Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Government United States Politics Technology

Virginia Ditches 'America's Worst Voting Machines' 393

Geoffrey.landis writes: Computerized voting machines are bad news in general, but the WINVote machines used in Virginia might just have earned their reputation as the most insecure voting machine in America. They feature Wi-Fi that can't be turned off (protected, however, with a WEP password of "abcde"), an unencrypted database, and administrative access with a hardcoded password of "admin." According to security researcher Jeremy Epstein, if the machines weren't hacked in past elections, "it was because nobody tried." But with no paper trail, we'll never know.

Well, after ignoring the well-documented problems for over a decade, Virginia finally decided to decommission the machines... after the governor had problems with the machines last election and demanded an investigation. Quoting: "In total, the vulnerabilities investigators found were so severe and so trivial to exploit, Epstein noted that 'anyone with even a modicum of training could have succeeded' in hacking them. An attacker wouldn't have needed to be inside a polling place either to subvert an election... someone 'within a half mile with a rudimentary antenna built using a Pringles can could also have attacked them.'"
This discussion has been archived. No new comments can be posted.

Virginia Ditches 'America's Worst Voting Machines'

Comments Filter:
  • by mindcandy ( 1252124 ) on Monday August 17, 2015 @01:57PM (#50333167)
    The vendor specs no doubt call for fully (and publicly) audited replacements, right? It's like the (false) Russian space pen story .. how can every 3rd world country have figured out the ink/thumb solution that costs nothing while we spit into the wind with Billions?
    • Re: (Score:2, Insightful)

      by DaHat ( 247651 )

      how can every 3rd world country have figured out the ink/thumb solution that costs nothing while we spit into the wind with Billions?

      Because most of them don't think voting should be as easy as any other day to day task and believe that the possibility of fraud is something worth working hard against... instead here, asking to see a photo ID is somehow racist.

      • Re: (Score:3, Insightful)

        by gurps_npc ( 621217 )
        It's not the asking to see a photo id - it is the specific methods of photo ID that is racist.

        Massachusetts for example has a wonderful photo ID law - if you don't have one, then you vote provisionally and can prove your Identity later to have your vote counted if their is a run-off.

        But the 'voter id laws' of states like Texas a) don't let you vote at all, b) make it illegal to use state funded college ID or an out-of-state Driver License to prove your identity even if you happen to be a College Student

        • by raymorris ( 2726007 ) on Monday August 17, 2015 @03:02PM (#50333805) Journal

          > But the 'voter id laws' of states like Texas
          > a) don't let you vote at all,

          O Rlly? Prett sure I voted.

          >b) make it illegal to use state funded college ID or an out-of-state Driver License to prove your identity even if you happen to be a College Student living in Texas for 9 months of the year

          Yes, if you've lived in Texas for nine months, and want to vote in Texas elections (claiming the benefits of Texas residency) you should get a Texas ID. You can instead choose to vote by mail in your home state. Voting for the same candidate twice, in two different states, is frowned upon.

            > c) make it very difficult to prove your ID and COSTLY in both time and energy.

          Dropping your ballot in the mailbox is SO difficult and expensive. The mailbox is all the way outside! Damn you libs are lazy MFs. (No ID required for voting by mail.)

          If you choose to vote in-person, it's convenient that you ALREADY needed to have yoir birth certificate handy to register for school, because yes you will need it if you want to stop by the DMV to get your FREE voter ID (only needed if you don't have a DL, other state ID and want to vote in pereon).

        • even if you happen to be a College Student living in Texas for 9 months of a year - and therefore have the legal right to vote,

          Disclaimer: All of my college experience has been in-state, but I did have a full military career where my state of citizenship didn't match my state of residence. I am not a lawyer or an election official. Seek the professional advice of your local ones if you have further questions, or at least hit up the state's election website.

          As such, no, being a full time student 9 months out of the year in a state, by itself, does NOT give you the right to vote in that state.

          You have to declare your intent to be

      • Third world countries don't ask for a photo id. They make you dip a finger in ink that won't wear off until after the election in order to signal that you voted.

        The photo ID requirement is racist because (A) virtually no voter fraud occurs as a result of claiming false identity at the polls and (B) a disproportionate number of minorities either don't vote or are turned away when photo ids are required.

        In other words: the sole meaningful result of a photo id requirement is that minorities are denied a vote.

