Voting Machine Manual Instructed Election Officials To Use Weak Passwords

An anonymous reader quotes a report from Motherboard: An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor's tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor's name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases -- alternating between two of them -- and in other cases to simply change a number appended to the end of some passwords to change them.

The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices. The passwords in the manual appear to be for the Open Elect Central Suite, the backend election-management system used to create election definition files for each voting machine before every election -- the files that tell the machine how to apportion votes based on the marks voters make on a ballot. The suite also tabulates votes collected from all of a county's Unisyn optical scan systems. The credentials listed in the manual include usernames and passwords for the initial log-in to the system as well as credentials to log into the client software used to tabulate and store official election results.

Strong passwords help Drumpf!

Without weak passwords how can election officials be sure the voters voted for the right person NOT like the last time! It was HER turn!

You're all a bunch of dumbasses!

You didn't demand paper ballots, so fuck you if the count is messed up! You all definitely deserve what you are getting. I just wish we could isolate you people from the rest of the world!

Re: You're all a bunch of dumbasses!

Dont like it here? I'd prefer if you hanged yourself.

Re: You're all a bunch of dumbasses!

I'd prefer if you hanged yourself.

Lead the way! You first!

Verifiable audit trail

You need to be using 2 factor on anything critical these days. You may get a voter guide or something to take with you, that contains non partisan information and the version numbers and such of election machines, which should be displayed on any machine used. The number needs such that you know a machine displaying that number is configured correctly, in that it can be proved after the fact.

Anything loaded must only be possible by having all the necessary cryptographic signatures. To whatever extent is humanly possible, you want it impossible to do anything but the right thing.

Of course the most critical thing is to produce a paper ballot. You can't ignore everything else, since it would be hard to track subtle manipulation without an exhausting hand count, but you need the paper ballot. Nothing else so far is provably verifiable, since even if you verify every piece of silicon originally and every piece of software, it doesn't preclude somebody adding something special, particularly in hardware at the chip level.

Re: Verifiable audit trail

I think election officials are a hell of a lot smarter than to follow those instructions in the manual

Hmm, November 7th.. MUELLER WILL SEE YOU NOW

Dun dun dunnnnnnnnnnn *taicho drums*

Re: Hmm, November 7th.. MUELLER WILL SEE YOU NOW

Yeah, hi Mueller. Uh, I'll have the Big Mac meal with and iced tea and large fries. I'm going to go sit by the window over there, so just bring it over when its ready, ok? And make sure those fries are hot this time.

Unity?

So you agree we shouldn't use electronic voting machines?

Great! Agreement!

Go ahead do the gaslighting or whatever its called, as long as it ends up with verifiable election systems. Systems where the voter knows the machine counted their vote correctly, and that Kemp agent could not simply upload a file to a voting machine to set a new vote result.

This is not the Russian elections.

Re:Unity?

[LynnwoodRooster]

Paper ballot, voter ID, absentee ballots need to be applied for each election. No need for anything else.

Re:Unity?

[PopeRatzo]

Paper ballot

That's how we do it here in California, which has the fairest and most secure elections in the country.

Re:Unity?

In Russia they use paper ballots, and the number of people through the door is about 1/3rd of the total claimed vote count.

When a candidate wins that Putin doesn't like, he cancels the election due to ballot stuffing (because they didn't stuff enough ballots in to rig the vote, they have to cancel it due to their own ballot stuffing!).

You also need the structures in place to verify the count, verify the votes correspond to the people who voted and so on.

Once you decide to put party before country, and manage to seize power over the judicial processes that control the election you are lost.

You end up with elections run by the people who are running for election (Kemp in Georgia), decided by partisan judges (like Kavanaugh), with news outlets telling lies they know are lies. (Fox News).

Re:Unity?

[LynnwoodRooster]

The issue is we ignore the next two, which are just as important. One out of three doesn't cut it...

Re:Unity?

[PopeRatzo]

The issue is we ignore the next two, which are just as important. One out of three doesn't cut it...

Oh, we have all three. When I registered to vote earlier this year, I had to show proof of my citizenship and a photo ID, and we have vote-by-mail that you don't have to be "absent" to use.

By the way, the states that experts have ranked as the worst for electoral integrity are Arizona, Oklahoma, Wisconsin and Tennessee. Also, Texas, Georgia and South Carolina rank pretty low.

Re:Unity?

[LynnwoodRooster]

You don't have to show ID when you vote. That's what voter ID is - quit playing stupid. Or are you opposed to proving identity when voting, like most of the rest of the world requires?

Re:Unity?

[Rockoon]

I am replying to a partisan hack that is dishonestly pretending to misunderstand voter i.d. on purpose. Basically, a lying fucking cunt.

Re:Unity?

[PopeRatzo]

Or are you opposed to proving identity when voting, like most of the rest of the world requires?

Texas doesn't require voter ID, so why aren't you complaining about them? Neither do South Carolina, West Virginia, Utah and a bunch of other states.

"Most of the rest of the world" has universal, single-payer healthcare. I don't see you calling for that you dumb fuck-whistle.

Re:Unity?

Texas does require id, with some limited work-arounds:
https://www.votetexas.gov/regi...

South Carolina also requires ID, although a voter registration is sometimes required.

Re:Unity?

*although a voter registration card is sometimes accepted.

Re: Unity?

Whereas in US the corps simply upload their stuffed votes using generic credentials?

Re:Unity?

NO need for "voter ID" because one must be registered to be listed.

Re: Unity?

You're just mucking around at the bottom of the pile. The USA does not rank well globally in terms of democratic process.

Re: Unity?

Why are you conflating all of the bad crap in Russia with paper ballots?

There are many countries that use paper ballots that have a fairer electoral system than the USA.

Re: Unity?

Making a trivially false claim is not a great set up to insulting someone elseâ(TM)s intelligence.

Most of the rest of the world does not have universal, single payer funded healthcare.

Iâ(TM)m not sure what kind of whistle that makes you, but it canâ(TM)t be good.

Re: Unity?

Paper ballots can be manipulated too, easily. The answer is integrity by independent electoral commission. Try again Ivan.

Re:Unity?

Except you let illegals vote.

pennywise and pound foolish.

Re:Unity?

[LynnwoodRooster]

Fail on TX, you fuck-whistle. Plus I live in California, so what TX does is of less concern to me than what CA does. Why don't you care about the integrity of the election? Perhaps because when fraud occurs, it benefits your political belief, meaning you put results ahead of ethics?

Re:Unity?

[LynnwoodRooster]

Provisional ballots allow a person to cast a ballot even though they are not listed on the voter rolls. Yes, you don't even have to prove you are registered in order to cast a ballot which, in at least one instance, were mixed in with regular ballots potentially throwing the election which was decided by less than 130 votes.

Re:Unity?

Provisional ballots are not counted unless you go to the election officials office the next day and prove you are you. That's the whole point of a Provisional ballot.

Re: Unity?

No more like penny wise and milligrams foolish. People a lot smarter than you have looked at this and it isn't a problem that you so boogieman fear. Now be an American and stop being scared shitless of your shadows.

Re: Unity?

[orlanz]

It's not some "commission" or "committee"; it's the people. There are still enough people here who will standup to corruption.

Re:Unity?

I don't think anyone really opposes it. It is just that it isn't a major problem.

To be able to abuse lack of identification you need to not only claim to be someone who is supposed to vote in that location, but also make sure that that person doesn't try to vote.
When you get to that point you can just steal or fake the ID from the person you wanted to claim to be.

I'm not saying that no-one has ever committed voter fraud, but pushing for voter ID will only solve small amount of those cases and the big problem is election fraud.
It doesn't bother me that much if a handful of people who shouldn't be able to vote votes if the one counting the votes throws away a significant amount of the legitimate votes.
Solve the big issue first and take care of the details second.

Re: Unity?

That is what happens when your reasoning is "We don't have to solve our issues because someone else is worse!"

"America first!" seems to be the mantra of people who aren't willing to lift a finger until America is last.

Re:Unity?

Citation needed on "most of the rest of the world". I've voted in two countries, and neither of them demands to see ID at the time of voting. (Incidentally, neither one limits the franchise to citizens only, either.)

Seriously - citation? It can't be too hard to find this sort of thing out.

Re:Unity?

[Kiuas]

Or are you opposed to proving identity when voting, like most of the rest of the world requires?

Greetings from the rest of the world. Here in Finland we do in fact have to provide ID upon voting, and we do not have to to register to vote because your ID is checked against a list of eligible voters upon arrival to the voting site. However, social services also funds the cost of the ID for those who cannot afford it (which is why essentially everyone in Finland has an ID). This being the case, the ID requirement does not prevent anyone from voting regardless of income status. This point is often conveniently left out in the american discussions over voter IDs when the 'pretty much everyone else does it' -argument is presented because from what I've seen so far, voter ID proposals in the States don't have provisions for providing an ID for people who can't pay for it, and that's the crux of the problem.

