A billion "hacks" per day seems a bit far fetched. At that point, it's either a visible act of war (if external to the US) or the FBI would be much more involved (if internal). Both of those would be much larger news.
Sure, but that doesn’t change the fact that this is likely just people going through a dictionary trying to guess the password, rather than a cyberattack by a nation-state.
>people going through a dictionary trying to guess the password, rather than a cyberattack by a nation-state.
Russia allows its cyber-criminals free-reign when it comes to the rest of the world, as long as they're not interfering with official interests. Consider the difference in Letters of Marque vs the Admiralty in British history.
It would be like calling every individual connection made during a DDOS event an "attack". No, it's one attack. The number of connections merely indicates the size of the attack, and in this case possibly less because if it's implementing a brute force search over passwords, it could be very, very inefficient.
In other words, it's marketing language designed to scare people who have no understanding of computer security.
Or outside the United States. You would think that they could somehow use geo-fencing that correspond to the districts that are under consideration. Rather than going back to paper counting some form of key-based two-way encryption that verifies voters within the state would be useful and more secure.
I think the point was that you get attempts on /wp-admin.php even if you're not running wordpress at all. I mean, my personal blog is a static collection of HTML pages and I still see /wp-admin.php in logs.
In fact, I've long wondered whether this isn't a great opportunity; I'd like to make a script that went through logs and got every IP trying to access such a path, and adds those IPs to a blacklist that gets dropped at the firewall. Not even a honeypot (since they try even when there's nothing there at all), but still a way to catch (really stupid) bad actors / compromised systems.
I started commenting but I deleted everything half way because I hadn't thought about public WiFi access points. I remember we used to do temporary IP bans on the English Wikipedia if there was too much abuse but it was only for editing. 4chan bans are also for posting afaik. I don't know of a blanket refusal to connect ban for a web server.
Would it be ok to ban an entire IP just because someone from that IP has a compromised machine? I remember this argument that if there is obviously malicious traffic coming from an IP address, the right solution is to block traffic at the next stop, usually the ISP supplying Internet access to that connection. Failing that, the back end should disconnect the ISP and failing that, the other peers should disconnect from the malicious peer. But I don't know how practical it is...
Paper ballots, no machines and especially no machines connected to the internet...if we were able to get that crazy bug into Iranian nuclear reactors without direct transfer from Internet, then you can bet North Korea, Russia, Israel, and China will pour billions to do the same thing.
Voting ID cards too, though I admit I don’t know enough about that. Even if it costs billions to get it done, confidence in fair and free elections is the cornerstone of our democracy.
I’m not sure why ID cards are necessary. If we wanted to do that we would need to make them very easy and free for everybody to get, including getting them on the day of the election. Otherwise it becomes too much of a tool to deny part of the population the ability to vote. (Which is sadly how it’s been used so far in the USA as far as I can tell.)
What is needed is verification against double voting. You must enroll, and so long as you’re enrolled, your name and zip code are on the roll. You go to one of the polling booths for your area. Your name gets ticked off when you vote. If it’s already ticked off then you cry fowl and an investigation must begin why. This seems to work on most of the world not sure why it wouldn’t work here.
We know because many manhours of research has vetted this topic and the consensus is clear: there are very few cases of in person voting fraud in the United States.
Very few meaning about 250 cases over a 15 year period.
Millions upon millions of votes are cast during this timeframe.
Frankly, I expect more fraud to naturally exist, like you.
But it just isn't a problem in the US.
Voting by mail is a state level thing, not every state has the option to vote by mail.
Ideology aside, it is a solution looking for a problem.
Race and voting demographics show Democrats have an edge nationwide that will continue to grow over the next decade and on. Republicans know this and this is why they hit mid-terms so hard. General voting is down and it’s easier to win. Add suppression methods, including psychographic warfare and they know they have a shot to rig the system.
This why Trump won and why our Supreme Court is going to take away the rights of workers, minorities, women, and immigrants.
> How often does it find fraud? For that, we turn to the much-cited 2014 analysis of voter fraud reported by The Post. Loyola Law School professor Justin Levitt looked at 14 years of voting and found 31 possible incidents of in-person voter fraud, comprised of approximately 241 fraudulent ballots.
In my locale, you mark a paper ballot by hand, and it goes into a somewhat antiquated electronic scanner. The scanner is attached to a locked box that stores the ballots. That seems like a reasonable approach.
When I was a kid, I remember going with my mom when she voted. The mechanical voting machine created this roll of paper with everybody's vote marked on it. After the poll closed, they took out the rolls and laid them out down the hallway of the school where the polling occurred. Anybody was welcome to stay and watch while the poll workers checked the tallies.
You need to distinguish between two very different things. In vote result manipulation, a single actor can modify votes wholesale. In voter fraud, an individual who shouldn't vote does, or pretends to be other people and votes multiple times.
The risk of the former is huge and hard to detect. The latter, despite claims the contrary from certain news outlets and Presidents, is actually extraordinarily rare.
Voter ID cards are claimed to address the second issue, even though they actually alienate far more legitimate voter than fraudulent votes.
The election integrity gold standard is paper ballots cast at poll sites tabulated on site when the polls close. Aka the Australian Ballot (private voting, public counting).
Any deviation from that lessens election integrity. Which may be okay, because maybe the trade off makes it worthwhile. For instance, absentee ballots and early voting enfranchises people. But the there is no free lunch with voting systems and these decisions must be measured.
No need to carry an ID card if you can look up each voter's face.
Electronic voting systems were supposedly created to prevent the hanging chad problem. But all we actually needed was a way to properly punch the cards instead of relying upon people to do it manually.
Card punch machines have been around forever. Open source software running on a PC with a card punch attached is all we really needed. And you can count the votes to double check the count of the cards. But you don't have to stop relying on the physical cards.
You could even have machines at the polling place that voters could use to verify that their ballot was properly encoded before they turn it in. A PC with a punch card reader running open source software.
