Slashdot Mirror
Voting Machine Used in Half of US Is Vulnerable to Attack, Report Finds (wsj.com)
Election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack, WSJ reported, citing a report which will be made public Thursday on Capitol Hill. From the report: The issue was found in the widely used Model 650 high-speed ballot-counting machine made by Election Systems & Software LLC, the nation's leading manufacturer of election equipment. It is one of about seven security problems in several models of voting equipment described in the report, which is based on research conducted last month at the Def Con hacker conference. The flaw in the ES&S machine stood out because it was detailed in a security report commissioned by Ohio's secretary of state in 2007, said Harri Hursti, an election-security researcher who co-wrote both the Ohio and Def Con reports. "There has been more than plenty of time to fix it," he said.
While the Model 650 is still being sold on the ES&S website, a company spokeswoman said it stopped manufacturing the systems in 2008. The machine doesn't have the advanced security features of more-modern systems, but ES&S believes "the security protections on the M650 are strong enough to make it extraordinarily difficult to hack in a real world environment," the spokeswoman said via email. The machines process paper ballots and can therefore be reliably audited, she said. The Def Con report is the latest warning from researchers, academics and government officials who say election systems in the U.S. are at risk to tampering.
While the Model 650 is still being sold on the ES&S website, a company spokeswoman said it stopped manufacturing the systems in 2008. The machine doesn't have the advanced security features of more-modern systems, but ES&S believes "the security protections on the M650 are strong enough to make it extraordinarily difficult to hack in a real world environment," the spokeswoman said via email. The machines process paper ballots and can therefore be reliably audited, she said. The Def Con report is the latest warning from researchers, academics and government officials who say election systems in the U.S. are at risk to tampering.
If you don't support paper ballots cross indexed with a list of citizens you don't support free and open elections.
Must be the RUSSIANS at work again!!!!@12
These work in conjunction with paper ballots and can be reliably audited. This isn't really any news
As far as Trump and his supporters are concerned, this isn't a bug, it's a feature.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
And the ACTUAL primary rigging was done by Hillary. I noticed you failed to mention that bit.
Who could have possibly predicted this?
What is this world coming to? Next, they'll be telling us robot lawnmowers are killing little hedgehogs.
https://youtu.be/SgpnrOUS2BE
You are welcome on my lawn.
Voting machines are vulnerable to attack?
Sounds a good enough reason to cast a revote on the Presidential election to me. :)
"That's the way to do it" - Punch
(1) The paper can be quickly scanned by machine, for a same-day tally.
(2) However the stacks of paper ballots will provide a verifiable audit trail, which can be hand-counted if the machines' integrity is doubted.
The main flaw with today's system is NO audit trail exists (which is probably what the political bosses want).
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Look, we all know how to deal with the continual Russian hacking, the EU has demonstrated the only thing that works are paper ballots and non-networked vote counting machines with an audit trail.
And, yes, it's Russia.
Luckily for those of us on the West Coast, Oregon, California, and Washington State all vote by mail using paper ballots.
-- Tigger warning: This post may contain tiggers! --
In good ole UK we use following system
* Every year little form through post to register folk in household for election register ( can state if entry not public info )
* Get card through post about next election
* On day of election go to polling station.
* If you have polling card fine if not any proof of id or even just name and address
* You get ticked off on paper list
* Given your bit of paper go into little booth
* Make X next to candidate ( for EU and local elections may be more than 1 )
* Fold up
* Put in box
* Someone outside will ask you who you vote for. I always decline ( exit poll I think it called )
Then those boxes are taped up and sent to counting station. Lots of paid folk count them out.
They announce vote about 8-12 hours later
Simples
It isn't all that difficult to design a properly secured system, and all you really need to do is to isolate the stations from the outside world.
Each voting machine should tie into a local "server", and after every vote, send up an encrypted packet with the voting choices to that server. Locally, the machine should keep a paper version of every vote, a local copy of the count, and after a given period, do a sync with the server with totals to verify that what has gone to the server from each station has not only been received, but also that the count for each person is correct. This would avoid tampering, and if there is a difference between them, an alarm could go off to indicate that there is a problem. Since there is no connection to the Internet while voting is going on, there can't be any tampering with the vote from outside.
Now, there could be a more secure connection that only has a single UUCP type connection between the server and the outside world. At no time can there be incoming connections from the server over that link to the outside. At no time do you need wireless connections, you don't have a big footprint, so people can't just plug into the local connection(and there can be security to lock out any devices that are not authorized to be even connected to the local LAN). So, you have inside security, you have local paper trails, and you have TEMPORARY connections to the outside, initiated by the local server to upload statistics, but incoming information wouldn't work to try to change anything.
