such a convenient lie to believe.

Re: wow digging

[nitehawk214]

"Poor people shouldn't vote."

What the actual fuck, dude. Also, you do realize that the majority of people that voted for Trump were poor, right?

Re: wow digging

[Oligonicella]

State dependent. Here they require a photo id. Oddly, no one seems to have problems getting one, despite the agitation otherwise.

Re:wow digging

As long as the intimidator is black, it's all OK...

Re: wow digging

[TimMD909]

I'm pretty sure $30 for an ID is not the biggest problem out there. It's a molehill. You want to see a real mountain? Look at your housing market. Stop making mountains out of molehills. Otherwise, people will treat you like the cis heteronormative Caucasian privileged boy who cried wolf.

Re:wow digging

[LynnwoodRooster]

Or how about "discovering" hundreds of ballots, 6 weeks after the election, in an election decided by 261 total votes?

Re: wow digging

If your decisions wipe out your ability to obtain an id, or maintain voter registration, your judgment is severely impaired.

People whose judgment is that impaired shouldn't be voting. I'd prefer an educated, informed electorate, with enough presence of mind to be able to cough up a couple hundred bucks over the course of their adult life. If you can't swing that simple, minor task, you shouldn't be voting.

Fuck your confusion and sentimentality.

Re: wow digging

I walk in, say "Hi, I am Dick Burton". 90% of the time I also toss the voter registration postcard they mailed me down as well.
The nice old person on the other side of the table looks up to find Burton, Dick on the list of voters allowed to vote at that location. She then ask me to verify my address.
If I am not on the list she then tells me so, ask where I live. Looks up where I am allowed to vote, and tells me where I need to go. (In 15yrs my place to vote has moved once, for a single election).

Meanwhile, you know how easy it is to get a fake driver license?
You know how low voter turn out is? Most recent set of votes in my county, out of 255,478 registered voters, 39,983 ballots were turned in. 15.65% of those were blank.
The tightest set had more than between the winner and loser... except the two guys who only got 10 & 25 votes and won because they had no one running against them (Something that happens way to often here... but at least we get R, D, Libertarian, Constitutional, Green, and Independents running for office here).

Re: wow digging

[Rob+Y.]

Also, even if it weren't overly hard to get the documentation (and I'm not saying it isn't), the voter ID folks are playing the margins. If they can prevent a small number of Democrats from voting in a few states in a close election, they can pull off an upset victory like Trump's.

That's why the Russians targeted black voters with fake "Black Lives Matter" groups either misdirecting potential black voters or telling them not to bother voting. And it worked in places like Michigan and Winsconsin. Along with voter ID laws that similarly suppressed the black vote enough to tip the balance.

The Electoral College allocation of extra votes to small population states is a problem too. But that's in the Constitution and hard to change. Voter suppression enjoys no such protection, and needs to be fought if you believe in one-person, one-vote.

Re: wow digging

Not in RI it's not. So there is one state that proves you wrong, I'm sure there are many more.

Re: wow digging

[lgw]

Btw, think voter ID is gonna fix it? Guess what you need to produce a fake id? Name and address.

Woldn't be a magic bullet, but it would still help. It would require election fraud to be better organized, farther ahead of time, and involve more people in the planning. Much bigger risk of getting caught.

In-person voter fraud is extremely rare.

You can't know that. All we know is how often people get caught - and they only ever get caught by the winning side. Chicago machine politics has been Chicago machine politics for far more than a century.

Re: wow digging

Bullshit. If you're incapable of getting a couple hundred together for an id, you don't have your shit together enough that you should be voting.

That's not what US law says. Everyone has the right to vote.

There's no systemic oppression keeping people down.

Some of the people implementing this voter suppression have been pretty open about it, especially when they were among friends and didn't realize what they said would be public. But their actions speak louder than words.

If you're legitimately discriminated against, it means a big payday. People who claim discrimination and oppression, or such on others behalf, do so out of ignorant sentimentality, or rationalization of poor life decisions.

If you honestly think that all discrimination in the USA leads to a 'big payday' you are sorely deluded. Possibly terminally deluded if you were a minority.

Re:wow digging

[dj245]

We have no way of knowing how bad the voter fraud problem is

Such a convenient lie to believe.

Not a lie. We have a very good indication that physical voter fraud so low to be considered nonexistant. Physical meaning someone votes twice or someone is litterally stuffing paper ballots. We have good systems to track the first, and physical monitoring to protect against the second.

Electronic fraud is a lot more difficult to know. It could be small across the country. It could be very significant in localized locations. Presumably, persons with the know-how to do electronic fraud would know how to do so stealthily. From that perspective, it is very difficult to know for sure how bad the problem is.

Re: wow digging

[sexconker]

It has been disbanded recently, and I am not aware of any reports from this committy. Why? I think I can make a pretty good guess.

The states involved refused to cooperate and refused to provide the basic information necessary to conduct an investigation.

That's why.

Re: wow digging

Any verifiable evidence of such a claim?

Re: wow digging

[sexconker]

The Electoral College allocation of extra votes to small population states is a problem too.

That's not a problem, it's by design. It's specifically done that way to prevent populous states from taking the reins of the whole nation. This is supposed to be a nation of mostly sovereign states with a limited federal government.

However much you think a person in California, Florida, or New York deserves representation, the STATES of Wyoming, Alaska, and Vermont deserve representation.

Re: wow digging

[sexconker]

That's not what US law says. Everyone has the right to vote.

That's not what US law says. States govern their own elections.

Re:wow digging

[sexconker]

There's no way to catch these because we don't bother verifying that the people voting are who they say they are.

This is simply not true, there is verification.

No, there isn't.

You need a name and an address to vote. That's it. It doesn't have to be yours.

Re: wow digging

[parkinglot777]

You can't know that. All we know is how often people get caught - and they only ever get caught by the winning side. Chicago machine politics has been Chicago machine politics for far more than a century.

Because of statistics, we can assume that it is rare. Besides, most humans can't keep secret. If it has been there as such a large scale (big group of people involved in the fraud), it would have been out long ago. Thus, fraud of in-person voting is rare.

Re: wow digging

[SlaveToTheGrind]

2 hour waits only to find you're no longer registered. Florida 2000.

Thing is, it's no longer 2000 and you can instantly check your registration status online by plugging in your first name, last name, and date of birth. I concede that would still require things like planning ahead, turning off the TV for a few minutes, and so on. The Supreme Court has been clear that people have a right to vote without substantial burden, not without any burden at all.

Re: wow digging

Yes,
Donna Brazile said so. She was part of it when she ran the DNC. She also wrote a book on it describing the details. It hasn't been denied by anyone involved to date.

DNC rigged their primary for the 2016 election. Not a single person has been charged to date.

Re: wow digging

[Bruinwar]

Yep. A substantial burden like not having the resources to obtain your birth certificate. This problem has nothing to do with 2000.

Re: wow digging

Except that never happens, it's just agit-prop for people who won't bother to check it out. Voter roles are culled based on specific criteria, usually based on voter inactivity. There are exactly zero verifiable instances of just black people being removed from the voter roles. Those stories are aimed at very stupid people with confirmation bias.

It happened here in 2016 and it happened this year so for "never happens" twice in two years is strangely often.

Re: wow digging

That's not a problem, it's by design. It's specifically done that way to prevent populous states from taking the reins of the whole nation

No congress is designed that way as a feature. The ec was set up to handle the logistics of an entire nation voting before electronic communications existed

Re: wow digging

The states involved refused to cooperate and refused to provide the basic information necessary to conduct an investigation.

Uh,Trump disbanded the committee right after he lost a lawsuit requiring him to disclose the committees findings. Nothing to do with what states would provide information.

Re: wow digging

You don't seem to think voting is important. If a person, or human as you weirdos say it, cannot be bothered to pay 30 dollars to get an ID, then that person ought to just not be allowed to vote. What we really need is a 20,000 dollar poll tax. Weed out the idiots.

Re: wow digging

I would tend to disbelieve it also, but Democrats also are against voter-ID laws, and the only reason to be against it is because they depend on illegal votes to winning close elections.

Re: wow digging

[SlaveToTheGrind]

Yep. A substantial burden like not having the resources to obtain your birth certificate.

Putting aside what "not having the resources" would literally have to mean and how hard it is to find actual people actually limited to that degree, your scenario I addressed was people standing in line on voting day only to find out they were no longer registered. Since they previously had been registered, by definition they already had gotten through any "life is hard" issues like that.

Re: wow digging

How about a replacement Birth certificate, or Social security card which you'll need to get the ID?
You can't juts show up to the DMV and get an ID that says you are whoever you claim to be (and if you can in what sense is this preferable to juts trusting people to be who they say at the poll).

Re: wow digging

[YourMissionForToday]

I don't have time to look up the name but just a few years ago one of the top Democratic Party vote "getters" was caught on camera

But you do have time to make wild, unsubstantiated claims about voter fraud. That speaks a lot about your credibility-thanks!

Re: wow digging

Doesn't help if you can't get the documentation.

This^^^^^^
There are still many people who don't and never had a birth certificate.
Getting a copy of your birth certificate in many places requires going to the county where you were born (which may be across the country), which can be a problem if your deceased parents were itinerant workers (or hippies, or bums, or criminals), and you have no idea what county you were born in, or you were mis-informed about where and what day you were born.

And then there's cases such as my wife who was born in a foreign country from American parents stationed overseas in an unstable area. She has a fading copy of a birth certificate in a foreign language. It can never be replaced so we keep it in the bank's safe deposit box.
Her ancestors are not recent immigrants, she comes from DAR stock.

Re: wow digging

[lgw]

It's a myth that there's a large population of legal citizens that don't have an ID.

The myth is that it's legal citizens that the Democrats are protecting here. It's a lot more difficult to get that ID if you're here illegally, or if you're dead. It would be a horrible burden on e.g. Chicago machine politics - they'd have to get people into jobs in the DMV offices and everything!

Re:wow digging

https://en.wikipedia.org/wiki/Voter_impersonation_(United_States)

Re: wow digging

I'm so glad that my vote counts as much as a bum who wont even lift a finger to work, drive or do anything useful.

Re: wow digging

What statistics? Did they have anything to do with the unique incentive with voting? Ya, didn't think so. You're one of those people who "knows" without knowing.

