If you want a candidate to win, use the most effective hacking tool available: social engineering. As a bonus, it's legal!
It might sound flippant, but I wouldn't be too surprised if the masterful politicians (in the USA or abroad) wouldn't consider illegal hacking just because it's too risky. Better to use shady-yet-legal tactics to shift opinions. The whole "fake news" issue seems like it could be a very smart campaign in this regard.
Chris Rock at Defcon 24 demonstrates how you could use social engineering and hacking to overthrow a government - or manage an election result: https://news.ycombinator.com/item?id=12528544.
Talk complete with a cameo of a military veteran/mercenary leader.
All citizens of high quality countries naturally just grew protection from propaganda, PR and psychological tricks, which evolved effortlessly for mass media/communication that reaches 100M people instantly. If that shit works on your "country", you probably need to see what's wrong with you people.
> protection from propaganda, PR and psychological tricks
Yes, we here in Europe are blessed to represent the epitome of rational thought immune to all kinds of manipulation and fear-mongering. Alt-Right populism like the Front National, the Alternative für Deutschland and the UK Independence Party has no success here at all!
There have been several posts about this (e.g. [1] and [2]), downweighted by user flags and by standard penalties (e.g. for politics stories). But some thoughtful users have argued that it's more on-topic for HN than most politics, so we'll make an exception, even though HN probably ought to be in detox right now.
Edit: actually there was already at least one major discussion about this: https://news.ycombinator.com/item?id=13019333, so technically we ought to be marking all these as dupes. But we'll leave this one open for now.
The moderation test in cases where there's an ongoing story and many follow-up posts is: have one major thread and bury the rest as dupes unless there's significant new information.
I was having a discussion about security of the voting systems with my neighbor from Germany. He was of the belief that the mechanical machines without computers were more secure.
I like the type of machines we have in Connecticut. There is a paper ballot that is filled out and then scanned optically. We get a paper ballot that acts as an audit trail. There is always the possibility that the optical scanner contains a bug or something, but the 2000 election showed that even mechanical machines have flaws if not maintained.
I would not prefer the touch screen voting machines as there are always reports of the machines switching the vote. It just seems like more can go wrong with those machines.
The voting machine's viability is all about how easily a layman can verify its correctness. This is why any mechanical voting machines are theoretically "better" because the layman can actually SEE it working correctly or not.
To make things worse - you can't really verify your vote unless there is a complete paper trail. Basically you can have one of two things - computerased voting machines without denialbility of vote (impossiblity to sold the vote or impossiblity of getting punished for voting wrong) OR paper ballot voting somewhat augmented by computers.
Reason - we haven't solved basic issue of endpoint security yet!
A friend of mine served as the registrar of voters for a small town in Connecticut. He told me there is a whole procedure they have in place to even handle the ballots once they are placed in the machine. There has to be a chain of custody.
There is always that aspect of it, it someone can get a hold of a box of ballots and somehow slip those into the process, it would be easy to circumvent any machine that relies on a paper audit trail.
A double entry system where you get your paper ballot optically scanned and you also place your vote into a independent system maybe even an electronic one could provide a better check against having just one system as a point of failure?
In MN optical voting processors are OK because the paper ballot is always there to back up the electronic version. Not perfect but a decent compromise.
Have you ever tried to inpelement a modified d'hont method manually? There are always computers involved. Counting hundreds thousands of votes manually will always yield an error that can be exploited. Voting as a concept has changed beyond what mr. Halderman is willing to admit. Let's say you have widespread electronic id and electronic voting. In isolation, this sounds mad. In conjunction with physical voting and common use of eid, not so much.
Seems harder to exploit manual counting of paper ballots than the firmware of some closed source system that's poorly understood by those deploying it.
The larger the election, the more manual counters you will have. Which means the more people you would have to influence in order to rig an election.
Russia tends to leave a massive trail of evidence when it rigs its own elections. It's just that Putin has enough of an iron grip on the Russian press and political system that it doesn't matter.
Can't touch screens give you a "receipt"? Particularly if it's validated by the voter, this removes the machine-failure hole where the optical scan fails for non-compromised reasons.
Touch screens in Maryland give a receipt that you voted. But the votes themselves are not included on the receipt. The purpose behind this is to mitigate people paying for votes in a very close district. Having a reliable method of determining someone's vote compromises this mitigation.
Is one threat greater than the other? I actually think the threat of vote payment is lower due to the the high risk of the illegal act being exposed. But this is strictly intuition and I have no actual knowledge of the matter.
Edit: in the article, they describe a receipt method that matches your description. But the voter doesn't retain it.
I read and saw many assurances by IT experts that the election couldn't be hacked and wasn't hacked (said much too soon for them to know) but I never heard a convincing argument or an indication of a serious analysis. Can anyone here provide one?
The only serious argument I heard was that it would be very complicated and expensive to hack so many local voting systems. However, certainly state-sponsored - and maybe other - attackers have the resources to do it, they can greatly reduce the cost by targeting only necessary systems (e.g. just a few voting systems in each swing state), they probably can find more ways to economize on a brute force attack, and most importantly: For them the massive return on investment - controlling who is the next President of the U.S., and possibly undermine confidence in U.S. political institutions - makes it worthwhile. It's arguably worth it to hack the machines, leave evidence, and not change the result
I worry that in their rush to refute Trump's allegations of rigging, the experts opened the door to attackers by preemptively blocking investigations; they are now politically very difficult, they will cost the experts' reputations, and they may cause more uncertainty among the public than they resolve.
The best security I can think of is deterrence: If they get caught, the attacker might be inviting a war with the U.S. But do Russia and China really feel threatened?
well, my to-go expert was writing about unreliability since unsuspecting times https://www.schneier.com/blog/archives/2004/11/the_problem_w... - don't know whom you listen to, but back in time when slashdot still had some content I recall a big fight between vendors and researches over source code auditing, which of curse after many lawsuites completed exposing many weakness in design, even before accounting for "honest" bugs, and even back then the whole business surrounding election automation was exceptionally shady.