Why do we need to use card punch machines? Here in Missouri, we optically scan inked ballots. Inkavote is the name of the system. Why bother with punching out the card?
In Norway we just have different voter cards for each party in the election. So you go into the voting booth, select your party's card and fold it. Then verify you are you with the election officials and put your folded card in the ballot box.
Elections in the US are organized around specific offices and candidates, not parties. A general election ballot might include 20 offices and several ballot questions.
National ID cards is better. Requiring and ID to vote is open to actual fraud as it can be granted or denied on political basis.
A mandatory national ID card is politics free. It is used to register your weapon, to get health care, to vote, to register your kids in school, etc. It helps that everybody is counted as a citizen. Instead of just removing the people that you don't like (https://www.scpr.org/news/2016/12/22/67481/you-say-you-re-an...).
Sorry to say this, but the US has bigger systemic problems to fix. Voting is a small one compared to the 2-party system. The US always boasts about how it is so democratic; while in reality there isn't much democracy. In fact, the 2-party system looks suspiciously a lot on the 1-party system in existence in many other countries. Sure, you have a choice, but what value is that choice?
> Voting is a small one compared to the 2-party system
How exactly do you propose fixing a two party system without voting? The United States's first past the post voting system pretty much guarantees a two party system[1]. If you want to see a move to ranked choice voting or another system that would encourage third parties, then vote for candidates who are in favor of passing RCV laws and vote for ballot initiatives to pass RCV laws.
> Sure, you have a choice, but what value is that choice?
Clean air, clean water, a person's right to self-determination over what happens with their body, equal pay for equal work...I could go on for a while, but I don't think you're looking to be swayed.
For what it's worth, changing the voting system to, e.g. ranked choice or theoretically superior variants would automatically open up the viability of third (and fourth) parties.
Right now, if a popular movement becomes so excited that they put forth multiple candidates, it divides the vote and they lose.
The first is a good idea, but the second is not. Voter ID cards are historically used to make it harder to vote and thus compromise elections. In person fraud is very uncommon, and it would be very difficult for a foreign government to pull off a large scale interference without being detected.
After all, we struggle to get people to show up to vote once already! The idea of mass ballot fraud seems difficult to countenance without literally paying masses of people to vote (which I believe is extremely illegal).
Right. The hysteria around double or fraudulent voting is crazy. You’d need thousands of people doing it in most districts to have any impact, and that would get obvious really bloody quickly.
I think this is a pretty good example of what I find to be the typical of an American practice of cutting off their own nose to spite their face. [1] Americans absolutely hate the idea of freeloaders or someone getting something they don’t deserve that they would rather make everything in life more complicated, less efficient, and harder on everyone (including themselves) than allow a little bit of inefficiency in the system to be accepted as the trade off. In this case it’s the hysteria around a few cases of voter fraud out of hundreds of millions, so they’d prefer to see a system enacted in which tens of millions of voters will be disenfranchised. Silly and out of proportion.
[1] this doesn’t seem to be the saying I want for this situation but I couldn’t think of a more appropriate one.
"Paranoid" being the operative word, since illegal immigrants -- who don't want surprise government attention -- are even less likely than everybody else to commit voter fraud. For them, it's a stupid and unnecessary risk for no tangible reward.
Let them. There should be citizenship for anyone living or working in this country for six months regardless of how they get here. To do otherwise is to exploit people and subject them to man's inhumanity to man as we are seeing with recent administration policies. That and the precarity and exploitation foisted upon undocumented workers by US corporations using the threat of state violence while crowds call for blood.
A steady trickle of immigrants is much better because then it forces cultural integration, especially when the immigrants do not speak English. A flood of immigrants will lead to a nation divided among cultural lines without the possibility of integration because the cultural bubbles will have already been established.
We should focus on helping impoverished nations develop, so people don't have to leave from their birth countries to find comfort.
In the US there's really not any community of non-English speaking citizens, so whatever to your complaints about integration, the kids desperately want to integrate (and the parents usually agree).
And of course the whole thing where foreigners are scary is as much a modern panic as anything. In periods of pretty open immigration, lots of states didn't require citizenship to vote:
There are hundreds of thousands if not millions of Spanish speaking people and families living in LA, NYC, Miami etc. Many business in the area offer their services in Spanish, and there are enough entertainment options in Spanish that there isn't much of a need to learn English to get by day to day.
So first of all, the numbers on that page support my point without whinging over definitions.
But if you look at what I said, I didn't say anything about language spoken at home or primary language or anything like that, I explicitly said community of non-English speaking citizens, which pretty clearly means people that don't speak English anywhere.
Okay, but it's never been shown to be a problem in any meaningful way. Didn't Trump form a commission to investigate this after the election and then quietly dissolve it after they found nothing? Even the exaggerated reports I've seen from right-wing publications hyping up the threat of 'illegals voting' (ie. Heritage Foundation) detail absolutely paltry numbers of voter fraud(and there really aren't very many reports at all). And of the voter fraud they do detail, a very very small proportion is actually 'voter impersonation'.
I'd really love to see any evidence at all to the contrary.
I think that has more to do with finding one provocative phrase (not by the parent, but by the propagandists who popularize it) that will inflame people in three ways: Voting fraud! Illegal immigrants! And the racial implications of both.
>Americans absolutely hate the idea of freeloaders or someone getting something they don’t deserve that they would rather make everything in life more complicated, less efficient, and harder on everyone (including themselves) than allow a little bit of inefficiency in the system to be accepted as the trade off.
Except some dozend billions here and there at the military
> The hysteria around double or fraudulent voting is crazy.
And yet numerous other countries think it’s a worthwhile endeavor. You could probably get away without ever locking your front door, but why would you when the added security is so easy to implement? Even Mexico has cracked this nut, I think we could too.
