36 of 50 States Have Installed Sensors at 'Elections Infrastructure Level' To Monitor Computer Systems Managing Voter Data or Devices (reuters.com) 90
A majority of U.S. states has adopted technology that allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers. From a report: Two years after Russian hackers breached voter registration databases in Illinois and Arizona, most states have begun using the government-approved equipment, according to three sources with knowledge of the deployment. Voter registration databases are used to verify the identity of voters when they visit polling stations. The rapid adoption of the so-called Albert sensors, a $5,000 piece of hardware developed by the Center for Internet Security www.cisecurity.org, illustrates the broad concern shared by state government officials ahead of the 2018 midterm elections, government cybersecurity experts told Reuters. [...] As of August 7, 36 of 50 states had installed Albert at the "elections infrastructure level," according to a Department of Homeland Security official. The official said that 74 individual sensors across 38 counties and other local government offices have been installed. Only 14 such sensors were installed before the U.S. presidential election in 2016.
Not good enough. (Score:3)
You're trying to install a security product inside a vulnerable system to detect compromise. Not good enough. Integrity must be non-repudiated [google.com].
Voting infrastructure is harder than voting machines. Paper voting is notoriously vulnerable to corrupt officials; paper audit trails are manipulable and have been used to identify voters and their votes; electronic voting machines can be proven non-tampered, and the votes proven non-tampered. The voting infrastructure, though? That's centralized, and prone to all sorts of attacks--not just computer hacking, but insider threat and social engineering.
Your best protection against infrastructure attacks is same-day registration and same-day party affiliation re-registration.
Re:Not good enough. (Score:5, Insightful)
Paper Voting is subject to corrupt officials, but generally hard to hack wide scale. Further, voting irregularities are easier to spot. And verification of vote tallies are easy.
With Electronic hacking, there is no way to verify vote tallies that have been tampered with at the machine level. And since those machines are electronically connected it is much easier for ONE hacker to affect a large range of voting tabulations, perhaps enough to change the outcome of state and national elections.
Paper Ballots are the worst of all voting methods, except all the others.
Re: (Score:2)
https://www.pbs.org/newshour/n... [pbs.org]
Re: (Score:2)
Paper Voting is subject to corrupt officials, but generally hard to hack wide scale. Further, voting irregularities are easier to spot. And verification of vote tallies are easy.
It's in general difficult to manipulate, yes; although rampant manipulation has been a problem in the past, and continues today with ballot boxes being lost and found frequently.
there is no way to verify vote tallies that have been tampered with at the machine level
You can make it impossible to hide such tampering. I have described how.
since those machines are electronically connected it is much easier for ONE hacker to affect a large range of voting tabulations
There is no radio in an electronic voting machine or electronic ballot box. These are not plugged into any network. If they are, you have zero integrity.
The software must be verified in a non-repudiated method, such that the exact image on these machines
Re: (Score:2)
Re: (Score:2)
I'd imagine you could do that, too; although most of the time people just find ballot boxes [dailykos.com] (Note: Daily Kos is very liberal and kind of crazy, hurls accusations of malice without hesitation), additional ballots [argusleader.com], or whatnot [usatoday.com].
It's a really damned old problem.
Re: (Score:1)
Paper ballots are fine as long as the general public has the right to watch the counting process. After all the whining from the GOP the current vote counts here in King County are done in a sort of fish bowl where people can watch from all angles. And surprisingly, there still isn't any voter or election fraud going on same as before the new building was built, Just a bit less whining about alleged fraud preventing them from winning without sufficient support.
Re: (Score:1)
And surprisingly, there still isn't any voter or election fraud going on same as before the new building was built, Just a bit less whining about alleged fraud preventing them from winning without sufficient support.
The claim about Mexicans being bussed in to vote was not really credible to begin with.
Unregistered voters are not allowed to vote and unless you are a legal resident you are not going to be registered.
The thing is, even if the claim was true it wouldn't be caught by counting the votes better.
The election frauds that has happened is typically in the other direction where you get rid of undesired votes rather than adding favorable ones.
A bunch of people were prevented from voting for bullshit reasons. Typica
Re: (Score:2)
Paper voting has its flaws, but even in famously corrupt counties I'm familiar with (cough) Cuyahoga (cough), there's so many bipartisan sign-offs that it'd take quite a conspiracy to throw an election. (They just buy them, instead)
It's notoriously frequent in tight races for new boxes of ballots to be "discovered in the trunk of a car" after counting begins in a tight race. You'd almost expect "trunk-mounted ballot printers" to be on sale on Amazon.
