
Voting Machine Used in Half of U.S. Is Vulnerable to Attack, Report Finds - briatx
https://www.wsj.com/articles/widely-used-election-systems-are-vulnerable-to-attack-report-finds-1538020802
======
neonate
[http://archive.is/g1sAr](http://archive.is/g1sAr)

------
return-value
I work for the municipality of Skanderborg, Denmark. We have what we call
digital elections, but what’s digitized is the registration process. Basically
every adult gets a voting card with their information + a barcode, we scan
those barcodes when they turn up to receive their ballot(is that the right
word for voting list?), and then they are registered.

The actual voting takes place on paper, and while it takes time to prepare the
ballots and count the votes, the process of voting doesn’t take very longer
than a few minutes for the individual citizen. From they enter the voting
place till they are done.

I think that’s the way to digitize elections, you make them speedy for the
citizens, but safe for democracy.

I can’t for the life of me understand why you would ever do a digital vote.
It’s just so risky. I guess you save money by adding effectiveness to the
process surrounding an election, preparing ballots and counting votes, but
those parts of the process are owned by the public sector and I don’t think
the government should ever value the safety of our democracy as less important
than money. We count votes by enlisting employees of the municipality, members
of political parties and paid help from local NGOs, and everything is
monitored and counted a few times. It’s a little taxing, but everyone involved
enjoy the process, and financially it’s not that expensive compared to paying
a license for voting machines.

~~~
jniedrauer
> It’s a little taxing, but everyone involved enjoy the process

This is part of the problem in the United States. Voting is a chore, and
you're often going to lose money (unpaid time off) to do it. If elections were
national holidays and voting was treated as a privilege instead of a chore, we
would be much better off.

~~~
vec
I live in Colorado.

A couple of weeks before the midterms I'm going to get a packet in the mail
containing my ballot, instructions for filling it out, a pamphlet where every
candidate on the ballot gets a paragraph or two to make their case, and a
prepaid return envelope. I fill out my ballot at my leisure, stuff it in the
envelope, sign the envelope underneath the flap, and drop it in a mailbox.
There's a receipt with an anonymous serial number in the packet that I can go
online and use to verify my ballot has been received. If I'm worried about
missing the deadline there are also dropboxes in most government buildings I
can drop my ballot in up through the day of the election, along with a few
traditional polling places open on election day.

Voter turnout here is about twelve points above the national average.

~~~
jawilson2
And in some states, like Florida, if you vote by mail it is 10x less likely to
be counted.[1]

Our democracy is broken, and the people capable of fixing it are actively
incentivized to keep it broken.

[1] [https://www.miamiherald.com/news/politics-
government/state-p...](https://www.miamiherald.com/news/politics-
government/state-politics/article218654810.html)

~~~
kbenson
> And in some states, like Florida, if you vote by mail it is 10x less likely
> to be counted

The headline of that article is "If you vote by mail in Florida, it’s 10 times
more likely that ballot won’t count". That's not equivalent to what you said.

If there's a 99% chance your vote will count and 1% chance it won't, a 10
times more likely to not count changes that to a 90% will count/10% won't
count chance. Using your wording, it would change it to a 9% will count/91%
won't count chance. Those are _vastly_ different things.

------
olivermarks
HBO 2006 documentary 'Hacking Democracy' on Youtube
[https://youtu.be/iZLWPleeCHE](https://youtu.be/iZLWPleeCHE)

'The film investigates the flawed integrity of electronic voting machines,
particularly those made by Diebold Election Systems, exposing previously
unknown backdoors in the Diebold trade secret computer software. The film
culminates dramatically in the on-camera hacking of the in-use / working
Diebold election system in Leon County, Florida - the same computer voting
system which has been used in actual American elections across thirty-three
states, and which still counts tens of millions of America's votes today.'
[https://en.wikipedia.org/wiki/Hacking_Democracy](https://en.wikipedia.org/wiki/Hacking_Democracy)

Same company in 2018, same issues

------
TheRealPomax
I don't understand these headlines. "After More Than A Decade of Vulnerable
Voting Machines, US Still Uses Those Same Voting Machines" would be more
accurate.

------
sj4nz
This story comes out every fall for every major-ish November election period.
The resolution is always the same: WONTFIX.

------
amptorn
We should routinely red-team elections. It would literally be amazing if I
were kidding.

------
Chardok
With all of this discussion in Washington about Russian hacking and Russian
voter influencing, why are these demonstrably vulnerable voting machines
hardly mentioned? It would seem to me this should be a number one priority to
prevent outside interference.

~~~
pjc50
The short unhappy answer seems to be that the parties are happy with a
corruptible voting system.

~~~
rootusrootus
That does seem like a logical conclusion. Conveniently, the GOP has made
disenfranchisement part of their platform, which of course the Democrats then
oppose by supporting zero-id elections, and we end up with a silly stalemate,
hackable voting systemc, etc.

Staff up the FEC and then make it their job to seek out and provide ID to
every single eligible voter in the country. Kinda like the census, be
proactive and don't make disenfranchisement a thing. And then make it so
polling places are open for days, maybe a week, including a full weekend, so
everyone gets a chance to vote.

Or vote-by-mail. We've established it works.

------
kaycebasques
The HN consensus seems to be that digital voting is very difficult to do
right. I trust the consensus opinion, but this also makes me sad. The bigger
picture that I think we’re missing here is the opportunity for huge-scale
direct democracy. I know the usual debates against DD, but I think there’s
ways to safeguard against those problems. E.g. you can’t vote on an issue
without hearing both sides of it and passing a test that demonstrates that you
understand the pros and cons of each side. Idealistic, I know, but I’m a firm
believer that most people act more responsibly when you give them more
responsibility.

~~~
dogcomplex
Or alternatively, encourage people to delegate their votes to whoever they
trust in their local network to understand the problem best, who in-turn can
delegate to their favored expert. Basically recursive representative
democracy. It can't be worse than picking your representative from a group of
2-5 per region, that you only know about through biased media sources. And in
aggregate it weighs expertise and trust much higher.

[https://markorodriguez.files.wordpress.com/2011/01/master-
th...](https://markorodriguez.files.wordpress.com/2011/01/master-thesis.pdf)

~~~
kaycebasques
Interesting idea that I have never heard of. Thanks for sharing.