Clean, secure, and there is a paper trail. Logging for each station would show and even have checks to verify number of people using the machines to make sure that nothing gets changed or forged.
This basic structure is something I just put down, didn't need to really think too hard about, and yet, it is probably safer and easier to implement than the incompetent systems that are so easily hacked. You don't need everything to be connected to the Internet, or to even have local networks that are connected to the outside world, so why is security so difficult for these companies that get paid to provide a system?
Works as intended.
in court and under oath he testified that he was explicitly told from the higher ups that the machines had to be made so the votes could be remotely altered. Stop blaming Russia, or Iraq or whoever is on the agenda at the moment, the culprit is your own government.
ffs...
https://xkcd.com/2030/
At each voting location, drop ballots into the local vote-tabulating ballot box, which is sealed.
At the end of election the box prints out a local tally. Send copies of the tally to the press if they aren't there watching the printout as it is printed.
Take the entire sealed ballot box to the central location.
Take all ballots to another machine that is made by a different vendor which uses totally different chips inside.
Re-count the votes with this second machine and publish the results to the press.
If there is a mis-match of more than +/- 1 vote in any race, hand-count the votes in that box with many people watching.
If there is no mismatch or a small mismatch, put the ballots into a sealed container in case they need to be re-counted later. If the total of mis-matched votes plus other factors suggest a hand-count is needed for the voters to have confidence in the outcome of a particular race, do a hand-count of that entire race.
Separate from all of the above, do a complete hand-count audit of a small random sample of all voting locations. Also to check for anomalies and deter rigging the machines, count a random sample of ballots from a large number of randomly-selected voting locations.
All steps except that of the actual voter casting his ballot should be done under watchful eyes of representatives from any group that wants to watch. Even the actual voting should be open to poll-watchers as long as they are far enough away to not see who is voting for what.
----
Note: This won't stop all bad behavior. You can still deter people likely to vote against you from voting by making it hard to vote (like Florida's felony-can't-vote rules), voter intimidation, wrecking your car on a major road thereby making it inconvenient for people to get to the polls, and other ways that have nothing to do with the vote-counting process.
----
As a condition of use, all vote-related equipment that is at the "local level" - everything used to collect the votes and create the local tallies - must have a published design and implementation and it must be audit-able. This way, I can build an identical machine and compare the one I built to the one that is being used and prove they are identical. This means that the computer chips will have a simple enough design that I can remove the tops, look at them under a microscope, and see that they are identical to what I made. I'm not so concerned about equipment that creates the aggregate tallies, as any cheating at that level will be easily caught by a watchful press.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Canada has been using paper ballots.
Maybe they can come in as part of a UN sanctioned team and help run fair elections.
But that would be un-american. We get to tell other people how to do their elections, because we want our candidates installed.
Picture ID would be unconstitutional, but using it (as Republicans are doing now, along with closing polling places and reducing hours, fake robocall info and false info mailers, etc) is intended to suppress minority voters.
You're a cowardly cabal. Yes, Republicans are racists in 2018.
No hacking of thes systems ever happened, its all just more democrat paranoid about Russia conspiracy. Too bad Slashdot.Org has so much liberal bias they keep pushing this false narrative about totally non-existant hacking. Once more we see how liberal biased sites like Slashdot.Org are trying to sway upcoming election which is being target by Chinese hackers to give control of goverment to Democrat party. Sad.
This is what you should be reading: https://www.nytimes.com/2018/0... There are so many problems with our voting system, it can't be attributed to mere greed and stupidity...
We play the game with the bravery of being out of range
We got us an amature lawyer.
Everything in your post is wrong. Everything.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
To everyone screaming PAPER BALLOTS,
This is the machine that counts your damn paper ballots. So what the hell are you all talking about?
Do you guys even read anymore?
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Yeah a photo id is really going to suppress actual citizens' rights. Bullshit.
are much, much bigger problems than this. If we really care about democracy then we should make voting mandatory (doing so would end voter suppression), require all states to have vote by mail and apply open-source algorithms that are legally required to divide the population equitably (I don't know the algorithms off hand, but there are several that are considered fair and effective). Finally voting rights should be restored when you're done serving your prison sentence. The only reason to take voting rights away from ex-cons is to suppress their (left wing) votes.
