This supports my long held belief that one of the best thing we could do for improving vote administration is convincing the public to be patient with results.
There's no particular reason everyone needs to know the results of a competitive state-wide race the same night the polls close, yet we are making all kinds of security and other tradeoffs to support this as a goal.
Indeed touchscreen voting machines have well documented security flaws, but the article mentions optical-scan machines by ES&S. That is, machines that scan paper ballots. Paper ballots would be reviewed by humans during recounts, or if doubts arise over the tallies, but maybe not if election officials have no reason to be doubtful.
This requires convincing the press to treat the results as something we don't need to know immediately, which goes against their fundamental nature. Good luck.
What are you even talking about? People on Hacker News should be pushing for blockchain voting. You are on a tech news site, where you can post in real-time, but we are supposed to "trust" a corrupt political institution to have people count our votes, with only about 100 opportunities for someone to compromise the process along the way.
No thanks... I'll take my real-time information to make sure that my vote was counted correctly. They can use my SSN for credit worthiness and to offer me money, but they can't use a cryptographic hash to help record my vote?
The average reader here has a much better understanding of the shortcomings of technology than the general public -- particularly with regards to how much of what is perceived as being secure really isn’t at all.
I'm not an expert, but I'm pretty sure"blockchains"/whatever the applications run on them isn't necessarily a perfectly secure solution either -- not that such a thing exists.
Still probably 100x more secure the paper ballots counted by an easily corruptible social process, than a mathematical equation that is auditable by the entire world.
Firstly, "easily corruptible" just isn't currently true in most western countries. Also the question with blockchain is how you manage identidies and audit it while still having it be anonymous and really easy to use. It's not that you can't solve these problems but to my knowledge solving them requires tradeoffs that make the security situation much less of a simple win
Maybe? In general, the advantage that paper ballots has is the primary threat is an unethical human. The potential for widespread tampering is low but the chances it happens at all is high. Compromising an application is (hopefully) difficult to do, but has huge implications. From what I know now, I prefer the former risk, but I’d be open to being convinced otherwise. I’m pretty skeptical of a global audit process of a mathematical equation working well in real life.
I'm sure there are ridiculous penalties for interfering with actual elections, but I can't help feeling that what we need with electronic voting machines is for someone to hack them to only pick Democrats. Within 3 hours, Republicans would be calling for paper-only ballots, and sanity would have prevailed.
Those have always bugged me. Ok, so I fill out this scantron sheet, but how do I know that the computer interpreted the results I filled out? How do I know that some goof on the paper invalidated a vote?
I'd like some sort of verification and 2 clicky buttons with VOTE/NO VOTE test upon seeing the scanned results. I guess I expect too much here...
While probably scary and a non-starter for some have often wanted a key stretched hash of a voters id number/vote/salt as a public record (possibly also stamped into a blockchain) and able to be checked by the voter holding the salt and no one else.
Once you put a ballot paper in a box you have no idea whether it was properly counted or lost.
There's the inevitable issue of cryprographic advances and forward secrecy, which wouldn't sit well with some people for fair reason, anonymous voting is a cornerstone of democracy. Personally wouldnt mind my vote being public a few decades after the fact but not before then.
Electronic voting has a bad reputation here but there's certainly room for improvement on paper only.
Nothing is going to measure pencil marks perfectly, but scantron technology is decades old. Sloppy pencil usage wouldn't inhibit manual inspection of paper ballots, e.g. during a recount, but one does have to define some expected threshold of competency for voters using the ballots.
>Even easier than hacking through router bugs is just setting up an imposter cell-phone “tower” near the voting machine; one commonly used brand of these, used by many police departments, is called “Stingray.”
am i too optimistic to assume that the voting machines at least use TLS?
That's mostly irrelevant, since that only protects the integrity and confidentiality of that TCP connection. However, you can still exploit the vulnerabilities of all the services listening on the device. Separating voting machine networks from the internet is orthogonal to the problem of network protocol hardening between endpoints within this "separated" network.
As dnet mentioned, that only protects the session data -- never assume that the device is setup securely or even competently. There are plenty of stories out there about traffic controls that are hooked to unsecured Mifi devices. [1] There will be remote management ports or other ways to access the device.
The other thing where router hacking is productive is that the typical "secure connectivity" solution offered by carriers for this sort of application is MPLS. Compromising the router with something like this makes it even easier for a entity that compromises the network to identify the traffic that is of interest!
Remember that board of elections are funded at the county level by a county legislature and usually managed by two party hacks as election commissioners. Usually these orgs are usually starved of cash or starved of political will to act.
I think the tl;dr is: security is hard. Really hard. In fact anyone who trivializes the complexity of keeping voting secure (including congress) is not understanding it.
Landline modems are by far the most secure. But even those modems call out to fiber optic cables that run on the same switches as the internet and cellular networks. ISDN modems a communication protocol that uses something like block chain technology is the best we can offer. ISDN give use speed (less chance to get intercepted) and data validation that audio modems just don't.
Those option aside, physically shipping the units in armored trucks with tamper tapes installed and physical tapes as a backup is the best option.
Key exchange is a non issue with these systems making secure SSL connections viable. However, I don't think they actually need modems in the first place. IMO, they are ideally purely independent boxes, simply print a receipt or even just display their output.
A few pictures of the output in the hands of observers and 'tampering' after that point becomes pointless.
There's no particular reason everyone needs to know the results of a competitive state-wide race the same night the polls close, yet we are making all kinds of security and other tradeoffs to support this as a goal.