
Are voting-machine modems truly divorced from the Internet? - DiabloD3
https://freedom-to-tinker.com/2018/02/22/are-voting-machine-modems-truly-divorced-from-the-internet/
======
eli
This supports my long held belief that one of the best thing we could do for
improving vote administration is convincing the public to be patient with
results.

There's no particular reason everyone _needs_ to know the results of a
competitive state-wide race the same night the polls close, yet we are making
all kinds of security and other tradeoffs to support this as a goal.

~~~
skrause
Just do it like the Germans where there are no more voting machines, just
paper ballots, and you have the election result within a few hours.

There is really no reason for voting machines at all.

~~~
westbywest
Indeed touchscreen voting machines have well documented security flaws, but
the article mentions optical-scan machines by ES&S. That is, machines that
scan paper ballots. Paper ballots would be reviewed by humans during recounts,
or if doubts arise over the tallies, but maybe not if election officials have
no reason to be doubtful.

------
zellyn
I'm sure there are ridiculous penalties for interfering with actual elections,
but I can't help feeling that what we need with electronic voting machines is
for someone to hack them to _only_ pick Democrats. Within 3 hours, Republicans
would be calling for paper-only ballots, and sanity would have prevailed.

~~~
westbywest
The article mentions optical-scan machines, i.e. machines that tally paper
ballots.

~~~
crankylinuxuser
Those have always bugged me. Ok, so I fill out this scantron sheet, but how do
I know that the computer interpreted the results I filled out? How do I know
that some goof on the paper invalidated a vote?

I'd like some sort of verification and 2 clicky buttons with VOTE/NO VOTE test
upon seeing the scanned results. I guess I expect too much here...

~~~
ShorsHammer
While probably scary and a non-starter for some have often wanted a key
stretched hash of a voters id number/vote/salt as a public record (possibly
also stamped into a blockchain) and able to be checked by the voter holding
the salt and no one else.

Once you put a ballot paper in a box you have no idea whether it was properly
counted or lost.

There's the inevitable issue of cryprographic advances and forward secrecy,
which wouldn't sit well with some people for fair reason, anonymous voting is
a cornerstone of democracy. Personally wouldnt mind my vote being public a few
decades after the fact but not before then.

Electronic voting has a bad reputation here but there's certainly room for
improvement on paper only.

------
gruez
>Even easier than hacking through router bugs is just setting up an imposter
cell-phone “tower” near the voting machine; one commonly used brand of these,
used by many police departments, is called “Stingray.”

am i too optimistic to assume that the voting machines at least use TLS?

~~~
dnet
That's mostly irrelevant, since that only protects the integrity and
confidentiality of that TCP connection. However, you can still exploit the
vulnerabilities of all the services listening on the device. Separating voting
machine networks from the internet is orthogonal to the problem of network
protocol hardening between endpoints within this "separated" network.

------
ravenstine
Why are they connected to any network at all? Why aren't they just used to
tally votes?

~~~
craftyguy
Because voters "need" to know results as soon as possible.

(they actually don't need to know, but they think they do)

------
Justsignedup
I think the tl;dr is: security is hard. Really hard. In fact anyone who
trivializes the complexity of keeping voting secure (including congress) is
not understanding it.

------
randomerr
Landline modems are by far the most secure. But even those modems call out to
fiber optic cables that run on the same switches as the internet and cellular
networks. ISDN modems a communication protocol that uses something like block
chain technology is the best we can offer. ISDN give use speed (less chance to
get intercepted) and data validation that audio modems just don't.

Those option aside, physically shipping the units in armored trucks with
tamper tapes installed and physical tapes as a backup is the best option.

~~~
Retric
Key exchange is a non issue with these systems making secure SSL connections
viable. However, I don't think they actually need modems in the first place.
IMO, they are ideally purely independent boxes, simply print a receipt or even
just display their output.

A few pictures of the output in the hands of observers and 'tampering' after
that point becomes pointless.

