Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
United States Politics

36 of 50 States Have Installed Sensors at 'Elections Infrastructure Level' To Monitor Computer Systems Managing Voter Data or Devices (reuters.com) 90

A majority of U.S. states has adopted technology that allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers. From a report: Two years after Russian hackers breached voter registration databases in Illinois and Arizona, most states have begun using the government-approved equipment, according to three sources with knowledge of the deployment. Voter registration databases are used to verify the identity of voters when they visit polling stations. The rapid adoption of the so-called Albert sensors, a $5,000 piece of hardware developed by the Center for Internet Security www.cisecurity.org, illustrates the broad concern shared by state government officials ahead of the 2018 midterm elections, government cybersecurity experts told Reuters. [...] As of August 7, 36 of 50 states had installed Albert at the "elections infrastructure level," according to a Department of Homeland Security official. The official said that 74 individual sensors across 38 counties and other local government offices have been installed. Only 14 such sensors were installed before the U.S. presidential election in 2016.
This discussion has been archived. No new comments can be posted.

36 of 50 States Have Installed Sensors at 'Elections Infrastructure Level' To Monitor Computer Systems Managing Voter Data or De

Comments Filter:
  • by bluefoxlucid ( 723572 ) on Thursday August 16, 2018 @01:07PM (#57138640) Homepage Journal

    You're trying to install a security product inside a vulnerable system to detect compromise. Not good enough. Integrity must be non-repudiated [google.com].

    Voting infrastructure is harder than voting machines. Paper voting is notoriously vulnerable to corrupt officials; paper audit trails are manipulable and have been used to identify voters and their votes; electronic voting machines can be proven non-tampered, and the votes proven non-tampered. The voting infrastructure, though? That's centralized, and prone to all sorts of attacks--not just computer hacking, but insider threat and social engineering.

    Your best protection against infrastructure attacks is same-day registration and same-day party affiliation re-registration.

    • by Archangel Michael ( 180766 ) on Thursday August 16, 2018 @01:20PM (#57138736) Journal

      Paper Voting is subject to corrupt officials, but generally hard to hack wide scale. Further, voting irregularities are easier to spot. And verification of vote tallies are easy.

      With Electronic hacking, there is no way to verify vote tallies that have been tampered with at the machine level. And since those machines are electronically connected it is much easier for ONE hacker to affect a large range of voting tabulations, perhaps enough to change the outcome of state and national elections.

      Paper Ballots are the worst of all voting methods, except all the others.

      • Paper Voting is subject to corrupt officials, but generally hard to hack wide scale. Further, voting irregularities are easier to spot. And verification of vote tallies are easy.

        It's in general difficult to manipulate, yes; although rampant manipulation has been a problem in the past, and continues today with ballot boxes being lost and found frequently.

        there is no way to verify vote tallies that have been tampered with at the machine level

        You can make it impossible to hide such tampering. I have described how.

        since those machines are electronically connected it is much easier for ONE hacker to affect a large range of voting tabulations

        There is no radio in an electronic voting machine or electronic ballot box. These are not plugged into any network. If they are, you have zero integrity.

        The software must be verified in a non-repudiated method, such that the exact image on these machines

      • by Anonymous Coward

        Paper ballots are fine as long as the general public has the right to watch the counting process. After all the whining from the GOP the current vote counts here in King County are done in a sort of fish bowl where people can watch from all angles. And surprisingly, there still isn't any voter or election fraud going on same as before the new building was built, Just a bit less whining about alleged fraud preventing them from winning without sufficient support.

        • by Anonymous Coward

          And surprisingly, there still isn't any voter or election fraud going on same as before the new building was built, Just a bit less whining about alleged fraud preventing them from winning without sufficient support.

          The claim about Mexicans being bussed in to vote was not really credible to begin with.
          Unregistered voters are not allowed to vote and unless you are a legal resident you are not going to be registered.
          The thing is, even if the claim was true it wouldn't be caught by counting the votes better.