Re: wow digging

That's why the Russians targeted black voters with fake "Black Lives Matter" groups either misdirecting potential black voters or telling them not to bother voting.

The largest of those groups on Facebook was actually the work of an Australian who made a fucking killing on the ignorance of those who consider themselves "woke"

Re: wow digging

You mean like a video where DNC higher ups admit to busing people around on election day?

Project Veritas might help you.

Re: wow digging

[jeff4747]

That's not a problem, it's by design. It's specifically done that way to prevent populous states from taking the reins of the whole nation.

Nope. That's the point of the Senate.

Electoral College votes are 2 for Senators plus one for each member of the House. Since number of Representatives are based on population, the Electoral College does not protect small states. They get the 2 votes every state gets from Senators, and then the small states get far less votes from number of Representatives.

There's two things skewing the Electoral College at the moment. #1 is the winner-take-all nature of most states mean only the states that are closely-divided are relevant. And, btw, those are not small states.

The bigger issue is we stopped expanding the House of Representatives in the 1910s, and you can't go below one Representative. So currently small states are over-represented in the House even though it is not supposed to work that way. To get back to the ratio of population-to-Representative we had in the 1910s, we'd need more than 1000 Representatives instead of 435.

Re: wow digging

[jeff4747]

I don't have time to look up the name

Translation: My google showed that he was transporting legal voters to the polls, so I need to keep it vague and sinister-sounding.

is they know about the voter fraud yet even the Republican establishment works to hide Democratic voter fraud

You realize that this statement is slightly less plausible than all the "crisis actor" claims anytime there is a shooting, right?

Republicans are literally changing laws to manipulate the ballot in North Carolina to favor their Supreme Court candidates, but they'd totally pass at an incredibly easy opportunity to annihilate the Democratic party.

You're getting played.

Re: wow digging

[HeckRuler]

There's also a history of voter laws being used to block black people from voting. But that was a long time ago and the parties have really mixed it up since then. I'm pretty sure there's plenty of idiots voting both ways, but in the same sense that ANY paperwork or regulation is viewed as harmful to business, people argue that ANY paperwork or registration is harmful to getting people to vote. And yeah, every election people are turned away in some states because they never registered, or failed to update, or their state was being an asshole.

Re: wow digging

You have to provide an ID in most places to buy alcohol. You have to provide an ID in most places to make purchases, rent a car, and do many other important things in life. Why should you not have to prove who you are to vote?
 
Did you forget about the towns in Wisconsin with 350 some votes for Clinton in the last election, when there were only 280 actual voters TOTAL?

Re: wow digging

[Catbeller]

Chicago now offers a Chicago ID card for just this purpose. The right wingers oppose it: guess why.

Re:wow digging

[Catbeller]

I'd worry more about the voting machine company, but yep, this lets the locals the votes. Whoever knows the passwords can sell the passwords. Or give them away to get their candidate elected.

There've been a lot of weird and close elections in the last 17 years. Far too many.

Re: wow digging

[Darinbob]

In California, I don't have to show ID, but I do have to give my name and address and it has to appear on the rolls. Sure, this can be abused but it is not easy to abuse it. If someone else appears to have voted with my name then I will have a provisional ballot and an investigation will be raised. I have not heard of any widespread voting abuse based on this. Usually though I vote from home with a permanent absentee ballot, which I have to sign.

To affect an election you need a more wholesale approach to this. That means more than a few people here and there getting away with you, you would need to find thousands of people who are registered but who do not actuallly vote and then get thousands of people to engage in pretending to be those people, and then not get caught. Of course, there are those losing politicians who claim this happens, but that's just typical sour grapes since no evidence of this ever turns up.

There is a problem here to be sure, mainly because election commisioners (in every state) are far more concerned that things run smoothly rather than that they run accurately. I wish they did a better job with accuracy, I wish they would not announce the winners before any absentee or provisional ballot has been counted. I wish it was like Australia where you are required to vote by law if you are eligible so that elections aren't decided by the 25% who are the most devoted to their parties.

Re: wow digging

[Darinbob]

There is already almost no voter fraud, period. ID checks are ok on their surface - however for some people this is a major inconvenience. The snag is that those people are by and large not republican. They don't drive, they cannot take time out from work to spend all day getting a voter ID. And yes all day, or have you not seen news recently about people spending all day in line because the Real ID act is clogging up the DMVs.

It would be nice if we could meet in the middle. But both parties seem solidly entrenched in their beliefs that the opposite party are treasonous fraudsters. We really can't have a functioning democracy with this level of hatred towards those with differing political views.

Re: wow digging

You don't seem to think voting is important

Seems to me he thinks just the opposite. Voting is the most important thing you can do. If you are to lazy or stupid to not be able to pull together enough documentation and 30/free in some areas, to get a id then you're to stupid to vote.

Re: wow digging

[Comrade+Ogilvy]

It is well known that there are perfectly legal get out the vote efforts that certain people complain about because the voters are black. This is especially true in the rural South, of course.

Guess what? In the rural South, the voting booth is probably placed in a small rural town. But the voters who vote in that voting booth may be miles away down dirt roads. A black church takes it minvan and makes some trips, picking up 8-10 voters, often elderly who cannot drive themselves.

The local who lives in town sees this minivan filled with bona fide legal voters filing into the voting center and panics because "Oh, no, those people are not my neighbors. Why are they voting here?"

Well, they are neighbors. But people who are too racist to ever stroll down the road to mingle with people who have darker skin have trouble considering the question in a rational way.

The "busloads of illegal darkies voting" meme is never going away until we have many fewer racist whites in the this country. The actual facts are easy enough to establish. But when the conclusion was built on a foundation of irrational racist hatred, facts and logic are not going to persuade.

Re: wow digging

[Darinbob]

They should give those people provisional ballots rather than turn them away. Voting is a right and it should not be removed by a mere volunteer poll worker.

Re: wow digging

What's really racist is the idea that minorities are just incapable of getting an ID.

My step son turned 18 & never got an I.D. He didn't drive (or fucking work) so he never bothered. He wanted to vote.

There is a difference between not being able to find a job and simply not wanting to do any work (I'm talking capable and not retired) . As for the latter, I'm not really sure I want them voting. They are not contributing to society, only taking, and still expect to have a say in how things are done? I don't think so. If you do, then I want to go live with you, eat your food, and tell you how to run your house. Who wants to send me their address?

--XYZZY--

Re: wow digging

[Comrade+Ogilvy]

You were born yesterday. WBush DoJ pushed this issue. They found maybe a dozen instances in the entire US of A.

The are lots of red states with perfectly capable right-wing Attorney Generals that would love to find examples, because evidence would be valuable in the courtroom when justifying stringent voter ID laws. The reason the ACLU wins so many lawsuits is actual evidence is conspicuously lacking.

Fraudulent voting happens about as often as people die from lightning strikes. If that were not the case, then Republican AGs are surely the most incompetent attorneys who ever lived, all of them, for some reason. Is it more likely being a Republican causes actual serious brain damage? Or that the voter fraud is rare?

Re: wow digging

[Comrade+Ogilvy]

It is not just the supporting documentation, but having the right supporting documentation at the right time to unravel the Gordian Knot.

Need an ID? You need to prove who you are, so you need a birth certificate. How do you get a birth certificate? You need to prove who you are -- they do not give that stuff to just anyone in the post-9/11 world. But if you have a printed bill from the county water department sent to your name at an address that is evidence. Oh, wait! You are the spouse who does not handle the money, so your name is not on any bills. I guess you can change a bill, and collect that evidence next month...

These things can be worked around, but it is very easy to get wrong the first or second attempt.

And when we are talking about rural voters, it might be a 2 hour bus trip to the county seat, 4 hour round trip. If you make a small mistake, you may have to make this trip 2 or 3 times. If you are working poor, can you afford to take 3 days off work to get all the paperwork right? Oh, and the actual fees are sometimes possible to waive, but that is more paperwork.

This all adds up.

Re: wow digging

[Comrade+Ogilvy]

That is the beauty of purging rolls aggressively. Life may not have been hard 10 years ago, but maybe life happened and you no longer have a copy of your birth certificate.

Re: wow digging

[Darinbob]

Voters are bused, but both parties. It's a service for many people who can't drive. However the myth is that those ineligible to vote are being bused in to vote fraudently, and no evidence has ever been shown to support this. Especially the arrival of legitimate voters by bus is not evidence of fraud.

Re: wow digging

[Darinbob]

Mostly voter ID seems to be a hot button issue for those who assume that there is rampant piecemeal voter fraud. Of which there is no substantive evidence of this happening. Wholesale voter fraud should be a much more serious concern.

Note that the arrival of busses is not evidence of voting fraud, it is a common occurence to bus in valid registered voters who don't drive and who otherwise wouldn't bother showing up. So a part of "get out the vote" by both parties includes offers to shuttle people over for free. Ie, church buses, vans, etc. Now I'm sure that seeing a stream of black of hispanic voters filing off of a bus frightens some people, but it's not evidence of fraud.

Re: wow digging

[Darinbob]

Oh, I'm sure there are fake/exaggerated news stories on Brietbart or Infowars all about this, so it is reasonable to assume that someone who saw that news might think it was legitimate and have trouble looking up the details.

Re:wow digging

its great. then companies can have vote parties. where everyone brings in their forms and fills them out together. the boss can check them, purely to make sure you don't waste your vote of course.

Mail in ballots are inherently not secret.

A better solution is to fund it properly, have enough poling booths, and make it compulsory.

Re: wow digging

If there are "no dole" stipulations, then old fuckers don't get an exemption. Furthermore you're a fucking idiot since you think people on "the dole" (you dirty british fuckwad) don't pay taxes. I had to file special paperwork to not have taxes taken from my last gov check. You then think they don't spend that check and pay taxes again. You just wanna be greedy and cruel, and since your plan would mainly affect minorities, it's sounds kinda racist when combined with all the founding fathers rhetoric. Since you're one of the commonwealths, I can understand why you'd really love to fuck our shit up with such a stupid plan. Next time you want to infiltrate American politics, don't use british words.

Re: wow digging

[Darinbob]

I agree that there is an advantage in allowing less populated states from being pushed around, but it should also go both ways, populated states should not be able to be pushed around by low population states.