That's one good argument against mass hacking: if it was as easy as it's being made out to be to manipulate the results, we should expect to see something obviously vandalized: a black county that voted 100% Trump, or a county where third party candidates get all the votes.
> There’s no question that this is possible for technically sophisticated attackers. (If my Ph.D. students and I were criminals, I’m sure we could pull it off.) If anyone reasonably skilled is sufficiently motivated and willing to face the risk of getting caught, it’s happened already.
Surely there's someone on 4chan who ticks those boxes. The motivation doesn't even have to be pure vandalism: it would be a very effective way to call attention to the vulnerabilities in the system.
It's mind boggling to me that we don't automatically check the paper trails of an election and do several counts to verify the results. How will democracy survive if our mechanisms for implementing it are so far behind the changing world?
It's not OK for Trump supporters to take threads off on bogus ideological tangents about "questioning the election", and it's no better for people who don't approve of Republicans doing the same thing over the Diebold story. Please don't set fire to threads on HN with stuff like this?
Don't bother, what parent most likely would link to is so taken out of context as to not be worth your time. Why do you think parent didn't post a link, and instead just made some vague statement?
Thanks for the link. I figure you're probably right, but you never know when someone is going to surprise you with something interesting. I try to give everyone a fair hearing if they care to put a decent argument together :)
TLDR: Were this year’s deviations from pre-election polls the results of a cyberattack? Probably not. I believe the most likely explanation is that the polls were systematically wrong, rather than that the election was hacked.
If they have a serious argument backed by evidence, they should make it public. Hillary Clinton may have a personal concern about the issue but it's a very serious issue for all Americans (and the world). She shouldn't have a veto.
Absolutely. Regardless of how likely or unlikely manipulation is, an independent group should be able to request an audit.
If for not other reason than she could be silenced by a tacitly threatening to endless prosecute and summon before congress on some unrelated matter if she makes any trouble.
> If for not other reason than she could be silenced by a tacitly threatening to endless prosecute and summon before congress on some unrelated matter if she makes any trouble.
Because voting is way more important than home banking.
And voting through a web app is wrong on so many levels:
- "Electronic voting": Electronic voting machines already have a bad enough track record. If nothing else, it makes large-scale attacks easier. Voters have to trust the ballot operators (different from home banking, where (a) you can choose your bank and (b) manual banking wouldn't be better either).
- "Electronic voting, at home": Assuming [1], it wouldn't be coercion resistant, wouldn't be independently verifiable, couldn't guarantee vote secrecy to voters and be susceptible to ballot stuffing, open against technical attacks (eg. as simple as DDOS, or malware).
- "Electronic voting, at home, in a web app": No local (non-attacker-controlled) code means you must trust server completely. And its basically impossible to really isolate the voting from everything else.
All these problems for what? Paper ballots really aren't so bad. Especially if you eliminate two of the obvious problems US elections have: get rid of voter registration, and move votes to sundays.
[1] Assuming you don't use a cryptographic voting scheme; these have their own problems. It's an entire field of research that just can't be summarized in an HN post, but key problems are: a) impossible to understand by voters, b) some desirable properties are mutually exclusive, c) computationally prohibitively expensive (even with state level resources), d) some problems aren't technical in nature and can't be solved technically (think coercion).
Only in the aggregate. If I could vote and lost the ability, of course I'd be upset but the actual impact on me as an individual of not being able to cast my vote would be tiny. On the other hand if someone cleans out my bank account it's trivial compared to the overall financial system but it's a disaster for me personally.
I'm neutral on web voting, because I basically agree with all the observations you make. But I think it's important to look at things from the individual perspective as well. Voting by mail seems like the best option to me at present.
As an aside, all these discussions miss something significant: even if you can vote with ease, it's too damn complicated. Most people just don't have the time or knowledge to properly evaluate all the various ballot initiatives at the local and state level in many jurisdictions, nor are most people able to properly evaluate candidates for all the various offices in local elections. Frankly I don't think people should even be allowed to vote for offices like judgeships and public prosecutors, since almost nobody has the education required to assess any of the candidates properly and almost invariably end up choosing whoever happens to be the most photogenic candidate instead.
You missed the point. I'm arguing for voting - not banking - to be kept on paper.
Banking is a completely different problem. The secrecy requirements are different - in fact, audit trails of all individual transactions are expected. Big transactions are typically individually reviewed by humans. People/organizations can choose their bank. There are multiple banks -> no single target. Transactions can be traced and rolled back, so coercion is less of a problem. Risk is mostly financial.
Coercion won't be a problem at all if voting places are just like in secret ballot voting. Online connection to a central server isn't even required. Just have an audited code and its verified executable run in a physically secured system.
If the runtime code is audited and compiled in a secure compiler then the executable is good and secure. Run it on a clean system(embedded system) which is also physically secure. Its not only possible it already exists. Many countries do have tried and tested such systems (am not sure if compiler is audited by them) used in production.
I would only add an asterisk for part 3: whom you voted for ought to be secret from everyone other than you. But you should be able to verify who you voted for.
Here's one way that a crypto-voting protocol might give you this right. It provides for a separate ballot for each race, and each ballot has a perforation down the middle so you can separate it into two halves. The candidates are randomly ordered, with their names on the left-hand side of the perforation and your vote on the right-hand side. When you vote, the machine tears off the left-hand side and returns it to you, while it scans in the right-hand side, and then locks it in a secure box for auditing. Then your vote is recorded in a public database with your name and which-number you voted for, but the correspondence between that number and that name is only privately recorded on the half of the ballot that you retain. So you can verify that the database says 3 and that was the Green Party candidate who you voted for; but nobody else who sees the 3 on the web site knows directly what it means.