------
wpdev_63
It's asinine that we are still debating this. There really isn't much to
debate at this point.

------
TomMckenny
Voting machine manufacturers have vast funds and lobbyists.

Even when congress did manage to in a act bipartisan manner, lobbyists
persuaded the white house to kill it.[0]

You'll find plenty of incredibly destructive practices (nearing national
suicide actually) caused by money in politics and worsened catastrophically by
Citizens United.

[0]Secure Elections Act.

[https://www.washingtonpost.com/news/powerpost/paloma/the-
cyb...](https://www.washingtonpost.com/news/powerpost/paloma/the-
cybersecurity-202/2018/08/31/the-cybersecurity-202-why-the-latest-election-
security-bill-is-stalled-in-
congress/5b8829fb1b326b3f31919eaa/?noredirect=on&utm_term=.706defb93737)

------
drawkbox
We need to run elections through something like the finance system, digital,
data always present and researchable, always able to be looked up that your
vote was counted and correct, and fraud day one can be reversed as well as
anomalies.

Finance systems expect fraud, and systems in place to detect and revert it.
Voting has none of those protections.

The problem is so many voting systems, so many ways to fix the vote, recounts
are impossible to trust.

People trust their money in their accounts and they trust that the financial
system and software can track that. We need to move to something like that
pronto with receipts, digital voting, ability to check your vote, data
tracking, ability for researchers to get access to it, fraud protection and
more.

------
kelvin0
Also vulnerable to attacks: Automobiles, Air gapped computer, many routers,
cell phones, ATMs, Gouvernment infrastructure...

[https://www.wired.com/story/car-hack-shut-down-safety-
featur...](https://www.wired.com/story/car-hack-shut-down-safety-features/)

[https://en.wikipedia.org/wiki/Air_gap_malware](https://en.wikipedia.org/wiki/Air_gap_malware)

[https://arstechnica.com/information-
technology/2018/05/hacke...](https://arstechnica.com/information-
technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-
with-malware/)

[https://koolspan.com/hack-a-cell-phone/](https://koolspan.com/hack-a-cell-
phone/) [https://www.cnn.com/2013/10/24/world/europe/uk-phone-
hacking...](https://www.cnn.com/2013/10/24/world/europe/uk-phone-hacking-
scandal-fast-facts/index.html)

Is anyone shocked yet?

------
raverbashing
As much as electronic voting has its issues, it allows for quick counting and
would allow for more fairer ways of voting, like priority lists (I mean, you
could do that using paper, but it is a PITA and very subject to mistakes)

Ideally printed/machine readable votes (one that the voter doesn't take with
them) sounds like could be an answer

------
carapace
Of course it is. If you vote by machine you are ruled by the best hackers.

"Hackocracy"

------
macawfish
Sounds like a feature, not a bug (sadly)

------
moviuro
_sigh_
[https://www.youtube.com/watch?v=w3_0x6oaDmI](https://www.youtube.com/watch?v=w3_0x6oaDmI)

~~~
rohit2412
Lot of generalizations and stupid assumptions in that video, like where he
argues that of course the ballots will be uploaded over the internet without
any authentication/checksum.

I don't see why a digital counting machine which is kept completely offline
and is transported physically cannot be used, specially if we can verify it's
counting functions by randomly verifying a few of those machines (also keep
paper ballots, just use the machine to count ballots), or statistics, and use
an external randomization/derandomization module.

~~~
mdorazio
Hang on. You want to use a counting machine, and then _physically transport it
around_ to avoid security issues instead of just using proven human counters
and _physically transported ballots_ because....???? Why? Just why? What
problem is this solving? Does getting your results a few hours sooner make a
single bit of difference to merit this madness?

~~~
hvdhh7
Perhaps because counting tens of thousands of near-identical pieces of paper
is exactly the sort of repetitive, robotic task we've entrusted machines to
perform more accurately than humans since at least the 1940s.

~~~
monocasa
You realize that the article in question is about hacks against vote
tabulating machines right?

~~~
hvdhh7
I do.

But a non-hacked vote tabulating machine will still do the job better than
non-hacked humans.

Add a high enough percentage of random hand audits of the machine but counts
to ensure they're functioning correctly, and you should get a reasonably high
confidence that you have the most accurate count.

~~~
moviuro
> Add a high enough percentage of random hand audits of the machine but counts
> to ensure they're functioning correctly, and you should get a reasonably
> high confidence that you have the most accurate count.

Defies the purpose of electronic machines completely. Why use machines + lots
of auditors, when just more counters (worth less than auditors) could do the
same job, with a much higher cost to corrupt?...

------
motohagiography
Voting is necessarily a proof of work algorithm, and when you represent the
result, you only simulate its effect.

Sure, people don't care if it's simulated when they win, but when they lose,
they care a lot.

Feel like I'm a lone voice in the wilderness on this one but I really feel
like I need to shout from the rooftops that electronic voting courts violence,
and it is culpable hubris to state otherwise.

------
erikb
> Voting Machine Used in Half of U.S. Is Vulnerable to Attack, Report Finds

Too much attention seeking in this headline. We knew from day one that there
would be vulns. It doesn't matter how many people use them. Good that some
have been found now. Let's support them by public reporting in seriously
investigating the flaws they know about.

