Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Encryption Security Government Privacy Software United States Hardware Technology

Virginia Scraps Electronic Voting Machines Hackers Destroyed At DefCon (theregister.co.uk) 194

Following the DefCon demonstration in July that showed how quickly Direct Recording Electronic voting equipment could be hacked, Virginia's State Board of Elections has decided it wants to replace their electronic voting machines in time for the gubernatorial election due on November 7th, 2017. According to The Register, "The decision was announced in the minutes of the Board's September 8th meeting: 'The Department of Elections officially recommends that the State Board of Elections decertify all Direct Recording Electronic (DRE or touchscreen) voting equipment." From the report: With the DefCon bods showing some machines shared a single hard-coded password, Virginia directed the Virginia Information Technology Agency (VITA) to audit the machines in use in the state (the Accuvote TSX, the Patriot, and the AVC Advantage). None passed the test. VITA told the board "each device analyzed exhibited material risks to the integrity or availability of the election process," and the lack of a paper audit trail posed a significant risk of lost votes. Local outlet The News Leader notes that many precincts had either replaced their machines already, or are in the process of doing so. The election board's decision will force a change-over on the 140 precincts that haven't replaced their machines, covering 190,000 of Virginia's ~8.4m population.

Virginia Scraps Electronic Voting Machines Hackers Destroyed At DefCon

Comments Filter:
  • Let's face it (Score:5, Insightful)

    by mwvdlee ( 775178 ) on Tuesday September 12, 2017 @03:15AM (#55179229) Homepage

    Despite the ongoing efforts of all political parties; democracy is too important to entrust to for-profit organizations.

    • We entrust our parties and politicians to them, why does it bother you that the way to choose between the whores is in their hands, too?

    • It isn't that democracy is being entrusted to for-profit organizations, it is that politicians are trying to use technology for technologies sake. If you want to create high-tech voting booths, you have to have a team of specialists to audit and maintain them. For this task, computer/human readable paper ballots are the sweet spot we should be looking toward. Humans can use them in the absence of tech in order to audit the machine that can count and tabulate much faster with great accuracy.

    • by Altrag ( 195300 )

      Not really. Purchasing bodies just need to include security audit requirements as part of the bid criteria.

      The bigger issue right now however isn't so much profiteering as it is political partisanship. There are few companies that don't lean to one side or the other, and the people in government obviously aren't neutral since you know.. its their job to be political and partisanship is the name of the game these days.

      And I mean paper ballots aren't exactly the panacea that people like to believe either.

  • by fahrbot-bot ( 874524 ) on Tuesday September 12, 2017 @03:23AM (#55179247)

    In my Virginia Beach precinct, we had electronic voting machines a while ago, but have had paper -- fill in the bubble, then scanned -- ballots for the past several years including the 2016 election. The ballots are scanned on their way into the locked ballot box. This system is easier and faster than the electronic versions were, plus there's a paper trail.

    • by TWX ( 665546 )

      Yep. The computer merely makes counting ballots in a well-run election faster. It makes the paper the authoritative documentation, with the computer merely a tabulation device so that many fewer people can actually run the election to bring costs down.

      • Unfortunately, counting the votes is a much more lucrative attack vector than casting them, where it might be noticed (assuming there's a paper trail). Basically no one wants to do a recount after the fact, and there's no other way to tell if the tallying machine was compromised (especially when even gross inconsistencies with exit polls are routinely ignored).

        There's nothing wrong with having a machine tally the votes as a backup/sanity check, but it should *never* be used to create the authoritative tall

    • by Anonymous Coward

      These bubble counting machines themselves have an attack vector that's been well exploited.

      In Florida, they did an analysis of faulty misaligned ballot counters and there was a statically higher number of mis-calibrated counting machines in Democrat districts. Those machines rejected votes as invalid that were valid.

      Really, lots of people, done under surveillance of representatives of the candidates standing for vote is the way to do vote counting.

      When you have elections run by political groups, you have op

      • by Kohath ( 38547 )

        The point isn't that the scanning machines are perfect or impartial. The point is that scanned paper ballots can be re-examined and re-counted later.

        Scanned paper ballots are also individually numbered, so the quantity can be matched to the number of voters who signed in. This is a safeguard to prevent someone from filling out 1000 extra ballots or throwing away 1000 of them during the recount.