The protocol might then do two more things with this two-sided randomized ballot:
(1) Create plausible deniability. This is done by putting other left-hand-sides of other torn ballots into the voting booth, for you to choose from. Even if your boss demands that you vote Libertarian and goes so far as to hire goons who mug you for your piece of paper on your way out, that boss cannot prove that you didn't just take a left-hand-side from the voting booth which "proves" that you voted Libertarian, even though you voted Green. Suddenly the only people who can buy votes are state-level conspiracies who can put cameras in the polling stations etc. It may sound weird that you're making it hard for someone to sell their own votes, but it makes it hard also for anyone else to thereby buy them.
(2) Create confidence in the two-sided ballot. The biggest point of lost confidence in the two-sided ballot is that when you see 3, you think that you know who you voted for, but who's to say that these numbers match up with the votes that are stored in encrypted form on the ballot? You will want to therefore let someone decrypt a ballot or two at their leisure, to build up this confidence. However if you do, the thing is decrypted and no longer suitable for voting, so it must be immediately destroyed. So that's the end result; you have this thing called the Checker which issues a network request to the election authority asking for a ballot to be decrypted; when it is, its right-hand side is simultaneously shredded. It tells you the order that's on the left-hand side; you verify that against the actual left-hand side. Boom, there is no longer any tampering with the mapping between names and encrypted data, at least not on a large scale, by anyone who is not the central election authority themselves. If there is, people will hopefully notice and complain loudly.
The government mails a form to the address you registered when signing up as a voter. You complete a legal statement with a fairly high penalty for being caught lying. Then you return this legal statement.
There are security issues with this process, but for the most part it's no worse than how humans vote otherwise, and careful message encapsulation designs can make the /cost/ of manipulating individual votes in transit high while making the actual voting form 'anonymous'.
Online voting would only be more secure than this if the message were signed, and audit-able by both the signer and the recipient. This is possible, but it also complicates external review since they would also need to validate the identity of the signer.
At a very minimum a record of /who/ voted (and presumably when) would need to be known as a result of validating voter registration.
Vote tabulation could be separated if the registration validation stage fed a stripped (and trusted by the org) packet of cast votes.
However this presumes that you believe in the security of the /entire/ computing stack from base firmware up through the OS and counting applications. Auditing that is a LOT harder than humans tracking paper; we've had centuries to figure out how to do that in fair ways.
The key is the anonymity. A bank identifies the users in your online transactions, so it's much easier. However, a democratic country can't identify the voters: anonymity is a basic requirement.
Your argument stands on tenuous ground because you just pointed out all the flaws that exist with "mail in" ballots. Did you know that states like Oregon only have mail in ballots?
So, despite all the flaws that you point out, why are these legal but a mobile app is not?
I am actually from Europe so I don't know the specific details of your voting system. Mail-in ballots are of course a weakness, but it doesn't mean that we should further weaken the current system.
Here in Czech Republic we receive voting tickets by mail about a week before election and have to physically put them into a box behing a curtain in a voting room. I also see weakness here, and don't understand why we receive voting tickets by mail, because it allows you family relatives filter your tickets. Better system would be if the voting tickets were available only in the voting room.
It's worth remembering (for non-US residents) that US voters don't just vote on a few legislative and executive candidates, but on a very large number of them. The California voter information booklet about who is running and what issues the voters can express a preference on regularly runs to over 100 pages. A completed ballot can easily involve >50 different decisions - hence the ubiquity of machine counting in the USA.
Paper ballots and their associated processes to secure, verify and count are simple and robust. Something like 90% of the population is capable of verifying the process. It is therefore easy to set up a process whereby people of differing political affiliations work together to conduct the voting process (and recounts if necessary).
Electronic voting and their associated processes are complex and verifiable by only a small portion of the population (those who are both smart enough and technically skilled enough to dive into the code). Even then very few people have the skills to determine if hacking or other forms of tampering take place.
As a technologist there's too much incentive for a bad actor to tamper with electronic voting and it is too difficult to check if tampering has occurred.
We can do that if we make votes personally identifiable.
That is the core difference.
Without personally identifiable votes, we have no way to assure the voter their vote record cast matches their intent as they have no trusted way to evaluate that record.
When we press a butyon, or touch a screen, we have to trust the feedback we get. When we make a physical mark, the chain of trust is complete.
The problem is the machine can literally do anything and then just tell us what we want to know is true without it actually being true.
Electronic records are a forced vote by untrusted proxy.
Financials are personally identifiable and multiple parties are involved, which catches this problem nicely. That is why they work as well as they do.
You can do this in Estonia, and if there is any country that is going to be a target for hackers it's going to be the Baltic countries.
The problem with home electronic voting, other than hacks, is that a voter can be coerced into voting for someone that they don't want. So the Estonian system has it that you can vote multiple times and only the last vote counts, you can also vote in person using paper and that trumps electronic voting.
A key difference is that malware and other attacks to commit banking fraud is discoverable after the fact. In contrast, election fraud (such as malware on a voter's local system flipping the user's vote) is not discoverable, due to the need for ballot secrecy. (Ballot secrecy is necessary to prevent vote buying and voter intimidation/coercion.)
Even if security and fraud weren't issues, based on the voter suppression efforts of the last couple of years,I doubt the lawmakers would want everyone voting in such an easy manner.
What voter suppression? Voter ID? If you can't even check out a library book without ID, I am not sure how voter ID could be controversial.
You can't have a bank account without ID, you can't even cash a check without ID. You can't get Medicaid or food stamps without ID. You can't even enter the White House without ID. Yet allowing people to vote without any means of verifying who they say they are? That's ludicrous. Every single state with voter ID laws has provisions for those that can't afford it.
I didn't say anything about voter id requirements. However, they do play a role in the suppression, and we'll start with that.
Requiring an id to vote might make some sense, but what doesn't make sense is making the id difficult or impossible to get (see Texas and North Carolina for examples). So much effort is being poured into voter id laws, but none is being put into getting citizens the "correct" id to vote with. Why is that? (I may be wrong here and maybe you have more info, if you do please provide links that show where the people proposing voter ids have also made it easy to get an id)
What other purpose aside from government sanctioned suppression would getting rid of the provision of the Voting Rights Act of 1965 requiring states to get federal approval before changing their voting laws serve? From what I understand, the justices that voted to get rid of the provisions did so because there was lack of data suggesting that there were issues at the ballot for people of color. But where is the information and data that supports the massive amounts of voter fraud that was heavily talked up before the vote?