          The election frauds that has happened is typically in the other direction where you get rid of undesired votes rather than adding favorable ones.
          A bunch of people were prevented from voting for bullshit reasons. Typica

    • by Anonymous Coward

      WTF? Not sure what to make of this. Paper trails are the most reliable way to ensure integrity of the vote. Corrupting a single paper trail is quite easy; corrupting them en masse is phenomenally difficult.

      The idea that electronic voting machines can be proven to be "non-tampered" is laughable - I am now sure you are a troll. Yes there are some schemes that are voter-verifiable. As far as I know, none of the provably-verifiable schemes have ever been implemented in practice.

  • This will just become the next attack vector hackers use to compromise the systems.

    • This will just become the next attack vector hackers use to compromise the systems.

      Next? Um, that would be the FIRST one used to do this.

      Where we have demonstrated a lot of hacks are possible on such systems, extremely few (as in I don't remember one) has actually happened during an election where it was suspected that the votes counts where altered.

      There has been provable vote fraud, but not electronic voting machine hacks of any import.

    • by lgw ( 121541 )

      This will just become the next attack vector hackers use to compromise the systems.

      Attackers? Compromise?

      How about this way of describing the system: "Republicans install software on all voting machines in Republican-controlled state to ensure that the election results are correct". Or Democrats, of course, if they've caught up.

      • From Vendor: [cisecurity.org] All of your organizations logged and network security alert data is compressed, encrypted and sent to the CIS SOC. This allows analysts to review previous network activity and search for specific threats or activity related to newly-released signatures, providing a distinct advantage over traditional security network monitoring services.

        More importantly, the TLA foxes will be very concerned and interested about guarding this particular henhouse. To preserve the integrity of our elections, of course.

    • by mi ( 197448 )

      This will just become the next attack vector hackers use to compromise the systems.

      You are absolutely correct. Instead of subverting many little different computers and/or corrupting a large number of officials, an enemy — be they foreign or domestic — only needs to subvert one system and/or corrupt one man.

      Even if this big subversion/corruption is more difficult than any single smaller one, it is still easier, than many of those.

      We are on the way from "greater or fewer" invalid results to "all

  • by Dasher42 ( 514179 ) on Thursday August 16, 2018 @01:10PM (#57138670)

    We're installing all of this insecure technology around a vital process of our governance, whereas paper ballots and paper trails work elsewhere. Florida failed to provide a clearly understandable paper ballot in 2000, but when has this electronic voting been a fix?

    It's a gravy train for government-connected firms, that's what it is.

    The only electronic voting I want is something that can give me a QR code to print a paper ballot I can sign off on, giving me time to research the entirety of the options and speeding time at the booth.

    I believe this and approval voting would go a long way towards actually fixing things.

    • by Aighearach ( 97333 ) on Thursday August 16, 2018 @01:36PM (#57138832)

      In Oregon we vote by mail, and we use paper ballots that are optically scanned by the computer.

      They can be re-scanned, they can be hand-recounted, no hanging chad. No booth, but you can hand-deliver your ballot if you want.

      • Also the ballot must be in a sealed envelope that is signed with a signature that matches what is on the voter registration, in order to be accepted.

        It's amazing to me that people would stand in long lines on a work day just to get to the polls, and that this somehow isn't disenfranchising.

        • by q4Fry ( 1322209 )

          How does Oregon prevent each of the following scenarios:

          - Poll worker dislikes your vote and throws it away. (Yes, this is problem for counting paper ballots, too.)
          - Poll worker dislikes your vote so much that he or she records your name and address for later retaliation. (This is somewhat less of a problem for paper ballots because by the time they look at the ballot, yours is anonymous.)

          Is the solution just to hire honest poll workers, or are there other safeguards?

          • Observers, both from the public and party representatives, are there to monitor processing of the ballots.

            I know there is an issue with the number of ballots that are not in acceptable condition to be read by the machine, and a worker must 'enhance' the ballot or transfer the marked choices to a new one. Observers seem very keen on keeping a close eye on this process as well.

          • 1) Each party has a right to observers, and the law requires everything to be done in such a way that the observers can observe.