        • by Altrag ( 195300 )

          Its not hard to count the number of voters who signed in and compare it to the total votes reported by the machine. The only way that would fail is if the machine just reports a winner rather than the counts, and that would be dumb even by voting machine standards.

          Making sure it recorded the correct vote for each voter, without removing their voting privacy, is far more challenging.

    • In my Virginia Beach precinct, we had electronic voting machines a while ago, but have had paper -- fill in the bubble, then scanned -- ballots for the past several years including the 2016 election. The ballots are scanned on their way into the locked ballot box. This system is easier and faster than the electronic versions were, plus there's a paper trail.

      With a bit more it's possible to go a step further, and get election systems that not only have a verifiable paper trail, but which are end-to-end verifiable, allowing any voter to check after the fact whether or not their vote was included in the tally (but without being able to prove to anyone how they voted), and allowing anyone to verify the correctness of the tally. The method relies on applying the concepts and methods of modern cryptographic proofs to the problem of voting. It not only ensures that b

      • by Altrag ( 195300 )

        That's not really all that useful. Being able to verify that somewhere, the fact that I voted was recorded, doesn't tell me a) if it tallied the correct vote I gave it or b) if the verification service and the vote record match.

        That is, for a) you could punch in Democrat and it silently, internally records a vote for Republican. Since your after-the-fact check only notes that you did vote, not who you voted for, you still have no way to prove this one.

        And for b) the verification website/service/whatever c

    • by hey! ( 33014 ) on Tuesday September 12, 2017 @08:45AM (#55180011) Homepage Journal

      I have a theory why some districts may prefer voting machines to electronically scanned paper ballots. Voting machines make it possible to manipulate election results without actually hacking the machines themselves. You just have to hack the wait times in districts unfavorable to you. Lest that seem far-fetched, note that studies have shown that waits in minority-dominated precincts are on average almost twice that of white districts.

      For the price of a single voting machine you can put up a dozen of those cheap pop-up voting booths. This means the marginal cost of scaling up an overloaded precinct's capacity is extremely low. I live in a state that uses scanned paper ballots, and the voting places have so many booths that in 45 years of voting I've never had to wait more than five minutes to vote -- and that's for checking in with the elderly volunteers. There's always free booths, no matter how heavy the turnout.

      • by Kohath ( 38547 )

        Ok, maybe. But maybe the electronic voting machine salesman just told them people could vote in 90 seconds so it's OK that they cost twice as much. Meanwhile voting actually takes 3 minutes (or whatever) so you get lines.

        Conspiracies make for interesting stories. Interesting stories are less likely to be true than boring stories.

        • by hey! ( 33014 )

          Well, there's a different between conspiracy theories and theories about possible conspiracies.

          Conspiracy theories are prima facie irrational, because they require the believer to assume that the actors will do a number of improbable things -- usually things that are actually against their interests or wildly risky -- with a level of perfection that is beyond what could be practical. Typically vast numbers of people who have good reason to distrust each other work together in a perfectly trustworthy way.

          Wh

  • by Terje Mathisen ( 128806 ) on Tuesday September 12, 2017 @03:58AM (#55179315)

    Here in Norway we just had a general election last night:

    Just 2-3 weeks ago Jan T Sanner, the minister with responsibility for elections, decided that every single vote had to be counted manually, including all early voting ballots. Previously those votes had been counted using optical scanners but with the news about how hackable most voting machines have turned out to be, he decided that we won't trust them.

    Voting booths closed at 21:00 and the trend (our current prime minister will almost certainly get another 4 years) was immediately clear even though many of the details were less settled. This is mainly due to our voting setup with 169 representatives from 19 counties, where each party is supposed to get a total number which corresponds as closely as possible to the total vote counts, but with a cutoff of 4.0%: If a party gets less than that they will not get any of the final 19 slots which goes to the parties which have gotten too few direct representatives.

    This morning at 07:00 we had passed 95% of total votes counted and a couple of the smaller parties had just managed to lift safely above the 4.0% cutoff point, so now the result is for all practical purposes final.

    The key idea is that in all countries with "one person - one vote" the effort needed to do a full manual count (which is actually a dual count and verification) is exactly proportional to the size of the country, so it should be just as easy to do this in the US as in Norway!

