Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Communications Democrats Government Network Networking Privacy Software The Internet News Politics Technology

Bruce Schneier: Our Election Systems Must Be Secured If We Want To Stop Foreign Hackers (schneier.com) 204

Okian Warrior writes: Bruce Schneier notes that state actors are hacking our political system computers, intending to influence the results. For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention, and WikiLeaks is promising more leaked dirt on Hillary Clinton. He points out, quite rightly, that the U.S. needs to secure its electronic voting machines, and we need to do it in a hurry lest outside interests hack the results. From the article: "Over the years, more and more states have moved to electronic voting machines and have flirted with internet voting. These systems are insecure and vulnerable to attack. But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified. We no longer have time for that. We must ignore the machine manufacturers' spurious claims of security, create tiger teams to test the machines' and systems' resistance to attack, drastically increase their cyber-defenses and take them offline if we can't guarantee their security online."
This discussion has been archived. No new comments can be posted.

Bruce Schneier: Our Election Systems Must Be Secured If We Want To Stop Foreign Hackers

Comments Filter:
  • Better idea (Score:4, Insightful)

    by Anonymous Coward on Saturday July 30, 2016 @08:41AM (#52611671)

    For something as important as voting, how about paper only? And another thing, we should really do vote-by-mail nationwide just like Washington state does it.

    • Re:Better idea (Score:5, Insightful)

      by Rockoon ( 1252108 ) on Saturday July 30, 2016 @08:42AM (#52611681)
      This. Paper ballots. Number 2 pencil. No chads.
      • Can't blockchain technology work to validate electronic vote authenticity and integrity? It seems this would be a pretty good application for it here, to ensure electronic voting transactions couldn't be altered. Of course, authentication is the real problem, as we don't yet have an ID systems that allows for good public/private crypto yet. And of course, there are too many forces working against actually making sure voters are properly authenticated as citizens, on both sides, but for different reasons.

        • Re:Better idea (Score:4, Interesting)

          by epyT-R ( 613989 ) on Saturday July 30, 2016 @01:45PM (#52613093)

          Paper is simple, easy to understand, and hard to manipulate on a mass scale. Not so with crypto.

        • by rtb61 ( 674572 )

          Pencil is fine. When it comes to counting those paper ballots the security is really easy to set up and pretty fool proof. A paid election official counts the vote and that count is checked and monitored by volunteers of the people seeking to get elected. The process is after all about people and as many people as possible should be involved in the process which is why in most reasonable countries elections are on weekends and are more of a social event. The idea is to put people back into the election pro

      • Agreed. Bruce gets this completely wrong. The answer to security in this is not greater and more complex levels of security and secrecy. It is the exact opposite that will create the security we need, namely openness, transparency, and simplicity.

        I was also thinking that an "opt-in" secret ballot would be and interesting way to reduce the error bars on the problem. Since many are already rabidly dedicated to a certain party, why not give those brainwashed minions the option of grandstanding for their ov

        • Re:Better idea (Score:5, Informative)

          by DarkOx ( 621550 ) on Saturday July 30, 2016 @11:15AM (#52612235) Journal

          The secret ballot is the only effective control anyone has come up with to prevent vote selling or exchanging.

          If you can't prove how you voted its difficult to sell you vote because nobody will trust you. Similarly its difficult for someone to coerce your vote because they can't control you while you are in the booth, and have only your word you did what you were 'supposed' to.

          This is why I am ardently opposed to all these absentee ballot early voting measures. Absentee ballots should be for people who can't be present at the polling place because they are away or infirm only. They should be rejected unless they carry a post mark from at least 20mi from your polling place or are accompanied by a signed statement on pain of prejury that you were physical unable to be present for medical reason (yours or someone you were caring for).

          What we should to make sure everyone can vote is split it over two days, and bar exit polling. Additionally make it a holiday and require all employers to make a 1/2 day of vacation available for all employees on one of the two election days, no exceptions.