Why do they have to do both? One is simply to secure your voting process against any possible tampering. It is perfectly reasonable to refuse government services and a myriad of other things if one does not have proper documentation. I don't see any reason not to apply the same validation to voter-verification. If you don't do that properly, then you get identity theft and a myriad of other things such as disjoint and variable-quality national databases.
If it was me making these decisions: I'd verify each person against a national fingerprint and facial database before even letting them fill in the ballot form and only accepting their vote if the verification was positive.
I vote with a mail in ballot. My signature is checked by a human being (I know as a family member was audited when their signature differed from historical).
With an on-file signature that generates a "voting token" that could be mailed to me for goodness sake, I don't see why mailing in a piece of paper with ink on it is a necessary step.
Some countries do use electronic voting (using state PKI based systems) that in many sense is similar to mail-in ballots.
I can recognize two problems with these.
a) vote buying,
b) vote stealing.
Risk for vote buying is similar for both methods but electronic voting has in my opinion higher vote stealing risk as it is easier to implement on large scale.
I think both methods are suspicious and I am not in favour of them, but as usage of mail-in voting is not widespread, it does not involve too big risk.
Contrary electronic voting may become very popular and problems will be magnified.
I was thinking the same thing. I wonder if there is a way to use block chain technology to do it. You could keep the voters identity secret but still insure they vote only once.
Because all those other things actually make a difference to a person's personal life. Voting's only power is in the appearance of relevance so it must be slightly difficult to perform
A (dystopian?) future? One's birth certificate includes a cryptographic certificate used to sign and validate everything related to one's interaction with the government (replaceable by some protocol as cryto tech changes over time). One's vote is signed. However, subway cards and automatic highway tolls are signed as well.
Cryptographically signed voting enables vote selling only in the same sense that requiring voters to present ID at the polling place already enables it.
Depends if you're signing the actual vote (Alice voted for Bob) or just their presence (Alice voted). I thought akeck was talking about the first one but you're right that the second one would not present the threats I mentioned.
Tracking down every single vote against you, or just a large batch of them for retaliation? If it's the former, I can't really see the purpose. If it's the latter, you can do that today, people don't usually make a secret about who they vehemently hate in the presidential elections on facebook.
I don't see a problem with either one. It's apparently perfectly "fine" for parliament, but not for the general public? Don't a lot of people publicly register as members of a certain party anyways?
My tongue-in-cheek solution: put the sysadmins in charge of voting machines. They'll make sure there are several backups, automate testing of all the machines, and an unwavering ambition to prevent data corruption and hacker intrusion. The heroes we need.
I didn't mean to say that we shouldn't have knowledgeable people handling our voting machines (as pretty much any election shows, we certainly do). I just imagined sysadmins across the country saying "screw it, I'm taking care of this" and abandoning their normal jobs to take care of it.
Were this year’s deviations from pre-election polls the results of a cyberattack? Probably not. I believe the most likely explanation is that the polls were systematically wrong, rather than that the election was hacked. But I don’t believe that either one of these seemingly unlikely explanations is overwhelmingly more likely than the other. The only way to know whether a cyberattack changed the result is to closely examine the available physical evidence — paper ballots and voting equipment in critical states like Wisconsin, Michigan, and Pennsylvania.
He goes on to give an overview of voting machines' vulnerability and methods for resolving the problem.
We've all known for quite some time that election system needs improvement, what's so different this time? Each and every election the losing side brings up the tampering bit, well yes if people cared enough, we should begin processes to make sure tampering election votes is extremely difficult to impossible. And maybe this is the beginning of real discussion, only problem is who will lead the effort, is this guy just another person with a megaphone?
Also to say paper ballots cannot be tampered seems silly . Unless we know the exact procedure and check points in which they are handled, how they are stored and secured even after the win for case of recount (especially if tampering happens afterward and recount is the plan to which the coin lands on the other side). Hell maybe even down to the specific type of paper a ballot is printed with. And I like what someone else said, scan them in as well... have machine and human come to the same total.
I expected the guy to have proof considering the hype around this, but I do appreciate he said it is unlikely the election was hacked...as if just to quiet those twitter echo chambers.
Why does it have to be a foreign government hacking?
An election tech worker or contractor with an agenda, could easily achieve the same results without having to go to the great lengths of breaking into the network using malware etc.
Completely. There is absolutely no way to understand how the election result compares to voter intent.
The record of that intent consists of smudges on dirty touch screens.
We could come close to at least questioning with aggressive exit polling, but the real problem is no voter using those devices can ever understand their vote cast.
They walked in and did something. That's all they really know.
That really seems like a tin foil hat perspective. Sure, in the literal sense, there is no way for them to prove which way their vote was cast because it's managed by an opaque (for them) computer system, but the same is true if it were paper ballets that are handed over to a processing clerk. Once youve cast your vote, the collector "owns" the results, and their counting process is opaque in either case.
My phone isn't working for some reason, second paragraph:
I don't think it's fair to say that the intent of the voters is unclear unless you're wanting to entirely throw out the results of the electronically collected and processed votes as completely invalid. That seems extreme to me.
Going back to my earlier point, how is this different from handing over a paper ballot? You have no record of your paper ballot, and can't prove how it was counted toward totals either. Sure there is a "physical" record of it, but I'm sure (or at least I would hope) there are logs for the voting system as well that could be analyzed.
If you're unwilling to trust a computer system counts in a non-corrupted fashion, I'd be surprised to learn you use them for anything at all. Heck, who knows how the messages you're typing in here are showing up for me? Who is to say there isn't a middle man re-interpreting everything you type? How can you have any confidence in any system, unless you wrote it yourself? And deployed yourself, and completely control 100% of the system it's deployed on.