    Terje

    • by DrXym ( 126579 )
      Ireland has paper ballots however the nature of the voting mechanism can have a huge impact on the time taken to count votes. Basically there are two or three seats up in every constituency and voters have to list their preferred candidates in order of preference - 1, 2, 3, 4 etc. as many as they like. First all the 1 preferences get counted up and if candidates pass a % threshold then they become elected, but if they don't then all the ballots are dumped back out and then the nr 2 preference is counted, th
      • by TheRaven64 ( 641858 ) on Tuesday September 12, 2017 @07:13AM (#55179665) Journal

        That doesn't sound right. As I understand it, Ireland has a Single Transferable Vote (STV) system. Under STV, you count all of the first votes, and if no one wins outright then you eliminate the least-popular candidate and redistribute their votes to their second choice. If there's still no clear winner then you eliminate the least-popular remaining candidate and redistribute all of their votes to their second choice if they're still there or to their third choice if they aren't. You repeat this until someone has 50%. You never dump all of the votes out, you only redistribute them from the least-popular candidate.

        There are other problems with STV, including some quite odd failure modes. For example, if you have four candidates, A, B, C, and D and 30% vote ABCD, 25% vote CBDA, 24% vote DBCA, and 21% vote BCDA, then candidate A will win. B is eliminated in the first round (because he receives the fewest votes) and all of his votes are redistributed to A. Now A has 51% and so wins, in spite of being there last choice for 70% of the electorate, and B never gets to see any of the second-choice votes in spite of being the first or second choice for 100% of the electorate. Of course, the same problem happens with first past the post, but there you don't have the information required to know that it's happened.

        There are some variations on STV that avoid these corner cases, but they make counting harder.

        • by DrXym ( 126579 )
          You redistribute the winner's excess to the other candidates and if there is no outright winner then you go to #2, #3 etc on the eliminated candidate until there are none left but yes I just paraphrased incorrectly.

          It's a painfully slow system to be sure. In some cases it takes all weekend to figure out who won.

      • by AmiMoJo ( 196126 )

        I really can't understand why it is so hard to build a secure voting machine. Maybe we need GNU Democracy or something.

        • by olau ( 314197 )

          It's easy to build one.

          But how do you know it hasn't been tampered with?

          Usually someone proposes an intricate cryptographic protocol as a fool-proof solution. But that's a great way to ensure that 99.9999% of the population will never be able to verify that the machine hasn't been tampered with.

          You need something which is obviously correct. That is just difficult to do with complex machinery.

          • by AmiMoJo ( 196126 )

            Ballot boxes are not exactly fortresses. They are, at least in my country, metal boxes secured shut with an official zip tie.

            The solution to verification is to simply print out a receipt. If there is any doubt the receipts can be manually counted.

            The main problems with these machines always seem to be extreme stupidity - USB ports on the outside, connected to the internet, running Windows XP... An open source version could easily build custom hardware and run a hardened BSD system. It wouldn't be invulnerab

            • That's why ballot boxes should always be guarded by at least 2-3 people loyal to competing parties until the votes are actually counted.

              Receipts are a nice idea - but once you have an official tally nobody wants to go through the difficulty and expense of counting them manually (especially if the incumbent party won), and without a manual count you have essentially zero confidence that the tally hasn't been tampered with. So why not just do the manual count up front and leave the automated tally out of it

    • We've never used anything else than paper voting in my country. What are these "paper scanners" you're talking about? ;) I guess we're just too backwards! For once for a good reason, though.
      • Our county in Virginia uses optical scanners. The ballot itself is a large sheet of paper where you use a pen to fill in circles next to your choices. Once that is done, you take your ballot over to the scanner machine, and you as the voter insert the sheet into the scanner. At the end of the day they can get the vote totals out of the machine and report them up to whomever is supposed to get it. If there is a need, the individual paper ballots can be retrieved from the machine and recounted manually.
        • The biggest most obvious weakness - how do you tell if there's a need? And if there is cause for suspicion, but the incumbent party won the official tally, what are the odds that there will be a recount?

      • @toonces33 gave a pretty good description of how the paper ballots with electronic scanners in the USA work.

        Why do these make sense in the USA? In most US jurisdictions, elections are about much more than electing a few people to a few offices.