            2) There is an optional "security envelope." The ballot is placed inside the security envelope. Everything inside inside the security envelope is anonymized. That is placed inside the ballot envelope, and signed. Then, when counting the votes, there is a two-step process of first validating the ballots and ballot signatures, then the security envelope moves to step two and can be o

            • by q4Fry ( 1322209 )

              Thank you (and eaglesrule) for responding. That does, indeed, seem to be a system that is hard to cheat, provided that minority party observers are not mysteriously disqualified. That does happen in some places, although I've never heard of it in Oregon.

              You could have predicted that those types of entry-level complaints would have been addressed in the details of the law when I said "Oregon" and not "Jerrymanderistan" or whatever those flyover states are called.

              I certainly could have predicted that such details would be accounted for, but rather than read the entire body of election laws, I figured I'd ask a person who conveniently lives there. This being Slashdot, I also could have predicted that someone would mis

    • Florida did not have a confusing ballot. Each county in Florida has a different ballot. It was Palm Beach County that had a confusing ballot, which is developed by their Democratic Supervisor of Election.
    • by lgw ( 121541 ) on Thursday August 16, 2018 @03:23PM (#57139498) Journal

      QR code? Why did you just insert a non human-readable step?

      What we want is computer-assisted voting. You go to the big touch-screen voting machine with pictures of the candidates faces and whatnot, and when you're done it prints a clearly market ballot. You then review the ballot and cast it into the ballot box.

      This is so freaking obvious that I can't ascribe good motives to politicians imposing any other system.

  • allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers.

    Great but where is the checks to make sure a future govt cannot manipulate it.

  • Can someone explain how this doesn't introduce a single point of failure? Even a plausible theory?
    • Well, let's see... 36 states have implemented it, so you probably have, at minimum, 36 entry points to compromise the whole thing. That's a lot more than a single point!
    • If they're passive devices, it only introduces a single point of failure if the passivity fails. Bad, but not explainable to average people.

    • I don't see it as a point of failure; I see it as another attack surface.

      The one thing distributed voting systems had going for them was you had to hack a bunch of separate disparate systems. Now you've got one tidy gateway into them. :/

  • Anything less won't work.

    Remember, snapshot and full database rollbacks with query/row match for discrepencies in volatile precincts and counties are key for db comparisons. Random audits.

    • Anything less won't work.

      Remember, snapshot and full database rollbacks with query/row match for discrepencies in volatile precincts and counties are key for db comparisons. Random audits.

      Even then, the issue is counting votes and then securing from alteration the materials upon which the votes are recorded so they can be counted again and again when desired.

      • Add same day in person registration. Most states have figured out how to maintain security of physical ballots, and sequester those where registration is in question for verification.

        • Didn't say there where already issues here, only that having a physical ballot doesn't solve all of the issues with vote count integrity.

          You still have to have to get an honest count. This requires a secure means of maintaining the physical ballots so they cannot be altered (or added to or subtracted from) AND you need a way to count them, preferably multiple different ways. I remember the Al Gore Florida recounts, we don't need that mess again.

  • For our corrupt government to confirm the effectiveness of the hacking they've been doing to all the computer voting machines since they were rolled out?

    Wake up. "Russia hacking our elections" was done at the invitation of our corrupt Congress, to allow them the scapegoat they DIDN'T HAVE around the Diebold controversy.

    Just as in the years leading up to the market crash and great depression a century ago, it doesn't matter who votes or who they vote for; what matters is WHO COUNTS THE VOTES.

    mnem
    Smoke &

  • Won't help (Score:1, Funny)

    by Anonymous Coward

    ~44 ex-cia people are running as democrats for office now.

    They're just moving the cheating this time.

  • I don't know, but I'm guessing it's something very similar to Security Onion. [securityonion.net] (Network security should have multiple layers; like an onion. Get it?)

    Albert sensors are probably very similar, using a more hardened platform, with similar FOSS tools installed, and with access to government-specific threat intel feeds and analysis.
  • Paper ballots can't be hacked and are easier to secure. Simple fact you can't secure voting that's hooked up to the internet.
  • I'll bet if you could get the same hardware at Banggood it would be $5, not $5000
  • Two years after Russian hackers breached voter registration databases

    Under the pretext of protecting us from “Russian hackers” the US deepstate has hacked voting machines.

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...