The method that the states were formed in the past have a great impact on the electoral college today. The historical reasons for a state don't necessarily apply today. California is a large state because when formed it was assumed that western states would have relatively low populations; but today it has the largest population.

And the notion of sovereign states in a loose federation is an outdated notion here. The states in the US don't have boundaries related to social, cultural, or ethnic divisions, they don't even have good geographic borders. The states are much more like administrative districts today.

But the whole idea of the electoral college and the reasons for it are outdated. The states that have winner-takes-all-electors screws up the results too often. I'd much rather presidential candidates campaign in the entire country rather than playing some political board game.

Re: wow digging

[sexconker]

You can't claim "voter fraud is rare" when there is no way to detect successful, systemic voter fraud of this nature.
You don't need to prove voter fraud is a rampant problem in order for it go be a good idea to take basic steps to limit the possibility of it.

Requiring people to show they are who they say they are when voting is a bare minimum step.
Do you support checking IDs when someone tries to buy alcohol or a firearm?
Do you not install security updates until after your shit gets attacked?

Re: wow digging

[SlaveToTheGrind]

but maybe life happened and you no longer have a copy of your birth certificate

Or maybe it's Maybelline. Again -- anyone can come up with angels-dancing-on-heads-of-pins hypotheticals. There's a reason we don't design policy around stuff like that. Show it's actually happening in the real world with any degree of regularity, and we'll have something to talk about.

Re: wow digging

It's not just the ID itself, but the supporting documentation.

A new copy of my birth certificate costs $50, or I have the option of traveling 2000 miles to get a free copy at the county's offices.

Not to mention that the companies that will obtain your birth certificate for you require that you produce a copy of your government issued ID.
They're useless if you need a copy of your birth certificate to get your first government issued ID.

Re: wow digging

[Comrade+Ogilvy]

You can't claim voter fraud is not rare when lacking a shred of evidence. It is simply dishonest. It is not my job to prove how rare unicorns are, but the person who says unicorns are everywhere. AGs have looked and looked and they cannot find more than a rare isolated example here and there.

For example, there is a consistent complaint that surely dead people are voting. Gee, it is the twentyeffinfirst century and it would be easy to detect that with computer technology if it were non-rare. No body looks into that because everyone with a brain knows the truth.

If you could figure out how to prove there was significant amount of voter fraud, there is a rightwing PAC out there who will write you a seven figure check for the evidence, I guarantee it. Put you money where you mouth is, and quick your day job for a year to serve American democracy. And get rich, too.

Re: wow digging

[Comrade+Ogilvy]

Or maybe it's Maybelline.

Correct. It is you making stuff up out of whole cloth.

It has been shown to happen with regularity, with hard evidence, under the bright lights of a courtroom. The ACLU has done this multiple times.

Yet the same evidence-free arguments get trotted out again and again and again.

Now, what "regularly" means is different things to different people. If it is even a few thousand people or a few hundred who used to vote but cannot anymore, what justifies making it harder on them even very little? If the claim is voter fraud is a problem, it would sure be nice to see more examples within the state than can be counted on two hands.

We have two claims being made by the very same people: (1) There is a lot of voter fraud. (2) It is impossible to find more than a very few actual examples of voter fraud because the dog ate my homework. I am sooooo impressed.

Re: wow digging

I have the option of traveling 2000 miles to get a free copy at the county's offices.

Your county is pretty big. Why are its offices located five states over?

Or is your county Alaska?

Re: wow digging

[another_twilight]

You can't claim "voter fraud is rare" when there is no way to detect successful, systemic voter fraud of this nature.

Proving a negative is hard. There have been investigations that have turned up nothing. That's not proof that nothing exists, but it's raised the bar above your hand wave. Can you provide criticism of the methodology of, for example, Trump's Commission on Voter Fraud?

in order for it go be a good idea to take basic steps to limit the possibility of it.

Unless your implication that there's no cost to such a process is false. Those who oppose voter registration claim that there is an uneven burden placed on some members of society. That may not be the case, but if so, please explain why it's not so.

Do you support checking IDs when someone tries to buy alcohol or a firearm?

Alcohol is moot, but your point regarding firearms is fair. My understanding of the reluctance to insist on ID is that voting is such a fundamental right and so necessary for the proper functioning of Democracy that _anything_ that even looks like interfering with the right to vote (such as by making it harder for some to do so) is off-limits. But that seems to apply equally to the right to bear arms which does require ID.

Do you not install security updates until after your shit gets attacked?

Citizens have rights. Your PC does not. You're also assuming that there is a possible attack in the face of investigations that have shown that there isn't and that the cost imposed by 'patching' doesn't weaken a fundamental right.

But, as I said before, the comparison with ID for firearm purchase is sound and persuasive.

(caveat, I'm not from the US so there's a good chance I'm missing something)

Re: wow digging

[Highdude702]

I agree we should get rid of all of those racist white democrats.

Re: wow digging

[Highdude702]

It happened to me in 2016. I had to use a provisional ballot. Here in Nevada if you don't vote in 2 federal elections they remove you from voter list.

Re: wow digging

[Highdude702]

Here in Nevada it is illegal for an adult to not have state issued ID on their person at all times. If you cant afford an ID(Homeless) The state will gladly waive the fee for you to get an ID. This is why I feel its racist to say that certain demographics cant get an ID. You're basically saying they're too stupid to do so. And that's not Fair or Right to the people.

Re: wow digging

[Highdude702]

Basic gov't-issued photo ID is free at every state DMV that I know of.

AFAIK its only free to the indigent. But that's the same thing. I've known a lot of homeless people here in Las Vegas. My late uncle was homeless most of his life. It was a choice as it is for most of the others here. They would rather get high and drunk than get a job. They panhandle(and some make damn good money) And could easily get enough money on their walk to dmv to get an ID. But most don't need it as they already have ID and bank cards. If you don't believe me next time you're in vegas, get off the strip and talk to some locals, hell even talk to the homeless. many of them are rather friendly.

Re: wow digging

[Comrade+Ogilvy]

Why not just stop all the racist policies and lies? Is there something about racist white republicans that floats your boat?

Re: wow digging

[SlaveToTheGrind]

It has been shown to happen with regularity, with hard evidence, under the bright lights of a courtroom. The ACLU has done this multiple times.

Awesome -- in that case, it's in the public record and you should be able to provide citations. After you do that, I suspect it will quickly become clear that the "it" you're referring to has little to nothing to do with your original claim about people who (1) had their birth certificate, (2) registered to vote, (3) were later purged from the rolls, and (4) in the meantime had lost their birth certificate, and (5) at that point were somehow unable to get a duplicate. Looking forward to it.

Re: wow digging

[Comrade+Ogilvy]

The point is that there may be reasons someone does not have a birth certificate.

To get an official birth certificate in this post-9/11 security theater world in the great state of my birth, I need to get send a request with a notarized signature. To get a notary to notarize my signature, I need a gov't issued ID. To get a gov't issued ID, I need an official birth certificate. It is possible to unwind the Gordian knot, but it requires effort of which forms to fill out with which kind of evidence to get things rolling. It is not obvious or easy how to do this to approximately everyone, although it is possible, of course.

In fact, a proper registered voter may not have ever had a birth certificate or state ID and have been voting for decades. What do they do to re-register if they were purged from the rolls? It has been proven in court that people who are legal voters for decades lack state ID. Are you denying as much?

Re: wow digging

[Rob+Y.]

And voters in Wyoming, Alaska and Vermont do get representation. Proportionally in the House, and way disproportionately in the Senate. To say that limiting them to proportional representation in Presidential elections would somehow deprive them of representation is pretty disingenuous. Especially when you start getting the EC 'overruling' the popular vote. You can't sustain a democracy that way. It's just never been a problem before - because the country hasn't been so divided politically between rural and urban voters before.

Re: wow digging

[SlaveToTheGrind]

To get an official birth certificate in this post-9/11 security theater world in the great state of my birth, I need to get send a request with a notarized signature. To get a notary to notarize my signature, I need a gov't issued ID. To get a gov't issued ID, I need an official birth certificate. It is possible to unwind the Gordian knot, but it requires effort of which forms to fill out with which kind of evidence to get things rolling. It is not obvious or easy how to do this to approximately everyone, although it is possible, of course.

For the handful of people in your state that actually have an issue like this, maybe the resources all these activist organizations are spending trying to eliminate ID requirements for voting would be better spent helping those people get IDs. Just a thought.

It has been proven in court that people who are legal voters for decades lack state ID. Are you denying as much?

And there we have it -- in three exchanges, the big bad boogeyman that supposedly has been proved in court over and over has diminished from people who were once registered to vote, were deregistered, and who now physically can't get the documentation they need to get reregistered, to "people who are legal voters for decades lack state ID." Bye bye, goalposts.

Re: wow digging

[Comrade+Ogilvy]

And there we have it -- in three exchanges, the big bad boogeyman that supposedly has been proved in court over and over has diminished from people who were once registered to vote, were deregistered, and who now physically can't get the documentation they need to get reregistered, to "people who are legal voters for decades lack state ID." Bye bye, goalposts.

If you actually understood what you just wrote, you would notice that the goalposts did not budge a nanometer, at least your comment completely fails to demonstrate as much. Perhaps you are confused by the idea that someone who has voted for decades, who registered under less stringent rules, might get pushed off the voter rolls and now has trouble re-registering? If you were familiar with the actual applicable laws at all, it would not be confusing at all.

The likely numbers of people who fall through the cracks, reasonable people can disagree. But I have never seen any evidence at all to support the conclusion that the alleged voter fraud is a bigger problem. In fact, the more I have tried to find any evidence, the more certain I have become that there is a lot of suspicions based on flagrant racism, and voter fraud is probably very very rare.

Re: wow digging

[jeff4747]

You do realize that people move to different states, right?

I was born in a state on the West coast. I now live in another state on the East coast. A new copy of my birth certificate has to be issued by the county where I was born. Which is on the other side of the US. The state where I currently live will not issue me a copy of my birth certificate, because I was not born in this state.

Re: wow digging

[jeff4747]

Busing legal voters to their polling place.

The thing to remember about Project Veritas is they edit everything they release. Because lying to you sells very well.

