
Seals Used to Protect Voting Machines Can Be Opened With a Shim from a Soda Can - ProAm
https://motherboard.vice.com/en_us/article/mbdw73/security-seals-used-to-protect-voting-machines-can-be-easily-opened-with-shim-crafted-from-a-soda-can
======
dfee
Here’s a unique idea: if you want to influence elections, tamper with tamper-
evident stickers to get votes from an unfriendly district thrown out.

So practically (ethically) speaking, why don’t we see physical ballot
collection as equally risky? Is there a good solution?

~~~
sitharus
Physical collection is risky, but we can mitigate the risks.

I can't speak to the US system, but here in New Zealand every political party
is entitled to appoint scrutineers to each polling place. They cannot speak or
interact with anyone but they watch the whole process from checking voter
entitlement, through transporting the ballots and then counting.

The idea is each party distrusts the others so won't let them get away with
rigging the ballot. Mutual distrust produces a trustworthy outcome.

~~~
jcrawfordor
Election administration is by state in the US. To my knowledge, every US state
except for West Virginia allows some form of "observer" or "challenger" (or
sometimes both with different purposes), often appointed by either political
parties or candidates. It's a bit of a patchwork from state to state, but yes,
in general, there is a system of interested persons observing the polling
place.

(In this state, observers and challengers are different, with challengers
specifically serving the purpose of challenging individuals that may not
actually be qualified to vote. Since the pollbooks are electronic today
challengers are rarely seen, they were generally only able to challenge
clerical errors that are no longer seen with computer pollbooks)

~~~
nemo846
Kind of hard to observe electronic voting.

If someone wants to screw with physical votes, they have to access the boxes
which hold them. Easily detectable.

Electronic ... you can have the software changed to modify votes and few would
be the wiser - even have the changes hide themselves if you are smart.

~~~
taeric
This seems overly simplistic. Both have ridiculously tough to harden attack
vectors.

In physical, it isn't enough to protect where the votes are done. They have to
be transported back and ultimately counted somewhere. At any point in that
process, they are vulnerable. No?

~~~
Retra
Vulnerable to what, though? Physically changing votes takes time, and swapping
them leaves a paper trail. If someone miscounts paper votes, you can just
recount them.

With a computer, you flip a bit and there's no record. Votes are miscounted?
Tough, those numbers are a real as any other numbers. And how much time does
it take to swap a vote? Less than a microsecond?

~~~
hrktb
> With a computer, you flip a bit and there's no record

That’s a turn of phrase I didn’t expect on HN.

Do we work in a field where programs don’t have logs, gateways don’t exist,
checksums and securing data integrity is not a thing ?

~~~
re-actor
I think HN understands better than most that any digital data is fragile and
ephemeral. Theres entire fields around just preventing tampering with it.

~~~
hrktb
But then do we understand as well how physical data works, what's the actual
shortcomings etc. ?

Personaly I don't think I do, yet even at my personal level I have anecdotes
of ink just fading out of paper, or countless of widespread voting frauds from
decades ago.

I have the feeling we are putting paper and physical media handling to a
higher standard because we don't know as much about it.

~~~
yardie
Yes. Physical data is well understood. Inks fade, so you use a different
formula and keep it out of the light as much as possible. Inks use chemicals,
so even if it’s not visible you can still see where the writing was done, inks
are pressed into the paper and change the physical structure of the paper in
the process.

It takes a concerted effort to change paper ballots.

~~~
hrktb
The issue is not physical data though. We are talking about a voting system,
with agents, suppliers, observers, ballots and people handling them.

For instance some paper elections in Africa have crazy high voter prticipation
when not so many people showed up.

That’s an extreme and we could point the finger at blatant corruption. We’re
not at these extremes, but where are we on the spectrum?

For instance we don’t have any clear idea of how much corruption we have, to
the point that “perceived corruption” is the best approximation.

What I’m going at is, to evaluate how much trust we put in an electronic
voting system, we’d need better views at the current system than “paper is
better because it’s physical” (that’s not your argument, I take a less nuanced
position as example)

------
kristopolous
These flaws are likely intentional. In a global marketplace, the current
regimes in power are the ones making the purchasing decisions of what machines
to use to run the next election.

Machines that can be readily tampered with and reprogrammed in undetectable
ways likely sell better under the assumption leaders would rather stay in
power and have ceremonious democracy than risk being ousted or overthrown.

Regardless, if someone was upstanding and wanted to run a fair election with
the machines, they can do that as well. Ones that can be altered, preferably
only by the election committee to change an election without getting caught,
is likely a highly sought after device.

That's likely why we keep finding them over and over again. Every few months
another trivial exploit that a fairly incompetent people could discover is
found on yet another device.

No receipts, audits, paper trail or any verification ... just a bunch of
readily reprogrammable devices that anyone with a USB stick or an sd card or
the edge of a housekey could use to change the votes however they please.
Again and again and again.

It's very likely intentional.

~~~
sebleon
Indeed, the US presidential election is a joke on various levels.

1\. The president is not picked based on the people’s vote. The US is a
republic, not a democracy, where government officials cast the deciding votes.

2\. The voting infrastructure can be easily tampered with, likely by design as
pointed out above.

3\. There is no limits on campaign spending, enabling billionaires and
corporations to own the winning candidates that got the most airtime.

4\. Two private entities have a duopoly on the presidency. They’ve established
rules that prevent any new parties from serious consideration.

5\. As surfaced by the Wikileaks DNC dump, at least one (if not both) of these
parties actively sabotage some of their candidates to ensure the party’s pick
a spot in the final national election.

