Forgot your password?
typodupeerror
Security Government Politics

Voting Machine Attacks Proven To Be Practical 225

Posted by kdawson
from the back-up-the-dumpster dept.
An anonymous reader writes "Every time a bunch of academics show vulnerabilities in electronic voting machines, critics complain that the attacks aren't realistic, that attackers won't have access to source code, or design documents, or be able to manipulate the hardware, etc. So this time a bunch of computer scientists from UCSD, Michigan, and Princeton offered a rebuttal. They completely own the AVC Advantage using no access to source code or design documents (PDF), and deliver a complete working attack in a plug-in cartridge that could be used by anyone with a few private minutes with the machine. Moreover, they came up with some cool tricks to do this on a machine protected against traditional code injection attacks (the AVC processor will only execute instructions from ROM). The research was presented at this week's USENIX EVT."
This discussion has been archived. No new comments can be posted.

Voting Machine Attacks Proven To Be Practical

Comments Filter:
  • Re:Still not fair. (Score:5, Insightful)

    by InsaneProcessor (869563) on Tuesday August 11, 2009 @02:08PM (#29026547)
    I work in the computer industry and do not trust any electronic voting system. The more complex a system (any physical system) the more susceptible it is to attack. Give me good old paper ballots any day.
  • by Anonymous Coward on Tuesday August 11, 2009 @02:09PM (#29026565)

    The problem is our elections are supposed to be transparent by law.
    The problem is our elections are supposed to have public oversight.
    The problem is a private company can not provide public oversight.
    The problem is electronic vote tabulation devices use invisible signals which no human (especially a poll watcher) can see.
    The problem is China or North Korea could decide our elections and we wouldn't know.
    The problem is there is no electronic vote tabulation device (or electronic vote registration poll book device) which can be validated with public oversight.
    The problem is without public oversight, no election can be validated.
    The problem is if our elections can not be validated, we can not hold our representatives responsible.
    The problem is if our representatives can not be held responsible, they tend to ignore the rule of law.
    The problem is if our representatives ignore the rule of law, they tend to ignore protecting the US Constitution against all enemies.
    The problem is when the US Constitution is ignored, we no longer live in a Constitutional Republic.
    The problem is when we no longer live in a Constitutional Republic, we slip into fascism.
    The problem is we have slipped into fascism.
    The problem is ignorance is no longer an excuse for corruption.

  • by Bandman (86149) <bandman@NOsPAm.gmail.com> on Tuesday August 11, 2009 @02:10PM (#29026581) Homepage

    Electronic bits do not have the quality of being static. Electronic votes can be changed without obvious physical evidence, and as long as they're purely electronic, it will always be like that.

    Even an optical disk is more static than electronic bits that live in a database.

    People need to demand paper ballots until electronic voting machines are all enhanced with built-in paper trails.

  • by hessian (467078) on Tuesday August 11, 2009 @02:29PM (#29026911) Homepage Journal

    1. What form of electronic voting could not be compromised?
    2. What form of paper voting could not be compromised?

    It may be that we must accept that no form of voting is "secure" in the sense of cannot be gamed.

    At least, people have been gaming votes for as long as democracy has existed, so I don't know if they're going to stop just because we make it slightly less convenient.

  • by omnichad (1198475) on Tuesday August 11, 2009 @02:54PM (#29027407) Homepage

    The printout should be made BEFORE you confirm the vote for the final time on-screen. You need to be able to confirm that the paper actually shows your correct vote.

  • Re:Not a Bug (Score:2, Insightful)

    by radtea (464814) on Tuesday August 11, 2009 @03:09PM (#29027671)

    It is designed to serve as a backup in the event that the machine is destroyed (i.e: building burns down) and the ballots are lost.

    How often has that happened in the history of American elections?

    That is exactly the kind of dramatic detail that puts my fraud-detector on alert. "Look, it's so secure that it's even secure against problems you don't have!" Typical distraction. It makes me wonder what you're hiding.

    As it happens, if you google "ballots lost in fire" you get a bunch of hits on the first page about fraud and failure related to electronic voting machines.

    Given the complete lack of transparency at all levels of any electronic voting system I am extremely suspicious of all of them. As we've seen in recent years, even machines that are secure at the local level do not necessarily produce accurate aggregate vote counts when the results are summed.

  • Re:Not a Bug (Score:5, Insightful)

    by HTH NE1 (675604) on Tuesday August 11, 2009 @03:12PM (#29027733)

    The only problem with this is that you aren't going to get a few "private minutes" with the machine

    Surely that depends on the standards of voting privacy in your district, like whether you get a three-sided screen block or a complete booth with ceiling-to-floor curtains.

    And an election can be thwarted by leaving evidence of tampering in a district you want to disenfranchise.

  • by lseltzer (311306) on Tuesday August 11, 2009 @03:12PM (#29027737)

    Give me a few private minutes with a paper ballot box and I can stuff it full of ballots for my candidate. That's an old-school hack.

  • Re:Old News (Score:4, Insightful)

    by aztracker1 (702135) on Tuesday August 11, 2009 @04:20PM (#29029135) Homepage

    LOL, not to mention the fact that paying off a developer would probably be safer, and cheaper, than a team of people to root a bunch of voting machines, when you can nab all of them. ;)

  • by Chris Mattern (191822) on Tuesday August 11, 2009 @04:28PM (#29029275)

    And stop paying them, you shouldn't be in government for a salary.

    Bad, *bad*, BAD idea. If you can't be in government for a salary, then you're in it for the bribes. Not that paying a decent salary renders a politician immune to corruption, but at least he doesn't have to be on the take simply to put food on the table.