Re: wow digging

[Highdude702]

They can also GTFO thank you for your time.

Re: wow digging

Absolutely untrue, but some idiots still upvoted you. Nevada and Arizona have stop and identify statutues, meaning you have to give a police officer your name if asked, but there is no requirement to carry ID.

Re: wow digging

[lgw]

Because Democrats oppose voter ID lockstep, we have solid evidence that voter fraud massively benefits Democrats. QED.

Of course, that's changing in California where they're just giving illegals the right to vote. Of course, once they're in the privacy of the voting booth, they'll only vote in school district elections. Of course they will.

I expect opposition to voter ID to mysteriously vanish once enough places legalize voting by illegals.

Re: wow digging

[Comrade+Ogilvy]

You always have the option of taking your own advice. Unless you are a craven coward, of course.

i fucking love pcanywhere

oops:

Symantec pcAnywhere has been discontinued. The following FAQ helps you answer your queries that are related to this End-of-Life announcement.

Russian company?

Does it matter?

ZOMG remote access software!

Same as any other distributed application.
But it is stupid that the remote access s/w was pc anywhere, instead of ssh.

Not a big deal

[Train0987]

It's plausible that an admin or tech installed it for convenience at certain trouble customers and current execs just weren't aware. It doesn't mean they lied. This was 15-20 years ago. Pretty common practice.

Re:Not a big deal

[Opportunist]

It's pretty common practice in your country that machines with highly sensitive areas of operation don't get audited for such common things like blatantly obvious backdoors and deliberately installed remote control software?

Remind me to never use an ATM in the US.

Re:Not a big deal

[Train0987]

No, sadly its this kind of misinformation meant to reinforce a false belief in election-rigging that's become common practice.

Re:Not a big deal

[rsborg]

If any system should be "airgapped" it's one the controls the political levers to the biggest market in the world.
I mean, which black hat wouldn't want to game that system?

Re:Not a big deal

[Opportunist]

Even more of a reason to dump those voting machines.

People pretty much have to trust paper and pencil. It's something everyone understands and trying to spin some conspiracy of how someone "stole" the election is pretty hard that way.

That gets way easier with a tool that few people understand, even fewer can audit and only a handful actually get anywhere close to actually auditing it.

Re:Not a big deal

[powerlord]

I mean, which black hat wouldn't want to game that system?

Judging by the news, quite a few Red Hats are interested in it also.

Re:Not a big deal

[jrumney]

And since their tech support was outsourced to highly qualified Russian computer programmers, there is nothing to worry about here.

Re:Not a big deal

[strikethree]

While I am usually one of the first to provide alternative explanations for seemingly hostile actions, the alternative explanation that you offer is not really much better than pure malice on the part of the vendor.

These are machines used to decide the future of our country. Your explanation implies that controls were so loose that a low-level tech had the ability alter entire elections without anyone being aware.

Granted, in MANY areas of tech, a low level tech can do lots of damage; however, the stakes involved are radically different. A lineman can take out power for hundreds of thousands to millions of people for a few weeks. A technician for voting machines can alter the trajectory of an entire country permanently.

The stakes are very high surrounding the outcomes that these machines help to decide. The security should be equal to the task and if your explanation is to be accepted, then the CEO should be prison for trying to sell a device with inadequate processes and procedures. It definitely qualifies as criminally negligent.

Garbage systems.

[Gravis+Zero]

If your electronic voting booth runs a commercial operating system then you have already failed to secure your systems.

Re:Garbage systems.

[Penguinisto]

Meh - security-by-obscurity isn't quite the answer. A properly stripped, hardened and configured *nix kernel could secure things more than well enough, and require a lot less effort, money, time, etc. At least, as long as you keep up on patches, but that would be the case on any properly-maintained uber-proprietary OS.

Re:Garbage systems.

[sinij]

What you say is superficially reasonable and my work the first time around. Once it is known what flavor/distro is used in these voting machines, APTs will insert hard to detect flaws to be exploited.

It is quite possible to intentionally introduce an exploitable bug without it looking like sabotage.

Re:Garbage systems.

[David_Hart]

If your electronic voting booth runs a commercial operating system then you have already failed to secure your systems.

Yes and no. An electronic voting booth running a commercial operating system can be reasonably secure if it's not accessible from the Internet or if it uses security software and VPN technology for all communication. That being said, all electronic systems running an OS are vulnerable to having malware loaded locally. Once a bad actor has physical access to anything (i,e. through local access, social engineering, etc.) then all bets are off.

The only way to be sure is to have a paper trail. If you're going to have verify the paper trail anyways, then you may as well go back to paper ballots...

Re:Garbage systems.

use a blockchain for voting, everything is recorded in the ledger and problem solved.

Re:Garbage systems.

[zifn4b]

No offense but I think you two are thinking at a level of detail that while admirable isn't necessarily. The simple truth is: the voting machine shouldn't be connected to a network at all including the internet. It should also be in a secure location and tamper-proof like an HSM (Hardware Security Module). Unauthorized tampering fries the machine. If you want to get super serious about security, check FIPS. To give you an idea, a credit card transaction processing system must meet the FIPS Level 3 standard.

Re:Garbage systems.

[bluefoxlucid]

You could use Minix 3. The kernel itself is tiny; and each part is isolated, so auditable individually. High-level certification is fairly doable; more to the point, you can audit the outside-controllable path and strip out things you don't need.

For a touch screen voting machine, you'll need graphical display, touch screen input, and disk access. That means file systems. It means the capacity to run and schedule processes. It means the capacity to manage memory.

It doesn't mean BFQ and anticipatory scheduling; it means direct scheduling, simple prioritization. It doesn't mean fancy coalescing and defragmenting memory management; you pop that out and put in a naive memory allocator.

You may have to make some concessions. Compressed RAM? No. High-end memory protections? Yes, you'll want to augment your VM page memory management module with a policy-driven memory management module that prevents the creation of writable, executable memory. You might want some sort of file system access control system, or a capabilities-based security system--complex code that adds mitigations.

These bare-minimum systems are core. They either tend to not change or they tend to have a naive implementation that we can audit over the long term. The base kernel in something like Minix tends to not change much; the VM manager tends to stay as-is; the process schedulers also stay untouched. That code may be 5 or 10 years old, and becomes of particular importance when it becomes the subset for high-security embedded systems.

Your risk falls greatly through those simple virtues.

Re:Garbage systems.

[Train0987]

You are absolutely correct. Blame the media for that - they demand instant results.

Re:Garbage systems.

[bugs2squash]

Why does it even have an operating system. It's not as if it needs to be able to double as a word processor or run the occasional spreadsheet. It is a single purpose device that could run a fairly simple state-machine, a few hundred lines of C.

There may well be a complex system that loads the ballot rules into it, but after that its job is just to accept input on some push buttons, light a few lights, spit out a little record on its serial port to a printer and move on.

Hell, its "display" could be just a few OLED character displays and a see-through panel that has a printout of the ballot placed behind it.

Read the ballot through the glass, toggle the light next to your choices or press the "write in button" and use a keyboard to enter your own option, mash the "vote now button" and review your choices in the window that lets you see the last couple of inches of the printout, press the "confirm button" and take your voting receipt while the printout scrolls up to hide your ballot from the next voter.

Maybe add a few bells and whistles to indicate that it is ready to accept a vote and has not run out of paper

ie- the direct digital analogy to the old punch-out ballots with a quick count available from the machine's memory and a hard copy audit trail

It could even have an "audit port" to allow a separate auditing system from a different vendor to validate that the info sent to the printer matches what the voter entered

Re:Garbage systems.

[dj245]

You're really relying on the vendor to technically know what they are doing. Our company has been trying to win some government work in the past few months. We know we are technically competent but we are totally outclassed by the vendors who know how to game the system- getting their proprietary specs into the RFP, forcing numerous addendums to be issued so that small competitors (us) can't keep up with all the changes, etc.

In our core business, our customers are wise to these practices and don't put up with them. In government, it seems there are different rules that allow and/or require these types of vendor requests to be taken seriously. The winner isn't going to be the one with the most technical competence (unless by accident). The winner is the one who can game the system the most.

Re:Garbage systems.

Maybe the digital systems and processes used in the election process should have a similar oversight to the development and configuration of medical systems. That would stir the herd, shake the tree and punish the wicked. Or at least be auditable. Elections are a part of the critical infrastructure of a country, after all, but those are still treated like a badly designed circus shows. Probably because of "invisible electricity, how does that work".

Re:Garbage systems.

[bluefoxlucid]

No, I'm simply pointing out the theoretical capacity to produce something of some measure of security.

I'd like a full brief on these practices and how they differ between the public and private markets, ready for public release, with case studies and recommendations. Salient details and the limited discussion necessary to explain them. This is one facet of government I'd like to see nailed down once and for all, and nobody has stepped up to make it a major issue because we're all more concerned about gun violence, education, and Social Security. Such government inefficiencies are a violation of human rights.

Re:Garbage systems.

[hey!]

You are talking about software engineering approaches to securing the system. Those are important, but the overall system design has to be secure, otherwise it doesn't matter how secure the operating system is.

A better approach would be to have the system print out human readable, machine readable paper ballots, which the voter carries from the voting booth to a secure ballot box. This wouldn't prevent the machine from mismarking ballots, but there would be a high probability of someone detecting an effort large enough to swing an election.

Re:Garbage systems.

[bluefoxlucid]

Well, yes. Software engineering approaches are the equivalent of not letting people wander into that back room where the ballots sit, able to pick through and change things without supervision. Without a basic capacity for security, there is no security.

A better approach would be to have the system print out human readable, machine readable paper ballots, which the voter carries from the voting booth to a secure ballot box.

The machine that reads the ballots then has software which does the same task as the original machine: interpreting and storing votes.

You have suggested that the voting machine might lie about how it's storing ballots, and so the network cable should be replaced by a form of visible packets which human voters can inspect. The problem is the machine that reads the ballots in also runs supplied software, which also may have malicious code.

Ballots aren't public. Eventually, those secret ballots get tallied. Every individual verifies their vote as it goes into the machine; then the machine counts them; then the machine tilts 5% of the votes to change the election. It's close enough that nobody can really say what the outcome should have been, and feels confident enough that it was a close race and could have gone either way.

