
Why a Data-Security Expert Fears U.S. Voting Will Be Hacked - jkuria
https://www.wsj.com/articles/why-a-data-security-expert-fears-u-s-voting-will-be-hacked-11587747159
======
RcouF1uZ4gsC
Paper ballots have this wonderful property where basically any voter can
reasonably understand what is going on and even be a precinct observer and be
reasonably sure relying on first hand evidence that the election was fair.

No other system has this property. Even if you had a formally verified
election system, it and the proofs of it could perhaps only be understood by
less than 100 people in the world.

~~~
s9w
But the fraud in paper voting happens at another place - often when the
results are transmitted to a centralized place.

~~~
IAmEveryone
Here in Germany, you’re allowed to stick around and watch the counting up
close. I’ve done so, and was able to count along the votes for the two major
parties.

Six hours later, I checked the spreadsheet on the official website, scrolled
to the row for my polling location, and verified these two numbers were
identical to my count.

Sure, I can only check 1/3rd or so in one of 50,000 polling places. But get
just 20 people you trust to do the same, and it becomes statistically unlikely
that there is widespread fraud.

You can hang out in the polling location for the whole day if you want. If you
get there before any voters, you can also check that the ballot box is empty.
Each location serves less than 1,000 voters with three volunteer workers, so
you’ll always be able to know everything that’s going on. Oh, and the longest
wait I’ve ever had to endure myself was less than 5 minutes

The only possible problem (aside from Republicans) in the US would be the
large number of individual races and ballot initiatives. It works well with
five or so. But if you’re voting for ten deputy dog-catchers of the peace, it
might get tricky.

~~~
s9w
Good that you did that! But for most locations that is not done. See the last
NRW elections where it was later discovered that votes of the voldemord party
have been zeroed in many locations. Or the endless stories of tampered mail
votes.

I'm not against paper voting at all, just saying that they aren't automatic
tamper proof.

~~~
IAmEveryone
There are exactly zero stories of tampered mail-in ballots. Which, I guess,
does make them “endless”.

------
smitty1e
Paper ballots, privately filled out and scanned, seems the sweet spot between
keeping elections secret and reporting promptly, with suitable audit.

I serve as an election officer in my county and have yet to hear of a
compelling alternative.

~~~
MuffinFlavored
it's 2020

paper ballots, really?

when I can apply for a mortgage, car loan, credit card, and all kinds of other
financial legally binding contracts online in _complete_ security?

I enter my SSN, my credit report is pulled.

Why can't I enter my SSN, it gets validated in a database on whether I'm
alive/have already voted/am currently a legal citizen eligible to vote, and
vote?

We have achieved problems way, way, way harder than "securely identify a
person based on their SSN and allow them to vote A, B, or C on a subject"

~~~
pengaru
> when I can apply for a mortgage, car loan, credit card, and all kinds of
> other financial legally binding contracts online in complete security? I
> enter my SSN, my credit report is pulled. Why can't I enter my SSN, it gets
> validated in a database on whether I'm alive/have already voted/am currently
> a legal citizen eligible to vote, and vote?

Come back once _only_ _you_ can do all those things on your behalf, and not
anyone else having your SSN or other PII.

~~~
Spivak
But that’s a standard that even paper ballots don’t meet.

In my state you walk into the polling place, give them your name and address,
sign your name, and that’s it. Your polling place is even listed publicly
online for anyone who knows your name.

------
stephencoyner
I highly recommend HBO’s new documentary on election security. It’s called
‘Kill Chain: The Cyber War on America's Elections’ - really opened my eyes to
the low level details of how bad our system is. Scary stuff

------
rubicks
Like clockwork. Literally every US voting season, ever since Diebold machines
became fixtures. I tire of seeing these problems make headlines yet again when
a technical solution exists.

~~~
api
Yes, but if they did it right they couldn't bill the government to fix it
multiple times over.

------
stx
Most likely we will need mail in ballots and there has already been issues
with that.
[https://www.realclearpolitics.com/articles/2020/04/24/28_mil...](https://www.realclearpolitics.com/articles/2020/04/24/28_million_mail-
in_ballots_went_missing_in_last_four_elections_143033.html)

~~~
creato
That is an absurd article. Yeah, turnout isn't 100% when voting by mail
either... so what?

I'd be a lot more concerned if large numbers of ballots _didn 't_ "go
missing".

------
jerzyt
One party is fixated on voter id fraud and ignores the cyber security, the
other party i fixated on cyber security and ignores voter id fraud. Both are
significant issues which we should be addressing. An accurate election results
should be in everyone's interest.

~~~
edgefield0
Get real. Any credible research on the topic of "voter fraud" suggests it's
not a significant issue and efforts to combat "voter fraud" are really just
disguised efforts to suppress voting by low income and minority voters.

~~~
darawk
There is no evidence that voting machines have been hacked, either.

Why is the standard of evidence for one different than the other?

And more to the point, since when does patching a vulnerability require
evidence of exploitation. We wouldn't accept Microsoft saying "There's no
evidence of this Outlook vulnerability being exploited in the wild, we're not
going to fix it". We certainly shouldn't accept that reasoning for our
elections.

~~~
learc83
>Why is the standard of evidence for one different than the other?

Because hacking one voting machine potentially allows one person or a small
group of people to alter thousands of votes.

That person (or persons) has no way to alter anyway near that many votes
through in person voter fraud. The amount of effort it would take to alter the
results of an election through in person voter fraud makes it extremely
difficult to pull off--particularly without detection.

Additionally there are downsides to voter id laws. The most troubling is
demonstrably lower minority turn out. There are no similar downsides to
methods like requiring paper receipts for voting machines.

Basically the cost benefit analysis is in favor of hardening electronic
voting, but not in favor of voter id laws.

~~~
im3w1l
Detection is much more gnarly than you give it credit. A pretty likely
scenario is that one side will claim that fraud was detected, and the other
side will deny it. And both side will try to suppress and deplatform each
other.

Youtube, twitter, facebook will pick a side. And whoever loses will fume with
resentment. Maybe they pick up weapons. If they are right that the election
was stolen and that fact is suppressed, they will certainly be justified. If
they are right - which is a big hypothetical. Because the detection will be
drowned in noise.

~~~
learc83
You're talking a coordinated conspiracy involving thousands of people. The FBI
would have hard evidence during the recruiting phase.

You can't involve that many people in something and keep it secret.

Even in the best case were we don't find out until elections day, an enormous
increase in double votes will be all over the news the same day, and arrests
will start happening shortly after.

~~~
im3w1l
What about an uncoordinated conspiracy involving thousands of people? Just a
single troll with a large audience urging them to cheat?

~~~
learc83
It's a felony. A felony that requires you to commit it in person at a precinct
is a pretty high bar for an internet troll to get people to jump.

Assuming some people decide to take them up on it, they have to coordinate or
they'll end up voting as people who have already voted. Double voting is very
easy to spot and many of them will be arrested at the precinct.

Plus you'd need an accurate list of close to 100k dead voters who haven't
already been purged (more in a less tight election), and thousands of people
willing to drive to the right precincts to match the list.

And we didn't know which states would tip the election until election night in
2016, so you'd need to duplicate your efforts several fold.

This idea is pure fantasy.

------
asciimike
Somewhat joking, but surprised nobody has brought it up yet:
[https://xkcd.com/2030/](https://xkcd.com/2030/)

~~~
jagged-chisel
Mobile-friendly, with accessible alt-text:
[https://m.xkcd.com/2030/](https://m.xkcd.com/2030/)

