
Norway tightens IT security to prevent ballot tampering - ingve
http://www.reuters.com/article/us-norway-election/norway-tightens-it-security-to-prevent-ballot-tampering-idUSKCN1BC4AH?il=0
======
klondike_
Computer voting was a mistake. It has been shown over and over that voting
machine security is abysmal.

Voting is one of the few things that shouldn't be computerized. It's far
easier to swing an election by hacking a few voting machines than to forge
thousands of ballots.

No matter where you live, do yourself a favor and vote only on paper.

~~~
spaceseaman
I think it's a great example of our governments' misunderstanding of modern
technology and security. Our current governmental computer systems appear
_extremely fragile_ [1] and prone to tampering.

If governments were actually serious about electronic voting, they need
dedicated committees and bureaucratic entities whose sole responsibility is
the maintenance and security of these systems.

I expect the United State to be absolutely crippled by cyber-warfare in the
coming decades. On a state level, our government is simply incapable of
recognizing the many vulnerabilities their systems have and compensating for
them.

While personally I think electronic voting is a trash idea (couldn't we
instead still vote via paper, and then read the results via ML? This would
give us a "margin of error" of votes, but we would always have the paper
ballots to fall back on), I think that tightening IT security is a good thing
for governments to do. Especially considering just how poor computer security
is for government entities.

[1]. Just want to mention I'm not a security guru. This is just my
interpretation after visiting many government websites, reading stories, etc

~~~
QAPereo
There is always major opposition to anything which would cause many more
people to vote, because that would utterly change the current political
landscape. The turkeys won't be voting for Thanksgiving.

------
saltvedt
The machines used to count votes were Windows machines connected to the
internet.

[https://www.nrk.no/norge/teller-opp-stemmer-i-valget-pa-
data...](https://www.nrk.no/norge/teller-opp-stemmer-i-valget-pa-datamaskiner-
tilkoblet-internett-1.13660659)

~~~
spaceseaman
So when is this gonna blow up for someone?

Like are we gonna read about the U.S. power grid being shut down, or an entire
state / nation wide election tampering?

It's absolutely terrifying how incompetent these folks are. Why is there no
one marketing their skills to governments who have actual skills? Why aren't
governments hiring employees with actual skills?

We used to have the most talented structural, mechanical, and industrial
engineers in government positions or as government contractors. Is tech simply
too young for that to have happened yet? Or are governments failing to
adequately respond to their massive skills' gaps?

~~~
empath75
It already did. Look at the last election.

~~~
gruez
Not obvious enough. Power grid hacked, widespread blackouts = somebody
obviously hacked it. Meanwhile, poll numbers slightly off from opinion polls,
but enough to sway an election = could he hacks, or could be sampling error.
And thanks to the 2 party system, both parties will poll close to 50% it's
very easy to hide in the noise.

------
ingve
Vivaldi browser developer Patricia Aas has done a terrific job bringing
awareness to election security issues ahead of the upcoming Norwegian
election:

[https://twitter.com/pati_gallardo/](https://twitter.com/pati_gallardo/) (most
links are in Norwegian, but Google translate does a reasonable job).

~~~
erokar
I agree. She raised this concern as a private citizen and debated it on
national tv and radio with the ballot bureaucrats who initally dowplayed the
issue. If it hadn't been for her, probably nothing would have been done about
it.

~~~
captchaos99
Or someone else would have done it.... ;-)

~~~
erokar
Or not ;)

------
maaaats
Tightening it by counting manually, hehe.

Was a big deal earlier this week that the keys and stuff for some
municipalities were posted online on their web pages. Edit: it was
certificates you had to install in the browser to verify that you were in the
position to enter the total amount of votes in your municipality. The url for
download were unique and random, but got indexed by search engines because
they spy on urls you visit.

[https://www.nrk.no/norge/sensitive-valg-filer-for-tre-
kommun...](https://www.nrk.no/norge/sensitive-valg-filer-for-tre-kommuner-var-
tilgjengelig-for-hele-verden-1.13664601)

Edit, hmm, downvoted?

~~~
JetSpiegel
I don't speak Norwegian, but this claims Edge sends all visited URL to Bing?

Microsoft taking a page from Google, how quaint.

~~~
rlkf
> this claims Edge sends all visited URL to Bing?

Yes. So if you instead of attachments of large files in email send an URL such
as [https://acme.pri/?id=cafe-babe-deadbeeff00d](https://acme.pri/?id=cafe-
babe-deadbeeff00d), which is not secured by any other method than obscurity,
then Edge will submit it to Bing, which indexes it and then the content is
available if you can come up with some keywords that match.

It is fairly well known in Norway, due to having been in the national news
earlier this spring, but I have no reason to think it doesn't apply
universally.

------
andy_ppp
In case you haven’t seen this breakdown by Tom Scott about why electronic
voting is lunicy, here it is:
[https://m.youtube.com/watch?v=w3_0x6oaDmI](https://m.youtube.com/watch?v=w3_0x6oaDmI)

------
alain_gilbert
Just a wild thought I had:

If you remember the invisible dots that printers add, so the government can
track where something was printed. (
[https://news.ycombinator.com/item?id=14501894](https://news.ycombinator.com/item?id=14501894)
)

I wonder if some government did/are/could use this technologies to deanonymize
voters.

For example they would print your SSN on the piece of paper that you are
voting on.

~~~
askvictor
It might be possible, but quite difficult in practice given that a voter can
show up at any time to any number of voting stations.

~~~
alain_gilbert
It's been a while I haven't voted. I'm from Canada and currently live abroad.

But If I remember well, I had to actually vote at a specific place.

The part I don't remember well is if they were giving me a specific sheet of
paper, or just take one on the top of a stack.

I remember they were looking for my name, and I have a souvenir that they
detached the side of the sheet (but this is vague).

I guess it was a stack :)

~~~
askvictor
In Australia, you can go to any polling station in your electorate, where they
find your name in a book of paper (of which there are several copies in each
station, and several stations in each electorate), cross it off, and give you
a ballot paper from a stack. Presumably they process the names lists after the
fact to see if anyone voted twice, though by that point there's no way to get
the votes out of the mix.

------
askvictor
Reposting what a few 2nd level comments have already said: voting is still
done on paper in Norway; the counting if what is being done electronically.

~~~
amptorn
Oh good, so you just have to hack the counting machine?

~~~
askvictor
Yes, that's the point of the security overhaul. But at least paper votes can
be recounted and verified.

------
anfractuosity
Out of interest, with computerised voting do they generally also protect the
information of who voted for who?

I might be wrong, but I don't think paper ballots have any identifying
information on.

Edit: Hmm, ballot papers do apparently have a unique ID on, which I hadn't
noticed before.

~~~
tyfon
Here in Norway at least, all voting is on paper ballot.

You receive an election card (valgkort) in the mail to bring to the polling
station containing all your info. ID is also required.

If you forget this card, they can print it out for you.

Then you enter the booth containing party lists. You can't "punch" the wrong
party as each have their own ballot. You can erase/add/reprioritize names on
the party list you choose though.

Then you put this ballot into an anonymous envelope. This envelope is then put
into another envelope along with your election card.

When they count it, they pull out the ballot envelope and the election card,
register that you have voted, then someone else will open and count the actual
vote.

It seems to me to be pretty secure and anonymous.

------
nkristoffersen
Isn't blockchain tech perfect for voting?