Hyperbole, sure, but why trust any system if not your vote recording system? I'd like to think (and again, I have no research to back this) that these are maintained by relatively "non-partisan groups," and that they are audited to evaluate for any sort of corruption or tampering. But even if they aren't, I don't think that paper ballot systems are any more so. The qualifications to be a ballot worker in my area seems to be that you've reached the age of retirement and are white, which could very easily bias the vote here. Should I not trust my results?
First, the voter does know their vote record reflects their intent. They can't actually know that with a paperless touch screen.
Second, we do have the ballots and various things can be done to resolve an election, and they can be done in court, by humans. Trust can be established there too.
Now, we don't always need that, but it's extremely important that we have it, or the systems simply will be gamed. I would. What's to really catch me?
You bring up a great secondary point. Why trust computers at all?
In this case, both you and I have a dialog, and it needs to be sane. The machines could be coughing up a lot of garbage, but we both know they don't as the chat is coherent.
WHile this ambiguity has always existed with computers, most use cases get past it in similar fashion. Banking, by the way, resolves down to personally identifiable records, or at the least an account known by someone, and distributed copies of said records too.
All of that must make sense, or there are problems. It's subtle, but we catch a lot of trouble this way.
Voting is an edge case, and it's extreme as well as important, and a significant issue when it's not trusted.
Billions and Trillions of dollars can be impacted by votes. To think we aren't seeing manipulation is crazy.
In the case of SC, we don't actually have the means to catch this being done!
The niche case of voting breaks down to anonymity being coupled with no public record of the vote and this ambiguity of input.
In my State, Oregon, we use a hybrid. Voters do cast paper ballots and have plenty of time to do so. Individually, we can understand our votes are accurate.
They are verified by signature, which preserves the secrecy of the voters. It's damn tough to get data out of that part of the system specific to a voter.
We then publish voting and validity status for everyone too. So individually, and collectively, we can understand the votes are valid and will be counted.
For those who check, they can remedy things too.
Then, counting is done electronically coupled with blind audits done by hand.
This question is of paramount importance: How can you have any confidence in any system, unless you wrote it yourself? And deployed yourself, and completely control 100% of the system it's deployed on.
For most use cases, it's not an issue for reasons I've given. Votes are an edge case we do not bump into very often.
And that status makes this a difficult discussion.
Couple it with the strong incentives to control elections, and it's not something we should take lightly, and given we have plenty of time tested, cost effective, reasonable means to do this, we hardly require that risk be taken.
That it is consistently taken is a bother to me. There is no reason for it.
I don't know if Donald Trump is a tactical genius or surrounded in a cloud of luck. Remember when he said he wouldn't accept the election results if he lost and the outcry at his comments? Now all the pundits who question these results have tweets from a couple of weeks ago saying things like "You have to accept the result, that's how democracy works!" effectively invalidating their arguments today. If on purpose that is some Lannister level statecraft.
You can down vote all you want. Game recognises game. You don't have to support someone for that.
To be fair, (many of) those on the right thought Donald Trump was an idiot for saying he wouldn't accept the results, so it doesn't seem unfair for them to continue they're claiming "we won, leave it be" now. They would (likely) have asked Trump to do the same in the "we lost, leave it be" situation.
This reveals human nature on both sides ;) When you lose, it sucks, and you want to find a way to alter the results. When you win, it's great, and you don't want it taken away. I don't think this behavior is limited to politics.
"I would like to promise and pledge to all of my voters and supporters and to all of the people of the United States that I will totally accept the results of this great and historic presidential election, if I win,"
Election results must be beyond doubt. Clinton, Trump, and all Americans have a shared interest in this. It seems unlikely for the result of the election to change even if one state was hacked, so it's not like anyone's skin is even on the line.
Absolutely no one should doubt that Russia, and many other nations, have the capability to do what people are suggesting might have happened. The only question is whether they did, which would be almost unprecedented: the undermining of a mature democracy's electoral process by a foreign power would be a singular event. (Though, both the USA and Russia have done similar-ish things in the past, but often against immature democracies.)
Russia has shown interest in destabilizing the USA's electoral system throughout the year. The only question is just how far they are willing to go. We have the capability to determine whether they did this time. We should exercise that capability: if we don't, it will encourage our enemies (and our friends!) to do so in the future, regardless of what happened in 2016.
It seems unlikely for the result of the election to change even if one state was hacked, so it's not like anyone's skin is even on the line.
You don't seem to have followed this story. The whole point is that we have a very realistic possibility that Trump's unexpected win was due to manipulation of electronic polling machines. Possibly by Russia.
To be specific, Clinton was projected to win Wisconsin, Michigan and Pennsylvania. If she had, she would have won the election. Instead Trump won all three by around 1% each. Across those states, Trump did about 7% better in precincts that used electronic voting than in ones that didn't. A recount of the ballots cast can tell us whether he really earned those votes, or the machines were manipulated.
This kind of manipulation of electronic voting is well within the abilities of US security experts. It is also within the abilities of countries like Russia. Russia had an obvious preference, and has demonstrated the willingness to use cyber attacks to manipulate elections.
The articles don't debunk each other, they are in fundamental agreement on observable facts.
Both accept that it is possible for the Russians to hack the election. Both state that it is reasonable that Trump actually won. Both agree that the only way to be sure is to conduct an audit.
They do differ. The medium article digs into depth on the technical details of how doable the hack is. The 538 article digs into depth on the quality of the statistical evidence.
They come to opposite conclusions. The medium article concludes that we should audit because eventually someone will try to manipulate the election. 538 is more concerned with raising public concern about fairness. I am more concerned with actual fairness than perception, so I agree with the medium article.
I'm focusing on the fact that there's a real possibility Russia hacked the election. By de-emphasizing the possibility that it might have changed the actual election results, it makes it more likely that this won't be a partisan issue.
Russian hacking of the US electoral system is a far, far greater threat to American democracy than Trump being President.
