
US mid-terms: Hackers expose 'staggering' voter machine flaws - dsr12
https://www.bbc.co.uk/news/technology-45680490
======
athenot
Voting machines are a solution in search of a problem.

The whole point of automation is to save on labor, at the cost of simplicity.
Machines are excellent at handling complexity that some experts can come up
with and can execute it reasonably well. Except that this is precisely the
opposite of what's desired in an election.

Voting is one situation where it is DESIREABLE to have many people _manually_
involved in a _simple_ process. Auditing voting machines requires a pretty in-
depth knowledge of information systems and experience with a lot of edge
cases.

 _Proprietary_ voting machines only make auditing worse, basically hiding all
flaws behind a curtain of marketing and legal threats. Over 95% of the
citizens have no way of auditing the integrity of the results and have to put
blind faith in for-profit corporations who are (1) disincentivized from
disclosing flaws and (2) do not suffer penalties when security flaws are found
to be present by researchers.

In a paper scheme, it takes more human effort to tally an election, but every
citizen can participate in that process, and the others can safely observe and
easily understand what's going on. The only downside is that it may take a few
hours instead of seconds. But latency is infinitely preferable over opacity
and potential inaccuracy.

I used to think e-voting would be OK if there was a requirement to use open-
source voting software but even that is problematic. As a software engineer,
it would be my pride to be able to help, however that would still be depriving
non-software people from the ability to participate in the process, and I feel
that is wrong. Now that my focus at work is on building resilient systems, I
believe paper is the way to go, especially considering one of the other
requirements is secrecy.

~~~
honkycat
Probably nit-picky but I feel it's worth pointing out and it supports your
point:

> Over 95% of the citizens have no way of auditing the integrity of the
> results and have to put blind faith in for-profit corporations who are (1)
> disincentivized from disclosing flaws and (2) do not suffer penalties when
> security flaws are found to be present by researchers.

It is WELL UNDER 5%, I would be surprised if quality security engineers
constitute 0.1% of the population.

~~~
dvlsg
0.1 percent of the United States population would still be 325,700 people,
assuming I'm getting the right numbers from Google.

------
marcyb5st
I love [this
video]([https://www.youtube.com/watch?v=w3_0x6oaDmI](https://www.youtube.com/watch?v=w3_0x6oaDmI))
from Tom Scott in which he explains quite well why e-voting is inherently bad.
I am very happy that here in Switzerland, even if we have to vote several
times every year, we still do it the old fashion way :).

~~~
ben_utzer
..and then you see people on Facebook bragging with more than one voting
form/letter in their hands..

Not the best example of "unhackable" system...

~~~
moviuro
Depends how it's done. In France, we register only once in the country, in our
"voting neighborhood".

Once you enter the voting building, you give your ID, sign the register, go to
the voting cell, put your vote in an envelope, give your sealed envelope to be
counted in a sealed box that has a mechanical counter for each envelope it
gets.

Unhackable, because anyone can check the counter, count the signatures, and
participate to the closing count of cast votes.

The real issue is if you can get inscribed on two different voting
neighborhoods though... is that what you describe? (which shouldn't happen,
given how long it takes to get your name on one voting list, since the gvt
probably crosses your name out of all other voting neighborhoods when you do)

~~~
carry_bit
> you give your ID

That's racist. (According to some in the US)

EDIT: So how would you design a system where you don't need an ID to vote
(like many places in the US)?

~~~
infimum
It is racist, when you make it exceedingly difficult for some minority
populations to get an id.

~~~
polyphonic01
No it's not racist, it can easily be implemented in the US today without
issue.

Don't be so patronizing to minority groups, they are just as capable as
everyone else and already have to get ID for numerous other activities.

The US is less racist than most other countries on Earth, yet somehow it is
the US that couldn't properly implement voter ID cards?

Racism in America has dropped dramatically in the last 50 years according to
multiple lines of research, the perception that racism is on the rise is false
and misguided.

It's a shame voter ID can't be implemented on a nationwide basis in the US
just because people have concerns that are longer valid.

~~~
mikeash
Don’t be so ignorant about the motivations and techniques behind American
voter ID laws. The people writing the laws have literally studied the
demographics of who possesses which kind of ID so that they can write the laws
to accept forms more likely to be held by white voters and reject forms more
likely to be held by minorities. And then they’ll shut down or limit the hours
of ID offices in minority areas to make it more difficult for them to remedy
the situation.

We absolutely could properly implement voter ID. We just don’t.

Edit: I would encourage skeptics to look up the history of voter literacy
tests. How can a literacy test be racist? Are you implying that minorities
can’t learn to read? And yet they were highly effective at suppressing the
minority vote for a long time.

~~~
acct1771
That last part is true, and should be fixed before implementing voter ID laws.

------
daphneokeefe
I am a pollworker in San Francisco. On voting day, there is an army of us
temps working at polling places all over town from 6am until 10pm or later,
for about $150. The city is having a very hard time recruiting people for
those long hours on a work day.

We have very old fashioned voting machines that scan ballots marked by voters
by hand. The paper ballots are retained in the machine after being scanned,
and are picked up at the end of the day by sheriffs deputies.

There is another army of mostly city employees working all day and night, for
several days, suporting the polling places (in a dozen languages) and
processing all of the ballots. So it is indeed a costly system.

We have been able to vote by mail for many years, but for various reasona,
about half of the voters prefer to come to the polling place to cast their
ballot (and get an "I voted" sticker).

Meanwhile, Washington, Oregon and Colorado have only voting by mail. No voting
machines no polling places, no army of workers all over town. No doubt there
are issues with processing those ballots as well, but it removes the voting
machines from the vulnerable spots in church dining halls and residential
garages all over town.