        P

        • The photo ID requirement is racist because (A) virtually no voter fraud occurs as a result of claiming false identity at the polls

          Oh, please. The cemetaries in Cook County, IL used to empty out on voting day as Democrat political operatives would drive "dead" people around to different polling places so they could vote for Dailey and his associates. Unless you think those voters really were the people they were claiming to be, there was (and still is) plenty of vote fraud from false identity voting.

          The reason it is hard to catch is because you actually have to look for it to find it. It wasn't "caught" in Chicago even though it was

  • No shit, Sherlock (Score:5, Insightful)

    by Jawnn ( 445279 ) on Monday August 17, 2015 @02:01PM (#50333215)
    Where was Captain Obvious ten years ago? Why is there no outrage over "trivial to hack" and "we can never know"? Little else is as sacrosanct to our system of law and government as the integrity of the electoral process. That those who knew better were unable to get attention focused on this problem until now is deeply troubling.
    • Re:No shit, Sherlock (Score:5, Interesting)

      by ShaunC ( 203807 ) on Monday August 17, 2015 @02:10PM (#50333287)

      Where was Captain Obvious ten years ago?

      She was (and still is) here [blackboxvoting.org]. Alas, as you mentioned, no one wanted to listen.

    • by tlhIngan ( 30335 )

      Where was Captain Obvious ten years ago? Why is there no outrage over "trivial to hack" and "we can never know"? Little else is as sacrosanct to our system of law and government as the integrity of the electoral process. That those who knew better were unable to get attention focused on this problem until now is deeply troubling.

      Probably because the contract on those machines just ran out. Those machines were probably bought and paid for over 10 years with support, and they were hoping that the vendor would

      • Well, 10 years later, the contract was not renewed, the vendor probably doesn't even support them anymore, and it's all paid off, so it can be dumped as scrap equipment.

        It's stated that the vender has gone out of business, so there's a guarantee of no support from them.

  • Wow, that's pretty terrible.

    And, I'm sure in no way similar to all of these new consumer electronics which want to connect to the intertubes .. none of which would use default passwords, store unencrypted data, send passwords in plaintext over a network ... hmmmm, wait a minute.

    • I love how Google will search index HP printers exposed online. Eventually someone will print out ream of porn, if they haven't already done so.

  • electronics, and to a lesser extent voting machines, just exponentially increase the amount of attack vectors

    of course you can still fake votes with paper voting, but then you are talking about a crazy conspiracy involving delivery trucks and teams of people. it's a lot harder to hide

    rather than one well placed hacker

    the poorest democracy and the most advanced democracy should all vote the same way

    the overriding point is legitimacy: people have to trust their vote counted. replacing paper and pencil with a black box of gears or electronics does not engender trust

    this is far, far more important than getting results a couple hour earlier

    • by sribe ( 304414 )

      this is far, far more important than getting results a couple hour earlier

      Or, allowing people with severe disabilities not to have to suffer the utter humiliation of requiring assistance.

      Yes, that was sarcastic. But advocates for the disabled pushed this fiasco really hard...

      • by Mateorabi ( 108522 ) on Monday August 17, 2015 @02:20PM (#50333383) Homepage
        You are being sarcastic. But the mistake the advocates make is assuming that the machines must both assist humans in filling out the ballot, and recording that ballot. Machines are good at the former (input validation, audio UIs, etc.) and outputting something that doesn't rely on human handwriting/chad-punching. But the latter requires too much trust in something uninspectable. Instead just use the machines to make error free ballots, which are kept as a paper trail, and tallied just like the ballots of yore were.

        Or better yet, feed the ballots into two+ independently built/owned/designed counting machines and investigate if the answers are ever not 100% in agreement, if you want your results faster. You can even go back and hand count later in an audit.
        • by Jason Levine ( 196982 ) on Monday August 17, 2015 @02:31PM (#50333515) Homepage

          I think the perfect electronic voting machine would operate like so:

          1) A well-designed touch screen interface would let you select your candidates based on your available ballot choices.
          3) The device would print out a "voting receipt" for the person to verify.
          4) Once verified:
                    4a) The device would store the results electronically (locally, not via a network connection which could be rendered insecure).
                    4b) The person would put the receipt into a slot that leads to a locked box.
          5) When the results are ready to be counted, they can be electronically tallied, but there would also be a paper trail to make sure the electronic votes weren't tampered with.

          • by DaHat ( 247651 ) on Monday August 17, 2015 @02:51PM (#50333727) Homepage

            Who says it has to be a fully electronic system?