Generally these are countries where one of the following is true:
1. The ID in question is nationally compulsory to carry out most day-to-day tasks, and so no one is disenfranchised by having to show it. In the US, on the other hand, there are lots of people without any form of ID card
2. The country has a history of large-scale in-person voter fraud.
In Mexico, both of these things happen to be the case.
I think the current state of US politics all but guarantees that any attempt to implement voter ID cards would result in attempts to lower turnout. Every implementation would be done at the state level, and a bunch of states have already been seen doing anything they can to thwart turnout to the opposing party.
If such an ID scheme were laid out fairly in the constitution, I think the US could do it fairly. But today? It'll never happen.
Voting requires ID in almost every other western democracy, including Canada. The rest of the world see it as very reasonable to identify yourself at a polling station. It's odd that this is so contentious in the US.
IDs are not issued automatically in the US; they take money and effort to acquire. Therefore as implemented in the US, voter IDs are a poll tax.
Unsurprisingly, this makes voter ID a political issue: those who benefit from poll taxes support them, and those whose voters are suppressed by poll taxes oppose them.
I think it would be reasonable to create a national ID card system and fund it through taxes. It could replace driver licenses and social security cards. I do not know why it would be unreasonable to require such a card for voting. It could also serve as a PKI system with the govt acting as a CA (i.e. manage issuance and revocation). There are non zero benefits. And this doesn't have to operate like a poll tax. I don't understand why this isn't already a thing. Seems obvious.
> I don't understand why this isn't already a thing. Seems obvious.
Because people don't want yet another mandatory way to be tracked by the government. It is especially opposed by those here illegally, their supporters, and others historically disenfranchised by more and more centralized requirements. Not everyone has driver's licenses or ssn cards. There are non-zero problems so what should be obvious is why some oppose even if you don't.
> Because people don't want yet another mandatory way to be tracked by the government.
I constantly hear that (the majority of) people don't care about NSA spying, Facebook and Google spying, ad tracking, etc, etc, etc.
But somehow when it comes to being issued a number and a piece of plastic it would never work because people would oppose it based on privacy? I find that very hard to believe.
I've heard, mostly from libertarian small government types, that I should fear government tracking. I'm not sure exactly why. I'm already tracked by IP and cell towers and using my credit card. And I'm not sure what the government is going to nail me with.
I'm not even making an argument about "I'm not doing anything wrong, so why should I fear the machine?" I have assault rifles and thousands of rounds of ammunition purchased with my credit card. There's a non zero risk that the disarmament Inquisition might use my credit card to seize my property or worse. But the risk is... Quite vanishingly small. And I think it's not unreasonable to suggest the risk is vanishingly smaller for ID cards.
Additionally, I'm completely uninterested in warping our legal code around illegal immigrants. They are irrelevant to the conversation. We make laws for the benefit of citizens. Not the other 95% of the globe that aren't American citizens.
I'm additionally not sure how giving, let's say black trans women, a free national ID card and requiring her to show it for purchasing cigs, alcohol, driving and voting is a problem. It's non-onerous.
The reason this hasn't been done is that historically it was taken as a given that the Federal Government were the last people you wanted to do something like that.
The U.S. is a union of States each with different cultures, attitudes, histories, and needs. It was recognized early on that A STRONG Federal government given responsibility to do ANYTHING at a nationwide scale would quickly rustle jimmies as people would begin to feel more and moredisenfranchised by having institutions forced upon them by people who didn't live there.
Common sense thus dictated the country be run from the bottom up. Delegating only certain unquestionable authority to the Federal Government so as to provide a framework for settling disputes between States, and leaving States to handle their own affairs.
It seems to have become more in vogue for issues to end up bubbling straight to the National Congress without passing through a State first.
Nowadays with mainstream media gushing to its various audiences the National Congress seems to have taken center stage, but there is also increased unrest by those uninterested in having their State's ability to run itself as it will usurped by the Federal.
Right. If I had a tenth the hubris that 20th century authoritarian leaders of the USA had when they decided article 1 section 8 and the 14th amendmemt granted the federal government unlimited power (in spite of the 10th amendment), I would ignore this point.
But it's always a valid one.
Pragmatically I'm not suggesting an expansion of federal power, since it already de facto has national identification power for both criminal purposes and entitlements in addition to statues regulating elections. This being said, I would support an amendment to make a tiny expansion to the census provision to support a federal indentification system because I believe the benefits far out weigh the costs.
I federal id card is a political non-starter in the US because of a a bunch of reasons.
First the federal government currently lacks infrastructure to issue IDs effectively. The states handle drivers licenses at DMV which handle a lot of stuff besides just issuing IDs, building separate federal systems would be a large undertaking.
The REAL ID act which was an attempt to create a federal ID managed by the states was passed in 2005 by is still not implemented because many states simply refuse to comply with the law some have even passed laws that prevent the state from complying with the law. The federal government lacks a way to force a majority of the sates to comply with it's will (see marijuana laws). And states don't want a federal id.
I'd like to understand why, but "infrastructure doesn't exist" isn't a reason to not create it. Maybe the argument is that Congress can't do it because people wouldn't reelect representatives that make it harder to pretend they're "off the grid", as if they already were, which they're not.
In any case, I'd like to hear arguments against it besides monetary cost, but so far all I've been exposed to is fringe right wingers whining about the gubment and lefties feeling like reminding us that Jim Crow et al was a thing and they totally promise that's not a red herring.
If such a card existed, it would be reasonable to require it for voting, however, there is no such card, so that is irrelevant until such time as one is created and rolled out to the entire country.
In Germany, I too have to go to some citizens registration office to request an ID card (Personalausweis) and later go there again to retrieve it. It's about 30 EUR, and I have to bring a suitable photo myself, with additional cost and time for that. The thing is then valid for 10 years, tho when I move, I have to go there again to have them change my address on it (free, as of now).
Unless the costs and efforts in the US are unduly high - hundreds of dollars and taking off half a week from work or travel half the country - the claim voter ID laws are an actual poll tax designed to keep people away seems suspicious. Sure there is some hassle and a tiny bit of money required, but I don't see anybody claim that drivers licenses are a scheme to keep poor people off the streets in the same regard.