        For example...

        Here is a list of all 132 judges that serve in your jurisdiction, should they be retained? (Yes or No)

        • Name of Judge 1 () ()
        • Name of Judge 2 () ()
        • Name of Judge 3 () ()
        • Name of Judge 4 () ()
        • ...
        • Name of Judge 132 () ()

        Referendum # 3453: Should the greate

    • by Sooner Boomer ( 96864 ) <sooner@boomr.gmail@com> on Tuesday September 12, 2017 @06:05AM (#55179531) Journal

      ... it should be just as easy to do this in the US as in Norway!

      mmmmm....yeah

      Norway - population ~5.2 million total

      Ireland - population ~6.4 million total

      Virginia - population ~8.5 million total
      Two countries vs one state

      Bit of a difference in scope, donchathink?

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        To count the ballots you need X counters per million people. The Us is ~60 times larger than Norway, so would need 60 times as many counters, but has 60 times as many taxpayers to pay for the counters. The overall cost and complexity of manual counting per citizen is exactly the same.

      • by AmiMoJo ( 196126 )

        The point is that it scales easily. The you need say one counter per 5,000 votes, no matter how many votes you have. You can adjust the work-load based on how quickly you want to know the result.

      • by asifyoucare ( 302582 ) on Tuesday September 12, 2017 @09:25AM (#55180189)

        No real difference in scope / scale. Vote counting is inherently parallelisable.

        More people > more polling stations > more vote counters.

      • by dave420 ( 699308 )

        It not just scales, it scales incredibly well. It's not as if it has 8.5 million people and the same amount of people capable of reading a ballot.

      • The populations you list are on order of the size of States within the US. The US Constitution gives the power to run elections to the States, so your numbers argue that this if this works for countries this size, it should work for states this size.

        Most States in the US then delegate the business of implementing the elections to their counties (or Parishes). These are even smaller.

        It may actually be the small size of the bodies running the elections in the US that make it harder to implement. It is why

    • Just 2-3 weeks ago Jan T Sanner, the minister with responsibility for elections, decided that every single vote had to be counted manually, including all early voting ballots.

      He should go one step further and implement end-to-end verifiable voting [wikipedia.org].

    • by mjwx ( 966435 )

      Here in Norway we just had a general election last night:

      Just 2-3 weeks ago Jan T Sanner, the minister with responsibility for elections, decided that every single vote had to be counted manually, including all early voting ballots. Previously those votes had been counted using optical scanners but with the news about how hackable most voting machines have turned out to be, he decided that we won't trust them.

      Voting booths closed at 21:00 and the trend (our current prime minister will almost certainly get another 4 years) was immediately clear even though many of the details were less settled. This is mainly due to our voting setup with 169 representatives from 19 counties, where each party is supposed to get a total number which corresponds as closely as possible to the total vote counts, but with a cutoff of 4.0%: If a party gets less than that they will not get any of the final 19 slots which goes to the parties which have gotten too few direct representatives.

      This morning at 07:00 we had passed 95% of total votes counted and a couple of the smaller parties had just managed to lift safely above the 4.0% cutoff point, so now the result is for all practical purposes final.

      The key idea is that in all countries with "one person - one vote" the effort needed to do a full manual count (which is actually a dual count and verification) is exactly proportional to the size of the country, so it should be just as easy to do this in the US as in Norway!

      Terje

      Australia had a national election last year, it took over 2 weeks for a leading party to be established as it came down to counting postal votes in many electorates.

      That being said, there is nothing wrong with paper votes leaving a verifiable trail. It means that votes can be trusted in cases like the 2016 Australian federal election.

    • I think the only problem here is that the US doesn't have "one person - one vote". They seem to vote on pages worth of issues in each election. It's "one person - one ballot" but that ballot may contain 20 or more questions. I'm not sure if any other countries have this problem. It seems to me that most countries you just elect an MP and that's it, but for some reason in the states they have a huge number of elected offices.

      • I wish I only had 20 or so things to vote on each election...

        There are the federal candidates, President (every 4 years), Senator (1 of 2 every 3 years), Representative (every 2 years).

        Then the State, County, and municipal candidates. These usually number 20 to 40 each election.

        Then there are electable judges. 20 to 30 each election.