            A decade ago in South Dakota I used an electronic system which was actually more secure than what you describe.

            You walk into the voting booth, insert your ballot, it scans it and displays a single race per screen, you make your choices, confirm your choices in the end, then marks your ballot and returns it to you.

            Prior to putting your ballot in the final box, you visually confirm that each race is what you selected... so you have the convenience of a touch screen system but with the verifiability of paper.

          • I want my own receipt, one I can validate my vote with later.

            And that would also bring with it some fabulous opportunities for shenanigans

          • by Ogive17 ( 691899 )
            We have machines that act very similar to your description except the paper copy is spooled through a view window and remains inside the machine. After finishing the touch-screen voting it will print and scroll vote by vote for visual verification.

            A couple things that I don't like:
            1. It's a Diebold machine (not a stellar reputation)
            2. I have no clue what happens if I disagree with the printed ballot since it's all internal
            3. One year the paper roll was jammed in the machine. I told the poll worker
          • Some other things should be added.

            First, the paper ballot should also list all the candidates the voter did *not* choose, so that a later recount can see if there were choices left off, which is something that should invalidate the election.

            Secondly, neither the voting machine nor the verification/scanner machines should store any results. The only thing that should store the cumulative results during the day should be the ballot box itself, ie, the box that holds the voter-validated ballots.

            I'm fin

        • well said, thank you

    • I don't have a problem with electronic voting, when it's done right. Use the computer to create a ballot that's uniform in appearance (no "hanging chads", no half-filled circles for a Scantron machine to puzzle over, etc.) and has the voting information stored in both human and machine readable form. Let the computer count its machine readable votes for the initial vote count. If there's a discrepancy, recount the human readable votes (and let that take precedence over the machine readable votes, if the two

    • of course you can still fake votes with paper voting, but then you are talking about a crazy conspiracy involving delivery trucks and teams of people. it's a lot harder to hide

      And yet, it happens.

      Of course, in the modern age, it is much easier to sue to get the ballots thrown out after they have been counted and found to favor your opponent, or to sue to get yet another recount that would push the certification of the results past the deadline for them mean anything.

      the poorest democracy and the most advanced democracy should all vote the same way

      Why? If there were ever developed a secure proper electronic voting system, you think we all in the US should get our fingers dipped in indelible ink just because they do it that way in some poorer countries? I se

      • any voting system can be tampered with

        the idea is to have the simplest system, so the tampering has the fewest and most labor intensive options only

        electronic, and to a lesser extent mechanical, introduces more complexity, which means more attack vectors, more ways, and easier ways, to mess with the vote

        with electronic one well placed hacker can sprinkle enough fake votes in a way that can escape even statistical analysis for tampering

        there is no benefit to making the vote needlessly more complicated, go ah

  • Seems like they got what they paid for. I expect the requirements were really badly written; at that point, going for the lowest bidder will almost always land you the crappiest device.
    • by hey! ( 33014 )

      Well, you're supposed to have proposal criteria which disqualify proposals that won't work adequately.

      The problem is, especially in IT, organizations issuing RFPs don't necessarily know what those criteria should be. This is especially true in government IT procurements where an agency has received a political mandate to address a problem it's never dealt with before. It doesn't know how to address that problem, much less how to draft criteria for an IT system to address that problem.

      As with any kind of o

  • An attacker wouldn't have needed to be inside a polling place either to subvert an election... someone 'within a half mile with a rudimentary antenna built using a Pringles can could also have attacked them.

    Damn agricultural lobby always trying to find new ways to screw with the government.

  • Maybe not everywhere, by in my polling location (GWU in Ashburn) they haven't had the e-voting booths for at least the last 4 years. It's all been paper/marker Scantron-type ballots.

  • At least in Fairfax county in the last election we had a choice to use a paper ballot that was scanned in or the WINVote machines. Most people seemed to be using the paper ballots as I recall.
  • by jandrese ( 485 ) <kensama@vt.edu> on Monday August 17, 2015 @02:16PM (#50333351) Homepage Journal
    As a Fairfax county resident, those machines haven't been widely used in years. Most people get scantrons. The machines are mostly just for blind people and the non-english speakers, because they have audio out and can read the ballots in multiple languages. The last time everybody used them was 2004, which coincidentally was the last time the state voted for a Republican president.
    • Scantrons - eminently viable solution, thank you. Can be utilized completely without electricity if necessary, can be counted by both hand and by independent electronic machines, highly auditable.