          • by smugfunt ( 8972 )

            bar exit polling

            Why on Earth would you do that? How will we tell when an election has been stolen?

            • by DarkOx ( 621550 )

              Because if you don't it will only make the west coast problem we have now worse. People will simply stay home if they thing their candidate is to far behind.

              • by smugfunt ( 8972 )

                People will simply stay home if they thing their candidate is to far behind.

                Ah, you're worried about exit polls being published before the polls close. That shouldn't happen, I agree. But they should be taken, preferably at every polling station.

                • by HiThere ( 15173 )

                  But only anonymously, which means you don't allow small numbers of votes to be reported. Only aggregates.

                  For that matter, I'd be in favor of paper ballots being the official vote, but electronic counts (possibly via a scanner system) being used to collect "exit polls". And interview based exit polls by an independent party being used to validate the official exit polls.

                • by DarkOx ( 621550 )

                  Well okay being able to censor the publishing of exit poll data would do the trick, but there are probably free speech issues, and preventing leaks in the internet age would be nearly impossible.

                  Its probably easier legally speaking to pass a law that says you can't exit poll than the other options.

        • by Anonymous Coward

          Bruce is not calling for greater complexity and secrecy. He is calling for better security. And in this case that includes the most transparency.

    • Lack of anonymity (Score:5, Interesting)

      by Cigaes ( 714444 ) on Saturday July 30, 2016 @08:59AM (#52611729) Homepage

      Vote-by-mail, or any system where there is no voting booth with official overseer, lacks anonymity.

      Voters need the right of keeping their vote secret, but that is not enough. If voters can show who they voted for, they can be intimidated or otherwise induced into voting for someone in particular. They can of course say who they voted for, but they cannot be allowed to prove it to someone else.

      That is what the voting booth is for. With generalized vote-by-mail, we would see much more vote buying and small-scale intimidation such as “vote for my stepbrother if you want to keep your job”.

      I am surprised that so few people make that connection when the issue arises.

      • That is what the voting booth is for. With generalized vote-by-mail, we would see much more vote buying and small-scale intimidation such as “vote for my stepbrother if you want to keep your job”.

        Another issue is that the elderly in nursing homes and elsewhere are often "helped" to vote by people who actually mark the ballots according to their own preferences.

      • I am surprised that so few people make that connection when the issue arises.

        You're surprised that most people are uninformed morons? What planet have you been living on? We have Clinton and Trump as the major party nominees...

        Our society is FULL of uninformed morons... The majority of people I speak with have really no idea what they are talking about most of the time, but thanks to the Internet, everyone thinks they are an expert...

        This goes both ways, I hear stuff about Clinton and Trump that is wildly untrue, but people parrot what they hear without any critical thinking what

      • Your conclusion is wrong, due several factors:

        There is no perfect system (nirvana fallacy) and your discussion does not compare the advantages and disadvantages of each system, and instead arrives at a conclusion based on listing disadvantages.

        Voters can already be intimidated and provide proof of their vote with MMS, or any of the myriad photo-sharing apps, many of which are now providing end-to-end encryption.

        The elimination of the voter being able to prove how they voted through official documentation re

        • by Kjella ( 173770 )

          There is no perfect system (nirvana fallacy) and your discussion does not compare the advantages and disadvantages of each system, and instead arrives at a conclusion based on listing disadvantages. Voters can already be intimidated and provide proof of their vote with MMS, or any of the myriad photo-sharing apps, many of which are now providing end-to-end encryption.

          Not the way paper ballots are done here in Norway at least. You pick a ballot, fold it double so your vote is on the inside but they all look identical on the outside. Then you go outside the booth to get a stamp, not really sure why and then put it in the ballot box. You can of course film yourself picking up the "right" ballot, but you won't be allowed to film your actual placing of the vote. Nothing can stop you from putting the ballot back and picking another one before stepping outside.