Assuming the machines are technically impervious to outside attack and the individual voting machines themselves are non-malicious, we can count an election by having each machine display the final tallies to public observers. The public can then independently tally everything up.

If the machines have no network connection, then the election judge can walk from machine to machine, displaying, announcing, and recording the tallies. The judge can use a hardware PGP device to digitally sign the election results from each machine, copying them to a USB drive. Then the judge inserts the USB drive into a network-connected terminal, which totals the tallies, displays them all, and sends copies up to a State system and to any pre-registered third parties. Anyone can pull these recorded ballots from the State system--the block of identifying information, if any, is encrypted.

This means you can crowdsource the individual tallies as recorded by election observers, pull the individual machine statistics, and verify them yourself. You can have automated systems perform integrity validation and recounts. The initial tallies are known, and we can validate that the election judge's key--the public key is published--matches the judge who pulled them from the machine.

So long as ballots are secret, you can't verify that any method has recorded and counted votes properly. Even a hand count fails. You can, at best, allow individuals to identify their ballots by some number, such as a digital signature, which means a third-party can allow individuals to check and acknowledge that their ballots are there and correct. Of course, that only works if individuals both remember their ballots and are honest rather than falsely complaining their vote has been changed.

With non-secret ballots, you get vote buying, voter coercion, and all kinds of other things. Your employer can check your vote. Your girlfriend can check your vote. The redneck across the street can come beat you half to death for voting to legalize gay marriage. If the voting machine can produce a paper ballot with details about your vote, then you can be punished for not obtaining a paper ballot with details about your vote, so the very existence of the option is a danger.

This occurs in many situations, and is a particular problem for Internet voting. With Internet voting, even an anonymous ballot draws coercion because someone can require you to vote in their presence. Polling places at least provide security for individual privacy. The solution to Internet voting disclosure is, of course, to allow a person

The big heist

[paiute]

The Man finally figured out that stealing money is for chumps. The best crime is to steal the whole country.

Re:The big heist

[PolygamousRanchKid+]

The best crime is to steal the whole country.

. . . even better would be . . . stealing someone else's country . . .

Whether that can be done is still open for debate.

Re:The big heist

The Russians are trying that experiment, on multiple countries, it would seem. Check back in the mid-2020s to see how well it worked.

Re:The big heist

Presidential elections see recounts and pretty tight monitoring. It's certainly not perfect; when they went to recount Wayne county, the numbers of votes in the boxes didn't match the number recorded. Michigan law states that you can't recount that, so that's a pretty easy path for fraudulent counts: just be sure that the number you report isn't equal to the physical votes and you're good to go. But overall, a malevolent actor has a good chance of being unearthed.

Voting machines aren't just used for presidential elections though- America uses the vote to decide a wide swath of topics, ranging from direct policy to who will rule. A compromised voting machine can be used surreptitiously in a variety of situations that will never face even local scrutiny, let alone national scrutiny.

Re:The big heist

It's been done before, it's called imperialism.

Re:The big heist

[hey!]

The Man finally figured out that stealing money is for chumps. The best crime is to steal the whole country.

That trains has left the station, because of lobbying.

If you as a voter sell your vote, that's a crime. If the person you vote for sells his votes in Congress, that's constituent services.

yeah, lying to a report is a nothingburger...

"and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters."

Indeed..

  I'm sure when motherboard called up some low level person handled the query off the cuff - "Gosh, I've worked here as an intern for 6 months, and I'm sure we'd never do that".. while...

  When the letter on US Senate letterhead shows up with an official inquiry, bells went off and the "legislative affairs" people were brought in, and they went around investigating, and having company counsel review the response.

Simple thing - for the former, at worst it's a "we misunderstood the question", for the latter it's "in which federal facility would your CEO like to be imprisoned".

Admin credentials written on the side, too?

[Voyager529]

"provided pcAnywhere remote connection software ... to a small number of customers between 2000 and 2006,"

The same PCAnywhere that was so egregiously exploitable that Symantec - Symantec of all companies, gave out free copies of version 12 to users who owned literally any prior version no matter how old it was? THAT is the product that was being utilized on voting machines?!

It has become abundantly clear that any company selling technology-based solutions to the government which can successfully win a bid should under no circumstances be allowed to do the job.

Re:Admin credentials written on the side, too?

[bluefoxlucid]

I'm working out a parliamentary voting system that I want to publish as open source. I'm even considering it on a government scale, with integrity and verifiability. The concerns are interesting and important; of course, that happens when your first concern is security.

Re:Admin credentials written on the side, too?

[Opportunist]

Now where is the kickback in that?

Re:Admin credentials written on the side, too?

[Voyager529]

by Opportunist ( 166417 )

Now where is the kickback in that?

Username checks out.

Re:Admin credentials written on the side, too?

[bluefoxlucid]

I'm pushing for voting systems that are stable and democratic--systems like Schulze and Ranked Pairs. Providing software and systems to handle the votes and give the public a means of validation has a political impact.

My state got rid of its voting machines and went to paper ballots. Each ballot went into a machine for scanning. Even with a recount by hand, I question if the human election staff ever misread a vote due to fatigue and routine. Do they miscount? County Executive went to Johnny Olszewski by 9 votes; after a recount, it was 17. Voting machines, on the other hand, give me a touch screen upon which they display the entered, recorded vote, so I know the software has correct input--and computers don't miscount.

Now imagine if the State gave each regional location machines with their own digital encryption keys. A hardware token, like a FIDO U2F device with PGP on-chip. There's only one per key, and it's not revealed, so the particular election judge's hardware token is known when reporting in--and we take physical steps to ensure the reports come at the end of the voting period, without time to tamper.

Each regional machine can now report to the State office with a signed block of votes. The individual machines could even perform the signing (using the hardware device), placing the data on a removable drive for upload through an Internet-connected machine. Thus the ballots are recorded and given an integrity signature before they're on any machine with network access.

That upload to the regional machine gets tallied, and that plus the individual vote packs get sent off to the State. Each step can also provide to a registered third-party, and the State and Regional central systems allow anyone to query and download the full set. Thus independent validation of untampered ballot packs (when signed, by whom, what content) becomes possible.

We can observe this process as well. During "counting", each machine displays how many votes and vote-total statistics. The election judge announces them before pulling data. The public can come to watch; the public can write down statistics; the public can publish them; and any group or individual who wants to pull down the State's data can validate the totals.

The software to compute each race uses a known, published algorithm--and code. You want to see how the Schulze winner came about? Same software, or a third-party software, reads in all the votes, shows you how any given ballot reads pairwise winners and losers, shows you the final tallies, generates the graph, highlights the strongest paths, shows the comparisons, and then shows the potential winner selection and the final winner. You can visually understand the process we're using (yep, it's complex!). The entire set of statistics and analysis can appear below, however you like.

The State can publish those same statistics. Everyone can verify them. People can write their own software to run verification, instead of using the published code.

That potential--the capacity to not only have third-parties report that, yes, their own tallies and their own monitoring and the crowd-published observation of the voting process matches the outcome, but also for the outcome to be explained in any level of detail from the simple winner to the complete performance of the counting process--allows us to implement systems which elect whomever the largest majority most approves, rather than a candidate who gets the most simple votes.

I've been trying to extend this to Internet voting, but there's some complication: Internet voting opens up vote-buying and voter pressuring. Controlled polling locations are inconvenient and disenfranchise many voters who do not have the time nor the transit capability to reach them; yet they provide privacy and anonymity so the voter can vote as they care. Internet voting allows a third party to bribe or threaten a voter, requiring them to vote privately with the third-party's observation. Any technical security against software attack only prevents direct, detectable tampering; private coercion escapes any firewall, any source code audit, and any form of unbreakable encryption. I've designed countermeasures, and still find them inadequate.

voting machine compromise

This seems to be a much bigger deal than *russia*.

Uh, yes it is.

ANY back door is a security risk and a potential for remote hacking. Especially if all the units have ONE backdoor login.

This was 15-20 years ago. Pretty common practice.

A STUPID and IDIOTIC practice. And if any of the voting machines still have that access, that would be negligence.

Re:Uh, yes it is.

[Train0987]

The story is very misleading, and I suspect that is on purpose.

I've spent about two decades working on election technology and voter registration data and could write volumes about it. None of that matters though because this is just another propaganda piece meant to reinforce false beliefs of a certain segment.

Re:Uh, yes it is.

The misleading was on the part of E&S when they consistently lied about remote software being installed. You're all over this article defending their deception : do you work for them?

Re:Uh, yes it is.

I've spent over three decades working on election technology, and judging by your username, post history, and political leanings, I am reasonably sure I fired you for incompetence over a decade ago :)

Regardless, you are provably wrong. It is well known in our industry that the machines of yesteryear are horribly insecure. If you have worked in the industry, you would be laughed out of it by insisting it's not. So either you are lying about working in it (and if not, I guarantee I have fired you John), or you're purposefully spreading misinformation (quite obvious from reading your post history).

California solved this the simple way

[Wizardess]

They went back to machine graded multiple choice exams on paper. And then they invited in millions of ghost voters to screw up the voting counts.
{o.o}

Primal scream

[Catbeller]

I TOLD YOU SO GOD DAMN IT.

Why would you assume they wouldn't install a backdoor? WHY??? Changing election totals gave them trillions of dollars in tax cuts and complete power.
Don't talk about open-source replacements. Any solution with electrons will be hacked and controlled. Go back to paper, the way Canada does, or did before the Tories rammed e-voting in. I wonder why, I wonder.

Re:Primal scream

[gtall]

Ah, the mythical "they". "They" seem to be capable of all sorts of things, collecting trillions of dollars, complete power. No one can compete with "they". Way to inflate a molehill into a mountain. This is one tiny voting machine company. You should work for Fox.

Re:Primal scream

[Gilgaron]

In their defense, they thought the backdoor was secure because it only took Cyrillic characters for input.

Re:Primal scream

[pz]

Mechanical voting machines. That's the answer. Incredibly difficult to hack on a widespread basis. Essentially impossible to hack remotely.

Can't fix the old ones? Bunk. Re-tooling is not just eminently possible, 3d printing makes it nearly trivial.