Voting is such a fundamental right that it should never be gated behind a financial barrier of any kind, wouldn't you agree?

Re: Unity?

Yeah, funny how it's only those that you win which are the 'fair' ones, isn't it.

Re:Unity?

[LynnwoodRooster]

I agree 100%! And I think most States currently give free ID for those who need it. The issue then becomes "but it is so much time and effort to get the ID!" when, in fact, there is not much you can do as an adult WITHOUT the ID. Like get a job. Or medical care. Or buy alcohol. Or drive. Or open a bank account. Or use Western Union. And many other things.

Re:Unity?

Here in the US, most States provide zero-cost ID. Interestingly, the vast majority of locations where ID is not free are ,costly or heavily Democrat-leaning.

It's almost as if the Democrats want to keep the "poor people can't afford ID therefor no ID to vote! (although we'll require IS to get government assistance for food, medical needs, etc)" alive to prevent mandating ID to vote...even if they have to be the only ones actually refusing to provide free IDs.

And why are people not laughing these loony idiots off the adult political stage FFS?

Re:Unity?

[LynnwoodRooster]

If you'd see the second link I used, unverified provisionals were mixed in with regular ballots - and thus counted, because once mixed they could not be pulled back out. If you don't have provisionals in the first place, then you don't run the risk of contamination.

Re:Unity?

[twdorris]

Greetings from the rest of the world.

Best intro ever. And a nice follow-thru to boot. This post wins.

Re: Unity?

I'm sorry, the "I think" and "most" took away all the wind in your sails...

Re:Unity?

[bluefoxlucid]

Think about the Internet. There are thousands of points where data leaves, moves through intermediate routers, changing hands, until it reaches a location. Your bank, for example.

Why do you use encryption when sending your credit card details? It moves from your PC to your ISP, through several core routers. Random people can't sniff it. Your traffic isn't exposed to untrusted third parties; arguably, all of the systems through which your data flows are more-trusted than the merchant to whom you're sending your credit card number!

"Computers can be hacked", right? What if the "hacker" is a technician at an ISP? Remember that guy who did that with the lottery?

Paper ballots begin at polling centers, where we trust staff to not manufacture additional ballots in the back and swap out ballot boxes with duplicate seals. They transfer through a chain of custody, always in the hands of 3-5 people who we assume aren't colluding, or stored in a secure location we assume isn't intruded upon by someone with a key and admin access to the security logs. They change hands several times.

That doesn't even get into the error rate of counting--with the implication that you can manipulate the error rate. People freak out about that when it comes up: Kris Kobach in Kansas was giving instructions about what ballots to not count (spoiler ballots, in late, etc.), and he was also a candidate in the GOP primary for Governor. You get a lot of individual judgment with hand-marked paper ballots especially--is that a stray mark, or just a little outside the circle? Is it enough to flag to an observer that the purchased vote has been cast faithfully? Does the signature sufficiently match the one on file? All up to personal taste.

Paper ballots are a complex, flimsy, and insecure network.

Re:Unity?

[pjt33]

Paper ballot, voter ID, absentee ballots need to be applied for each election

That last one would be quite irritating, because sometimes elections are called outside of the usual timetable (e.g. to replace someone who died in office). I think I prefer the system in my country, where you have to renew your application each year. I get a reminder three months before my postal ballot registration expires, and as long as I don't sit on it for ten weeks I can be sure that my renewal is received before the registration expires.

Re:Unity?

[Kiuas]

Here in the US, most States provide zero-cost ID

Do they? 'Cause that's news to me. I asked an American living here in Finland that I have befriended about this and he said it's BS. So one of you guys is wrong. I tend to trust my friends more than strangers on the internet but because I wanted to make sure I went to Google and 10 seconds later found this in the wiki

According to a Harvard study, "the expenses for documentation, travel, and waiting time [for obtaining voter identification cards] are significant—especially for minority group and low-income voters—typically ranging from about $75 to $175. When legal fees are added to these numbers, the costs range as high as $1,500."[49][50] So even if the cards themselves may be free, the costs associated with obtaining the card can be expensive.[49] The author of the study notes that the costs associated with obtaining the card far exceeds the $1.50 poll tax outlawed by the 24th amendment in 1964.

The study in question is a 2014 study from Harvard Law School titled The High Cost of ‘Free’ Photo Voter Identification Cards '

So a trusted and informed friend and a dude from Harvard Law against 1 anonymous coward... damn, this is a tough one but I do think you may in fact be full of shit, because I did crunch the numbers and came tot he conclusion that a 'free card' costing anywhere from 75 $ upwards is not in fact free.

This reminds me of that quote from Hitchiker's Guide to the Galaxy:

“But the plans were on display”
“On display? I eventually had to go down to the cellar to find them.”
“That’s the display department.”
“With a flashlight.”
“Ah, well, the lights had probably gone.”
“So had the stairs.”
“But look, you found the notice, didn’t you?”
“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”

Re:Unity?

[Ol+Olsoc]

Or are you opposed to proving identity when voting, like most of the rest of the world requires?

Greetings from the rest of the world. Here in Finland we do in fact have to provide ID upon voting,

The voter ID kerfuffle in the US is based on political machinations more than anything else. Having an ID of course makes sense. What doesn't is the transparent practice of bitching and moaning about it shortly before every election.

and we do not have to to register to vote because your ID is checked against a list of eligible voters upon arrival to the voting site.

Excellent! I like that idea.

However, social services also funds the cost of the ID for those who cannot afford it (which is why essentially everyone in Finland has an ID).

Here in Murrica we spend truly insane amounts of money in the election process. So money should be no object. I had outlined a process - phasing in of voter ID with a photo ID provided at polling places and courthouses - wherever one registers (although I do like the simple database process you spoke of)

But in reality, and harking back to what I posted at the beginning, This voter ID fight has nothing to do with an operating system. It is merely one of the touchstones that is used by one group to keep people from voting.

One group, the crypto-conservative Republicans, understands that they do better when they disenfranchise as many people as possible.

The other group, the Democrats has a large group that doesn't bother to come out and vote.

Which is why I blame Democrats as much as Republicans for the present sorry state of US politics. The Demoncrats have allowed the kooks to run the show.

This being the case, the ID requirement does not prevent anyone from voting regardless of income status. This point is often conveniently left out in the american discussions over voter IDs when the 'pretty much everyone else does it' -argument is presented because from what I've seen so far, voter ID proposals in the States don't have provisions for providing an ID for people who can't pay for it, and that's the crux of the problem.

Voting is such a fundamental right that it should never be gated behind a financial barrier of any kind, wouldn't you agree?

Re: Unity?

You are a moron.

Paper ballots, provided the right procedures are in place, are way harder to manipulate than electronic votes and infinitely easier to audit. The decentralized nature of paper ballots also makes corrupting the integrity of the election on a large scale infinitely harder than with machines where the manufacturer of the same becomes absolutely massive single point of failure. This is simply because if you're doing some kind of operation to corrupt the election at some voting machine OEM, only a few people need to get involved, and the number of people who even have the chance to detect any shenanigans are minuscule. Operational security will be almost watertight compared to if you're going to have to get out to all, or at least a significant number of constituencies to pull your stunt.

Voting machines are a bad, bad, bad idea for everyone except those who would seek to rig an election. And various manufacturer, with Diebold as point men, has over and over again shown that their integrity is highly suspect in the first place.

Re:Unity?

[Kiuas]

Damnit, the link to the study is broken, sorry people. Here's a working one.

I clearly need more coffee.

Re:Unity?

[mjwx]

Or are you opposed to proving identity when voting, like most of the rest of the world requires?

Greetings from the rest of the world. Here in Finland we do in fact have to provide ID upon voting, and we do not have to to register to vote because your ID is checked against a list of eligible voters upon arrival to the voting site. However, social services also funds the cost of the ID for those who cannot afford it (which is why essentially everyone in Finland has an ID). This being the case, the ID requirement does not prevent anyone from voting regardless of income status. This point is often conveniently left out in the american discussions over voter IDs when the 'pretty much everyone else does it' -argument is presented because from what I've seen so far, voter ID proposals in the States don't have provisions for providing an ID for people who can't pay for it, and that's the crux of the problem.

Voting is such a fundamental right that it should never be gated behind a financial barrier of any kind, wouldn't you agree?

This.

Here in the UK we do not need to provide ID, but do need to provide our name to get it struck off the roll. However registration is required as we have to vote in our electorate and only one electorate, so it needs to be known which electorate we live in. if I had to provide ID, any form would be acceptable, including ones issued for free by the government or a reputable organisation (like a student ID).