You also need to wear clothes and shoes into the polling station. Are those expenses considered poll taxes as well? Straw man, but requiring ID is not really a direct poll tax. I certainly don't feel like I'm being unreasonably taxed when I vote with my ID.
You've conflated your feelings with the government's propensity to provide protection for all Americans. Voting is a right, unlike driving an automobile, which is a privilege. Rights have no prerequisites to enjoy them, unlike privileges. We all agree that many people do have the means to acquire government IDs. Just like all goods and services, the amount of money required to purchase an ID might be a pittance to you, but a significant expense to someone else. This, coupled with what I assume is a track record of not being disenfranchised, might explain why you have no frame of reference from which to appreciate why its a poll tax.
Let me rephrase: the majority of people in my society would _agree_ that requiring an ID card to vote is reasonable. That is true based on an observation of the status quo. Voting is also a right in Canada. In the US, being an imprisoned felon erases your right to vote. Hence, voting is not a God given grant as you claim.
You're also making an ignorant generalization about my background. I was brought up by a single, disabled mother. We lived below the poverty line for the majority of my childhood. You'd do well to discard your arrogant approach.
> the majority of people in my society would _agree_ that requiring an ID card to vote is reasonable
On the surface it seems like a reasonable requirement, but it disenfranchises people for little to no return. In-person voter fraud is difficult to do in any meaningful amounts. Estimates show the amount is negligible compared to the kind of disenfranchisement voting restrictions cause.
Additionally there have been a lot of bullshit practices put up to block people from voting: literary test + grandfather clause, poll tax, corporate thugs watching you vote, white supremacists keeping black people out of polling stations, limiting the quantities of polling stations, resisting early voting, using horribly insecure (Windows XP SP1) voting machines, voter records getting purged. Voting is a right, and it's supposed to be the foundation of our democratic republic.
ID costs money, has to be renewed, and is harder to get than it used to be. (Thanks, DHS.) What if you're older, and the building that kept your birth certificate burned down? Or just lost it? This is not uncommon. Do you just not get to vote?
Australia does it, you can use your driver's licence, your passport, or your birth certificate and a recent bill. Or Medicare card.
There is no cost to requiring ID... It is you conflating the cost of acquiring an id with the cost of requiring one. As Australia shows, it can be done with a zero cost (birth certificates and Medicare cards are free)
Australia acheives a 90+% voter turn out. (Compulsory voting through fines) even our poorest are able to vote, that remaining 8% who don't vote are overseas, or missing.
US is lucky if it gets to 60%
The US system has serious problems that completely undermine a democracy... But hey, let's forget the forest and focus on this one tree right here.
You are thinking of this as a person who already has a government issued ID. If you don't drive and don't travel internationally there isn't much in life that would require you go acquire a government issued ID. If the only reason you need the ID is to vote, many people who don't already have an ID won't vote.
This argument seems like grasping me to. How would one function in society at all without an ID? Opening a bank account, cashing a check, driving a car, visiting a doctor, taking a train or plane, going to court. These are all activities which require ID. Sure, there is a tiny fraction of people who can't engage in those activities. But how likely is it that those folks are going to be voting, anyhow?
7% of US households don't have a bank account.[1] Many people live in walkable areas, carpool, or rely on transit. Visiting a doctor doesn't require ID. Taking a train or plane (or a bus) is easier with ID but possible without.
That's surprisingly high! Although I'd assume the total number of people have IDs is greater than the count of those who have bank accounts since there are multiple activities which require IDs (only one being opening a bank account).
Visiting a doctor does take ID if you have insurance. Also, by federal law, picking up any prescriptions that a doctor writes requires ID, certainly at least for narcotic prescriptions.
Doctors' offices generally make some effort to verify the identity of anyone not paying up front. Some insist on scanning a government-issued photo ID. Others are more flexible.
Regulations for dispensing controlled substances vary from state to state. As of 2013, only 24 states required pharmacists to verify identity.[1] Many of those regulations apply only in certain circumstances, don't specifically require government-issued photo ID, have fallback procedures, or allow the pharmacist to dispense the medication without ID if withholding it would harm the patient. Florida recently passed a law that says it's good enough if the pharmacist recognizes the patient.[2]
An ID certainly makes those things easier, but a government issued photo ID is not actually required for any of them. Like I said in my original comment, the only things that absolutely require an ID are international travel and driving. If you do neither of those, then you might not have an ID.
Employers are required to verify documents which shows legal status, some of which are IDs. However there combinations of documents on form I-9 which are not IDs.
But as to your idea about life without an ID... I routinely refuse to show my ID to bank tellers, doctor offices, trains, planes, etc. I avoid most activities the require ID. There is one obvious exception--I drive every day.
I carry my ID with me at all times. But I refuse to show to somebody who is not writing me a traffic ticket. That refusal has not impeded my ability to conduct a normal life.
FWIW, I am not opposed to voter ID. I am opposed to universal ID. My voter ID should not be required to open a bank account, or rent an apartment. It should be for one purpose. I recently tried to open a bank account. They asked for my SSN. I gave it to them so they could report taxable income to the IRS. They asked for my drivers license. I refused. They asked for my employment history. I refused. If they asked for my shoe size, I would refuse.
Over-collection of personal data is a big problem right now. Most people facilitate it. I try to resist it.
So, the premise is that all Liberals think this way, right?
It seems odd that Fox News keep returning to college campuses over and over and over to get quotes that are intended to represent the views of Liberals writ large.
I mean, they're in New York City, wouldn't it be simpler to go outside their office and interview some adults with jobs?
Trying to wrack my brain to figure out why they would keep talking to 18 year olds over and over again, hmm...