      Only problem is, as you say, somebody speaking a different language might need a special ballot(preferably in both english and the alternate), and a blind person would need assistance.

      In the case of the different language, even that's not especially necessary - you can provide a handout with translations for the v

      • by jandrese ( 485 )
        You don't need the translations for the names, you need them for the ballot initiatives. School bonds and the like.
        • You don't need the translations for the names, you need them for the ballot initiatives. School bonds and the like.

          That's actually what I was thinking of when I said 'sections'.

          I could figure out the "important" elections like president, governor, federal and state congressional elections even if they were in Spanish, for example, by name recognition. Japanese would be... tougher. ;)

    • "The last time everybody used them was 2004, which coincidentally was the last time the state voted for a Republican president."

      Earlier someone asked why it took 10 years to get rid of these machines.

      Huh.

  • I've always supported pen&paper voting, with e-machines, if used, only being used to produce a paper ballot.

    If you have paper ballots, you can still recover from things like a power outage*, you can hand count the things if necessary, and if you declare the paper 'receipt' to be the official ballot, everything is countable and can be audited.

    I've had some arguments with people about how electronic machines are more usable for those with disabilities, but see above - you can only do the best you can, and

    • Like it's going to be in Virginia until the last of those elected through the use of these machines are gone.

      Or re-elected by a more trustworthy system.

  • Other states have experienced far more dire setbacks in electronic voting systems. for example
    florida: system glitch refuses to authorize voting outside the presence of an AARP membership.
    Arkansas: booth console ships with nuclear codes, launch access, and a hard coded option to launch against the city of Cleveland Ohio on vote for grover cleveland
    colorado: never actually purchased a voting machine but a large calculator
    Texas: Candidates hard coded to 6 deceased bush relatives, or a vote for Vladimir P
  • I'm betting the only conclusion we can really draw is that the vendor for these systems stopped making their regularly-scheduled payments to the appropriate campaign organizations.

    • I'm betting the only conclusion we can really draw is that the vendor for these systems stopped making their regularly-scheduled payments to the appropriate campaign organizations.

      Ah, no.. The fact is that the OTHER vendor started making bigger donations to those in power and the incumbent vendor decided to take the money and run.

  • I dont understand why the Feds dont pass a law that states all voting machine source code MUST be audited by professionals before an election and then compiled, checked and then uploaded to the machines.

    Diebold can easily be told to go stuff it in a sock when they complain.

    • Diebold can easily be told to go stuff it in a sock when they complain.

      Diebold hasn't been around for years. They were getting so much bad publicity that they removed their name from the voting machines they made, and then changed their name to "Premier Election Solutions".

      https://en.wikipedia.org/wiki/... [wikipedia.org]

      (following that, it was acquired by Election Systems & Software (ES&S), and then by Dominion Voting Systems).

  • by bondsbw ( 888959 ) on Monday August 17, 2015 @02:34PM (#50333551)

    America needs to ditch the world's worst voting system.

  • "In total, the vulnerabilities investigators found were so severe and so trivial to exploit, Epstein noted that 'anyone with even a modicum of training could have succeeded' in hacking them. An attacker wouldn't have needed to be inside a polling place either to subvert an election... someone 'within a half mile with a rudimentary antenna built using a Pringles can could also have attacked them.'"

    well that's the last time I elect him governor!

  • have Virginia suddenly going Blue.
    • Because hackers are such staunch Conservatives, right?

    • have Virginia suddenly going Blue.

      Suddenly blue? So, they haven't ever elected a democrat before now?

      Virginia might be considred PURPLE, with some pretty dark shades of blue. They may have a Republican governor, but they do have two democratic senators and a couple of house seats..... They've voted to elect the democratic candidate in the last two presidential elections.

      Virginia has been BLUE for at least the last 8 years... What would be sudden is if it started electing republicans....

  • At the sites I've voted the default choice has been, since the 90s or so, that you get a scantron form and fill out dots with a felt marker. The forms are very simple and clear. None of this butterfly nonsense or anything like the ridiculous schemes we also saw in Florida in 2000. The form is then fed into a machine and the votes are presumably optically counted, and of course, the original hard copies can be maintained for recounts, etc. It always seemed to me to be a reasonable and secure way to ru

  • ... that Virginia is being buried in bid for these proven systems.

Your own mileage may vary.

Working...