Re: Unity?

I think his point is that paper ballots are necessary, but not sufficient.

You need to have honest people all along the way as well.

Re:Unity?

If you are going to sit here and lambast people for not explicitly listing every single possible permutation of ideals and then declaring where they stand on each and every one of them, then we're never going to get anywhere.

Re:Unity?

[dryeo]

Around here (Canada), the paper ballots are counted at the polling station when the polls close, with members of the public including party members of all interested parties, watching the process like hawks. At that, I'm free to watch the whole process from beginning to end if I desire (assuming room, which I've never heard of being a problem)
There is a weakness with the advanced/absentee votes, which almost never enough to affect the outcome, having to be stored. Usually the absentee votes aren't even bothered to be counted. Candidate wins by 2000 votes and only 1000 advanced votes, why bother counting.

Re:Unity?

my vote by mail in Washington would beg to differ

Re:Unity?

[HiThere]

Sorry, but no. Absentee ballots are a permanently available choice. Also, the paper ballots, while they exist, are read by a machine, probably the one mentioned in the article. I've never heard of the original paper ballots actually being recounted manually to check the result.

FWIW, this information is current as of July, 2018. I'm not sure of it's current state. I'm also not sure which items are county or city specific.

Re:Unity?

[PopeRatzo]

my vote by mail in Washington would beg to differ

Respect to Washington. They do elections right up there.

Re:Unity?

[HiThere]

This depends entirely on what is accepted as an ID, and how hard it is to get. I recently moved, and it was quite a hassle, partially because I can't drive.
The new state wouldn't accept the ID from the old state, and demanded a birth certificate. And the one issued by the hospital wasn't acceptable, it had to be a government issued birth certificate. And the place where I was born raised a large number of obstacles to getting the certificate without going there. (I don't know what it would have been like if I'd gone there in person.) Eventually they issued one after paying money, waiting, filling out forms, etc. ... and they never did do anything that would really check that I was who I said I was.

So. The issuing of the ID was free. The getting of it took a modest amount of money (not enough to pay for the paperwork), but a tremendous amount of bureaucratic shuffling, and didn't really prove anything anyway except that I'd gone through the bureaucratic paper shuffling.

So I'm not really impressed with the "ID requirements". They don't provide actual ID and they cause a tremendous amount of hassle. Photo + digitized fingerprints would be much better as unique IDs, or any of various other biometric markers. They should always be needed to be tested in person for any significant trust, because the "coded id" could be duplicated, so this should only be used to issue secondary ids from. And the database should never be connected to the internet, even indirectly, but the "coded id" should be matchable against any other reading.

Even so, you couldn't trust this system, because eventually there would be illicit copies made. And in a way this lack of trust is valid, because I'm certainly not the same person I was a decade ago.

Re:Unity?

[PopeRatzo]

Sorry, but no. Absentee ballots are a permanently available choice. Also, the paper ballots, while they exist, are read by a machine, probably the one mentioned in the article. I've never heard of the original paper ballots actually being recounted manually to check the result.

Paper ballots in every state are read by machine, and they are retained in case a recount is needed, which it seldom is because except for a few tokens we keep around for laughs, we don't allow Republicans to get anywhere near a position of power here in California. That's how we keep it so nice here.

And they're not called "absentee ballots" any more. It's just vote-by-mail. It's the exact same ballot that you get at the polling place and you can either drop it off early at one of the qualified locations, mail them, or bring them to the polling place yourself like my wife and I just did.

Re:Unity?

[bluefoxlucid]

Public view?

Your main weakness is recounting. Let's work backwards from electronic for this one.

With electronic voting machines, once you've proven the integrity of the machine, you can prove the ballot set. Everyone votes, the machine displays some kind of computation, and only then do you enter the machine to remove the ballots (digital media copy, whatever).

For provisional ballots cast in-person (wrong polling center, etc.), you load the provisional ballots into your hash set by the same rules, marking them as provisional--and you don't include identifying information in that set. This still exposes identity to the public if your polling center collects only a few provisional ballots (if it's only one, we know whose is provisional), which is the same problem as very few people voting (one polling center here had 67 people vote in the primary, with only three Republicans who all voted for the same candidates, so I can give any of them their exact ballot back. Imagine three people voting in the General by provisional in a pile of 1,600 votes). The solution is to obscure who is voting provisionally.

Under this scheme, ballots are traceable: the central authority publishes each ballot set with its polling center. We can all recompute the hash and prove the ballot set is untampered. They can strike any provisional ballot, so long as they leave its contents up in the ballot set and mark it rejected.

As you note, absentee ballots come in the mail, are paper, are not observed, and so represent a weakness. Disenfranchisement represents a larger threat, so we accept this weakness. On military base and ship, we can actually run the same kind of public election as here, observed by the public of the men on ship--who of course will leak if they're not allowed to record election ballot traces.

So what about paper?

Well, you can slip a piece of pencil under your fingernail and spoil ballots when counting paper in full public view. You can miscount. Election judges can collude, despite the whole reliance on people not colluding (we've seen this in other places).

We perform our recounts days or weeks later, with ballots kept in a secure location. Again: how do I know anyone in the chain-of-custody isn't just a group of 3-5 people who can print a new seal and are fully-willing to collude? Buy a few people off, get them an election pen (remember what I said about pencil?), and they can create a few new spoiler ballots.

In an election with 100,000 ballots, one state here recounted with 3,500 fewer, and claimed they must have just found more spoilers (without explaining which were probably not originally spoilers). We just accept that. Three percent of votes.

See how many avenues of attack we have? Now look at our electronic voting machines. Yeah, hell no. The stuff out there is horrible. That doesn't mean paper is safe; it just means we damned well better move to stronger EVMs if we're going to move off paper.

Candidate wins by 2000 votes and only 1000 advanced votes, why bother counting

Computing whether a candidate won can be...difficult. Take any Smith-efficient system. You have to compute all the one-on-one pairings: if a ballot ranks Bill 1, Anne 2, and Jim 3, then Bill vs Jim is 1 vote to Bill, Bill vs. Anne is 1 vote to Bill, Anne vs. Jim is 1 vote to Anne. These pairings are important.

To get the Smith set, you find out who wins these.

Let's say Bill, Anne, and Jim each get a majority of rankings above Dave and Mary. Dave and Mary categorically lose against these other three. Dave and Mary are out.

Now we have Bill, Anne, and Jim. Bill beats Anne; Anne beats Jim; Jim beats Bill. O

Re:Unity?

[Darinbob]

There is a problem that many in the US do not believe voting is a right, and they're greatly opposed to the wrong sorts of people voting since they might vote for the wrong things. There are those who don't want college students to vote, since they're not in the country for a full 12 months. There are those who don't want convicted felons to vote even after they are out of prison. There are even those suspicious of members of the military voting when they are stationed overseas.

Re:Unity?

[Darinbob]

You can get jobs without ID. You need a social security number, but you don't need ID for that. The problem is that the people for whom voter IDs are difficult to get tend to be the sorts of people who don't vote the way the powers that be want them to. Ie, the poor, the elderly shut-ins, the homeless, widows who never needed this stuff until after the husbands died, etc.

When elections are tight, disenfranchising a very tiny minority is enough to sway elections.

Getting a driver's license is a royal pain in the ass in many places. A identity card from the DMV is similar. People are reporting 8 hour waits at the DMV in California (because of the increased demand for the ridiculous Real ID cards that you can only get in person), and I had to book an appointment 3 months in advance for the DMV!

Re:Unity?

[Darinbob]

I think this is because Republican states are the most intent to prevent those who might lean Democratic from voting. That's the poor, minorities, college students, etc. In Democratic leaning states it is much more difficult to prevent or discourage rich whites from voting.

Re:Unity?

[Darinbob]

How do you show proof of citizenship? A driver's license doesn't cut it. No one in the US is issued with a certificate of citizenship when they are born. My birth certificate may not even count for me to get my Real ID as now apparently I may have to apply for a "long form" version. A passport may work, but very few in America have those or carry them around everywhere. To register I prove my identity, but not my citizenship, but check a box that I agree under penalty of perjury that I am a citizen.

In my view, every citizen should vote with as FEW hurdles to jump over as possible. Getting more people to vote is better, even if they're going to vote the opposite of how I vote.

Re:Unity?

Want to buy or keep a gun, which is a constitutionally-protected right? You need to be of age, show ID, go through a background check, be subject to tons of restrictions, individual states will violate the constitution every way they can to stop you, etc.

Want to vote? Go right ahead! You just need a name and a polling location, or a name and an absentee (mail-in) ballot. Requiring something as simple as an ID check is verboten nation wide despite the fact that each individual state is supposed to run their own elections.