I’d love for you to explain how living life as an adult in the US without an ID is remotely close to possible for any reasonable length of time. Want a job? You need ID. Banks are obviosuly out, but so are prepaid reloadable cards. Live on cash only from an under-the-table job where you weren’t asked for ID? Fine, but where do you plan to live without ID? Even weekly motels require ID.
The idea that a legal, eligible-to-vote US citizen is running around living life in 2018 without any form of ID is preposterous.
I have an ID. Last time I renewed it I specifically spurned the "Real ID" option. Which supposedly means I can't get on an airplane. I have since been on an airplane. But not one that required a loss of dignity.
I did not provide a driver license to my employer. I have worked legitimately for them every day for many years.
I did not provide a driver license to my ISP.
I can't fathom why my bank would need to know if I am allowed to drive. They do, however, have a legitimate reason for wanting my SSN.
This current year I have traveled across 4 states several times. Nobody asked me for my license. I've spent many thousands of dollars with retailers. I've stayed at multiple hotels. I've been to the airport a few times. And I've lived in the home that I own all year long. In none of these situations have I been asked for a driver license.
I have been asked for my driver license in what seemed odd circumstances. I gave them a puzzled look and declined the requests. Once or twice they persisted and I asked them why they needed to know if I was permitted to drive. They sputter something about their computer screen. I ask them if we can proceed if I don't have a license, and they eventually figure out how to do that. We complete our business; I get in my car and drive home.
Honestly, I wish people like you would put up a little more resistance. But I recognize your right to do whatever you want with your license.
This is completely separate from voting issues, but I tend to avoid settings where I am treated like a suspect. I certainly don't pay people specifically to treat me like a suspect. As you might guess, this means that I don't do business with commercial airlines.
It also means that I avoid sporting events that require pat-downs. Or neighborhood parties that require criminal background checks. Or schools with metal detectors at the entrance.
In general, if an event is so sketchy and risky that it requires those measures, I take it as a signal to avoid that event. When I see somebody dressed in full combat gear I know I am not where I want to be.
> The idea that a legal, eligible-to-vote US citizen is running around living life in 2018 without any form of ID is preposterous
That's possibly true, but also completely irrelevant to what we are discussing, because in most states the voter ID laws only accept a few specific kinds of ID. There are many legal, eligible-to-vote US citizens running around living life in 2018 without any of these specific kinds of ID.
No, what is preposterous is that you cant imagine people with no employment, no bank account, nor vehicle to drive living in the US. Those people have a right to vote even if you aren't impressed with their quality of living.
...living in the US. Those people have a right to vote
Living in the US and having the right to vote are not the same thing. Illegal aliens, temporary and permanent residents, and other people of varying status live in the US but cannot legally vote, at least in federal elections.
There are "people with no employment, no bank account, nor vehicle to drive living in the US" who are U.S. citizens. Disenfranchising them is unamerican.
Right, but I was speaking about citizens. Nice deflection. People on HN are usually great but many seem to argue in bad faith and it makes me want to quit this platform (in addition to the others).
How am I arguing in bad faith when your comment didn't specify citizens, and merely said people? My point was that there aren't many citizens that fall into the category you were talking about, but there are many people that do. Most citizens, at a minimum, have some form of government issued ID.
Well, your average clothes-or-shoes store isn't sited, controlled, and operated by a partisan political party trying to actively sabotage certain groups to prevent them from voting.
If you choose not to vote, you save that money and it effects your life in no direct way. You can't choose not to wear clothes and still expect to live a normal life. The point is if the ID was free, it would be different, because you'd have no incentive to not have one.
If a person doesn't have a car, unless they live in a big city, they are likely to be poor. IF they are poor, they are on government assistance, right? So what ID do they use to get that assistance?
That someone might have to pay $15-30 every 5 years to renew a state ID, and have it be claimed that it is a "poll tax" to vote, is ridiculous.
I live in a small U.S. town. There are not 10K people living within 25 miles of my house. While few here would admit to being rich, people who don't live here might see them as pretty well off. There is probably something close to 1 car per capita. That includes infants. If you throw in motorcycles, four-wheelers, tractors, loaders, golf carts, boats, jet skis, snowmobiles, personal fork-lifts, etc. we have to go well above 1 vehicle per capita.
Still, there are many functioning people here who do not own a single vehicle.
That doesn't make them poor or stupid or government-dependent.
Your ignorance and prejudice are undermining your ability to mount a convincing argument. I happen to think that a voter ID is not an unacceptable idea. But I run across so many people who seem to mount the kinds of uninformed arguments that you have here. These arguments scare me. They make me worry about the capacity of our society to enact a reasonable voter ID program. It seems like it should be so simple. Then I read the thinking of people like you and worry that it will be botched.
I, for one, hope that a driver's license in not an acceptable ID for voting. It certainly is not sufficient to prove citizenship.
Perhaps you think we control for that as part of voter registration. We do not. I registered by walking into a post office, filling out a form, and handing the clerk some pocket change for a stamp.
If he drives them, he will rightfully be arrested. If he wants to bail out of jail after his arrest, the bondsman will require ID. No ID, and he sits there in jail until his case is heard several months down the line.
With respect to your other claims, you seem to be of the belief that a Driver's License and an ID are necessarily the same thing. They are not. You can easily acquire an ID card that is not a driver's license.
I was responding specifically to a claim that people without a car must be poor and on government support. That was followed by a question about how many adults don't have Driver's Licenses. To the first claim I responded with experience of people without cars who were not poor. To the second question I provided experience with people that don't have a Driver's License.
To your statement, I will respond by letting you know that he does not drive. I agree that he should be arrested if he is found driving without a license.
I will also point out that you have made some of the same poor assumptions as the first comment. If he wants to bail out of jail after his arrest, he will open his wallet and pay cash for his bail. If he doesn't actually have the cash in his wallet, he may send his driver to retrieve more cash.
People without a Driver's License are not necessarily poor. Or uneducated. Or dim-witted.
Who said anything about being poor? Are you implying that only poor people use bondsman?