  • by davidwr (791652) on Tuesday August 11, 2009 @05:36PM (#29030275) Homepage Journal

    Best quote from the paper:

    The absence of a paper audit trail means that the vote modification will not be detected.

    ... much less corrected.

    You can have a very hackable machine with an immutable, hand-countable, voter-verified paper trail (i.e. printed ballots) and you'll be okay*, assuming multiple mutually-hostile parties are keeping an eye on the paper trail.

    You can have a very difficult to compromise machine without a paper trail and you'll never know with certainty your results are accurate.

    *There may be difficulties where a machine is needed to provide voter-verification, such as when reading back a filled-in printed ballot to a blind person. In most elections, the numbers of such ballots are less than the margin of victory. However, in some, such as the Florida Presidential race of 2000 or the Minnesota Senate race of 2008, this may not be the case. A way to handle this is for the read-back machine to be made, installed, and supervised independently of any machine that helps cast votes/print filled-in ballots.

  • by zogger (617870) on Tuesday August 11, 2009 @06:18PM (#29030799) Homepage Journal

    Here's a several trillion bucks and counting glaring example about how most reps and senators give not crap one what their constituents want: Public opposition including phone calls, faxes, emails, snail mails and buttonholing was running well over 90% against the casino bankers bailouts. Yet it passed, both under the shrub admin and continues today under the yomama admin. People just wanted normal bankruptcy to occur, let the real free markets sort out those ludicrous collateralized debt obligations and hedged derivatives bets and all those other pseudo financial "products" and other forms of mass leechery from the real working folks. People said in huge numbers "No, we don't need to offer millionaires and billionaires welfare when they bet wrong, they should eat their own megacapitalist dogfood..we'll deal with whatever happens, but don't subsidise those people". But nope, the US public got put on the hook to bail them out.

        GM and Chrysler, again, decades of getting it wrong in the auto industry, all the chance in the world for management, unions and investors to get it right..nope, they kept screwing up. People really didn't want to bail them out, again in huge numbers, just let them go bankrupt like normal, but, the quasi bailout happened anyway, and now we have some precedent that the executive branch can just seize corporations and run them. Seems like we fought a big fat war over that economic and governmental "blend" two generations ago, we were against that back then, and actually hung some of the high level proponents after that war. Now, it is *policy*, despite most folks being against it.

    Look at the dumb wars..I sincerely doubt there is even close to a majority opinion anymore to continue these wars....but they still go on.

    The bottom line is "government" doesn't give a rat's ass what "the people" want, they just go ahead and do whatever they want to do, or what they have been bribed and blackmailed into doing.. I can't give you an exact date when it happened, but voting and "representative democracy" has been broken on many levels for a long, long time now.

    Now I still vote, inertia mostly and all, but I think it stopped having much meaning at the larger scales. Local elections I think your vote can make a little difference, at state and above levels though, you have your choice of the globalist screw the middle class party that subsidizes a.b and c over there at your expense, or the globalist screw the middle class party, who subsidizes x,y and z over thataway, again at your expense.

    I *wish* it was different, really, I sincerely do, but not seeing it. Until such a time as the two corrupt major parties are abandoned or outlawed for major racketeering, just not seeing things getting any better. Just way too corrupt, for way too long now, it is just "business as usual", and neither party has any incentive to eliminate themselves or the other party, because they are equally corrupt, so they just are never going to go there.

    My big hope, really..I hope the USA does a USSR and just dissolves as a bad idea, past prime, with no bloody revolutions. I want some real honest choice. If a regional bloc or state wants joe government to run all aspects of their lives, cradle to grave, and stay taxed at 90% with a herd of commissars overseeing them all the time...swell, let them try that, see how it works. If another wants just about no government at all, private everything, no rules except ferengi "profit at all costs!", fine, let them try that and see what happens.

      Somewhere, some state or group of previous states will go "gee..ya know..the original Constitution and bill of rights actually seems well thought out..wonder what will happen if we really, REALLY follow those guidelines and not just lie about it all the time??". THAT place I *will* move to, even if I have to fight every step of the way there.

  • by adolf (21054) <flodadolf@gmail.com> on Tuesday August 11, 2009 @11:06PM (#29033067) Journal

    *sigh*

    Troll, these days, is too common a moderation, and is often misused. It wasn't always that way around here.

    I, for one, like Obama. I like many of his policies, and dislike many others, but I sure like him better than the last guy, overall. That's my opinion, of course, but it's important that I be allowed to state it -- even though I'm quite certain that others disagree.

    Likewise, as an American, I support the right for anyone at all to call him a corrupt asshole, and be heard.

    Sometimes, I think the mods just need to take a deep breath, and mod "Interesting" instead of "Troll" or "Flamebait," even though some less-than-savory discourse might ensue, for it is this very discourse that keeps us, as a nation, united.

    But, hey, what do I know? I'm just a taxpayer. No no, that's not it -- I'm a consumer. Er, wait - that's not right either. Oh! I remember! I'm a citizen, and I own this place just like every other citizen! Even those citizens that I think are full of shit, or that I just disagree with by default -- they own this place, too!

    (I think my sig sums the rest of this up neatly.)

  • by Some Bitch (645438) on Wednesday August 12, 2009 @07:14AM (#29035837)

    Government should never do what the people want, individuals may be smart but "the people" are dumb as dogshit. The government's job is to do wehat they believe is right no matter what "the people" think. If they screw up they get voted out, if they're right they get another spin of the wheel.

Prototype designs always work. -- Don Vonada

Working...