It's absurd. Require ID to vote. Make the ID cheap or free (in certain cases). Make it available at DMVs and maybe post offices. Do it like the Real ID laws for travel, where you announce it well ahead of time. (But don't do it like the Real ID laws where states like CA were given multiple extensions for no reason.)

Re: Unity?

Nice posts Klaus. Because voting in a democracy is so important, here in Australia it is compulsory to vote, and a fine is imposed if you don't vote. You turn of age, or get citizenshuip, and you must register.

For those who sputter "whaddabout mah right to object?" there is no law that requires you to inset a valid voting paper into the ballot box, just that your paper must be inserted. There are a certain percentage of spoilef ballots every election, some apparently show great imagination and flair.

"But whattabut alll them Prime Ministers" is not a counter-argument. Australia has had decades of steady government. The recent spate of Let's be the Italy of the Soutg Pacific does not arise out of the voting method. In truth it's a symptom of social media, pollsters, and a cohort that believes Australia needs Tea Party thinking, and everyone inside that bubble agrees that it is so.

By having so many people vote, there does appear to be a moderating influence on the authoritarian types attracted to politics.

Re:Unity?

[LynnwoodRooster]

You can get jobs without ID.

Not legally. You must fill out an I-9 form when you are employed - and that requires considerably more than just an SSN.

Re:Unity?

[Darinbob]

Ya, this was a pain for me. Drivers license is used, but I never had a social security card (cardboard, hand typed, totally and utterly insecure) so eventually I went and got a new one. I think I've used a birth certificate before, although I may have to get a new one since it's not "long form".

I'm still thinking about the good old days before we had soviet style "homeland" security.

Re: Unity?

[astrofurter]

Paper ballots are a good, necessary start. However they are by no means sufficient to secure elections against organized corruption.

Consider for a moment several amusing stories of election antics from San Franshitsco: http://sfist.com/2016/11/04/ri...

Re: Unity?

[astrofurter]

"the good old days before we had soviet style "homeland" security"

I, too, remember living in a Free republic. Alas, the youth of today have grown up under the Empire. They may never know the taste of that simple, relaxed Freedom we thought had given us victory over the Soviet Union.

Re: Unity?

[astrofurter]

C'mon bro - we live in a bureaucratic totalitarian state. If one doesn't have a valid government ID, one is good and truly fucked. Voting would be the very least of one's problems.

Re: Unity?

[astrofurter]

"People a lot smarter than you"

Respek their authoritay!

Re:Unity?

[LynnwoodRooster]

Texas poll workers letting non-citizens vote, no problem at all. Keep on ignoring the voter fraud! Fuck-whistle, indeed...

Re:Unity?

[PopeRatzo]

Project Veritas? Really?

James O'Keefe is just Jacob Wohl with costumes.

Re: Unity?

Fuck off.

Re:Unity?

[HiThere]

Changing the name doesn't change the thing. I was permanently registered to use an absentee ballot, because one time I needed to, and I never changed it back, but I did usually drop it off at the polling place.

FWIW, I don't accept that all Democrats are honest at counting votes. I also don't accept that all Republicans are dishonest at counting votes. So the end of your first sentence is invalid for me (and calls into question any argument I can't check).

Sounds like a requirements fail

I'm not sure county governments should need to hire PMs to manage scope and the QA process, but how else do you know what you are buying meets your needs?

Re: Sounds like a requirements fail

The machines were ordered and delivered. Check. They scan ballotd. Check. They spit out results. Check.

See? No PM needed.

Re: Sounds like a requirements fail

HAHAHA. You just describe what 99% of PM's do. Perfect!

California Republicans

- Don't leave Bakersfield, where the air is ripe with Republicanism
- Don't realize Trump's store-bought imported whore wife was also illegally brought here, and Trump's father wouldn't be allowed in under his platform either
- Fox News, nuff said

You probably wouldn't last 20 seconds in front of Robert Mueller without blurting out some retarded falsehood and getting insta-carted off to Federal prison, just like Trump is about to...

Re:California Republicans

You probably wouldn't last 20 seconds in front of Robert Mueller without blurting out some retarded falsehood and getting insta-carted off to Federal prison, just like Trump is about to...

With Trump there are two possibilities.

1. He knows 100% what he is saying. He is on top of things but chooses to lie about everything, even when it makes no sense to do so.

2. He is mentally unfit for the position he is in, but not stupid. He is a very accomplished con man and is going with his gut and his wits to find the levers necessary to move the electorate, mo matter the cost, particularly with respect to keeping the senate, which are really the only ones who could really stop him.

Notice that (1) doesn't make sense. His own actions sometimes don't make sense from this viewpoint, and his own lawyers have said, you can't testify. You will be convicted of perjury. I think it is really 2. We have someone in office who thinks the ends justify the means, if the result is Trump wins, and really only has two skills. 1. He is an accomplished con man. 2. He never gives up. Have you noticed that several times lately his only defence is, "It worked," as if that is all he needs? That is his ends justify the means stuff.

Re: California Republicans

So Barack Obama makes millions of people legal via DACA and kills US citizens using missiles and isn't a dictator, but Trump who tried to repeal DACA and was shot down by the courts, and also congress nearly unanimously repealing Trump's tariffs on over 1800 items is a dictator?

We get it. You hate Trump. That's ok. Just stop trying to look like you have a background in paychoanalysis of a person you've never met to justify your positions. Trump has had legislative and judiciary checks on his executive power, and you were nowhere from 2009 to 2016 when the same thing was happening.

Re: California Republicans

Hey Vlad - how's the weather in Moscow today?

Why is it

The that biggest idiots always end up handling the most important tasks?

Re:Why is it

Because technical brilliance, and leadership, are two entirely different skill sets.

Re:Why is it

Corporations just work that way.

Re: Why is it

True. One involves bullying others in a manner that looks like comradery. The other is very much technical and facts-based.

Hint: Facts get in the way of achieving desireable outcomes. Meeeeeh

Re:Why is it

Because technical brilliance, and leadership, are two entirely different skill sets.

Good thing that the current U.S. president has both to equal amounts.

Re:Why is it

Because this was probably the vendor with the lowest price and no one cared about functionality or security?

Re:Why is it

Because everyone good would rather go sell ads than build something actually important.

Re:Why is it

because crony capitalism.

we do not have the free market that is claimed.

Re:Why is it

>> Because technical brilliance, and leadership, are two entirely different skill sets.

> Good thing that the current U.S. president has both to equal amounts.

I guess this is a start: something that both Democrats and Republicans can agree on...

*snide*

The Creds

[zamboni1138]

The username is: password
The password is: password

Re:The Creds

[f3rret]

For extra security you should set the password to "username"

Reasoning

[PPH]

Ever seen the people who volunteer to staff polling places? Do you want to budget for the tech support staff needed to reset passwords when Aunt Eugenia forgot it again?

Re:Reasoning

Sounds like a solid argument for paper.

Re:Reasoning

[DethLok]

in Australia (apparently a nazi country since we have govt regulation of business, gun control, national healthcare?) we also have the Electoral commission.

They run the voting system.

Everyone votes the same way, on paper.

They hire extra staff from existing public service agencies, experienced & arguably trustworthy govt workers.

Voting is too important to let states or cities make up their own rules, or to let just anyone work in the polls.

And boy, am I curious to see the results and hysteria of these US midterm elections, it is going to make Bush vs Gore look like a couple of toddlers fighting over a toy!

Re: Reasoning

[orlanz]

No, Voting is too important to let centrals run it. I don't think you understand how voting works in the US. Nationally, no one votes directly but same safeguards as states.

State level, you need a LOT of corruption across a highly distributed network of independent voluntary organizations to impact a vote. That complex non-standard setup is the primary safeguard against vote results tampering. The second is the volunteers who have a self interest in making sure the other isn't cheating and many independents who ensure no one cheats.

At the local level, you do have independent and committee based outsiders who ensure the few locals aren't cheating the local population.

The paper based voting system in the US that has been used for decades is pretty good. It was the State level discrimination laws and more recently end voter manipulation via social media that has been their only real threats. A "committee" would have made both worse.

BTW, we do have many committees here, they just aren't the only thing the system relies on.

Re: Reasoning

[bluefoxlucid]

State level, you need a LOT of corruption across a highly distributed network of independent voluntary organizations to impact a vote

The votes move from hand to hand from thousands of locations through small groups of trusted parties. That's tens of thousands of weak links--millions in some states.

The paper based voting system in the US that has been used for decades is pretty good.

It is. It's a complex mess with enormous integrity problems, but it's only severely-abused in a few places--and that severe abuse is relatively minor. A strong, decisive victory or even just huge voter turn-out is usually enough to overcome the level of tampering even in states where it's rampant.