Sure, we don't see people getting re-elected with "100% of the vote, and 100% voter turnout" Saddam Hussein style (though IIRC Obama got 105% of the vote in Detroit), or other corruption on that scale, but in tight races where you only need a few hundred ballots to be "discovered"? Paper
Re: (Score:1)
WTF? Not sure what to make of this. Paper trails are the most reliable way to ensure integrity of the vote. Corrupting a single paper trail is quite easy; corrupting them en masse is phenomenally difficult.
The idea that electronic voting machines can be proven to be "non-tampered" is laughable - I am now sure you are a troll. Yes there are some schemes that are voter-verifiable. As far as I know, none of the provably-verifiable schemes have ever been implemented in practice.
My prediction: (Score:1)
This will just become the next attack vector hackers use to compromise the systems.
Re: (Score:2)
This will just become the next attack vector hackers use to compromise the systems.
Next? Um, that would be the FIRST one used to do this.
Where we have demonstrated a lot of hacks are possible on such systems, extremely few (as in I don't remember one) has actually happened during an election where it was suspected that the votes counts where altered.
There has been provable vote fraud, but not electronic voting machine hacks of any import.
Re: (Score:2)
This will just become the next attack vector hackers use to compromise the systems.
Attackers? Compromise?
How about this way of describing the system: "Republicans install software on all voting machines in Republican-controlled state to ensure that the election results are correct". Or Democrats, of course, if they've caught up.
Re: (Score:2)
From Vendor: [cisecurity.org] All of your organizations logged and network security alert data is compressed, encrypted and sent to the CIS SOC. This allows analysts to review previous network activity and search for specific threats or activity related to newly-released signatures, providing a distinct advantage over traditional security network monitoring services.
More importantly, the TLA foxes will be very concerned and interested about guarding this particular henhouse. To preserve the integrity of our elections, of course.
Re: (Score:2)
You are absolutely correct. Instead of subverting many little different computers and/or corrupting a large number of officials, an enemy — be they foreign or domestic — only needs to subvert one system and/or corrupt one man.
Even if this big subversion/corruption is more difficult than any single smaller one, it is still easier, than many of those.
We are on the way from "greater or fewer" invalid results to "all
Diebold or illegal voting? (Score:2)
Funny, any time one mentions voting fraud, a highly-moderated response [slashdot.org] will spring up claiming, such fraud is "miniscule" because no study has ever found anything bigger.
But Diebold can be the butt of FUD-spreading without any sort of proof it ever contributed to actual vote-corruption — and without challenges from the same sticklers to the "unproven therefore false" approach...
Re: (Score:2)
I'm sorry, but to convince me of their integrity it is not sufficient to show that there is no proof that they are corrupt.
FWIW, I still remember the President(?) of Diebold Systems promising to deliver the vote to the Republican candidate as they rolled out their voting machines. It's going to take a lot of very convincing evidence to get me to believe that the machines aren't designed to be corrupt.
Now, to be fair, I believe that the Diebold machines will return the vote in favor of whoever controls them
Re: (Score:2)
He made that promise as a member of the State's GOP, not as the CEO of Diebold. Do you think, other makers of such equipment will have no employees with allegiances to one party or the other — even if they keep their mouths shut?
My point, however, remains. Why is it, that in the case of Diebold the mere possibility of corruption is accepted as evidence of the fact of corruption — without
Re: (Score:2)
The chairman of the state GOP that had just gotten Diebold voting machines selected to count the votes. I'll agree it's not proof. But it's stronger evidence than anything I've seen that indicate they are honest.
And for your second thought, you're right. True certainty doesn't exist in this universe. But that doesn't mean you can't do your best. The programmers writing the checksumming program probably have neither knowledge nor desire to corrupt it, and don't know where it's going to be used. And if
Re: (Score:2)
Had he been dishonest, would he really have bragged about it publicly? Please...
You've ignored my main point — which is that drastically different standard of evidence are applied to allegations of illegal voting and subverted machinery.
The best, in my opinion, is to use different me [slashdot.org]
Re: (Score:2)
When you're trying to prove something you need stronger evidence than when you're trying to assign probability. Particularly if the probability estimate is going to have large error bars. To me the evidence is strongly in favor of the machines being designed to product the votes they are instructed to produce. I'd agree it's far short of proof. I'd agree they they can be operated honestly, and that that is probably the default behavior.