But, well, I don't think we really care. There's a significant number of Americans who think it's a bad idea to let the "wrong" people vote. It's funny to see the double think involved when they somehow reconcile this thought with their love of democracy...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I vote third party if there is an option, then toss between democrat and republican for anything there isn't a documented alternative to vote for. More recently I've been voting and just leaving positions blank as a sign of protest over the two choices, because it has been harder to find a politician I can vote for even in lesser disgust anymore.
> I wouldn't trust any GOP or DNC politician with the key to my most hated enemy's house.
Next election is really the time for people to organize and vote down both the democrats and republicans, even if it is for a third party candidate you're not 100 percent with. The election after that is fixing our election system, and the one after that is getting as many third parties as possible onto the ballot, into the common person's mind and in the debate on how to move the country forward. If not, you might find a fat chinese man wearing a red star lapel as your next glorious leader. Or a barechested farting russian autocrat.
Yeah a photo id is really going to suppress actual citizens' rights. Bullshit.
If you're chosing between spending US$10 on a State ID, or feeding your kids, most people will feed their kids. It has been well documented for several decades that these efforts to address a non-existent problem are solely designed to place logistical and bureaucratic barriers between the economically disadvantaged and the polling place.
In the last, arguably most polarized election in history, there were just four (4), count them, four, documented cases of voter fraud out of 135,000,000 voters who took part. Four.[1]
This isn't about addressing any problem other than "we can't let those poor, disproportionately non-white people, vote or we'll be swept from power."
Republicans are women hating, white-entitled racists who are fine putting accused pedophiles into office and rapists on the supreme court. They have done more in the last two years to make me ashamed of my skin color, gender, and nationality than 242 years of often dark history have managed to do (probably because these neanderthals are showing us all what scum a good 40% of our population, mostly white, really is).
And no, I don't believe Trump is Hitler. He's more like Ferdinand Marcos to Putin's Hitler, but I digress.
[1]https://www.washingtonpost.com/
Again, not a mention of Clinton rigging the primary in 2016.
If YOU were serious you would call for those involved in rigging the primary to be held accountable as an example. Instead, since they got the "right person" to win you are fine with it.
In other words, your opinion doesn't mean shit.
The model 650 is the supersized version of the precint optical scan ballot counter (model 100).
First.. THIS IS PAPER BALLOT! so they can be recounted and recounted by hand. THew same ballots can even be counted on multiple machines. SO yeah paper ballots! The operative word here is "can". Lots of roadblocks to actually recounting. If all the machines are in use you can't just use one machine to recount another's ballots. Well you could and it wold work just fine but there lots of procedure violations in that so it won't happen. Likewise triggering a hand count is problematic in most states. But that said. the paper is there.
Second the archaic nature of these machines is in some ways good. Look at the dot matrix printers it uses. Those are not like modern laser printers which are full up computing machines with lots of flashabvle attack vectors like font files and toner chips and stuff. These very likely have hardwired rom fonts and no perating systems at all. Many of the crazy things you can get modrn OS's so do are foreclosed bu obsolete technology that is just smart enough to do what it does. And scanning an optical ballot doesn't require too much. It's not even doing OCR or imaging processing.
So this machine might have some attack vectors but they are if anything easier to enumerate and thus prevent than something running the very latest Windows 10 or Linux zooey zooey or whatever.
the vendors of course love to hear that the old machines are dangerous and need to be replaced. So no matter where this story originated expaect it to get amplified
Some drink at the fountain of knowledge. Others just gargle.
Paper ballots with verifiable safe storage for recounting if needed is the only good way to do this. NOTHING electronic is trustworthy here....think the new "Battlestar Galactica", no networks or Wifi or any such.
Ferret
Sic gorgiamus allos subjectatos nunc
Actually Wimpwuss you don't know what you're talking about. Picture ID is issued by the state. State restrictions on Federal elections are un-C unless ratified Federally. You can't even spell amateur though you demonstrate it.
And it's patently obvious Republicans are a racist party in 2018, and that's why you try to shut down the minority vote - because you are cowards, not Americans.
Canada IS American, you insensitive clod!
But I'll grant you, it's not 'Merkin. Thank goodness.
Arkansas, Georgia, Indiana, Kansas, Mississippi, Tennessee, Virginia, and Wisconsin.
States legally requiring picture ID to vote.
I know you won't admit you're wrong, but everybody else knows.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Spoken like a truly retarded, racist republican misogynist. Go back to Russa, Vlad.