We estimate about 30,000 ballots just tossed out in Florida every year. Ohio did a recount once and came up 3,500+ ballots short, with the excuse that "it's probably spoiled ballots" but no trace to show which ballots were spoiled (yeah, "We're not sure, we guess it's X, it's probably fine, trust us" fuck you).

Small numbers.

My concern is we can't prove integrity. I can fix that with electronic voting machines, so long as we follow some god damned strict standards. Give me a little time; we have to do this right.

end voter manipulation via social media that has been their only real threats.

You should see paper ballot security considerations. Many of these are built on the idea that you can trust some party by putting other parties around them, under the theory that they're adversarial and will act as checks on each other; unfortunately, we have Democrats endorsing Republican candidates now, and besides that you can just join a party and carry out espionage (really, vote tampering is an enormous offense and an attack on our national security).

You can fix that with voting rules that reflect the voter's preferences better. The combination of Single Transferable Vote for multi-winner elections, the Big Party Rule (a party with 25%+ registered voters can nominate two candidates for single-winner elections, but only by primary election using STV), and a strategy-resistant Condorcet method like Tideman's Alternative Smith would provide pretty good protection. Electoral Fusion helps, too.

Big Party Rule upends the base voter issue: a ton of people will vote R or D, and now they have two R and two D candidates. You get Trump vs. Rubio, Bernie vs. Hillary. Combine this with any Condorcet system and you now need a mutual majority favor.

Under the Big Party Rule, you would probably get Bernie from the left and Hillary from the moderate Democrats; interfere with a huge pro-Bernie propaganda campaign and you get excitement for Bernie, but who is the second choice? It's ... still Hillary. The same is true of Trump and a more-moderate candidate like Rubio.

Hit the General Election and now what?

Well the entire moderate independent vote is going Hillary-Rubio or Rubio-Hillary. The moderate R goes Rubio-Trump or, for the Never Trump crowd who voted Hillary, Rubio-Hillary. The Pro-Trump crowd will go Trump-Rubio-Johnson-Hillary because they want to shoot down Bernie Sanders by putting Hillary above him (they might or might not rank Stein above or below Bernie at the tail end). The Bernie crowd is going Bernie-Stein-Hillary-Rubio, Bernie-Hillary-Stein-Rubio, or so forth.

In this scenario, a huge amount of the population is trying to NOT elect Trump or NOT elect Bernie. That makes those two unelectable. The voters on the left have said they'll concede to the Republicans if they take Rubio (that's what actually would have happened in this line-up, based on the data I've been able to dig up); the voters on the far right have said they'll settle for Rubio if not Trump; moderates are taking Rub

Re: Reasoning

I tend to think of everything.

If you did, you'd realize that the ego manifested in this statement was blinding you to the fact that you haven't thought of everything.

Re: Reasoning

[wonkavader]

This is all true, but it ignores the fact that we have partisan administration of the voting system, as well. And that's always the party in power. And we HAVE that "lot of corruption" necessary to make an impact.

We have unfair poling place positioning and voter to polling place rations. We have voter suppression based on IDs. We have laws which forbid felons to vote. We have no penalties for targeted "accidental" mailing of the wrong date or location for voting by the partisan voting administrators. We have partisans disqualifying mail-in votes and not informing the senders that their vote won't count until it's too late for them to vote otherwise. Fun stuff.

If we had a federal standard for voting, it might indeed be worse than what we have. It might also be better. We're not going to get one either way, as the people who would vote on that derive their power from gerrymandered, voter-suppressed, locally-controlled election systems.

We had a candidate (Lawrence Lessig) who ran ENTIRELY on this, but he got nowhere, because it turns out nobody wants to elect a president who says he won't tackle foreign policy, education, taxes, the military, etc. and will quit once he fixes the one thing he was running for.

There's a lot we could learn about voting from looking at other countries and especially at Australia. We're not gonna do that, though, because the people making these decisions love it this way.

Re:Reasoning

[HiThere]

The House may change, but the Senate is going to stay R, or possibly turn more R, because more D's than R's are up for reelection.

Re: Reasoning

I don't think we're ever going to see any meaningful election reform because the people to approve any changes have a vested interest in keeping the status quo.

Re:Reasoning

We have states with more people than all of Australia. We *are* doing this at the same level.

Re:Reasoning

[jbr439]

in Australia (apparently a nazi country since we have govt regulation of business, gun control, national healthcare?) ...!

I believe that every developed country on the planet, with the exception of the US, is a 'nazi country' by this definition.
So don't you go feeling you're special :-)

[written from nazi country Canada]

Re: Reasoning

[philmarcracken]

And yet your vote barely matters https://www.youtube.com/watch?...

Re: Reasoning

Thank you for that original and enlightening commentary, Dr Jerkoff.

Re: Reasoning

State level, you need a LOT of corruption across a highly distributed network of independent voluntary organizations to impact a vote. That complex non-standard setup is the primary safeguard against vote results tampering. The second is the volunteers who have a self interest in making sure the other isn't cheating and many independents who ensure no one cheats.

Who needs corruption when you have widespread incompetence by design?

For the record

[PopeRatzo]

According to the article, every single one of the 10 states where these machines were used are Republican states where Donald Trump won.

Why doesn't anyone look surprised by that?

Re: For the record

[c6gunner]

I'm not at all surprised that you are, once again, lying about this contents of a political article. Should I be? You want me to look surprised, try telling the truth for a change.

Re:For the record

[Rockoon]

I am replying to a partisan hack that is dishonestly pretending to misunderstand whats in the article. on purpose. Basically, a lying fucking cunt.

Re:For the record

[PopeRatzo]

I am replying to a partisan hack that is dishonestly pretending to misunderstand whats in the article. on purpose. Basically, a lying fucking cunt.

Nothing to misunderstand. A voting machine manual was insecure by design, and the only states where it was used were states run by Republican jackoffs. It's all right there in the article.

Re:For the record

Because Obama literally told Trump in 2016 that it was a conspiracy theory to think our elections could be hacked.

https://www.nytimes.com/2016/10/19/us/politics/obama-donald-trump-election.html

Selective amnesia seems to be a reoccurring thing in these days. Perhaps something is in the water?

Re:For the record

You do realize both sides play this card right? Rigged elections are a staple in US politics.

Re:For the record

And Trump replied, quite loudly as I recall, "CHALLENGE ACCEPTED".

Re:For the record

2000 we had a near 50\50 tie election.
Same thing happened 2004.
2008, a man was president who had a questionable birth certificate.
2012, we had a weak republican candidate.
Then 2016, back to the tie situation.
Also both candidates were purported to have foreign adversaries compromise them; hillary's e-mail server leaked information to the russians, Trump allegedly took money from them too.

At this point the discussion is which foreign government\secret society isn't trying to trash our government for fun and profit.

Re:For the record

... the marks voters make on a ballot ...

"Optical-scan" means there is a source document that can be eyeballed for hand-tallies.

Its seems Delaware, Georgia, Louisiana, New Jersey, South Carolina use computer-only ballots. That's 3 of the 28 states with sizable Republican support in the 2016 election.

Re:For the record

fuck off you stupid cunt

Re:For the record

According to Democrats the election cannot be hacked so what's the problem?

Re:For the record

[Tablizer]

T wasn't blaming the "rigging" on Russia, but on Democrats/illegals. It was T's burden to show evidence for them doing such.

I suppose if you claim everything is rigged/bugged/fake, you'll accidentally be right roughly 10% of the time in a general sense.

Re: For the record

Nope, in the USA you'll be right 100% of the time.

Re:For the record

>which foreign government not not Saudi Arabia and Russia.

Re:For the record

T wasn't blaming the "rigging" on Russia, but on Democrats/illegals. It was T's burden to show evidence for them doing such.

I actually expect that if rigged vote counts are discovered after the election, they will be rigged in favor of Trump, and the officials (and non-officials) involved will have acted in the persuasion that they needed to counterbalance all of the rigging going on on behalf of crooked Hillary and all the voting fraud committed by Democrats. All of which, of course, happened only on Fox news and/or in their heads but they nevertheless will be convinced that they owed it to fairness to cheat and/or look the other side.

Re:For the record

[LynnwoodRooster]

You idiot. OpenElect is used in Illinois and Virginia both of which went for Hillary! Just go away - you're wrong all over the place, provably so...

Re:For the record

[LynnwoodRooster]

A voting machine manual was insecure by design, and the only states where it was used were states run by Republican jackoffs.

False. Admit your error, you jackoff. Or do you contend that IL and VA went for Trump, not Hillary! ?

Re: For the record

You never tire, do you?

Re:For the record

Apparently you can't read or understand the difference between run by and won by

Re: For the record

Why would anyone tire of pointing out that DopeFatso is a big fat liar?

Re:For the record

[Ol+Olsoc]

According to the article, every single one of the 10 states where these machines were used are Republican states where Donald Trump won.