        Then the vote on whether or not to retain appointed judges. These are appointed by electable judges and approved by the level of government legislature they serve, but the v

  • by MoarSauce123 ( 3641185 ) on Tuesday September 12, 2017 @06:28AM (#55179565)
    Use paper ballots and a pen, list all candidates / parties and have voters make one cross at the candidate they want to vote for. Then collect all those ballots in sealed ballot boxes and after voting ended do a manual count that is open to the public. Sure, it will take some time, but I rather have reliable results slowly than wrong results fast. This is not the case where failing fast is a good thing.
    • It is never good to fail fast. Despite what our CEO spews out of his pie hole.
    • Sure, it will take some time, but I rather have reliable results slowly than wrong results fast. This is not the case where failing fast is a good thing.

      On the contrary, failing fast is the right answer. That means deciding early on that the correct result cannot be determined and reporting the failure, rather than wasting resources only to fail later on (failing slowly) or silently producing the wrong result (not failing at all). Electronic voting machines are one example of a "fail fast" election system, when they work correctly: any issues with invalid selections are handled interactively, before the ballot enters the system. Electronically-scanned paper

  • Reading the summary I was thinking, would this be actually a good use for a blockchain?

    You could have each voter with an ID to authorize its vote (PKI maybe), it would make relatively easy to find if some ID was used more than once and you could give the voter a paper with a sequence of characters that could be tested against the blockchain to see if it is valid.

    Could it work?

    • No, for logistical reasons. There are around 235,000,000 eligible voters in the US, across 3,797,000 square miles. There is no "federal ID" or "drivers license", each State "does it's own thing". This is per the US Constitution, in the 9th Amendment. Something like that would require a Constitutional amendment, and a Constitutional Convention. The last time was 1933, and would NEVER happen in the current US political climate.

      As of September, 2016, 13% of US adults still don't use the Internet [pewresearch.org], so this wo
      • I think you're a little confused - a constitutional convention is not required for amendments - it's basically just a way for the states to make an end run around congress and modify the constitution without their cooperation.

        It almost never gets done because any time it starts gathering momentum, Congress ends up passing a "good enough" amendment themselves to maintain their power

    • Blockchain is a buzzword. Blockchain is not useful.

      If you want an electronic method that can't be altered after cast and requires the voter's presence to cast, use a UAF, same as I recommended for credit reporting agencies [facebook.com].

  • They expect to have completely new equipment in place and running in less than a month? One can only hope they're already done choosing and testing the equipment and now it's only a matter of delivery from stock and training the users or else this screams clusterfuck.

    • It's possible to print a lot of paper ballots in that time frame and I think training the user to use a pencil should be doable in a month.

    • Nah, they will just use some other State's already deployed solution that has yet to be PROVEN insecure. Because if it's not been proven, then no one really knows...and in today's political climate in the US this means it's got "plausible deniability" so it's all good from a political point of view.
  • "WE FUCKING TOLD YOU SO!"

    No immutable audit trail and no possibility to audit internal functioning with anything that's not already internal and thus suspect. What could possibly go wrong?

    When the tech nerds are telling you, "Go Luddite and use paper," maybe listen?

  • Think about it. They got a big sale, so money in pocket. And now they're relieved of any obligation to support what they sold, so money stays in pocket.

    Really, the perfect business model is that buyers give you lots of money for absolutely nothing, and can't effectively demand anything afterwards. "Once you have their money, you never give it back." Plus, the uselessness of the articles you sold this time creates a built-in opportunity for the next sale, since obviously your "customer" has to replace what t

  • Electronic voting machines are a huge security problem, and there's no clear way to fix the situation. Everyone needs to stop using them until/unless they can be made secure.

  • Not possible to be hacking great American voting machines. Ignore fake news. Continue make use of wonderful machines.
  • Does this mean we can just finally go back to the "machines" we had before which worked perfectly? You get a punch card from the front desk, you walk to the booth and put it in a little holder, you flip the pages and punch holes it in and then pull it out and insert it into a counting machine YOURSELF that counts the votes AND stores the paper card in a locked bin for later auditing?

    Simple, effective, cheap, perfect auditing, no way they can ruin privacy. We never needed "touchscreens" and those machines

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (9) Dammit, little-endian systems *are* more consistent!

Working...