          The elimination of the voter being able to prove how they voted through official documentation removes the voter's ability to perform an audit of their own vote's tabulation. Voters uncovering elections fraud outweighs the very small (non-existent? - provide a link to cases of these claims, ever? Appeal to probability much?) vote-buying instances.

          Outright buying

          • That is all speculative conjecture. You are not providing evidence. Your claim does not align with what what I have experienced. My suggestion in no way requires the tabulation state who has voted how, only a method to allow audit by each voter.
        • by Sique ( 173459 )

          The elimination of the voter being able to prove how they voted through official documentation removes the voter's ability to perform an audit of their own vote's tabulation. Voters uncovering elections fraud outweighs the very small (non-existent? - provide a link to cases of these claims, ever? Appeal to probability much?) vote-buying instances.

          In all sane voting systems I have been so far, this is easily countered by public counting. If you want to be sure that your vote is tabulated correctly, watch the count, which is performed in public.

          • The issue of public counting is the same as "publicly available" information, which is that the information is only available to those who go to witness the counting, which means that the real world effectiveness of the audit method approaches zero. Auditing should be as conveniently available as possible to everyone who casts a vote, and an anonymous verification of each vote cast, plus being able to count all votes cast, would provide an incremental improvement in protecting against election fraud.

            (It is

      • by idji ( 984038 )
        In California, as in many other US states, voters need to register their political party choice [ca.gov] with the secretary of state before being able to vote. Just imagine these databases being hacked.
        I think it's a good thing that Turkey has a secret ballot, otherwise many more could be in jail by now.
    • by gweihir ( 88907 )

      Incidentally, that is how it is done all over Europe. Works well.

    • For something as important as voting, how about paper only?

      We actually have solutions that are much better than that. This wasn't true a few years ago when the whole voting machine fiasco started, but that discussion provoked a fair amount of research into secure voting systems, and security and cryptography experts have proposed a number of systems that provide verifiable end-to-end integrity. Each voter can verify that his or her vote was actually included correctly in the final count -- but without being able to prove to anyone else how he or she voted (importan

  • by diodeus ( 96408 ) on Saturday July 30, 2016 @08:43AM (#52611683) Journal

    In Canada we use standardized paper ballots across the nation. They're counted manually in each poll.

    • In Canada we use standardized paper ballots across the nation. They're counted manually in each poll.

      So what happens with the manually counted votes afterwards . . . ? They get entered into a computer system somewhere.

      Back to square one.

    • That usually works. But then you get instances like the Rossi/Gregoire Governor's race in WA in 2004 where ballots "discovered" a month after the election [wikipedia.org] got tossed into the mix and just happened to overturn the first - and second - counts of the votes. So where there's a will, there's a way!
      • by dryeo ( 100693 )

        In a case like that, go to court and get the results thrown out and hold a new election. In Canada, the Constitutional requirements for elections is fairly loose, basically there has to be an election after 5 years or so (actually it is 5 Parliaments). Governments can call elections any time though the electorate gets pissed off if there are too many elections so usually every 4 years, and courts can throw out election results forcing a new election.
        Elections are also much simpler, for Federal and Provincia

        • Oh, they did, but the judge tossed the case - not because of the actions, but because "proof of intent" could not be established. The US has devolved to where it doesn't matter if you did something wrong - it only matters if you intended to do wrong. Thoughtcrime is more important than actual crime...
  • by Anonymous Coward on Saturday July 30, 2016 @08:52AM (#52611709)

    Nope. We're not allowed to require voters to produce identification.

    "But there's no vote fraud!!!!"

    HOW THE HELL CAN YOU EVEN KNOW IF THERE'S FRAUD WHEN YOU'RE NOT ALLOWED TO VERIFY WHO VOTES?!?!

    The lack of positive voter identification means US elections don't meet UN standards for free and fair elections [ipu.org].

    • HOW THE HELL CAN YOU EVEN KNOW IF THERE'S FRAUD WHEN YOU'RE NOT ALLOWED TO VERIFY WHO VOTES?!?!