Why doesn't anyone look surprised by that?

If the voting machinery was not corruptly designed to be intentionally hacked, they missed a good chance to do just that.

Carnegie Mellon performed a test to see how secure voting machines were. They were not secure at all. They had a pretend election, and could easily go in and switch votes so that the loser won.

There are still some rumblings regarding the Kerry vs Bush outcome in Ohio, and Karl Rove's election night meltdown when he refused to accept that the Kenyan Terror baby won Ohio. In the first case, apparently a lot of people decided to lie in the exit polls, and in the second, Rove seemed to suggest the sort of magic that the Carnegie Mellon people showed was pretty trivial to do.

Re:For the record

[Uberbah]

I actually expect that if rigged vote counts are discovered after the election, they will be rigged in favor of Trump

Yeahno. Trump wasn't a part of the establishment, which is why they came up with the the Russiagate BS to jerk him around as needed.

Re:For the record

You are so wrong, it's not even funny. Fake comment!

Re: For the record

[Tablizer]

Which country has righteous politicians?

Re:Unity? RATZO = racist seditious traitor KILLED!

i dont think the fucking puke ratzo should be killed, but he is a piece of shit shill asshole fuck. probably a bot or a paid shill.

Re:Unity? RATZO = racist seditious traitor KILLED!

[Zontar+The+Mindless]

Funny how the voter ID types go running for cover when it's pointed out that a national ID card would take care of the issue, and does so in most countries. But a national ID card ZOMG NWO!!

Monkey See, Monkey Do

[Tablizer]

I bet they hired some clueless shlub who wrote the manual based on observing actual practices instead of checking with a security expert. Seen it happen.

Boss: "Fred, I'm reassigning you to write the manual for the new voting system."

Fred: "But I don't know anything about voting systems."

Boss: "Just observe the testers in action, and write down what they do."

Fred: "Okay, I can do that! On-it, boss!..."

Re: Monkey See, Monkey Do

[orlanz]

Let's put aside the issue of using a password based system in the first place. But a "security expert" would have made things worse. So the official manual will say use a secure 10 character, upper, lower, special, & number password.

The unofficial manual will say look for tape under the machine.

Atleast with the current manual, people will be less likely to share their accounts because it's so easy to setup new ones.

Re: Monkey See, Monkey Do

[bluefoxlucid]

Let's put aside the issue of using a password based system in the first place.

No, let's not do that. It never even occurred to me to use passwords when I stared writing the SAFE VOTES guidelines (elections procedures and standards specifically for elections run via direct-recording electronic voting). I didn't even require 2FA--largely because using the credentials to do anything permanently takes the machine out of commission, causes alarms, and generally draws a whole lot of attention and stops your election, but also because the credential is created at poll open and is destroyed at poll close that day.

the official manual will say use a secure 10 character, upper, lower, special, & number password.

Assuming the accounts are persistent and long-lived, I would have said to use either TOTP, PKI (FIDO U2F, Smart Card), the two as a 2FA pair, any password plus TOTP or PKI as a 2FA pair, or a single-factor password of at least 14 characters and preferably generated as four random dictionary words (49 bits with 5,000 word dictionary and no variations, vs. 52 for 4-class 8-character).

TOTP has a huge problem: if you demonstrate the installation of the software image on the machine, such that you can prove an untampered image, then the public observes the TOTP credential. You can't keep it secret. This is also true of entering a password.

The weakest link is always people

Technology has outstripped most peoples understanding... So they cannot do what is needed when they don't understand it

What difference does it make?

Any election process that can be corrupted by someone knowing the password is broken regardless of the strength of the password.

Failure is not an option

[jd]

Few obvious questions.

First, with aren't they using smart cards with passwords on the keys?

Second, why did the software permit weak choices? Manual be damned.

Third, why are infosec officers not replacing those pages in the manual, training users in proper procedures, rejecting the products at user acceptance or running tools for weak password detection?

This is a failure of the entire procurement procedure, start to finish.

Re:Failure is not an option

Sounds a lot more like "working as intended".

It's too many failures, too many coincidences. As gerrymandering and voter suppression has been a thing for decades, it's a pretty reasonable assumption to make that if you can get your tentacles into the voting machine business - which we already know is the case - things will go wrong. The needed lack of ethics is clearly there.

This is why voting should never be done on machines; if you breach the integrity at the source, the entire election is corrupted in a way which is very hard to detect. If you use humans, you have to corrupt each and every constituency, and the chance of detection goes up dramatically.

Re:Failure is not an option

Because actual secure voting machines are not the goal.

Re:Failure is not an option

[bluefoxlucid]

First, with aren't they using smart cards with passwords on the keys?

Because voting machine manufacturers are money-changers, not security experts. They make ATMs, they make voting machines.

Second, why did the software permit weak choices?

Made to order.

Third, why are infosec officers not replacing those pages in the manual, training users in proper procedures, rejecting the products at user acceptance or running tools for weak password detection?

The same companies who provide the machines also provide voter outreach and elections consulting. They'd be the ones deciding if you should reject this shit.

Why do you think I'm starting a business and breaking into that industry? Paper ballots look kind of like the Internet to me (from thousands of polling places, through the hands of small groups of trustees, flowing to central State offices... looks just like all the online banking traffic), and the electronic voting industry is run by people with no background in IT security or risk management. Everything is run wide open and vulnerable to all kinds of attack. Somebody needs to fix it.

Re:Failure is not an option

[wonkavader]

The voting machine companies arrived like there was a gold rush. The most important selling point of any voting machine system is "NO RECOUNTS" because A. recounts cost money, and B. The people counting the votes don't like them.

NO RECOUNT sets the bar pretty low -- "just throw a machine together that spits out an excel spreadsheet or an access database."
NO RECOUNT actively discourages a paper trail.

The designs were stupid. The purchases were stupid. All money spent on them was a mistake. No one wants to admit that, so they double-down.

Electronic voting is FRAUDULENT

That's why they brought it in. It's SO obvious, how did anybody allow this to happen?
Why not just use the Robinson Method - no electricity needed, instant results at the end of the ballot, visible for all to see, so everybody can check if they want to, that the ballot held in their area was fair.

http://www.paul-robinson.us/index.php/2008/10/25/the_robinson_method_a_really_simple_way_?blog=5

(There is a MYSQL error on the site at the moment, hopefully he will fix it so you can actually see what The Robinson Method is.)

Re:Unity? RATZO = racist seditious traitor KILLED!

[LynnwoodRooster]

We have de-facto national ID cards now - passports. And with the requirement for Real ID, pretty much all State-issued driver's licenses and ID cards will be effectively a national ID card. But why do I have to prove ID and tell the Federal Government what I'm doing when I buy a firearm, but not when I vote?

Perhaps rely on physical security.

[91degrees]

Sometimes I think we should remove all digital security features.

Based on the same principle that the way to make people drive more carefully would be a 6 inch spike in the middle of the steering wheel, people rely on passwords and encryption when they aren't completely effective. More to the point, the users typically don't understand them that well. The passwords themselves are next to useless here. Might as well remove them entirely.

If the security systems are removed, then we'd have to rely on things like solid cases, and physical locks and keys. Something that can not be easily broken and will show a clear indication is someone has done so. We would have to isolate the device from the network entirely.

Re: Perhaps rely on physical security.

[orlanz]

Or you can just use actual secure methods of authentication. The stuff that is found on any standard enterprise level laptop. TPM chips, two factor, encryption, etc. I think we got this stuff down pat about 10 years ago? In the IT world, that's basically a lifetime ago.

Re: Perhaps rely on physical security.

[91degrees]

The problem is enforcing it right along the chain.

2 factor authentication is inconvenient, and people circumvent inconvenience. In this case they can't even be bothered doing single factor authentication properly. So they'll share the password, and the security card, or SecureID generator or whatever.

I think to get this to work we'll need to fix human stupidity. Sadly I can;t see this happening.

Re:Perhaps rely on physical security.

[bluefoxlucid]

So here's the thing: computers can be made impenetrable; physical locks can't. Computers, however, are immensely difficult to validate: we can ensure a small code body (maybe 4,000 lines) is correct, but we can't ensure the whole OS stack, the enormous application in its entirety, all libraries, and so forth are correct.

You know that thing where you can't hack into a computer that's unplugged and unpowered? You can totally hack into a lock by getting a large enough hammer. Any lock. You can manufacture a duplicate lock, a duplicate seal, a duplicate ballot box.

A computer that's powered on, only accessible via port 443 with TLS, and configured to reject a client not presenting an appropriate authentication certificate has a relatively-small code path to deal with. Unfortunately, at that level, you're facing the operating system's network stack, its firewalling stack, parts of the TLS library, and anything in the application that tries to identify the user by reading the data (which should just be using the TLS library to ask for the principle). That's a lot of code. If all of that is secure, holes everywhere else don't give hackers access unless those hackers are also valid, authorized users trying to exceed their access.