~~~
majewsky
> On voting day, there is an army of us temps working at polling places all
> over town from 6am until 10pm or later, for about $150.

That's generous. In Germany, the usual compensation for working 12-14 hours at
a polling place is 30-50 € (35-57 $). Yet there are plenty volunteers
(including me). Many like the idea of fulfilling some civic duty, especially
one that's a one-day job instead of a long-term office.

~~~
daphneokeefe
For comparison, that is below the local minimum wage of $15 per hour.

~~~
majewsky
Yes, and the same applies to my example, even more extremely in fact. 12 hours
of minimum wage would be around 100€, so 30-50€ is not even half of that.

------
Moru
How many years of debugging the manual system for flaws, how many security
bugs have been fixed already? The paper system has been tried and tested for
many many years and we all agree that it's working and is secure. Why do we
want to throw this out for having live results? Is it about saving money? How
much do we save if something goes wrong?

Both systems can be broken by propaganda anyway. That one is also well tested.

~~~
empath75
> Why do we want to throw this out for having live results?

The supposed impetus for the change was the hanging chads controversy in
florida in 2000.

------
endymi0n
Unfortunately, the current alternative to e-voting is long, tedious and non-
realtime.

Recently I had an idea about how to go at this: The elephant in the room is
that you're trusting a single for-profit party with the accuracy of the
result. If you want to assure much more tamper-proof results, the key would be
making this an adversarial task between a voting and a verification machine.
Have a voting machine count the vote and print a receipt. Standardize an
interface between the voting and the verification machine which is a
transparent plastic window where the voter can physically view his choice
before pushing the button at the verification machine that draws in the voting
ticket, verifies the vote, counts it again and stores the physical paper for
retrieval (and regular, infrequent audit).

Make the voting and verification machine vendors adhere to the standard
interface, let them face steep penalties for any deviation between voting and
verification result, forbid any common ownership between the companies and
never let any of these companies supply more than 50% of machines for any
given election.

~~~
wazoox
Come on, it's a couple of hours of work, and it's the occasion to understand
the democratic process and do your civic duty by participating to the ballot
count. Having fair elections beats real-time results hands down.

~~~
bochoh
Not to mention that you get mandated time off (iirc 4 hours unimpeded by work)
to vote on election days here in the states. There are some caveats and
restrictions on getting this time but it does ensure you can get to the polls
even with a odd work schedule.

~~~
wool_gather
This is entirely state-by-state; there's no federal law that covers it. As
such, the exact terms vary pretty widely; in many cases there is no
requirement if you have _n_ hours (sometimes 2) before or after work when the
polls are open; the time can be unpaid in many cases, which can make it a
difficult choice for people paid hourly.

It's also not really expressed as an affirmative _mandate_ per se; you have to
request time off, in some cases it's the employer's choice when the time is
taken, and if they "retaliate" or fire you then you can complain after the
fact. So now you're in a dispute with your employer _and_ you missed your
chance to vote...hooray.

~~~
bochoh
Yes thank you for this clarification - I wrote my initial comment having just
woken up.

------
latchkey
I'd love to see someone hack a major election in such a way that the election
is undeniably invalid. I'm guessing make the vote count 0. That is probably
the only way to get this resolved. While we can endlessly bring the hacking of
machines into the light, it has yet to prove itself to be enough to change
anything. Especially if some of these hacks have been around for a decade.

~~~
mikeash
I don’t think that would do anything. It would be immediately noticed and
corrected, and people’s lesson would be that the system works.

------
aasasd
I still remember how Diebold's machines turned out to be insecure.

That was in 2009.

~~~
majewsky
I remember when the CCC installed a chess program on a NEDAP machine.

That was in 2007:
[https://www.ccc.de/system/uploads/3/original/nedapReport54-1...](https://www.ccc.de/system/uploads/3/original/nedapReport54-1.pdf)

------
swarnie_
I'll admit i started skimming the article from about half way though but i
didn't see any mention of what these flaws actually are?

~~~
JdeBP
Less skimming and more following hyperlinks leads from this news coverage to
_the actual report_ , where details can be found.

* [https://news.ycombinator.com/item?id=18112172](https://news.ycombinator.com/item?id=18112172)

------
michaelmrose
The big question is what do we do about it? What do we do if an election is
actually stolen?

~~~
close04
The only correct answer should be _hack them_. But hack them in a way that's
so obvious and outrageous nobody will ever try to claim they're "good enough"
or "the only way forward".

~~~
sshagent
This i like. Reminds me of the Blackadder politics/voting episode where
despite there being 1 voter there is 16,472 votes.

Some result where 10 times the voters all vote for one candidate.

~~~
jimhefferon
Georgia just had all these things happen, including one precinct with a 243%
turnout. [https://arstechnica.com/tech-policy/2018/08/georgia-
defends-...](https://arstechnica.com/tech-policy/2018/08/georgia-defends-
voting-system-despite-243-percent-turnout-in-one-precinct/) No outrage
appeared.

------
cyborgx7
*voting computers

