
Georgia's entire voter file potentially compromised after voting machine theft - anigbrowl
https://www.wsbtv.com/news/local/voter-check-in-machines-stolen-before-polls-opened-for-special-election/987281739
======
snowwrestler
> Diamant said this is a huge deal, because the elections director said the
> machines contained the entire state of Georgia voter file, which includes
> names, addresses and birthdates for all Georgia voters -- all now
> potentially compromised.

Hmmmm.....

> By law, voter registration lists are available to the public and contain the
> following information: voter name, residential address, mailing address if
> different, race, gender, registration date, and last voting date. Pricing is
> set by the Secretary of State's Office.

[https://sos.ga.gov/index.php/Elections/order_voter_registrat...](https://sos.ga.gov/index.php/Elections/order_voter_registration_lists_and_files)

So I guess now the hackers improperly know everyone's birthday?

~~~
smt88
I get that it seems minor compared to, say, Equifax, but voting is intended to
be a particularly private aspect of public life.

You can say someone can buy their privacy by avoiding Gmail, Facebook, etc.,
but no one should feel like they have to choose between privacy and voting.

~~~
lopmotr
Who people voted for is, but not really the other stuff. In my country, name,
address and occupation on the electoral role are public-ish information that
anybody can look up in the local library. The law requires it to be made
public, though also disallows any bulk copying of it, so theft of the whole
database would still be a problem.

~~~
gus_massa
Here in Argentina too. It even includes the equivalent of the SSN, that is
public here. I guess all the political parties get one whole copy and the
relevant pages are posted in the walls of the voting building, so you can
check in which room you should vote (if you didn't check before in internet).

~~~
tinus_hn
This is why in the Netherlands both private parties and the government are
forbidden from using the ‘SSN’ for anything but a defined set of purposes.
Your employer knows the number but can’t use it as your ID in their databases,
your municipal authorities can’t link your garbage disposal pass to it.

~~~
gus_massa
Now the number is assigned chronologically when you register your newborn
during the first week of life, so knowing the birth date, you can guess all
but the last 3 or 4 digits. If used like a "secret", it is a 13 bits secret.

Until a few years ago (10?) each city got a block of consecutive numbers and
used it until it got exhausted, so with the birthplace it was easier to get a
more smaller range even with an approximate birthdate. (Some cities used to
continue the numeration after their block was exhausted, but these numbers
where in the block of another city, so there is some duplication.)

(And many years ago, the numeration for men and women was independent, because
they had a different ID. When the ID were unified there was a lot of
duplication.)

~~~
hyperman1
Same for Belgium. Your id is mostly birth date + 3 digits + a checksum. The 3
digits are half male half female. So 9 bits of randomness, and that's assuming
all 500 combinations get used.

------
r0m4n0
Having spent quite a bit of time requesting voter files from the government, I
can say it’s not hard to obtain this data in most states. Many times it’s just
a small fee, a pinky promise that you won’t use the data for non political
purposes, and a photo of your drivers license. I think they should be more
worried about someone reverse engineering the closed source software of the
checkin machine in this case...

------
dralley
I hope this helps the lawsuit to force Georgia away from using electronic
voting. _Clearly_ their security procedures (physical and digital) are
lacking.

~~~
Beldin
The officials somehow need to verify eligibility. If not with a computer, then
on paper... which could also be stolen in exactly this manner.

So I doubt it'll have this impact.

~~~
mhh__
Or just distribute the verification work to a local level where theft of one
set of names is only locally useful.

------
aloknnikhil
> The state will soon roll out a new, $100 million voting system which
> Raffensperger said will have a new iPad-based check-in system, which they
> can track and delete data remotely if they get stolen.

I'm confused. Why are these records on the device at all? Why not a server?
Why spend $100 million just to move it from paper to an iPad?

~~~
kabdib
I am personally in favor of simple, physically based voting systems. The kind
that can still work reliably during periods of unrest and mistrust.

~~~
an_account
Paper ballot, electronic counting. Best of both worlds. You get a quick count,
but also if there’s shadiness/hacking going on you can always recount the
paper.

Some states seem to be moving towards absentee voting over the internet, which
will be a mess when accusations of hacking start flying.

~~~
hef19898
Voting over the internet? Oh dear... But it theoretically could be a use case
for blockchain.

Still I don't get it why voting in the US is so complicated and difficult.
Even India does a better job. There is also a reason why most other western
countries have a paper ballot, they are harder to temper with.

~~~
masonic
Paper ballots are easy to tamper with when there are chain-of-custody issues
regarding the ballots.

~~~
hef19898
Maybe, but certainly not at a scale needed to influence the election outcome
without anybody noticing. Voting over the internet is totally different in
that regard.

------
tunesmith
Or perhaps it's a "theft" to justify some other effort to further restrict
people's voting rights - like, I guess it's time to make everyone re-register,
except for those right-thinking folks that they're already sure aren't
cheaters...

------
codedokode
> The state will soon roll out a new, $100 million voting system which
> Raffensperger said will have a new iPad-based check-in system, which they
> can track and delete data remotely if they get stolen.

Will they be able to delete votes for a wrong candidate remotely too?

~~~
rovr138
Pretty sure they mean apple’s remote tools for tracking and deleting.

This does say check in.

------
gordaco
Sorry to be that guy, but here is the obligatory XKCD:
[https://xkcd.com/2030/](https://xkcd.com/2030/).

As a tech worker, and as someone who knows about computers, I _very strongly_
oppose electronic voting. And the more I know, the more I oppose it. It's
slightly more convenient, but in exchange it's way way less secure.

Also, this is not the first time Georgia has had problems related to
electronic voting: see
[https://www.theinquirer.net/inquirer/news/1003966/diebold-
in...](https://www.theinquirer.net/inquirer/news/1003966/diebold-insider-
blows-whistle).

~~~
pmontra
But it's the wet dream of people willing to spend a lot of (not theirs) money
and maybe rigging the results.

------
victor9000
This is what you do if you want to probe one for weaknesses.

------
mhh__
I think both practically, theoretically and ethically the only response to
electronic voting is to kill it with fire