> The whole point is that we have a very realistic possibility that Trump's unexpected win was due to manipulation of electronic polling machines. Possibly by Russia.
No, we really don't.
For this rather wild speculation to have happened:
* The Russians would have had to know exactly which counties would be swing counties, in at least three different states, two of which nobody imagined Trump even had a chance in, in an election year when the best pollsters and analysts in the United States were caught completely flatfooted by the results all over the country.
* They'd have to be lucky enough to pick swing counties that use electronic voting. For example, in Wisconsin there's a mix of electronic and paper ballots across the state.
* And they'd have to know exactly what the vote counts would be weeks in advance so they could slip in ju-u-u-u-ust enough extra votes to give Trump a razor-thin margin of victory.
Look, I realize the election results were traumatic to lots of people, but if you cling to conspiracy theories to avoid dealing with that you're going to spend a long time in the wilderness. I'd advise you instead to work on persuading more people that your political program is the right one. It'll work better in the long run.
> It seems unlikely for the result of the election to change even if one state was hacked
you just need a little "adjustments" to the elections results in several counties in a few (like about 3 this time) states. Which is easy given at how many places the voting is done using [really unsecure] electronic machines.
>Russia has shown interest in destabilizing the USA's electoral system throughout the year. The only question is just how far they are willing to go.
Seems like you think that there is really such a question :)
Well, do you think Russia values integrity of US elections more than integrity of Russia's elections? And do you have any idea about integrity of Russia's elections ? :)
>there is a risk for them if they are found out. How risk-averse are they?
what is the risk? US hacking Russia's elections in response? :) Sanctions? You may have noticed that hacking each other computers is considered on practice (not in the public speeches :) a fair game, kind of a quiet Cold War these days - everybody does it to everybody else and everybody keeps it quiet, be it failures or successes, for exactly that reason of not wanting to make public the fact of doing it themselves.
Specifically in this case the fallout from US government officially establishing/confirming/proving that Russia hacked the US elections would probably be more devastating to the US government agencies and to overall societal trust into the US democratic institutions than to Russia. So Russia has no downside here really either way. Such logic fits pretty nicely to the opportunistic approach (tightly coupled with absolute absence of any moral objections (bombing hospitals and other civilians in Aleppo as part of advancing the Russian interests in Syria for example)) that has already been demonstrated on many occasions by the current Russian regime.
Even without actual hacking, just by supporting and promulgating the rumors and conspiracy theories about the hacking, Russia already deals [risk-free] a lot of damage here, in particular to the societal trust, - with discussions like this one being probably a sign and/or part of that damage.
And mature or immature, I do not want anyone meddling anywhere at all. If you can do it to somebody then be ready to be on receiving end because you are not on any moral high ground. I could not see how Russia could've gotten hold of voting systems. This is also why I do not like closed source code being used for purposes like these. Is the code even audited? If "Russia" was able to successfully meddle, that only shows how poor USA is at securing its own infrastructure. Please defer from producing another Iraq WMD evidences at any case.
Obviously no one should meddle anywhere at all--I'm the first to condemn American overreach and its role in the repression of millions during the 20th century.
That also gives me the right to call for other countries not to interfere in American electoral processes.
> It seems unlikely for the result of the election to change even if one state was hacked...
If Florida (where Trump's winning margin is less than 130,000 votes, which is less than 1.3% of the votes cast in that state) and its 29 electoral votes were declared for Clinton, that would put the two candidates in a dead heat, with 261 electoral college votes each.
At which point the election moves to the House of Representatives, where the Republican party holds a majority and still will after the 115th Congress is seated.
I'm so old, I remember when suggesting that the election could be rigged was considered treason. I wonder what happened between now and three weeks ago to make that change.
Well, no, I guess it isn't really that puzzling. Someone lost an election and is upset about it.
First, no, you are not that old, because there's no point in the history of our republic where that's been the case.
Second, none of this has anything to do with the article we're commenting on. Injecting volatile political arguments into unrelated threads is a form of trolling
If I told you there was voter fraud, but it was so small it didn't have a snowball's chance of changing the results even in a very close election, would you spend thousands legislating ironclad voting id laws?
I think either (1) there is a chance this changes the outcome or (2) this has a too low ROI to bother.
If I told you there was voter fraud, but it was so small it didn't have a snowball's chance of changing the results even in a very close election, would you spend thousands legislating ironclad voting id laws?
Well, the GOP has spent a great deal of political capital in several states insisting on rigorous ID requirements while claiming that voting by undocumented immigrants is a huge problem, and it's an article of faith on the right wing that vast numbers of foreigners are voting in US elections despite a dearth of evidence. Of course, these rigorous ID requirements (in combination with other policies) also have a significant tendency to disenfranchise legitimate voters, and many on the left argue that this is the real intention.
Myself, I think voter ID is a good thing because it increases public confidence in elections - but that ID has to be easy for lawful voters to get and keep, and the Democratic party made a strategic mistake by opposing such laws strenuously while having no contingency plan to make sure that their supporters could maximize their chances of voting if direct opposition to voter ID laws failed. Voter ID laws are frequently unfair but you're better off having ID than getting locked out of the democratic process.
If the Democratic party had invested more effort in helping people get ID than in fighting the ID requirements, they might have held the White House. The left suffers from a chronic weakness of being unable to set priorities; the obsession with fairness above all other considerations is incompatible with effective decision-making. This is why no country organizes its military forces democratically.
There's obviously a world of difference between voter fraud--which happens some amount, but doesn't have a partisan lean--and a foreign state effectively pressing its thumbs on the scales to determine who's going to lead the USA. Even if Russia only hacked one state to give a couple thousand votes extra margin to an already winning candidate, that would be worth millions or billions of dollars to uncover.
Luckily, this would only likely cost seven figures.
It's been so interesting to see this turn of narrative after months "questioning the outcome of an election is undermining democracy." I wonder what happened between Sept-Oct and now that changed all that?
