Voting Machine Manual Instructed Election Officials To Use Weak Passwords

An anonymous reader quotes a report from Motherboard: An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor's tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor's name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases -- alternating between two of them -- and in other cases to simply change a number appended to the end of some passwords to change them.

The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices. The passwords in the manual appear to be for the Open Elect Central Suite, the backend election-management system used to create election definition files for each voting machine before every election -- the files that tell the machine how to apportion votes based on the marks voters make on a ballot. The suite also tabulates votes collected from all of a county's Unisyn optical scan systems. The credentials listed in the manual include usernames and passwords for the initial log-in to the system as well as credentials to log into the client software used to tabulate and store official election results.

Re:Unity?

[PopeRatzo]

Paper ballot

That's how we do it here in California, which has the fairest and most secure elections in the country.

Re:Unity?

[PopeRatzo]

The issue is we ignore the next two, which are just as important. One out of three doesn't cut it...

Oh, we have all three. When I registered to vote earlier this year, I had to show proof of my citizenship and a photo ID, and we have vote-by-mail that you don't have to be "absent" to use.

By the way, the states that experts have ranked as the worst for electoral integrity are Arizona, Oklahoma, Wisconsin and Tennessee. Also, Texas, Georgia and South Carolina rank pretty low.

Re:For the record

[PopeRatzo]

I am replying to a partisan hack that is dishonestly pretending to misunderstand whats in the article. on purpose. Basically, a lying fucking cunt.

Nothing to misunderstand. A voting machine manual was insecure by design, and the only states where it was used were states run by Republican jackoffs. It's all right there in the article.

Re:For the record

[Tablizer]

T wasn't blaming the "rigging" on Russia, but on Democrats/illegals. It was T's burden to show evidence for them doing such.

I suppose if you claim everything is rigged/bugged/fake, you'll accidentally be right roughly 10% of the time in a general sense.

Re:Reasoning

[DethLok]

in Australia (apparently a nazi country since we have govt regulation of business, gun control, national healthcare?) we also have the Electoral commission.

They run the voting system.

Everyone votes the same way, on paper.

They hire extra staff from existing public service agencies, experienced & arguably trustworthy govt workers.

Voting is too important to let states or cities make up their own rules, or to let just anyone work in the polls.

And boy, am I curious to see the results and hysteria of these US midterm elections, it is going to make Bush vs Gore look like a couple of toddlers fighting over a toy!

Re:Unity?

[Kiuas]

Here in the US, most States provide zero-cost ID

Do they? 'Cause that's news to me. I asked an American living here in Finland that I have befriended about this and he said it's BS. So one of you guys is wrong. I tend to trust my friends more than strangers on the internet but because I wanted to make sure I went to Google and 10 seconds later found this in the wiki

According to a Harvard study, "the expenses for documentation, travel, and waiting time [for obtaining voter identification cards] are significant—especially for minority group and low-income voters—typically ranging from about $75 to $175. When legal fees are added to these numbers, the costs range as high as $1,500."[49][50] So even if the cards themselves may be free, the costs associated with obtaining the card can be expensive.[49] The author of the study notes that the costs associated with obtaining the card far exceeds the $1.50 poll tax outlawed by the 24th amendment in 1964.

The study in question is a 2014 study from Harvard Law School titled The High Cost of ‘Free’ Photo Voter Identification Cards '

So a trusted and informed friend and a dude from Harvard Law against 1 anonymous coward... damn, this is a tough one but I do think you may in fact be full of shit, because I did crunch the numbers and came tot he conclusion that a 'free card' costing anywhere from 75 $ upwards is not in fact free.

This reminds me of that quote from Hitchiker's Guide to the Galaxy:

“But the plans were on display”
“On display? I eventually had to go down to the cellar to find them.”
“That’s the display department.”
“With a flashlight.”
“Ah, well, the lights had probably gone.”
“So had the stairs.”
“But look, you found the notice, didn’t you?”
“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”

Re:Unity?

[HiThere]

This depends entirely on what is accepted as an ID, and how hard it is to get. I recently moved, and it was quite a hassle, partially because I can't drive.
The new state wouldn't accept the ID from the old state, and demanded a birth certificate. And the one issued by the hospital wasn't acceptable, it had to be a government issued birth certificate. And the place where I was born raised a large number of obstacles to getting the certificate without going there. (I don't know what it would have been like if I'd gone there in person.) Eventually they issued one after paying money, waiting, filling out forms, etc. ... and they never did do anything that would really check that I was who I said I was.

So. The issuing of the ID was free. The getting of it took a modest amount of money (not enough to pay for the paperwork), but a tremendous amount of bureaucratic shuffling, and didn't really prove anything anyway except that I'd gone through the bureaucratic paper shuffling.

So I'm not really impressed with the "ID requirements". They don't provide actual ID and they cause a tremendous amount of hassle. Photo + digitized fingerprints would be much better as unique IDs, or any of various other biometric markers. They should always be needed to be tested in person for any significant trust, because the "coded id" could be duplicated, so this should only be used to issue secondary ids from. And the database should never be connected to the internet, even indirectly, but the "coded id" should be matchable against any other reading.

Even so, you couldn't trust this system, because eventually there would be illicit copies made. And in a way this lack of trust is valid, because I'm certainly not the same person I was a decade ago.