In short, I see no reason to trust the honesty of the machines and m
Re: (Score:3)
But Diebold can be the butt of FUD-spreading without any sort of proof it ever contributed to actual vote-corruption — and without challenges from the same sticklers to the "unproven therefore false" approach...
I don't understand your point. Are these the same Diebold machines [jhalderm.com] you're talking about?
When a process is demonstrated to be so flawed that compromise should be assumed, why is irrefutable proof even necessary?
Re: (Score:2)
Yes! Indeed! Which is exactly the logic, we should be applying to the phenomenon of illegal voting too.
It is easy [snopes.com], it happens [nbcnews.com] — which is more than we can say (with citations) about the Diebold machines, actually.
But, for some reasons, any attempts to improve this demonstrably flawed process are struck down — because, it is said, on Slashdot [slashdot.org] and elsewhere [snopes.com], "there is no proof" [politifact.com].
Re: (Score:2)
Ah, well, in the timeless words of Scott Foval: [zerohedge.com]
“It’s a very easy thing for Republicans to say, “Well, they’re bussing people in.” Well, you know what? We’ve been bussing people in to deal with you fucking assholes for fifty years and we’re not going to stop now, we’re just going to find a different way to do it."
So it's no wonder that those with potential to lose influence would have difficulty understanding the need to secure a process that desperately needs it.
In the meantime, paper trails work (Score:3)
We're installing all of this insecure technology around a vital process of our governance, whereas paper ballots and paper trails work elsewhere. Florida failed to provide a clearly understandable paper ballot in 2000, but when has this electronic voting been a fix?
It's a gravy train for government-connected firms, that's what it is.
The only electronic voting I want is something that can give me a QR code to print a paper ballot I can sign off on, giving me time to research the entirety of the options and speeding time at the booth.
I believe this and approval voting would go a long way towards actually fixing things.
Re:In the meantime, paper trails work (Score:4, Informative)
In Oregon we vote by mail, and we use paper ballots that are optically scanned by the computer.
They can be re-scanned, they can be hand-recounted, no hanging chad. No booth, but you can hand-deliver your ballot if you want.
Re: (Score:2)
Also the ballot must be in a sealed envelope that is signed with a signature that matches what is on the voter registration, in order to be accepted.
It's amazing to me that people would stand in long lines on a work day just to get to the polls, and that this somehow isn't disenfranchising.
Re: (Score:2)
How does Oregon prevent each of the following scenarios:
- Poll worker dislikes your vote and throws it away. (Yes, this is problem for counting paper ballots, too.)
- Poll worker dislikes your vote so much that he or she records your name and address for later retaliation. (This is somewhat less of a problem for paper ballots because by the time they look at the ballot, yours is anonymous.)
Is the solution just to hire honest poll workers, or are there other safeguards?
Re: (Score:2)
Observers, both from the public and party representatives, are there to monitor processing of the ballots.
I know there is an issue with the number of ballots that are not in acceptable condition to be read by the machine, and a worker must 'enhance' the ballot or transfer the marked choices to a new one. Observers seem very keen on keeping a close eye on this process as well.
Re: (Score:2)
1) Each party has a right to observers, and the law requires everything to be done in such a way that the observers can observe.
2) There is an optional "security envelope." The ballot is placed inside the security envelope. Everything inside inside the security envelope is anonymized. That is placed inside the ballot envelope, and signed. Then, when counting the votes, there is a two-step process of first validating the ballots and ballot signatures, then the security envelope moves to step two and can be o
Re: (Score:2)
Thank you (and eaglesrule) for responding. That does, indeed, seem to be a system that is hard to cheat, provided that minority party observers are not mysteriously disqualified. That does happen in some places, although I've never heard of it in Oregon.
You could have predicted that those types of entry-level complaints would have been addressed in the details of the law when I said "Oregon" and not "Jerrymanderistan" or whatever those flyover states are called.
I certainly could have predicted that such details would be accounted for, but rather than read the entire body of election laws, I figured I'd ask a person who conveniently lives there. This being Slashdot, I also could have predicted that someone would mis
Re: (Score:2)
Re:In the meantime, paper trails work (Score:4, Interesting)
QR code? Why did you just insert a non human-readable step?
What we want is computer-assisted voting. You go to the big touch-screen voting machine with pictures of the candidates faces and whatnot, and when you're done it prints a clearly market ballot. You then review the ballot and cast it into the ballot box.
This is so freaking obvious that I can't ascribe good motives to politicians imposing any other system.
Re: (Score:2)
*marked
whose watching what us govt can do with it? (Score:1)
allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers.