Re:Primal scream

Bzzzzt, try again.

That one "tiny" voting machine company controls over 60% of the U.S. market.

Re:Primal scream

The elections have been hacked long before it gets to the voting stage. Just look at how small the Dem field was. It had as many candidates as if a sitting president was running for re-election. On the GOP side, how many of their candidates were not wealthy and didn't have access to wealthy donors?

Before the first vote was cast, it was already decided we were getting a shit sandwich. We just got to chose between horse and bull.

Re:Primal scream

What is a Tory and what is their function in politics?

Re:Primal scream

[hey!]

Paper ballots with machine tallying combines the most of the best features of both systems and is cheap, logistically simple, and auditable. It also scales with license or technical limitations. I live in a state which uses that system and if turnout is heavy at the polling place they just set up another row of cheap pop-up voting booths, doubling the polling place's throughput for less than a price of a single voting machine.

Of course one man's bug is sometimes another man's feature.

I'm convinced that the reason these machines are so popular despite their cost, insecurity, and logistical burden is that they enable political parties to manipulate election results, not by hacking, but simply using the bottleneck they represent to generate long lines in precincts unfavorable to them.

Re:Primal scream

There is no argument when regarding the trillion dollars in tax cuts. You know exactly who "they" are though you'll keep pretending you don't. Way to try to obfuscate, confuse, and deflect. You should work for Fox.

Re:Primal scream

[strikethree]

Pen and paper is a great default. Relying purely on machines is insanity. There is a very nice middle ground that we can all agree on I think.

Voter goes in to booth to vote. Uses electronic machine to select votes. Machines prints out an EASILY human readable slip of paper. Paper is deposited in voting box by the voter. Reporters could get access to aggregated numbers from the machines to report on a "likely" outcome; however, the machine tally is not respected for election purposes, only the paper tally is used.

Re:Primal scream

The brown note or the bugs in the machine would get both the old and the new meanings during those elections.

Seriously? Wow, big woop..

[bobbied]

They put PCAnywhere on the MANAGEMENT systems on a few customer's systems. This was NOT on voting machines.

Folks do need to realize that this risk pretty much requires internet access and requires firewall access rules that allow it. This is not some huge risk and is easily mitigated by your standard network firewall configuration. Your home router would be sufficient to prevent unauthorized access using PCAnywhere. Big woop.

So why did the story change? Because, it wasn't part of the normal systems sold back in 2000-2006 and somebody remembered that in a few cases PCAnywhere was used to provide support for some selected customers and pointed that out to the people making these statements. Then, presented with evidence contrary to their original statement, they tell the truth and modify their statements.

Where this is something that needs to be fixed and PCAnywhere removed from the systems in question, there is very little real risk.

No paper trails till 2020

Not just closed source, the problem goes deeper:

https://patch.com/pennsylvania/doylestown/all-pa-voting-machines-will-have-paper-trail-2020-election

"Currently, about 83 percent of voters in the critical swing state of Pennsylvania cast their ballots on electronic voting machines that record the choices directly onto computer memory and produce no paper record"

Essentially worthless voting in Pennsylvania there. Even the company who owns the closed source software cannot tell you if the result is real or not.

It seems verified voter paper trails have not been implemented across a lot of states.

Who is going to prison for this?

Owner, CEO, CTO, Sales VP, Head Engineer
If there are no teeth or significant personal repercussions for this, then it will continue to happen.

Re:Who is going to prison for this?

[Train0987]

What law was broken?

Re:Who is going to prison for this?

Trump, Donny, Paul, etc.

Fairly straightforward solution...

Make voting equipment 'regulated' in the same manner that pharmaceutical manufacturing systems are. The FDA has a rather lengthy, and well documented, requirements around the systems - including: access (physical and digital (e.g. network)), change management, etc.

For example, once a pharma system is 'certified' for production they cannot be changed without, more or less, an act of Ghod, approval of the FDA, and a rather lengthy documentation process.

Yes, there are drug manufacturing systems that still run DOS, Win 3.11, Win 95, antiquated AS/400, VAX, etc. These are the systems that were installed when production was certified. And it significantly costs more to upgrade and recertify the environment than to keep them locked inside a closet, air-gaped, and humming along.

https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=820&showFR=1&subpartNode=21:8.0.1.1.12.7
https://www.fda.gov/downloads/Drugs/DevelopmentApprovalProcess/SmallBusinessAssistance/UCM456367.pdf
https://www.fda.gov/drugs/developmentapprovalprocess/manufacturing/ucm090016.htm
https://www.fda.gov/medicaldevices/deviceregulationandguidance/postmarketrequirements/qualitysystemsregulations/default.htm

As much a folks like to bash the FDA as a bureaucratic morass - keep in mind their prime objective - ensure the public safety with regards to the medical industry - in that they do what would be almost impossible for folks to do themselves - purity, efficacy, and standardization drugs, medical devices, and similar bits.

Fred in IT

Re:Fairly straightforward solution...

[Train0987]

Voting equipment is already required to be certified by the states the buy/use them.

Re:Fairly straightforward solution...

[careysub]

The logical entity to take this on is the National Institute of Standards and Technology (NIST), formerly the Bureau of Standards.

Re:Fairly straightforward solution...

[Train0987]

Yes, and that was done in 2002 with the Help America Vote Act.

https://www.nist.gov/itl/votin...

No way

[lengel]

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees, ⦠including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software,"

You mean to tell me some corporate spokesdrone would LIE to a reporter and not until their feet are held to the fire by legitimate legal power would the truth come out??!!

Shocked, I tell you. I am shocked.

43 states had machines older than 2006

Reading up on verified paper voting trails. (=My personal wishlist item for verifiable elections) reveals some disturbing stuff from 2016's election:

https://www.nbcnews.com/news/us-news/paperless-pennsylvania-can-swing-state-verify-2016-vote-n660266

"Even benign breakdowns of aging equipment — 43 states have machines that are more than a decade old ", i.e. states with voting machines from before 2006, the new standards didn't come in until 2007 and ESS only removed this software on machines made AFTER 2007.

You claimed it was 15-20 years ago, but the article says 2007 was the time they removed them and then only for new voting machines sold.

"when Pennsylvanians go to the polls to elect a new president in a month, more than 80 percent of them will be using machines that don't have a paper-backed audit."

Let me guess, Pennsylvania was polling strongly for Clinton yet elected Trump by a slim and plausible margin.
"Hillary Clinton leading by up to 12 points in Pennsylvania..."
(From Wikipedia after the article)
Trump wins Pennsylvania by 48.18% to 47.46%...

I'm guessing that this is odd.
2012, strong Obama, 2008 strong Obama, 2004 kerry, 2000 Al Gore....

Yeh right, and now you can't even verify it because you didn't have a paper trail to verify against.

FFS,

Re:43 states had machines older than 2006

[Train0987]

Most voting equipment is decades old. It's very expensive and rarely used. Not to mention the training involved for mostly elderly volunteers. The more complicated you make the voting machines, the more tax dollars are needed to buy/maintain and the less reliable they will be for the workers volunteering to run them. I've been involved with voting technology since the mid 1990's and as a professional I would LOVE to go back to the old manual pull-lever machines whose results are then carried by hand to central state locations for tallying. The media (and the public by extension) simply won't allow it though because they must have immediate results.

Re:43 states had machines older than 2006

"It isn't rigged, you're just losing!"

Remember that gem lobbed against the anti establishment right? When the right was demanding security in our elections and being told over and over they were just paranoid, delusional, and on the losing side.

The left ignored and mocked the right's concerns because they thought they would win, but now we finally agree: Say NO to closed source voting machines, say NO to anything that results in unverifiable votes, say NO to illegal votes from non-citizens, and say YES to Voter ID!

We no longer have representation in government.

[AmazingRuss]

We are subjects, and we have no control.... if we ever did.

Re:We no longer have representation in government.

Why should we have control? Most of us are idiots.

Re:We no longer have representation in government.

[AmazingRuss]

Unfortunately a smaller cadre of idiots has gained control.

Re:Seriously? Wow, big woop..

You're an ID-10-T and a moron.

The voting management systems are the machines that actually count the votes!

Where would you like to put your hack? Somehow on the 1000+ individual voting machines in a county that folks walk up to? or the one ring (machine) that rules them all that actually counts the votes?

And it could be something fairly small....
On each race, for every vote for party x, adjust 5% of votes on party x down by one and party y up by one. Enough that a landslide would still ring true, but a typical 5-10% spread election would be shifted without notice... could even add logic that if the actual election is really close (under say 3%) - make no adjustment! That way there is no scrutiny in the system.

Re:Not a big deal my ass

[GrumpySteen]

Voting machines decide who gets a huge amount of power in our government. Backdoor access via a software package whose source code had been leaked and exploited, leading to the manufacturer recommending that it be removed, is huge goddamn deal.

#freedumbs #gunsmakeusfree

So free!

Whens the violent revolution against the 1% who stole Amerika begin? Gais??

Americans are such pussies.

Re:Seriously? Wow, big woop..

They put PCAnywhere on the MANAGEMENT systems on a few customer's systems. This was NOT on voting machines.

One would only need remote access to a voting machine if they wanted to change the votes recorded by that one machine.
Assuming it was even on all the voting machines for a customer, there are only so many votes in total that district would be able to have before being noticed.

If you wanted to have any effect on the vote count, you'd need either remote access on all of the voting machines, or optionally remote access to just one management system that totals all of the voting machines votes.

Oh wait, that's what happened.

Folks do need to realize that this risk pretty much requires internet access and requires firewall access rules that allow it. This is not some huge risk and is easily mitigated by your standard network firewall configuration. Your home router would be sufficient to prevent unauthorized access using PCAnywhere. Big woop.

"Standard" firewall configuration is to allow all outgoing connections, but either block all incoming connections, or perform NAT so incoming connections are not directly possible.
But note the allow all outgoing connections part. You home router, if it is an off the shelf end-user level device, is guaranteed to be configured this way.

PCAnywhere makes an outgoing connection to provide remote access.

As you will note from above, your home off the shelf router will allow that. Standard configurations will allow that.
You'd need a non-standard configuration to block outgoing connections except for explicitly allowed ones. Plus you'd need to not explicitly allow the management system to make outgoing connections too.