      In scenic Camden, New Jersey, lots of folks who have been dead for years still vote. I think that is very liberally progressive from Camden, New Jersey, that they let Zombies vote.

  • by raymorris ( 2726007 ) on Saturday July 30, 2016 @08:54AM (#52611713) Journal

    > For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention

    Citation sorely needed. The DNC has suggested it's possible Russia was involved. A small security company called ThreatConnect pointed out that one of the tools used had some Russian language strings, meaning that the attacker used a tool which was written by someone who spoke Russian.

    "US intelligence agencies" have announced no conclusions and there is scant evidence that "Russia", the Russian government, was involved.

    • I like to make facts up in my head also. I know it was a simbonese hacker using russian software to create an escalation. OR not. Unfortunately Russia is a deflection from the racist anti semitic emaIls that do actually exist, as well as the clear intent to undermine Sanders. When your enemy tells the truth, it's still the truth. Russia even if evolved didn't write the emails.
    • Crowdstrike, FireEye, and a few other higher profile security companies have also implicated named Russian APT groups. You are however correct that no US intelligence agency has made any public statement about attribution, nor any private ones that have been made public.

      All the government/intelligence community has said officially is that "they're investigating it."
  • by xxxJonBoyxxx ( 565205 ) on Saturday July 30, 2016 @09:00AM (#52611735)
    >> WikiLeaks is promising more leaked dirt on Hillary Clinton

    Does anyone else remember when journalists actually did research like this? (In a free society, digging up "dirt" on politicians is a GOOD thing.) Where is the Watergate reporting crew when we need them?
    • Re: (Score:3, Interesting)

      by Anonymous Coward

      What I find funny is everyone is calling Trump a traitor, but no one is going to investigate the illegal handling of campaign contributions the DNC did?

      We live in a world where a DNC candidate can take bribes from Russia, lie under oath in Congressional hearings, and illegaly get campaign donations while using her party to prevent her rival from having a chance of winning. She goes free, but anyone who points it out or releases evidence of her wrong doings is the evil person.

      I wonder what Clinton has to ac

      • What I find funny is everyone is calling Trump a traitor,

        Not everyone, half of them, and the other half is calling Hillary a traitor (and both halves are idiotic nincompoops, who haven't the foggiest idea what treason actually is)

        • by HiThere ( 15173 )

          I'm not sure that either counts as a traitor by the definition given in the constitution. Neither, however, seems particularly concerned with honesty, honor, or trustworthiness. Or adhering to their oaths of office.

          They have probably both committed major felonies, but neither seems likely to be prosecuted for it. (Clearly inviting a major foreign power to intervene in our elections should be a major crime, but I'm not certain that it is, and, IIUC, it would only be treason if we had declared war against

    • by Kohath ( 38547 )

      Reporters don't care if the government makes mistakes or hurts people. The media is on the left. They want more government control of everyone's life, and they want fellow leftists in charge, regardless of how many people get hurt. Telling people about government wrongdoing is only part of their mission when a Republican is in charge. When Democrats are in charge, the media hides government problems and helps run the defense.

    • Where is the Watergate reporting crew when we need them?

      Well, the one suffering from the leaks ( Hillary! ) was a junior lawyer in the Watergate scandal, so she knows all too well what it can do - and it's certain she's asking her friends in the media to NOT do what Woodward and Bernstein did.

  • " U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails "
    actually "u.s. intelligence agencies" and nsa director have NOT said anything so positive on the subject, deliberately.

    here is clapper himself on hyperventilating media on this.
    https://www.youtube.com/watch?... [youtube.com]

    i would be skeptical of conclusions of people making false statements such as the one quoted,without the qualifications.

    • This may be because they themselves are the actual culprits and have yet to decide whom if anyone to frame.

      It has been harder over the years for me to convince myself that I did not build for the Central Intelligence Agency the prototype (or maybe just a mock-up) of the first internally-mounted peripheral that issued an alternate vote count to be used in U. S. elections.