We would have to isolate the device from the network entirely.

And there you go.

Voting machines only need to collect and package votes. They need to exist for one day, and they only need to release their contents in a batch--or in a one-way stream such as by FEC light transmission. Folded Reed-Solomon at 5,000% correction, a flashing LED, and a photosensor on the thing across the room would let you safely transmit votes during voting, if you really want. Thing is you still need to batch everything up at poll close and provide proof of the ballots in public view to confirm the vote tally.

So we're down to a single approach: unplug the machine from the Internet entirely. You vote, it collects votes. At poll close, it computes some kind of reproducible hash of the ballot set, which it displays for all observing. We all write it down, take pictures, whatever. Then it transmits votes--possibly by someone opening the locked door, plugging in a USB device, and copying the ballot set off physically.

With no surface to attack, it's secure.

You still need to prove the integrity of the machine at poll open. Remember: software manufacturers, hardware manufacturers, and all elections staff and authorities are also threats.

Re:Perhaps rely on physical security.

[91degrees]

A lot of this can be handled with low tech methods though. Make sure the machine remains visible at all times. Put plastic tape over any access hatch so you know if it's been tampered with. These low tech security measures are a lot harder to circumvent, and based on tried and tested methods that work well even for paper hand-counted ballots.

I agree with your concerns about the network stack. And I really don't have any idea how we can avoid attacks at the development or production stages.

I don't understand the reasons behind a purely electronic system. Personally I think that any voting system should provide a piece of paper with a mark on it. If the paper is then counted by machine, then fair enough. I realise there are issues there as well. I was around for Bush v. Gore, but I think those problems can be avoided.

Re:Perhaps rely on physical security.

[bluefoxlucid]

Make sure the machine remains visible at all times. Put plastic tape over any access hatch so you know if it's been tampered with.

Lexan case, locks, sensors, alarms--visual and audio.

If the paper is then counted by machine, then fair enough

Analog failure: machine misreads ballot. Direct-recording machines can display the ballot as it is understood.

Paper is easy to compromise: you can manufacture, alter, and lose it. The same is true of all data, really. You only have integrity inside the polling center.

Dems are empowered by censorship

You're correct the Dems would be wiped out if it was a level playing field where they go on the rampage defaming smaller news groups, and misreporting, banning entire platforms. That's how desperate they are. Spineless tech leaders who love censorshi: This is the direction were going in if we biw to the fake liberalism if the left.

Vote red to balance the engagement more fairly. Vote DEM out.

how hard is it?

[pereric]

Should not be too hard making a good voting system?

Sweden (and many Europeans do it like this): Every citizen get sent a physical voting card to their home address (including information on where and how to vote). No need for registration, just being a citizen (national elections) or at least legal resident (local elections). Election places are all over towns, usually in schools of libraries. They are staffed by volunteer respected citizen.

On election day, you go to the election place, take some ballots and envelope, and put one ballot in one envelope per election. Then you show your card at the front desk (always staffed by several volunteers), and get ticket off in the electoral roll. If you have lost your card, you can use some ID. The envelopes are put in sealed boxes (one per election) under your supervision. (Oh, you can also hand in you vote in advance, at advance election places anywhere in the country (and at consulates). They will be sent to your election place, and used if you haven't voted physically)

The boxes are kept under supervision, and when election closes, counting starts. Everyone is welcome supervising the opening of boxes and envelopes, as well as the counting. Results are usually presented the same evening. The ballots are then handed in and re-counted once at a central location for each county just to be sure.

The system is easy to audit, and hard to cheat - especially on a systematic nation-wide level (which is much easier if there is a electronic system to attack)

Re: how hard is it?

[orlanz]

That's pretty much how it's done in much of the US at the local level. Except for mailing and using a voter card. Proof of identity & residency is all that is needed.

Re: how hard is it?

[dunkelfalke]

In Germany, the voting card is just for convinience. An ID is enough, but without the voting card the election observers would have to look up the name in their list.

Re: how hard is it?

[squiggleslash]

No it isn't. The US doesn't automatically register anyone, you have to manually register. That's a pretty significant difference right there.

The entire US system is built around building as many hurdles to voting as possible. So you have to manually register. You frequently also need an approved form of ID. If you move house, both your voter registration and your ID become invalid. If you have no legal address, you have even more hurdles to jump - in some states this means getting an "official address" from the local sheriff, which for historical reasons many Americans are fearful of.

Your registration too is vulnerable. It can be cancelled due to any number of voter suppression techniques, from minor inconsistencies between names on registration vs, say, driver's licenses, to mail being returned when sent to a voter's address.

Finally, efforts to help voters are often illegal. One organization (which ended up the victim of a smear campaign, so I won't name it because that'll just turn people off ironically because they were fooled by this very issue) tried to mass register voters by knocking on doors, asking residents to fill in registration forms, and then delivering them to the local government. They found themselves responsible when some residents, and even some volunteers, put false information on the forms (like names of football players, people who didn't actually want to vote but, in the case of residents, wanted the door knockers to go away, or in the case of volunteers wanted to collect money from the organization for turning in enough registrations), finding it was both illegal not to turn them in, or to turn them in altered, but also illegal to turn them in with the false information. An election official in Georgia who told an elderly woman how the voting procedure worked was put on trial for helping her because, as she wasn't illiterate or disabled, the state believed she wasn't entitled to help (the election official was acquitted after 20 minutes of jury deliberation, but she had been facing 15 years in prison, and the fact the judge didn't stop the trial and nobody questioned what happened suggests her acquittal was a mild case of jury nullification)

It's nothing like what's in Europe. In Europe, registration is automatic, and you're encouraged to vote.

Re:how hard is it?

[Ol+Olsoc]

The system is easy to audit, and hard to cheat - especially on a systematic nation-wide level (which is much easier if there is a electronic system to attack)

The same people who claim that there is election fraud are not making the claim because they want to eliminate election fraud.

So they would hate your rather nice system with a passion.

Re: how hard is it?

[Darinbob]

In California you're allowed to use a provisional ballot much of the time. Ie, if you move to a new location within the same county but did not re-register you can still vote but with a provisional ballot, and it will get counted as long as it shows you did not vote in any other precinct. If you move to a different county without re-registering, you can still vote with a provisional ballot, it will just take a bit longer to verify. For most hiccups, you can get the provisional ballot.

Re: how hard is it?

Pretty much not how its done in the US. Something like 30% of electronic voting machines don't even have a paper trail...

Defective by design

[shentino]

Anyone wanna bet that this was done deliberately to make them easier to hack? Whoever made these things should know damn well how to keep it secure. Especially with the shenanigans around Diebold and so on. Election fraud is big news with the people who make the damned machines so there's no way they are doing this out of ignorance. These rules seem specifically designed with the OPPOSITE of security in mind.

You know, you can have one orange finger and you'll get the benefit of the doubt. Two orange fingers and you'll still get the innocent until proven guilty treatment. But when your whole hand is orange and there's cheese powder on your lips and teeth? Dude, I didn't have to see you do it to know that you stole the fucking cheetos!

Re:Defective by design

[bluefoxlucid]

Diebold made ATMs. They're money-changers. They see a need for a system that collects and transmits votes.

When you build a microwave oven, you don't load it up with fork-detection hardware. You tell people to never microwave a fork. In an election, people are intentionally trying to microwave a fork, and you need defenses against that. Diebold, ES&S, Hart, these people built a microwave to accomplish microwaving food, not to accomplish microwaving food in hostile territory where even the people who bought the microwave are trying to sneak forks into the microwave.

I'm getting into the business. It starts with security. Gonna be a while before I'm ready to play, but you know what? Everybody hates all of these people. They have no idea what they're doing. I'm going up against giants, but you gotta realize: I'm not competing with them; they're competing with me.

In writing

What kind of dumbass puts that in writing? I've seen a lot of shitty password practices in industry, and I know the human reasons why it happens, but the documentation always told you to follow best practices, even if it were never enforced.

Re: California.. explains everything

Right... everyone only fails into two rabid camps. But why more PUBS? They have had majority for... 8 years... and hardly got anything done. They have majority in all three branches for two years and couldn't even repeal Obamacare, let alone replace it with something better.

Let's vote the whining do nothing party out.

Re: Unity? RATZO = racist seditious traitor KILLED

Because technically, your vote doesn't mean anything.

at this point in time

it's probally easier to ask who hasn'tbeen manipulating your voting machines.

CRAP above

When I saw your dumbed down 2 choices, I new you were a failed demon rat. I didn't need to read the rest. It's a little more nuanced than that..