I'm not sure it was a good idea to revive such a highly politicized thread, on a duplicate post at that, but if we're going to discuss this at all, let's stick to the specifics of the OP.
Trump complained the system was rigged out of transparent demagoguery. He had no real facts, he had vague "dead people on the voter rolls" type claims because they sounded good. (People don't magically fade from the rolls when they die, there's a process and at any time it's normal and unavoidable for dead people to be on the rolls.)
If (and only if) one party has actual evidence or data of rigging, it wouldn't be hypocritical for them to challenge the results after not taking Donald's whining during the campaign seriously.
But it's academic, the results shouldn't be overturned. Even if it was found legitimate to give Hillary the win, it would make a martyr out of Donald and his movement would gain traction for 4 more years. The next 4 years are going to be ugly either because Donald is president or because half the country believes a conspiracy gave it to Hillary.
One party or the other is going to be punished in 4 years. Better it should be Donald, let him fail and have his movement get put behind us for good.
If the machines in question have paper trails, and a recount shows conclusively that majorities in those states did in fact vote for for Clinton, then I don't see how it could possibly be justified to stick with the incorrect result, regardless of whether we like the political consequences.
If there's no paper trail, then there's nothing we can do. We can't overturn results just because some mathematicians think they look funny.
IANAL, but I don't think it could be overturned anyway. There are certain gates, with state bureaucrats certifying the results and all. I think once those are past, you can't go backwards through them anyway. And in any case, don't forget that they're only voting for electors, not for the president him/herself.
I was once involved in fighting a referendum. The local government demonstrably cheated, publishing information about the proposal that was clearly and significantly false. But I was advised by an attorney that in the end, they're never going to undo an election, so we shouldn't waste our time and money fighting.
Based on the news articles, the campaigns have a right to challenge the results, as long as they do it before a deadline (which I think is Friday).
Publishing false information isn't sufficient to overturn an election, but proving that the vote count itself is incorrect is another matter. It's possible that we're such an incompetent democracy that accurate vote counts are irrelevant, but I hope that's not the case.
They shouldn't be looking for facts as to who may have hacked the election until they've made a decision on if the election was hacked.
There is no evidence of hacking, their is evidence of potential hacking which can be confirmed by looking at the paper trail.
Only once the hacking theory is confirmed, will anybody need to look into the how, and the who.
If you call the police to your house saying you've been robbed, they don't immediately go out trying to find out who robbed you. They need to look at the scene. Did somebody actually break in? Or is it a fake call? How did they break in, what did they actually take, how do we think they did it, then using the knowledge they have gained from the crime, they can come up with theories of who might have done it. Same goes here.
No: obviously, as the article itself points out, we have no direct evidence the election was "hacked" at all.
But please don't gaslight about why Russia is the name that keeps coming up in these discussions. We have numerous unrelated (sometimes competing) sources attributing the DNC hack to Russia.
And what does the potential source of these attacks have to do with the technical nature of the article? You're blaming others for bringing up politics when the author is clearly doing the same by consistently bring up the potential perpetrator of these attacks without any hard evidence, which contributes absolutely nothing to the relevance of the article.
So, your point of view is that concern about Russian hacking of the US electoral process is stupid, because people were also upset Trump suggested he might reject the outcome of a legitimate democratic processes?
I think he's trying to point out the hypocrisy of the overall media-opinion on the matter before the results, vs now. I'd argue that people are a whole lot more "interested" or "curious" in the possibility of vote-manipulation or hacking now that the really unexpected candidate won. Hillary was a sort of "okay" result, yet Trump is, well I'm sure you've been reading HN and the rest of the internet.
No, my point is that people should think their partisan rhetoric through, unless they want to put themselves into a position of being a complete hypocrite.
But since you asked, yes, I do think these "concerns" about Russian hacking of the US electoral process are stupid and a thinly veiled attempt to undermine the legitimacy of the next President (which according to the rhetoric of many on left over the fall, is undermining to democracy itself).
This is a purely political argument that is entirely unrelated to the story, which is about the role computer science plays in the integrity of the ballot and is written by an authority on the topic. Injecting unrelated political drama into threads cruds them up with political arguments, and is a form of trolling. Please resist the urge next time?
Why? To ensure your work pays off. Dirt will get you most of the way but hacking will be a safety net. Really you wouldn't have to infect many machines. The states that were listed (and a few more) you wouldn't need to change much to sway the vote. And if you were only attacking a few dozen machines in each state the risk wouldn't be too high. You do have privacy in the polling booth and from what I've seen most hacks would only really take like a minute.
Not saying they did (I don't even think they did), but giving a reason why they might want to do that. Though I would like to hear the opinion of one of our HN security experts.
How sad. People concerned about interference in elections aren't people who lost - it's not a partisan issue whether Russian intelligence or the FBI is interfering in US elections.
> If they messed with enough voting machines to make a difference, NSA etc would know about it
That's completely theoretical and U.S. intelligence's real track record isn't nearly that good. There was Pearl Harbor, the Bay of Pigs, the collapse of the Soviet Union, 9/11, being unaware of Saddam Hussein's WMD programs before the first Gulf War, a false positive on Hussein's WMD programs for the second one, stolen nuclear warhead and stealth fighter plans (among many others); major hacks of many major government facilities including Dept of State, OPM (which include files on undercover spies), and many more; and finally, during the election, the successful attack on the DNC. - Those are just the highlights. I don't feel as confident as you do.
Finally, sometimes government doesn't tell the public everything. President Johnson knew that Nixon was privately negotiating with the North Vietnamese, undermining U.S. foreign policy, but chose to say nothing because (AFIAK) he thought it would be too disruptive.
None of that is evidence that something happened, of course; only that we can't rely on the NSA to detect everything and notify the public about it.
There is absolutely no evidence whatsoever of any hacking. Period. There is no reason to believe it occurred. This is just leftists grieving about losing the election, and refusing to admit they nominated a terrible candidate and adopted a platform that is actively repellant to voters in states they needed to win.