In this thread you’ve said that you only fly private and that your father has a personal driver. Congratulations to you/him on your success in life, but something tells me that both of you have ID if this is the case.
What's contentious is the versions used by Republicans: make the required ID a kind of ID you can only obtain in certain locations, and then close most all of those locations in predominately black counties, or make the ID expensive or obscure or difficult to obtain for working folks. And even when it isn't racist, it's very clearly there to preserve GOP majorities:
Almost every other Western democracy also has national ID cards, which the United States does not.
It sounds like a good idea in theory, but in practice - specifically in the United States - requiring ID for registered voters at the polling station is used by the Republican Party for the sole purpose of disenfranchising Democratic voters.
Government-issued ID in general has a long history of being contentious in the US, and is consequently a complete goddamn mess. As a country, we really aren't in the habit of setting things up with the assumption that every citizen has an official ID. So not requring ID to vote looks strange compared to other countries, but not compared to how we treat ID generally in the US.
Looking at the description of Canada, it looks similar to how the US has worked.
The general thing people have wanted to avoid is an extra burden that burdens poor voters. Either an ID that costs money (poll taxes are banned in many countries, so this is always a little dubious), or that simply requires going to a distant or understaffed facility to get the ID.
> Voting requires ID in almost every other western democracy
Not in the UK. [1]
> Do I need to take ID to the polling station?
> You do not need to show ID to vote in England, Scotland and Wales. You just need to tell polling staff your name and address. They will then cross your name off the list and give you a ballot paper.
There were trials of a voter id system recently, but it is widely regarded as "a solution in search of a problem" and a way of suppressing the vote of the economically disadvantaged, the natural opponents of the ruling right wing Tory party[2]
> There, I've made my point and provided as much evidence as you have towards your point
The difference between your point and his point is that he could easily provide evidence for his, since there have been numerous lawsuits over these laws by civil rights groups, and the evidence was well publicized in those cases, and there have also been academic studies of these laws. Some links: [1] [2] [3].
There are ineligible people who vote, but almost all of them do so by means that would not be stopped by voter ID laws, most commonly absentee ballots. This makes it very hard to find evidence that supports you points.
What about finger paint, like most other countries use?
You just simply get an unwashable ink on your thumb. It does a few things. It shows you voted already. Also, puts a little bit of social pressure on people you see who don't have the mark.
All of the drivers license offices in the city limits of Atlanta were shutdown at the same time Georgia enacted a photo ID requirement for voting. Though only a temporary situation, for a period of time anyone living in the city who wanted an ID was required to hike out to the suburbs.
The state responded to criticisms of how difficult it could be for some to get an ID even if offered for free by having a bus travel around the state with the state issued ID issuing facilities available on the bus. That program was poorly funded, the bus often broke down, and usage was very low. Think they ended up doing away with the bus. The city of Atlanta eventually did get a new drivers license center and photo IDs are available free of charge to those who fill out an affidavit stating they cannot afford the ID fee.
It's difficult to know how much fraudulent voting takes place. I'd like it better if there were photo ID requirements in place but if we're going to do that, the process for obtaining such an ID must be made orders of magnitude easier. For those in rural areas, getting to the county seat can be a challenge. Polling places are much more widespread than locations to obtain photo IDs. The added requirements of the Patriot Act for government IDs likely has made this situation even worse.
Photo IDs are useful for many purposes beyond voting. I don't want to have a society in which one must carry a photo ID at all times but I'd also like to live in one where anyone can easily obtain one. Seems like this is the real problem that needs to be solved.
Voter ID laws would be OK if they were passed along with funding to provide Voting IDs to citizens. Somehow, they never are... (generally speaking, in the US)
I'm so sick of this excuse. The correct response is "... so let's not do that this time, mkay?" Specifically, make them absolutely free-as-in-beer and only require minimal time and effort to obtain (benchmark: proof of address is too much effort). You do this explicitly on the basis that voting is a universal right and requiring money for it is abhorrent, as is any other obstacle not strictly required for ensuring uniqueness.
Now you can also get rid of the half-assed national ID system comprised by our driver's licenses, state IDs, etc. And the people who want to use voter IDs to disenfranchise people have to shut up because you've addressed their supposed point.
The point is political judo. They've already advocated for ID cards, so they can't very well openly object to modifying them in a way that obviously increases freedom, at least not without tipping their hand in a more obvious way. They can't do it without cooperation, so it's possible to ensure that it can't be implemented in a disenfranchising way if the opposition wanted to, which frankly is evidence they don't.
And really, it's not an unreasonable idea. Other countries do this just fine. We just need to not mess it up.
> Voter ID cards are historically used to make it harder to vote
Is that the case in the numerous other countries that require voter ID? I find it funny how we always use “but every other country does it!” when talking about things the US should adopt (e.g., the metric system, socialized healthcare), but that’s apparently not a good reason when talking about voter ID. Even countries with far poorer populations than our own seem to think being able to provide proof of who you are at the time of voting is a good idea, why can’t we?
"Is that the case in the numerous other countries that require voter ID?"
Other countries that require ID to vote generally have an ID card system separate from the driving of vehicles, and more people hold passports. Consequently, a larger percentage of the population has a state ID readily at hand. Yes, in the USA states might offer an non-driver’s-license ID card, but the system is that this is a choice, not a must, while in other countries everyone needs to carry some form of ID at all time.
This might be my political bubble speaking, but the vast, vast majority of voter suppression stories I've seen have been Republican legislatures trying to deprive the Democratic party of votes.
But even if that's not the case, it stands to reason it'll end up being a left/right thing, because it's the right trying to deprive the left of a vote, or vice versa. The two party system guarantees it.
It's been that way since the civil rights movement and the republican southern strategy. Minorities, with very good reason, tend to vote against the republicans. This means someone holding household level demographic data knows exactly which neighborhoods to target if they're willing to use suppression tactics. And that's exactly what we've seen happening.