~~~
lucozade
> The president is not picked based on the people’s vote

Yes, the US President is. It's not a straight referendum but that doesn't mean
it's not based on people's votes.

> The US is a republic, not a democracy

It's both.

> where government officials cast the deciding votes

No they don't.

> The voting infrastructure can be easily tampered with

The machines appear to be. That's quite a way from saying that the
infrastructure is. That would require the tampering to be easily achievable.
There's little evidence of that.

> There is no limits on campaign spending

Yes there are. They're not very effective but they exist.

> Two private entities have a duopoly on the presidency

Effectively yes.

> to ensure the party’s pick a spot in the final national election

This would be way more convincing if Trump wasn't the President. He clearly
wasn't the pick of the Republicans establishment. Or anywhere near. If
anything, his election shows that the parties don't have the control that
they'd like you to think they have.

The US presidential elections are far from a joke. Not perfect by any means
but internationally important events and, in historic terms, beacons of
democracy. And in case it need saying, I'm not American and have no interest
in being American.

------
lolc
> Bernhard was able to order two other types of election seals listed on the
> Michigan website, as well as several paper seals, tamper-evident stickers,
> and election certificates through Election Source.

Is that a form of leaving your wifi open so you have plausible deniability
later?

------
nimbius
so, a little bit more about these seals. I am an engine mechanic for a small
chain of truck stops, and what the seal appears to be is an old style
Cambridge MPT series truck trailer seal.

It would be easy to mistakenly use these if you werent 'in the loop' as far as
cargo shipping is concerned because theyre cheap and nobody in your wheelhouse
complained about them. The problem is they are brittle, weather poorly, and as
evidenced can easily be bypassed by shimming. Every MPT style seal can be
bypassed with a soda bottle or pop can AFAIK.

the trucking industry has moved away from them for chain-of-custody purposes.
What the voting machines should be using is the Cambridge PTS series or
similar. Not only does it reveal tampering, but even tampering attempts will
cause the plastic to turn white/red from stress.

if you really wanted to knock it out of the park: CT-PAT Bolt seals. in vitro
locking with spin protection and ISO certified. These can get pricy though,
and require bolt cutters to open when necessary.

------
NeedMoreTea
So every attempt to improve on physical paper ballots and manual counting
seems doomed to fail. I'm not surprised having seen how secure most secure IT
turns out to be.

How can we either a) learn to stop fixing it as it seems quite far from
broken, or b) achieve something that's actually an improvement?

~~~
ridgeguy
I agree with your first sentence. We don't yet know how to make an IT-based
voting system that is as secure as paper ballots.

Paper ballots have attack surfaces, to be sure. It's just that they don't
scale well, and that greatly limits the damage.

I really don't need to know the vote count 9 µsec after the polls close. I
really do need to know the vote count is accurate or can be audited if need
be.

~~~
worldsayshi
> voting system that is as secure as paper ballots

I think it's not about security per say. It's more about scrutability. While
it may be possible to build a system that is more secure in principle it's a
lot harder to build a IT-based voting system that a person from the street can
comprehend and scrutinize in a days work.

------
SilasX
You probably had the same reaction as me: "lol yeah, they're not supposed to
be indestructible, silly, just tamper-evident".

Well, bad news there too:

>But a security researcher in Michigan has shown in videos how he can defeat
plastic security ties that counties across his state use to protect ballot
bags, the cases that store voting machines and the ports that store the memory
cards on optical-scan machines—electronic voting machines that record paper
ballots scanned into them. _He can do so without leaving evidence of
tampering._ [Emphasis added]

------
nickthegreek
A good point in the comments that you would most likely not have unrestricted
access to the back of the tag for the shim as it SHOULD be pulled tight but it
still does not appear as secure as one would hope.

~~~
SamBam
You're assuming that the person who put the tag on isn't the person who wants
to undetectably open it at a later time.

------
INTPenis
They're simply tamper seals. Not padlocks. Payment terminals have the same
thing. You're only supposed to detect tampering, there is no way to stop
tampering when the system is local. Do Vice not understand this simple
principle?

~~~
sebtoast
Maybe you already know this but some padlocks can be easily opened using the
same shimming technique.

------
orasis
I was picturing aquatic mammals (seals) guarding voting machines...

------
barry0079
I think to make the public aware of the risks an election result needs to
simply be hacked in such an obvious way that it's instantly discredited.

------
cududa
@mods can you fix the capitalization in the title

------
dang
Url changed from [https://boingboing.net/2018/10/16/tamper-evident-
seals.html](https://boingboing.net/2018/10/16/tamper-evident-seals.html),
which points to this.

------
java-man
works as designed.

------
323454
Surely the Seals have better things to do?

------
just_steve_h
Obviously, expecting deals to protect voting machines is foolish! They
should've hired walruses.

~~~
geephroh
"Seals Used to Protect Voting Machines Can Be Bribed With a Can of Sardines"

------
gwbas1c
Nothing is 100% tamper proof

------
guhcampos
So what stops someone from tampering with a box of paper ballots and replacing
them with their own, anyway?

Honest question, not rethoric. I don't see how paper ballots get any safer
than electronic, it just seems to change what's the easiest approach to
tampering.

Using both methods to verify one-another sounds decent though.

~~~
matuszeg
You cannot network together boxes of paper ballots and access them via the
internet. It does not fully prevent tampering it just makes it way harder.

~~~
kosievdmerwe
Also if you try to organize large scale tampering someone will fuck up and
you'll realize large scale tampering happened. With electronic voting it might
not be obvious.