By all means, the IC should be double-checking to ensure the vote was legitimate. But the left needs to accept that it was and move past the insane conspiracy theory stage of the grieving process.
I hope this will be taken as non-partisan, but, at least from the perspective of the UK, Trump was the one saying "the election is rigged". Was that reported in the US?
Yes, and back when Trump was one saying it, it was treated not just as a conspiracy theory but as a dangerous attack on democracy itself. Both social media and the press were insistent that this was ridiculous and impossible.
He was, when he thought he would lose. It's just as bad for the left to make those claims now as it was for him to make them then. Attacking the legitimacy of elections without evidence is bad, full stop.
The vote counts are off in many counties, including having more votes in a county than registered voters.
It's not evidence of hacking, but it's evidence that the vote tallies are wrong. At a minimum a recount and analysis should be done to determine root cause of why the numbers are wrong.
You are commenting about a blog post from one of the world's authorities on voting security, a CS professor at the University of Michigan (one of the country's best engineering schools) --- a post other voting security people (for instance: Matt Blaze) have been pointing at.
And all you've managed to come up with a dismissal based on partisan politics that aren't even relevant to the blog post, which does not say the election was hacked (in fact: it says almost the opposite), but makes a nonpartisan point about the integrity of the ballot process.
Injecting volatile political arguments unrelated to stories is a form of trolling. Could you please stop doing that?
>You are commenting about a blog post from one of the world's authorities on voting security, a CS professor at the University of Michigan (one of the country's best engineering schools) --- a post other voting security people (for instance: Matt Blaze) have been pointing at.
I'm commenting on the claims of Russian hacking being the latest refuge for election denialists. The reason people are talking about Russian hacking is not due to academic curiosity about the security of voting machines. Pretending that it is, in an attempt to give the discussion an unearned air of impartial dispassion, is dishonest.
>And all you've managed to come up with a dismissal based on partisan politics
My dismissal is based on two things: 1) partisan politics, in that this theory is being pushed by the same people and for the same reason as previous explanations for why the election was illegitimate, and 2) the complete and utter absence of evidence.
>Injecting volatile political arguments unrelated to stories is a form of trolling. Could you please stop doing that?
It strains credulity to assert this discussion was apolitical prior to my interjection.
Again, but with different words: you could have written exactly the same original comment without having read the article, because it doesn't touch on the article at all. What you did --- again --- was to dismiss one of the world's foremost authorities on election security as a leftist partisan. This is exactly what 'dang is talking about when he asks commenters not to take threads on generic ideological tangents. Please stop.
You are welcome to disagree with Halderman! But before you try, you should acquaint yourself with his point, which is not that the election was stolen from Clinton, or even hacked at all.
The "foreign intrusion" angle is a red herring. In my opinion, the assumption that a foreign hack would be the most likely vector for vote manipulation, which is being played up in tech circles, is the best evidence that the vote was in fact manipulated.
A tech worker or contractor with "alt-right" leanings could easily manipulate the vote without being detected. And there are plenty of them...
Play up the "Russia couldn't do this, you're insane" line and everyone assumes we're looking for outside intrusion by a foreign power, when in fact it is far more likely an intrusion would come from inside.
I'm not an American, but I remember reading that there were (competent) people in the US intelligence services who had warned the powers-that-were that there were no conclusive proofs of WMD in Iraq. The issue was that the people in power didn't want to hear that from the intelligence services, so some other guys (they're mostly guys) from the intelligence services caught that hint and provided the desired "intelligence".
Here's an article about it, concerning the CIA: http://www.washingtonpost.com/wp-dyn/content/article/2006/06.... Here's another article about it, this time concerning MI6, https://www.theguardian.com/world/2013/mar/18/panorama-iraq-... , where is mentioned that the French secret services had told the British that the WMD claim was bogus. I'm pretty sure that there were people inside the MI6 who also believed what the French were saying, but the higher-ups of course took the political decision of telling Blair what he wanted to hear.
No, neither Halderma nor anyone else is saying the Russians did it. He explicitly says in the article that he doesn't think that hacking is any more likely than the polls just being wrong. He's just saying that the paper vote can be counted for a fee if a candidate challenges the count, and he recommends that Clinton do so just to know definitively if the electronic vote was manipulated.
None of this has anything to do with the article we're commenting on. Injecting volatile political arguments into unrelated threads is a form of trolling.
That's not "elections", it's specifically about one election, for an occupied territory without the capacity to self-govern. You can be a huge democracy zealot and still agree that the Hamas victory was a setback for Palestinian independence. I am, and do.
I also find this interesting: in the week leading up to the election, Trump was asked repeatedly, "If you lose, will you accept the results?", to which he said he'd have to assess the results at the time. He was roundly criticized for this.
I was excited to read this, thinking "Ok, finally! This is the shit -- the actual evidence that uncovers the actual conspiracy by a foreign government to elect Trump."
Then I read this:
> Were this year’s deviations from pre-election polls the results of a cyberattack? Probably not. I believe the most likely explanation is that the polls were systematically wrong, rather than that the election was hacked.
Halderman continues though: "But I don’t believe that either one of these seemingly unlikely explanations is overwhelmingly more likely than the other."
It's amazing how people can mock the idea of subverting elections as long as it's not their candidate who lost. Many similar concerns were raised during the election by people who hold very different political views than most HN readers, and yet these concerns were written off and publicly mocked. Now the shoe is on the other foot but nobody is willing to point out the partisan hypocrisy.
And yes, throwaway account because HN tends to get very uncivil about this subject.
I'm surprised to a see a professor of CS be so ruled by emotion. The Clinton team is likely to ignore this type of advice until actual evidence is shown. "I think she should have won" or "the polls all said.." is simply not good enough to overturn the entire process at this point.
It might sound flippant, but I wouldn't be too surprised if the masterful politicians (in the USA or abroad) wouldn't consider illegal hacking just because it's too risky. Better to use shady-yet-legal tactics to shift opinions. The whole "fake news" issue seems like it could be a very smart campaign in this regard.