It's because the right benefits from low turnout. The left, representing the interests of the proletarian majority, benefits from large turnout. The Democratic party, a center left or center right party depending on who you talk to, has co-opted the left voter base and thereby depends on higher turnout during general elections. As a centrist party, they intentionally suppress turnout during primary elections (e.g. by not advertising the date in my community) to restrict ideological choices.
There's so much tribalism happening now. Getting legal Americans to vote and vote easily should be an issue for everyone to care about, regardless of party affiliation.
I am a bit sceptic that paper ballots were as good as we want them to be. I remember every elections the bunch of dead people voting reported on the news, and that must be the tip of the iceberg.
For comparison, in the payment world we have the paper cheques and credit card, and though credit card fraud is strong in the mind of the public, most entities accepting payment gave up on paper cheques a while ago because of how hard it was to secure and everything that was involved in processing them.
If it didn't work for money, I can't imagine it's a good idea to keep for voting.
Let's not forget about how the Bushs burned a few thousand votes in Florida to win the 2000 election over Gore.
It's hard to believe voting machines aren't hacked on the regular with how they're almost built to be insecure. But maybe they've never been hacked. I don't know.
Either way, that doesn't make all technological solutions bad by default. A technological solution /could/ be better than a paper solution.
I think the crypto bubble is very overhyped, but I'm pretty sure some form of a distributed voter database /could/ make it nearly impossible to forge a single vote, let alone forging votes at scale.
If there is no online voting, why is the system even connected to the Internet? What exactly are the attacks against? The voter registration site? The election results site?
From what I understand the greatest vulnerability is modification of voter registration data. If you show up to vote and they don't have you in that district's voter rolls because your address was changed to another state, your vote has just been taken away.
If this is the case, it begs the question why voter registration data is directly connected to the Internet. Yes, we want to allow online registrations and modifications, but surely we could have a batch process to make changes to the canonical source, with a signed log of changes.
Could you clarify how you would see these batch data transfered outside of the internet ?
We are speaking of dispatching that data to every single voting stations, set in schools, small town offices, etc. Most "secure" solutions (private lines, central update and physical dispatch of the machines days before the elections, etc) seem difficult and/or crazy costly to me.
For all the studies that show voter fraud is not prevalent and a complete non-issue, we can say even more certainly that “election hacking” is an even more egregious smoke screen.
So much this, yes i'm sure people were attempting to scan it up but I guarantee you could show the same for almost every network out there. I understand the fear mongering to a degree but its projecting things in the wrong place and it's almost like crying wolf.
Sadly I smell FUD virtually every time a security engineer opens his mouth. Yes there are some great ones, but I’ve never worked with one directly.
Part of my skepticism is rooted in the prevalent ignorance of basic computing theory. If you can’t define the operational semantics of a system then you can’t rigorously convince yourself or anyone else that it is “secure.”
> If you can’t define the operational semantics of a system then you can’t rigorously convince yourself or anyone else that it is “secure.”
Well. This means no one can provide any security guarantee for any remotely realistic system because no modern stack has a completely understood&formalized operational semantics. But I definitely know that some systems are much more secure than others! So this seems like a situation where perfect is very much the enemy of "1000x better than it could've been".
Furthermore, formalization is "above and beyond" best practice, so you're unlikely to be accused of negligence if you do "better than best practice but still not formalized".
Finally, the original claim is not true. There are many systems with non-operational semantics that are useful for proving security properties. And sometimes no semantics is needed at all for large swaths of the system. Sandboxing is an excellent example of the latter. For some very reasonable attacker models, you need an operational semantics for the sandbox but don't need an operational semantics for whatever's running inside the sandbox in order to provide fairly strong security guarantees.
There are realistic systems that are operationally secure by the given standard. Nuclear launch systems are the obvious example.
“Best practice” is a euphemism for whatever it is the majority does. Nobody ever got fired for buying IBM. That’s not even reasoning.
Finally, your paragraph about sandboxing is ill considered, but not that wrong. First all programs have operational semantics, the only question is how well understood they are. Second sandboxing is a constraint that is easily formally expressed by way of the logical consequence. I’m surprised you’re taking issue with that since you give a great example thereof.
> There are realistic systems that are operationally secure by the given standard. Nuclear launch systems are the obvious example.
AFAIK there aren't really any examples of production systems that have meaningful, formally verified security properties without gaping holes.
Do you have a good paper about the full stack formalization/verification of a nuclear launch system?
> “Best practice” is a euphemism for whatever it is the majority does. Nobody ever got fired for buying IBM. That’s not even reasoning.
1. Companies are sometimes sued, successfully, for not following "best practices". And on technical merits. Ex, Toyota lawsuits.
2. It most definitely is reasoning! Here's the cartoon derivation: "If I buy IBM I do not get fired. Therefore, I will buy IBM". This is reasoning about the social system, not the technical system. But then, security is both a technical problem and a social problem. $Billions on formal verification can't stop the simplest of phishing attacks.
> First all programs have operational semantics, the only question is how well understood they are.
Well... I guess technically. But that's not typically what people mean when they say something "has a(n operational) semantics".
Typically when people say "X has an operational semantics" they mean "someone has actually tex'd/coq'd/pencil'd the transition rules and maybe proved things about them".
Example: If I implement a programming language without doing any theory and you ask if I have an operational semantics, the only non-confusing answer is "no" or perhaps "the semantics is defined by the implementation of the compiler", which is just a tongue-in-cheek way of saying "no". This doesn't mean that no operational semantics exists, it just means I haven't written it down in the form of transition rules or a coq file or whatever.
If I give my language a denotational semantics and you ask if I have an operational semantics, I'll say "no". But again, that doesn't mean that the operational semantics don't exist. It just means I haven't written them down and proven a correspdonence.
> I’m surprised you’re taking issue with that since you give a great example thereof.
I think you missed the fundamental moral of the sandboxing example: perfect is the enemy of good enough.