Great but where is the checks to make sure a future govt cannot manipulate it.
Re:whose watching what us govt can do with it? (Score:5, Insightful)
Hell Fucking No!
There is a REASON why elections are managed locally. It is much harder to establish a tyranny if you have to hack 174,252 precincts individually than if you could do so from the Federal Level. A problem at one precinct is bad, but contained. problem at the Federal Level means we have Obama or Trump elected for life.
Re: (Score:2)
Do you really have to compromise a hundred thousand of them? Looking at how close our elections are I'd wager that targeted attacks against 1-2% of those could swing a POTUS election.
Single point of failure (Score:2)
Re: (Score:2)
Re: (Score:2)
If they're passive devices, it only introduces a single point of failure if the passivity fails. Bad, but not explainable to average people.
Re: (Score:2)
I don't see it as a point of failure; I see it as another attack surface.
The one thing distributed voting systems had going for them was you had to hack a bunch of separate disparate systems. Now you've got one tidy gateway into them. :/
Vote by mail, paper ballots, non-network optical (Score:3)
Anything less won't work.
Remember, snapshot and full database rollbacks with query/row match for discrepencies in volatile precincts and counties are key for db comparisons. Random audits.
Re: (Score:3)
Anything less won't work.
Remember, snapshot and full database rollbacks with query/row match for discrepencies in volatile precincts and counties are key for db comparisons. Random audits.
Even then, the issue is counting votes and then securing from alteration the materials upon which the votes are recorded so they can be counted again and again when desired.
Re: (Score:2)
Add same day in person registration. Most states have figured out how to maintain security of physical ballots, and sequester those where registration is in question for verification.
Re: (Score:2)
Didn't say there where already issues here, only that having a physical ballot doesn't solve all of the issues with vote count integrity.
You still have to have to get an honest count. This requires a secure means of maintaining the physical ballots so they cannot be altered (or added to or subtracted from) AND you need a way to count them, preferably multiple different ways. I remember the Al Gore Florida recounts, we don't need that mess again.
Re: (Score:2)
The issue with the Florida recounts in my mind was two fold.
First, the act of counting them, altered the ballots, ever so slightly, when done mechanically. Looking for holes in cards and the problem of missing chads, hanging chads and dimpled chads was insanity. Yes, it was a very stupid system and we should take that as a cautionary tale to not build another system with similar problems.
Second, it was legally pointless to count, recount, manually count and recount these ballots as long as they did. On
Re: (Score:1)
Second, it was legally pointless to count, recount, manually count and recount these ballots as long as they did. Once the legal process had already run it's course and the election had been legally certified by Florida's secretary of state and presented to congress. It was a done deal, regardless of what the count ended up being or how many times they counted the results after that.
I wouldn't say it was legally pointless.
Even if the election was done with it is still possible to uncover election fraud, so while you can't do anything about the turnout of the election you can still hold someone accountable.
Even if you don't uncover any criminal activity you can still identify irregularities and mistakes so that you can work on preventing them in the future.
Also, I see very little reason to throw away ballots within a year or two.
Storing them is only expensive if you care about the integ
Re: (Score:2)
Yeah, that's a common problem up here.....LOL.
Please cite a source to this horrible scourge.
Worst....strawman....EVER!
So it's just a performance monitor then? (Score:1)
For our corrupt government to confirm the effectiveness of the hacking they've been doing to all the computer voting machines since they were rolled out?
Wake up. "Russia hacking our elections" was done at the invitation of our corrupt Congress, to allow them the scapegoat they DIDN'T HAVE around the Diebold controversy.
Just as in the years leading up to the market crash and great depression a century ago, it doesn't matter who votes or who they vote for; what matters is WHO COUNTS THE VOTES.
mnem
Smoke &
Won't help (Score:1, Funny)
~44 ex-cia people are running as democrats for office now.
They're just moving the cheating this time.
Re: (Score:2)
Great, now when the Republics clean house during the midterms, no one can complain that the election was "hacked". Everyone can finally be happy and content with the results.
It doesn't matter who wins, half the country will be incensed about the results... Assuming the last election was any indicator of what we are in for come November.
Security Onion (Score:1)
Albert sensors are probably very similar, using a more hardened platform, with similar FOSS tools installed, and with access to government-specific threat intel feeds and analysis.
Paper Ballots are more secure.... (Score:2)
$5000 is probably a ripoff (Score:2)
Insert bogus Russian hackers waffle (Score:2)
Under the pretext of protecting us from “Russian hackers” the US deepstate has hacked voting machines.