Re: Unity? RATZO = racist seditious traitor KILLED

[orlanz]

3/5 US citizens don't have a passport. I bet that's a little higher in the voting population which has a lot of elderly that traveled less abroad (they also didnt need passports for MX & CA).

Pray/hope for Decency

As a Republican, I don't know what the hell you just said there.

All I think is, the left have defecated all over the country with their media handlers lying, smearing and slandering as an Olympic sport.
I would give my left arm (at least) if I thought these criminals could be stopped by just one person.
They've destroyed discourse and blamed the one person trying to bring unity from day one, reversing his words, attacking women on the streets, [physically breaking Rand Paul's ribs, sending riacin to Susan Collins defaming Kavanaugh (who was a virgin in his 20's), funding illegals. 10 years ago, they would have been branded as terrorists and locked up every one of them, now they have human cattle to vote for them. Disgusting.

The modern Democrats are indeed a mercenary criminal syndicate on hire to foreign interests, namely China and the UN

Re: Unity? RATZO = racist seditious traitor KILLED

[LynnwoodRooster]

And the other half of what I wrote? Real ID is effectively a national ID.

Misleading title

Most people would presume a "voting machine" is a system people cast votes with. Apparently the machine in question is a tabulation machine probably with a PC buried inside. And the flaw if any is in the manual which in the researchers opinion doesn't sufficiently suggest the importance of good passwords. In any case password protection is almost useless if you have physical access to a system. But there is a hidden idea behind the hysteria. Not enough attention is paid to machines that tabulate versus the visible ones used actual voting.

Why can't we create a open source voting system?

And demand/shame the governments (not only ours, but all democratic governments) to use it. Instead of waiting for the vendors and morons in office, we are more than capable? Maybe there are system out their already, but being suppressed?

Meanwhile in DNC Land

Meanwhile in DNC Land, the DNC literally RIGGED their primary in 2016.
Hillary stole campaign money from other DNC candidates through a bizarre loophole allowing doners to give her over $100k each when the normal cap is $2.5k. (minor)
She colluded with Boston news outlets giving them Sanders smear stories to run, and telling them which days to run them.
Colluded with the WaPo, who fed her political stories early so her campaign could edit them and the WaPo would publish her versions.
Superdelegates.
Refusing to let the DNC fund any of Sander's campaign.
Removing access to DNC voter information from Sander's campaign right before Super Tuesday.

and on and on.

Not a peep from you about all that, because it helped "your guy" win. Instead of complaining about ACTUAL election fraud, you bring up conspiracy stories with no evidence. You don't care about fair elections, you have made that perfectly clear to us.

PopeRatzo is attempting to reclaim his crown as dumbest poster on /..

Re: Meanwhile in DNC Land

Don't forget that she was also fed the debate questions in advance so she could prepare answers, while her opposition had to play by the rules and come up with answers on the spot.

Rule #1: Democrats cheat. Always.

Re:Meanwhile in DNC Land

god damn you deplorables are desperate and reek of panic sweet

Re:Meanwhile in DNC Land

[wonkavader]

Hillary was a crap candidate and the DNC's shenanigans (I don't know that all of your points above are true -- I suspect many of them are false, but if every one were true it wouldn't change anything) were in HUGE part the reason we got into this mess. But the reality is we're now, quite blatantly a kleptocracy -- we've gone from a first world government to a third-world one over night. And the Republican party is frantically trying to stop anyone from doing anything about it.

The Democrats need to be back in power, because we have a CHANCE at decent government with them. We've seen how utterly corrupt the Republican party is. Comparing the rampant corruption of this administration to the previous one, or of the Republican party vs. the DNC, is seeming the mote where the beam is absurdly obvious. It's simply disingenuous.

The DNC needs to be overhauled. But that has to wait for a few more weeks, and needs to be finished or put on hold a solid 9 months before the next election.

Re:Meanwhile in DNC Land

and don't forget how the DNC then later went and made the rigging permanent.

Re:Meanwhile in DNC Land

and don't forget that the DNC then later went and made their rigging permanent.

humans

[cascadingstylesheet]

Electronic systems are used by human beings. The vast majority of whom are terrible at security.

Re:Unity? RATZO = racist seditious traitor KILLED!

Or buy beer or to go to the doctor or cash a check....

You want effed up, the CO system. A few years back when we changed to the current system somebody made a big deal about how broken the system was and very publicly got a ballot illegitimately. The only defense the left had for a system that was so easy to abuse was "well, it'd be illegal if he actually cast the ballot". The whole thing where they only reason they knew he had this ballot was because he was intentionally making a very big public deal about it seemed entirely lost on the liberals.

I still get mail in ballots for every roommate I've ever had. The way they verify it is by signature. It's a good thing I never had examples of their signatures from checks they gave me to pay their rent. Hell, this year they actually sent me two ballots addressed to me. It's a good thing I'm honest, as if I were less honest, I could vote something like 6 times in an election using only official ballots.

Re: Unity? RATZO = racist seditious traitor KILLED

[Cro+Magnon]

Aren't there still a bunch of states that don't have RealID? I know Missouri doesn't.

Voter ID = nazi bullshit

[Uberbah]

Paper ballot, voter ID

Like questioning Obama's birth certificate, the facts around voter ID - namely that in person vote fraud is so rare it may as well not exist - have been stated far too many times for anyone to advocate for it without engaging in outright sophistry. Sophistry like rattling off cases that wouldn't have been prevented by requiring an ID in the first place, like fraudulent registrations or ex-cons voting in states that don't allow it.

Have you not been paying attention?

[wonkavader]

It's in full swing:

https://www.reuters.com/articl...

https://www.vox.com/policy-and...

https://www.americanbar.org/pu...

Hell, even wikipedia has it: https://en.wikipedia.org/wiki/...

No E-Voting - We Know Too Much

[BrendaEM]

The people here on Slashdot who might be able to devise a secure electronic voting machine--are a minority compared of those here who could hack it.

Legal fees for an ID???

[huckamania]

Sorry, you, your friend and the dumb ass from Harvard are still wrong.

Re:Legal fees for an ID???

[HiThere]

An assertion is not proof of anything, and is only evidence of one person's opinion. He quoted a study (which I didn't bother to check) and provided a (corrected) link. Admittedly I didn't follow it. This is at least the form of evidence based decision making.

You offered only your assertion.

Similar story

[Thad+Boyd]

I used to work as a temp on GoDaddy's web design team.

Our first day, we had to go through a "security" tutorial that, among other things, advised that we satisfy the "mixed-case and at least one symbol" requirement by using an initial capital letter and putting an exclamation point at the end.

I e-mailed the security team to explain to them why this is bad advice ("you've just removed all the benefits a six-character mixed-case password with a symbol has over a five-character all-lowercase password"). Unsurprisingly, I never heard back.

Whats wrong with the oregon model?

Where they mail ballots to everyone? seems to work just fine, and increases voter turnout.... oh.... never-mind, just answered my own question!

USA is a Republic and oldest existing Govt

[huckamania]

Thanks for all the advice, rest of the world, but we're good here. It's nice you've finally figured out how to run your countries. Keep in mind that there are many, many years between the founding of our countries current governance and the founding of your current government. It's not even close.

If and when this government topples, then you, the rest of the world, can compete to see which of your governments last as long.

Re:USA is a Republic and oldest existing Govt

[wonkavader]

Right. Not invented here. Therefore of no value. Yep. Good point.

Let's all go back to polishing our flintlocks.

Re:USA is a Republic and oldest existing Govt

>Thanks for all the advice, rest of the world, but we're good here

The US is collapsing right before your eyes. We're not "good" anything here. A single party has managed to take control of all three independent branches of government, which is a failure condition. I'll be interested to hear your comments in 2024 when the Trump family owns and operates the Presidency like a monarchy.

Re:USA is a Republic and oldest existing Govt

Oldest existing government? The UK says "hi". Along with numerous others I'm sure could be filled in.

Re:USA is a Republic and oldest existing Govt

[DethLok]

While the system of government has changed, thanks to a lost war, the ruling family hasn't, in the last... 2,500 years or so.

https://en.wikipedia.org/wiki/...

And of course, there is the United Kingdom, as has been pointed out by an AC. They settled the American colonies, who ungratefully rebelled!

Explanation

Georgia's Brian Kemp may just as well say that this too is the Democrats creating a way to hack voting systems, also with no evidence of this being some kind of Democratic plot. Is there no false accusation too low, despicable, and sleazy for Kemp to spew just because he could lose the election he is also supervising?

widespread election fraud

Widespread election fraud in 2016 was the only reason universally-despised candidate Hillary Clinton "won" the popular vote.

Re: Unity? RATZO = racist seditious traitor KILLED

[astrofurter]

You sure told 'im, Boris!