Sandboxes allow for security guarantees without formalizing every aspect of the system. In fact, I conjecture that these sorts of "don't try to formalize everything" approaches toward formal security guarantees are really the only ones that scale.
If you try to formalize everything, you'll drown. If you strategically concede defeat and admit that some parts of the system aren't possible to formalize, you can get a lot of strong guarantees. As long as the concessions are strategic. Ex, sandboxing whenever the permissions interface is simple but the implementation is complex and the failure modes permit sandboxing.
Or, to put that observation in a pithy phrase: "perfect is the enemy of good enough."
> Do you have a good paper about the full stack formalization/verification of a nuclear launch system?
Bwahahaha you're funny.
> If you try to formalize everything, you'll drown. If you strategically concede defeat and admit that some parts of the system aren't possible to formalize, you can get a lot of strong guarantees.
You're contradicting yourself again. There's a reason why weakness is a strength in formalisms.
No, I'm curious and would use that citation! Even just a paper saying "this has been done" without any details? I have a hard time believing this has been done, and people are allowed to talk about it on online forums, but there isn't a single citation even acknowleding its existence.
> You're contradicting yourself again. There's a reason why weakness is a strength in formalisms.
I'm not sure what this means, but it sounds a lot like what I've been saying all along?
Honestly, a lot of systems have enough low-hanging fruit that formalizing the semantics is probably not worth it. Can people outside this small list get a shell on your server? Then it's not secure. Let's start there.
That’s a well said example and actually very easy to establish formally by complementation. I don't really care if Hoare notation, the predicate calculus, or even English is the language of choice, so long as the argument is rigorous. That said we all know how difficult avoiding ambiguity is in English, so I wouldn’t choose it except for the broad strokes.
Security isn’t about developing a perfectly secure system, it’s about mitigating the likelihood of your imperfect system being infiltrated. The same is true of military, etc.
No competent person is going to tell you that the system is unhackable.
It's not a security professional saying this though. It's a politician.
You can never be 100%, you're right. You can be aware of common attack vectors and address them though. You can be aware of what resources are most vital to protect or are common targets in your industry and focus your efforts.
Most people actually in security will tell you the same.
That number is insanely high. Are they talking about all voting machines being connected to the internet? Or is it some back office set of systems?
For the life I me I don’t know why voting machines and voting systems need to be connected to the internet. It’s just a flat out unnecessary risk.
That’s not to say that they shouldn’t be built so secure you could connect them to the internet. But nothing is perfect and unnecessary risks should be avoided with such an important system.
Which is probably why we should be using paper ballots and scanners with results called in from the regional counting centers. And manual count available then as much as needed or desired post election night for verification. This rush to electronic voting boggles my mind.
I encourage all citizens who typically do not vote, to vote your conscience, and then lie. Already no one expects you to vote anyway, so just lie per their expectations and say you didn't vote. That way you don't have to justify or argue your choice any differently than you have in the past.
Yes it's a bit chicken s* but so f'n what? You don't actually owe anyone an explanation anyway, but you're entitled to vote. So just get on with it, and lie. Everyone is lying about something or other anyway and this kind of lie is pretty benign. And it's in the public good that you vote even if you don't like arguing about why you voted the way you did.
There would be a absurd cognitive overhead for people to have to study and prepare an opinion for as many votes as they have financial transactions. Every other productive activity in the US would grind to a halt.
No, this is the 2018 guide for the primary election. That is less than 2 years after the 2016 general presidential election. In 4 more months, there will be another 2018 guide for the general election. That means there will be 6 elections in 4 years, not counting any special elections:
No you can’t, your analogy is absurd. Canada uses a fully paper system for federal elections and the costs of manually counting are negligible, and still completed the evening of. The same can be said of American elections before the allure of electronic systems took hold.
Is there any reason for a voting system to ever be connected to the internet? (I assume this system is, because I can't think of any other attack vectors that enable the reported volume of "hacking attempts".)
to put this in perspective, this is one-quarter of Google's global search traffic, in hack attempts. 'hack attempts' are always bullshit but this is especially impressive
Google isn't going to count port scanning and other such malicious activity in their global search traffic metrics. It's very possible that such traffic is more prevalent than legitimate search traffic by orders of magnitude. I have personally operationally managed sites which are only very moderately high profile and yet still receive a constant stream of malicious requests from foreign IPs pretty much 24/7 even with aggressive, proactive & reactive firewalling in place. The costs to execute such tasks are negligible for a nation-state. To be honest I'd be more inclined to believe the numbers are real and that you're posting this comment as an agent of a belligerent nation-state trying to spread mininformation than the other way around (though I sincerely do hope you are posting in good faith and are just naive).
"1B hacking attempts" is, of course, incredibly vague. It could be 100 sophisticated groups using their 1B 0-days, or one dude running a script on repeat.
Depends what you mean by "voting system". Individual voting machines rarely are - they're usually air-gapped, read the ballot from a physical memory card transported by sneakernet from administrative offices, and write vote totals back to those cards for sneakernet transmission to same offices.
However, those central locations use a lot of internet-connected machines, mostly to communicate their numbers to outside systems. The computers that program the ballot descriptions pre-election (a vector for attacking voting machines) are also usually internet-connected - they're plain old desktop workstations of some elections official.
Air-gapping those systems is probably doable, at a minor loss of convenience, but there is a reason they're internet-connected.
Geez, just like... Give the voting software its own isolated network, and for external reporting force somebody to dump the results to a flash drive before uploading them to the web. I'm not even a security expert, but maybe I could get a job as one working for the US government.
It is an interesting data point, and it makes me wonder if we can use this as a side channel attack to figure out who the hackers "like" and who they "don't like" running for office. Might give us more insight into the hacker's goals.
If they have such hacking attempts, console access should be gated by a jumpbox that SSH/ipsec secured by SPA portknocking. For external services, have transparent proxies with deep SPI/IPS and IP acls out in front.
Are they including SSH port scanning and attempts on port 22?