Those facts make your claim incorrect.
Also I would have serious doubts about the reality of the networks these management systems would be on to be properly configured in this non-standard way to prevent outgoing connections from the PCAnywhere client. Lowest bidder contractors and all tend to do the bare minimum to give the illusion of things working and no more.
Not changing the default firewall to prevent outgoing connections would certainly qualify as giving the illusion of working. Why put in the extra work when it isn't specified and they aren't getting paid for it? I'd guess they wouldn't.

Where this is something that needs to be fixed and PCAnywhere removed from the systems in question, there is very little real risk.

What situation could you postulate that would convince me a person that was authorized to physically access this system, didn't double-click the PCAnywhere client to provide outside access to the machine?

Re:Seriously? Wow, big woop..

[Train0987]

"The voting management systems are the machines that actually count the votes!"

Not on the ES&S systems being described. It's not your fault for not knowing that since they conveniently left those details out. The point is to reinforce the myth that the elections are rigged against you when you lose.

Re: The House of Saud

Sorry son, the House of Saud does not tollerate debate.

afraid to ask

[micahraleigh]

How many different governments had their hand in this cookie jar?

The solution to multi-party corruption is not different politicians. The solution is limiting what those politicians can do.

Re: Aww yeah you sooo woke bros!

Fuck Californee for being home to ethnics right? Fuck yeah.. white guys!

Election management system?

[whitroth]

So, are they saying the electronic voting machines, the scanner machines... or are they talking about the systems that the votes are uploaded *to*?

The last would make the most sense... and why change individual votes, when you can change the uploaded vote data files, and thus change the totals, via that one system?

This damn well ought to be jail time for the CEO.

Re:Seriously? Wow, big woop..

[careysub]

You have (thus far) written nine posts claiming "NOTHING TO SEE FOLKS" but have provided zero actual data or citiations, just your personal assurances. Can you provide a link to any source that supports your assertion here?

This alleged "fact" is not found in any of the reporting on this that I have seen such as original New York Magazine story, updates by Motherboard, The Verified Voting watchdog project, etc.

You wouldn't be, y'know, just making stuff up now, would you?

Re: Ohio 2004

Never in the ENTIRE history of American politics had there been a differenve greater than 3% in exit-polls vs tallied results yet in 2004 Diebold voting machines saw a 15% vote-shift between exit polls and tallied results. No one has ever been charged for these crimes and Bush 2 sat for a second term as President in a position he was never ever elected to hold.

Your guns cannot defeat the 1%. You are lost.

Re:Seriously? Wow, big woop..

[Train0987]

I'm not the one making extraordinary claims. The idea that PcAnywhere being installed on a management system 15 years ago has fuck-all to do with anything is the extraordinary claim that requires evidence, and there is none.

I'm not defending electronic voting by the way. It's a horrible idea.

Yet ATM skimming is common?

"false belief in election-rigging that's become common practice"

ATM's are hacked all the time, to pretend voting machines are different, given the flippent security measures, is laughable. People should be skeptical of elections, because skepticism causes verification. They don't have to like a result, they have to be able to verify it.

https://www.reuters.com/article/us-cyber-banks-atm/hackers-hit-u-s-russian-banks-in-atm-robbery-scam-report-idUSKBN1E51SZ

"A previously undetected group of Russian-language hackers silently stole nearly $10 million from at least 18 mostly U.S. and Russian banks in recent years by targeting interbank transfer systems"

You think they can steal dollars and not change votes? Even when basic security measures are not taken? Even when you don't even put the printed audit trail on the voting machine?

Seriously?

Re:Yet ATM skimming is common?

[Train0987]

"You think they can steal dollars and not change votes? Even when basic security measures are not taken? Even when you don't even put the printed audit trail on the voting machine?

Seriously?"

I'm in favor of going back to mechanic machines with hand-counted ballots but I suspect you would protest at having to wait a few days to learn the results of such an election. I also suspect that no matter what level of security is implemented in electronic voting that you would still dream up an excuse for how an election was stolen when it didn't turn out the way you wanted.

The fact is that election equipment is very expensive and rarely used. It would be absurdly expensive to implement a secure electronic system that would last 30-40 years and remain secure, not to mention the level of expertise required at every polling place in the country for the 12 hours they are used every 4 years.

Re:Yet ATM skimming is common?

[doom]

> I'm in favor of going back to mechanic machines with hand-counted ballots but I suspect you would protest at having to wait a few days to learn the results of such an election Allow me to introduce you to the high-tech notion of the scantron form.

Re:Yet ATM skimming is common?

I'm a different AC.

I'm in favor of being able to ask questions of those who handle the votes, the machines, etc... And them being able to answer such questions. In my opinion, they should have one or more people devoted to just this purpose.

I do not believe the election was "hijacked" to any significant degree and that the issue is currently highly politicized. HOWEVER, we should be able to ask the questions and they should be able to answer. The security should also be "acceptable". Based on the article it sounds like ES&S can't answer the questions adequately as a rule. It also seems like they took shortcuts in regards to security.

While the problem may not be "significant" in nature, it would be nice if they could do a better job handling things. I have no problem with people grilling them a bit on it.

On a related note... One of my coworkers used to work for a similar company and when we discussed the issue, he basically said "there are laws". Which is funny, because as a person on the "Right" and an NRA member, he doesn't believe laws stop gun violence. Why would he suddenly think that laws would keep the companies from having poor security? It's not just the "Left" politicizing the issue. The "Right" is doing it too.

damn, that was close

[jshark]

Back in 2001 I got laid off and was *this* *close* to getting a job with these bozos.

I was *also* in the final interview, pre-offer stages to take a job with Adelphia at their headquarters in backwoods Pennsylvania (apologies in advance to any readers from Coudersport. I'm sure it's very nice, and i would have likely enjoyed living there, but i also would have preferred to be employed.)

<whizzzzz> multiple. bullets. dodged.

state ID

There are classes of people who will have trouble getting ID (especially RealID compliant), but who are citizens and have the right to vote:
1) Proof of residence - tough if you're a homeless person and don't have a handy utility bill with your name (or your parent's name - my 22 year old daughter doesn't get any utility bills in her name)
2) Proof of SSN - Think about this - do you have a *photo ID* with which you could prove your SSN? Didn't think so. If you bring your previous photo ID (drivers license) with address that matches the address and name on a W2 or 1040, they'll take that. Hmm, homeless person.. think they have W2's handy?
3) Proof of citizenship - original certified birth certificate - Oddly, because of the increase in identity theft, it's harder to get one of these purely by mail. Some states or counties require you to appear, in person, at the county recorder. California requires a notarized sworn statement that you are the person named on the request. Notaries do not work for free, nor do they hang out in homeless encampments or sketchy areas of town. AND, they ask to see ID - so you're in that circular argument of needing ID to get it notarized to get your ID.

Assuming you're in a "get it by mail" place, we're back to the "what does a homeless poor person do?" Walk to the post office and get a postal money order, then mail the letter, with a return address of "under the I-95 freeway bridge where it crosses the bay, on the left side" (this what people in Florida who were sex offenders had to do)

And lets not even get started on the whole "all you have to do is go online and fill out this form and submit it with your credit card number" for any of the steps. There's a whole lot of people who cannot do this.

Re:state ID

[sexconker]

People without addresses can get mail delivered to a nearby post office and held for them. It's called "general delivery". Ask your local postmaster about it. All you need is a zipcode.

You can do most things by mail. If you have no documentation, you just need a witness to vouch for you in front of a notary, court clerk, whatever. "This person is known to me." You can then start to bootstrap your life with a new SSN, new ID, etc.
No, it's not easy. No, it shouldn't be easy to establish someone as a citizen from nothing.
If you don't have your life together on a basic level and want to vote, then go cast a provisional ballot and get back to us when your shit is in order. We'll count the ballot then.

Re:state ID

[Darinbob]

I have noticed that the documentation for Real ID is pretty extensive. It's more like a passport than for a driver's license.

For myself, i went a couple of decades with an SSN "card". Which is just typing onto card stock, no security measures whatsoever, certainly not "proof" of anything. One job accepted me when I brought in the larger 8x11 paper that the lost ID had been punched out of. When I finally got around to getting a replacement it took a few hours of standing in line. Note especially that a social security number or card is not intended to be used as a means of identification, even though so many places use it as such.

Sure, because what mailman...

[Radical+Moderate]

...wouldn't be willing to risk his job, pension, and jail time to change a few votes? Totally worth it.

Poor != ineligible to vote

While *you* might think that "ability to vote" is low on your priority list if you are poor and/or homeless, there's an awful lot of people who are citizens, who have the right to vote, want to do so, and do not have the means to get all the ID required. And it's quite challenging if you're homeless and poor. - no utility bills, paychecks, bank statements, driver's license, etc.

Re:Poor != ineligible to vote

[sexconker]

While *you* may claim that, *you* have provided no evidence.

Further, if anyone has voting high on their priority list but somehow couldn't get their shit together in time for the election they can cast a provisional ballot, get their shit together, and then have it counted.

Go back to *reddit* with your *markdown* trash.

Re:Poor != ineligible to vote

[Darinbob]

And being able to vote is one of the most fundamental rights in a democracy. It shouldn't be abridged lightly.

Re: Is that goverment ID free??

[sexconker]

If not then FUCK YOU for being a fascist cockgobbler.

Even when proposals are made to require ID and to make it free, or free to those who say they can't afford the nominal fee, the Democrats say it's racist.
Apparently it's too onerous for someone to go and get an ID, and that it's disproportionately onerous to certain races. Yet they're perfectly fine with requiring every person to buy health insurance. And they're perfectly fine with requiring extensive background checks for purchasing firearms.

Whatever your position on the matter is, it's clear that the Democratic party's position is entirely duplicitous.

The DNC is fighting to keep dead people on the voter rolls. They're fighting to keep people who live in other states on the rolls in their former state.
They don't want you purging the voter rolls of people who have died or people who have moved to another state. They don't want you verifying that the person voting is the person they claim to be. Why?