Says Big Giant Orange Head:
"If only half the US uses those voting machines, we are only half vulnerable to attack! Fake News! No Collusion!!"
saying it is doesn't make it so. Democracy is everybody gets to a vote, they get one vote and they get to vote in elections that concern them.
You're straw manning when you say "anyone who walks in". Again, one vote per person and elections that concern them. I don't get to vote in California's Senate races. I have my own. The same goes for illegal immigrants. You're trying to distract from the main issue, which is the suppression of legitimate voters.
You know perfectly well what the "wrong" people means. It means people who disagree with you. You've made it very clear you'd like very much for those people to not be allowed to vote. And in the process made it clear that you're not really into democracy. Not when it counts, anyway.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
saying it is doesn't make it so. Democracy is everybody gets to a vote, they get one vote and they get to vote in elections that concern them.
That is the practical application. The basic tenet -- idea behind the system -- is that the people who vote are informed and care.
You're straw manning when you say "anyone who walks in".
No, I'm giving you the opposite to your "wrong" people claim. You say that there are those who claim that "wrong" people should not be allowed to vote. Since "wrong" people means non-citizens, non-residents, etc. as I listed, then if you oppose the idea of not allowing the "wrong" people to vote you are supporting the idea that anyone who walks in can do so.
I don't get to vote in California's Senate races.
I don't care why, but obviously then you are a "wrong" person and are not allowed to vote. Why aren't you up in arms that those awful California election officials aren't letting you vote?
You're trying to distract from the main issue, which is the suppression of legitimate voters.
Your phrase was "wrong people". Keeping the "wrong" people from voting has nothing to do with suppressing legitimate voters, since legitimate voters are not "wrong" people.
You know perfectly well what the "wrong" people means. It means people who disagree with you.
That may be what you intended to say, but you did not. "Wrong people" in the sense of what many of us don't want to be allowed to vote means exactly the list I gave previously.
You've made it very clear you'd like very much for those people to not be allowed to vote.
Oh, now you're just making shit up. The list I gave of "wrong people" had nothing to do with whether they agree with me on anything or not.
Actually I'm not wrong, there are pending cases in Federal court about it. Republicans are simply too cowardly to pick them up and decide them on the legal merits. They know they'll lose in a fair vote - proven.
The scared inbred racist faggots like you are, wimpwuss, circling the drain. When the voting rights act is reinstated you'll see why faggots like you without a shred of integrity will never matter beyond your 1 vote.
All your gerrymandering and voter suppression does is make you obviously treasonous faggots, nothing more. Your racist party is dying and the hole is already dug.
You're dead already dishonest faggots. Kavanaugh was your hail mary, and it was intercepted. NOW YOU GET FUCKED IN PRISON, TRAITOR. #The system works.
It's a high speed ballot counter. Back in the day, before the great buyup and consolidation of the elections business, I designed much of a competing machine.
"Eve of Destruction", it's not just for old hippies anymore...
lol a homophobe calling someone racist
Is what produces a Trump s pres.
[($)]
I think that you said the right thing but did not understand what you posted.
They are not "unmeasurable" because they are so rare. They are unmeasurable because given the system, there is no realistic way to measure them.
The system is not auditable.
Who scrutineers? And why does it take 8-10 hours?
In Australia, scrutineers are appointed by the candidate (random member of public only used if no scrutineers available). They seal the box.
Then at the end of the day the votes are counted at the polling booth. By hand. By the same staff that manned the booth. IN FRONT OF THE SCRUTINEERs. I have done the scruitneering a couple of times, it is a quick and friendly process.
Normally there is a quick pass in which the votes are stacked into piles. Then they are gone through one by one, to confirm, and bundled into packets of 20 with a rubber band. In the unlikely event of unresolved disputes, those votes are put into a separate pile for adjudication later, if they would make a difference to the result. All over in an hour or so.
And we have a better system, where you write 1, 2, 3. So you do not have to vote according to how you think other people will vote. All counted quickly and efficiently by hand, including the preferences.
is that I can't station police in riot gear outside polling places in predominately black neighborhoods^X^X^X places that need extra security.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Widespread election fraud is the one and only reason universally-loathed candidate Hillary Clinton "won" the popular vote.
I guess we're seeing lots of noise about these problems just because Trump won. And the sore losers are trying to blame everyone (Russians, Facebook etc) but themselves.
These voting machine problems have been around for years (Slashdot has run plenty of stories on these issues over the years).