      Subsequently there was an attempt to draw me into some project, but that meeting did not last a full minute, because it began with bragging

      • I can only imagine what you could have accomplished by playing along, amassing proof, and revealing it not to those people in the government that perpetrate and participate in these heinous actions, but to the PEOPLE who, ostensibly, still run this country as stated in the Constitution.

        Don't get me wrong, I don't hold it against you in any way and I might have reacted the same as you in the same position. It just reinforces the fact that we need more people like Snowden who understand what a gift this coun

        • Fifteen years later the CIA tried to recruit me again. It wasn't a long conversation. All they talked about was the immense money I would make as an international business operator. Nothing about helping the country.

          • Fifteen years later the CIA tried to recruit me again. It wasn't a long conversation. All they talked about was the immense money I would make as an international business operator. Nothing about helping the country.

            John, is that you?

  • There are situations where technological advances do make life easier, and more accountable, and fairer for all. The democratic process is NOT such a situation. For fuck's sake, can we forget this voting computer bullshit and get back to PAPER ballots and HUMAN counters, which has been time-proven for the last two fucking millennia??

    • We've never abolished paper ballot, and our method of execution - until we stopped doing executions - was hanging. In both cases the USA has abandoned the traditional methods to be 'up to date' and 'modern', and as a result made a pig ear of things; no hanging chads in a British election, and no extended, messed up executions with hanging as long as the rope is long enough when the person drops that their neck is broken by the drop. But no, our rebellious ex-colonists think they know better ;)

  • by kenwd0elq ( 985465 ) <kenwd0elq@engineer.com> on Saturday July 30, 2016 @11:59AM (#52612487)

    The only thing that most electronic voting systems "secure" is funding; lots and LOTS of money. The voting machines are trivially hackable, provide no possible way to do an audit trail, are quirky and failure prone, and HIDEOUSLY expensive.

    We need to go back to paper ballots and require positive identification in order to vote. The only thing that the Democrats are trying to accomplish in opposing voter ID requirements is to encourage voter fraud.

    • Your first paragraph reads like a sales blurb for the machines. It does not imply the second paragraph.

  • by Punto ( 100573 ) <puntob&gmail,com> on Saturday July 30, 2016 @01:42PM (#52613075) Homepage

    it wasn't the russians who compromised your elections, it was one of the political parties, by sabotaging itself, and "the russians" (yet to be clear if it was actually the government) are the ones who exposed it. This is a pretty bizarre spin on the actual facts. If anything failed you, it was the FEC and the journalists whose job was to investigate and expose this, the foreign actors actually helped you out.

  • by Bartles ( 1198017 ) on Saturday July 30, 2016 @02:13PM (#52613233)

    ...has said no such thing. James Clapper said. ""I don't think we're quite ready yet to make a call on attribution," Clapper said at the Aspen Security Forum in Colorado. "There are just a few usual suspects out there." Additionally, he said, "We don't know enough to ascribe motivation regardless of who it might have been.""

  • There is no security, only obstacles in excess of the value of the successful assault.

    Anything secure will need non electronic verification, which will fail if voters don't confirm their ballot. Which they won't.

    Paper can't be compromised so easily. Writing the numbers down in a public process could work. . We just have to adopt transparent elections.

    And in the words of a brilliant realist, "yeah, like that's gonna happen".

  • There is no point hacking electronic voting computers if the result is not plausible. That's why anyone rigging the election will not make their candidate win with 99% of the votes. But even a candidate winning with 50.5% of the votes is implausible if he normally gets 5% of the votes. And implausible results trigger investigations, lawsuits... and reelections. That's no good.

    So the first step is to rig the campaign so that the result you want will at least seem plausible. You can do that by helping your

  • does. The "U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails" links to a story about what the DNC's consultants said, not a "U.S. intelligence agency".

The fancy is indeed no other than a mode of memory emancipated from the order of space and time. -- Samuel Taylor Coleridge

Working...