Require an ID to vote. Make it free or cheap to get (and free for anyone who bitches and moans, I guess). If someone tries to vote without one, give them a provisional ballot and count it only after they satisfy ID requirements. It's not hard. We have the infrastructure in pace to do it (DMV offices, post offices, any place you can register to vote, etc.). Yet some people are against taking basic steps to secure the integrity of our elections. The SAME people who have been screaming for over 18 months that the election was "hacked".

Re: Is that goverment ID free??

[Jahoda]

The DNC is fighting to keep dead people on the voter rolls. They're fighting to keep people who live in other states on the rolls in their former state.

. Sigh. :citation needed:

Re: Is that goverment ID free??

Yet some people are against taking basic steps to secure the integrity of our elections. The SAME people who have been screaming for over 18 months that the election was "hacked".

It's called "psychological projection." The Democrats and the left in general suffer from it. They cannot accept qualities in themselves that they view as bad and therefore project them onto everyone else. They hate minorities and black people in particular, and therefore decide that any attempt to make things fair is "racist."

They claim the election was hacked, because they know it was hacked, because THEY DID IT. (And still lost anyway because they ignored "safe" states.)

They claim Russia colluded because THEY colluded with Russia. Clinton first sold uranium to Russia and then hired their intelligence agencies to get "dirt" on Trump.

Pretty much, any time you hear a Democrat (or really any leftist) complain about something, you can be sure it's because it's something they're doing.

even with the help of machines

hrc is still nacho president!

get over it you cheating sacs of crap!

Re:Seriously? Wow, big woop..

[bobbied]

Out going to where? Norton's server? NAT affords you some security here by limiting firewall connections to OUTBOUND only, outside traffic cannot initiate a connection unless you have port forwarding turned on, in this case for PCAnywhere.

You see, the ISSUE here is that you can get out, but ONLY when somebody initiates the connection from the inside. Just having PCAnywhere on your system does NOT make it immediately exploitable. PCAnywhere does not just broadcast it's existence and getting IN though a NAT connection is not possible without some other issue in play.

So behind a NAT, this is pretty much a non-issue, unless you have some other security problem such as a compromised router or another server that has some compromise that allows remote access. I'm not saying that doesn't happen, but I am saying that the risks of that happening are significantly less given that nobody is going to put such systems on the internet directly, unless they are idiots. In which case, PCAnywhere is the least of your worries.

Then you suggest that unauthorized physical access *might* be an issue? Again, IF that's the case, PCAnywhere is the very least of your worries because you are an idiot about security in the first place....

Then there is the whole, It wasn't part of the standard package and only installed on a handful of systems to enable remote support (likely for those who paid extra for this level of support).

Careful, you won't like what you find

Careful, you might not like what you find!

If we start really looking at these voting machines, we'll soon uncover the Diebold CEO's comments promising to deliver the 2004 election to George W. Bush (specifically Ohio, which they did, and which deviated from exit poles with huge sample bases- by a whopping 6% -- a wide enough margin to trigger new elections in other countries like the Ukraine, but mysteriously not in Ohio). It is likely we'll find many state and local elections have been "stolen," and probably one or two federal and even presidential elections (2004, 2016) where the results may well have been changed (but we'll never know--except by noting abnormal deviations from exit poles like in '04--since there's no audit trail. About the only results we can trust is where the margin of victory was sufficiently large to make such shenanigans impractical (2008, 2012).

Republicans not liking democratic outcomes date back to at least the 1990s when they impeached Clinton, and certainly include 2000, when they stopped a recount they would have lost (as was widely reported outside of the United States when the recount eventually happened, but strangely the US media was either quiet, or buried the story on page 12). 2016 isn't an aberration, it's part of a wider pattern, the only difference is this time they accepted help from a foreign adversary to achieve their goals, so desperate were they to stack the supreme court with their own ideologues for another generation.

Re:Seriously? Wow, big woop..

[bobbied]

You're an ID-10-T and a moron.

The voting management systems are the machines that actually count the votes!

Where would you like to put your hack? Somehow on the 1000+ individual voting machines in a county that folks walk up to? or the one ring (machine) that rules them all that actually counts the votes?

And it could be something fairly small.... On each race, for every vote for party x, adjust 5% of votes on party x down by one and party y up by one. Enough that a landslide would still ring true, but a typical 5-10% spread election would be shifted without notice... could even add logic that if the actual election is really close (under say 3%) - make no adjustment! That way there is no scrutiny in the system.

You are suggesting these systems where hacked via PCAnywhere that basically *requires* local access to initiate the connection. Given your scenario is hypothetical and obvious requires more than just some on line script kitty level hacking to compromise the system, but includes the requirement of having unauthorized administrative and physical access to the systems in question, I think you have overlooked some much bigger security issues.

Then there is the AC posting calling someone a moron angle. Got to love the irony of that... LOL

Sure, sure, lots of things are POSSIBLE... A magnetic storm and cosmic rays could alter the vote count too, but without evidence that it actually happened you cannot somehow claim that it did. So let's dispense with the hypothetical musings and concern ourselves with reality and what we can prove. There is no reason to think the vote counts where messed with after they where cast.... (Although there IS evidence that illegal votes where cast and counted... Like by dead people via mail in ballots and such).

You're assuming they're incompetent

[rsilvergun]

in a case like this I'm willing to chalk it up to malice. After all, you just have to control who counts the votes...

I have noticed it's always the right wing

[rsilvergun]

that wants e-voting without a paper trail. Always in the name of fiscal austerity...

Election Systems & Software LLC clarifies

its previous testimony:
“The sentence should have been, ‘I don’t see any reason why it WOULDN'T be remote access.’ Sort of a double negative."

Re:Seriously? Wow, big woop..

Out going to where? Norton's server? NAT affords you some security here by limiting firewall connections to OUTBOUND only, outside traffic cannot initiate a connection unless you have port forwarding turned on, in this case for PCAnywhere.

They are Symantec servers now, they purchased Norton. But yes, it connects outbound to Symantec servers to await remote control.
Then you sign in to Symantec server, enter the client ID shown in PCAnywhere, and a password also shown in PCAnywhere, and you have remote control of the system.

Again, NAT does NOT block outgoing connections by default, and especially in a "standard configuration", so yes this outbound connection through NAT is all that is required.

You all keep bringing up incoming connections as if that matters. Inbound isn't needed, at all, so it doesn't matter if you can or not. Port forwarding too, it isn't needed, there is NO inbound connection to speak of, so it doesn't matter if there would be one setup.

Then you suggest that unauthorized physical access *might* be an issue? Again, IF that's the case, PCAnywhere is the very least of your worries because you are an idiot about security in the first place....

Yes, insider access is the problem. Physical access is just as bad as remote access so far as being bad.
Remote access sounds slightly less accountable than physical in this case. Unless they have security cameras or something watching the operator (which I doubt, but I guess is possible)

Physical access would still be access controlled. They would know who all is on shift when the security breech happened. Sure that just narrows down the list of suspects, but its better than nothing.

Remote access however can be initiated at one point in time, and not utilized for some time.
Depends if there is a reboot or other maintenance schedule setup.
But the fact it quite possibly could be that the person running PCAnywhere and thus enabling remote access can be days or weeks separated from USING that remote access to do anything.
This puts your list of suspects back up to "everyone who has potential access to the system, over the past week+"

I'm not claiming they are not idiots about security here, quite the reverse in fact :P
I'm also under no illusion that this isn't exactly the desired operation of things.

Remember Flint's water?

That was the result of a state's regulations not being effective. Any reason to believe state electoral commissions will be better?

Remember Flint's water?

[Bruce66423]

That was the result of a state's regulations not being effective. Any reason to believe state electoral commissions will be better? (Trying to repost as a real person - wasn't logged in before!!)

Re: Is that goverment ID free??

[Darinbob]

I'm in the center, and I am seeing BOTH sides being ridiculously incalcitrant here. Democrats bitch that any voter ID proposal is bad before even looking at it, and Republicans complain that voter fraud is rampant despite the total lack of evidence. Never mind both sides being hypocritical and creating gerrymandered districts.

I think we should let everyone eligible be able to vote. If they don't have an ID or someone to vouch for them, then create a provisional ballot. It may slow down the counting, but I'd rather it take months to decide the winner than to disenfranchise someone. I also think college students should vote if they're living 2/3rds of the year in the county, and I think that ex convicts should vote also if they've served their time, and I think armed forces serving over time should be allowed to vote.

Voting is every citizens right and duty and no one should stand in the way of it. That's the top priority, and I don't have issues with voter ID if it doesn't get in the way of anyone of any political persuasion from voting.

Kissin ass again

It's also plausible you're kissing trump's ass again.

Train is a trumpbot

In case you've forgotten who Train is, he is a 100% trumptard. They can do no wrong in his book. Like trump, he really hates this collusion investigation. No matter how much data multiple agencies present, he stands by his decision that no one hacked anything regarding, related to, or involving our election system-- experts be damned. He gets to see data the rest of us Rubes don't have access to evidently so he knows all the facts. He's totally all over the DNC getting hacked though cause they deserved it.

how about...

using blockchain for voting?

Your name is Reek

Your response is iequally retarded. It's not simple at all. What if no one runs on that platform? Oh you're gonna tell me to run aren't you? Again, not simple or practical. Keep licking your master's boots, Reek. The only thing we agree on is e-voting is too corrupt.

Re: Is that goverment ID free??

[sexconker]

SIGH. GOOGLE IT.

voter roll dead
voter roll moved

Democrats did not do it

[aberglas]

Obama had the house and the white house. There is obviously a lot of vote machine rigging, and the republicans are much better at it than the democrats. But Obama did nothing. Wanted to build a consensus.

Nice fellow, that Obama.

Re:Democrats did not do it

[Opportunist]

And that has what exactly to do with anything?

election fraud and still lost

Remember boys & girls: in every state where Hitlary Clinton won, she won because of election fraud. (Not voter fraud - election fraud: tampering with the voting system to give a false vote count.)

Clinton actually lost the popular vote by a landslide.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Many homeless people lack ID

[Highdude702]

I can tell you don't actually know any homeless people.

Diebold

Not surprised. The company involved has strong ties, if it's not practically the same company as Diebold.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: Is that goverment ID free??

[ssufficool]

I'm to the left of center I suppose. I don't think convicts should lose their right to vote. This is a Jim Crow law remainder. Don't let them people vote on that thing that put them in prison.