
Edward Snowden Demonstrates How Easy It Is to Hack a Voting Machine - ColinCochrane
http://ijr.com/wildfire/2016/11/731642-edward-snowden-demonstrates-how-easy-it-is-to-hack-a-voting-machine-all-for-just-30/
======
grzm
Looks like we're about to have the same voting/election discussion we've had
at least 5 times over the past month or so. If anyone's interested in reading
what's already been discussed, here are links to the previous threads:

"American Elections Will Be Hacked"
[https://news.ycombinator.com/item?id=12921967](https://news.ycombinator.com/item?id=12921967)

"Maryland will audit all votes cast in general election"
[https://news.ycombinator.com/item?id=12885396](https://news.ycombinator.com/item?id=12885396)

"Cylance Discloses Voting Machine Vulnerability"
[https://news.ycombinator.com/item?id=12883356](https://news.ycombinator.com/item?id=12883356)

"In Pennsylvania, Claims of a Rigged Election May Be Impossible to Disprove"
[https://news.ycombinator.com/item?id=12790247](https://news.ycombinator.com/item?id=12790247)

"Votes could be counted as fractions instead of as whole numbers"
[https://news.ycombinator.com/item?id=12841178](https://news.ycombinator.com/item?id=12841178)

~~~
asp_hornet
I remember the discussions of Bush rigging the 2004 elections (not on HN).

~~~
grzm
Secure voting came to my attention after the 2000 Bush-Gore election and
recount. There's been a lot of work really interesting work since then. If
you're interested in what can be done to improve voting security, I encourage
you to see [https://www.verifiedvoting.org](https://www.verifiedvoting.org)

------
hacker_9
Why do Americans use voting machines exactly? I mean, it just prints out their
choice at the end right? What benefit do they actually gain from having
pressed buttons instead of using a pen? It just seems to fuel the hacking
conspiracy every time a president is elected.

In the UK we turn up, go into the booth with the paper slip, and tick our
choice with a pen. Then we fold it and post it into a container which later
gets shipped off to the counting room. I just can't understand why you guys
have to physically turn up if you are just going to select your answer on a
computer anyway.

~~~
Zombieball
A former co-worker of mine wrote software for voting machines in Brazil. He
described to me a few reasons why electronic voting machines are important. To
be honest I forget the majority, but one story that stuck with me:

One common scheme electronic voting machines help prevent is forced votes. A
bad guy gets their hand on a single empty ballot and writes the name of the
candidate he wants to win on it. He then comes to you and threatens you and
your family. Says hand in this pre-filled ballot and bring me back your empty
ballot, or else... You comply, he fills out the empty ballot again, and
repeats.

The electronic voting machines protect your identity. They allow you to vote
anonymously. They provide data integrity that is harder to spoof than paper
voting methods. I explicitly asked why they don't just vote on paper ballots
like they do in Canada (or the UK as you describe). His response was that we
take for granted the inherit trust our societies have to _allow_ us to vote in
such a fashion without it being tampered.

~~~
extra88
Voter coercion is something to be concerned about but the scenario you
describe won't keep me up at night. The number one problem is it's hard to
scale up to a level that would actually sway an election. It only takes one
hero to call the police while they're at the polling station or after their
family is released and the sequence is broken. There's no need for the victim
to actually submit the pre-filled ballot, they can throw it out or do
something to it to make it invalid then come back with the blank one. The
ballots where I vote are on a heavier stock paper that are not trivial to
conceal bringing in and taking out; most could do it but one victim slips up
and the scheme could fail.

Where I vote, my paper ballot in no way identifies me. I identify myself upon
entering the polling station, they find my name on the list of registered
voters and mark it. When I'm turning in my completed ballot, I again identify
myself and my name is marked on a separate list. So there's a record that I
voted but not for whom I voted. How would an electronic voting machine improve
upon this?

BTW, where I vote, the paper ballots are the bubble scan kind and the voter
feeds it to the machine themselves. This provides very fast tabulations with a
paper record for security and recounts.

~~~
Zombieball
> How would an electronic voting machine improve upon this?

I am just theorizing here: Someone now takes the box of paper votes and runs
it through the scanner machine. And passes this number along to someone. What
is stopping them from tampering at this step? I think this is precisely what
my co-worker was describing. There is an inherent trust that your paper ballot
is scanned and recorded in a fashion that matches your vote.

An electronic voting machine could potentially communicate votes in real time
over a secure connection. Or in the case of Brazil's machines, I believe
stores it locally, encrypted, with a verifiable cryptographic signature of
some sort.

I'm sure we all know the multitude of other attack vectors this introduces. I
guess I am just not convinced that paper makes things more secure.

~~~
grzm
There are many steps along the chain that have to be secured in both
electronic voting (which has a variety of meanings) and paper ballots. Paper
ballots enable audibility, which is a separate issue that's also important for
voting.

Given the number of comments you've made on this thread, it seems this is an
area of interest to you. I encourage you to look though the previous HN
discussions on this topic. Here's a list of some of those from the past month
or so:

[https://news.ycombinator.com/item?id=13032743](https://news.ycombinator.com/item?id=13032743)

~~~
Zombieball
Thanks!

------
ThomPete
This is missing the point though.

The american voting system is actually very secure.

It's highly decentralized, machines are not connected to the internet,
implemented in many different ways, which means that they would have to do
many attacks many different places without being discovered to even have an
effect.

75% of them have paper trails which would require an even bigger achievement
to change enough off as it's again highly distributed and decentralized, and
it would require mostly physical presence to do it. And thats just a few of
the things that makes this more or less impossible.

A bigger concern is access to the actual voter databases but what they can
there there is mostly creating chaos which would obviously be horrible but
have no effect on voting.

The biggest problem is actually when examples like these spread without the
above consideration as that can trigger the population to loose faith in a
system that is probably as safe as it has ever been.

P.S. I am highly supportive of whistleblowers like Snowden but this is missing
the point.

~~~
rpearl
The election was decided in its totality by 107k votes in WI, MI, and PA (the
sum total margin of victory in those three states).

You don't have to manipulate many votes to have an election-deciding effect.

~~~
dmfdmf
I forget the statistical term but after the fact, you can't go back and say
"look at this, only 107K votes determined the outcome" because you can always
find such explanations post hoc. I tried to search but couldn't find the
discussion but one example is how couples use this type of fallacy to "prove"
their love was fated. Typically on the day the fated couple met there were a
number of unusual events or circumstances (a missed bus, sick grandma, a power
outage, etc.) that played a key role in their meeting and the probability of
all these coincidences occurring together must mean they were fated to meet.

Moreover, you have to ask; How could the Simon Bar Sinister have known prior
to the election that these three states (and probably one or two counties in
each state) would be the decisive counties to hack to manipulate votes and win
the election? He can't.

~~~
plaguuuuuu
So perhaps one can only practicably rig close elections.

~~~
ThomPete
You would still have to know where it was close.

~~~
pvaldes
A lot of online companies classify millions of people by lots of variables
each day. You can pay for this information.

~~~
ThomPete
Thats not what we are talking about at all. You need access to these machines
somehow it's not about classifying people it's about getting access to the
ballot machines and altering them or their results. Quite a different task.

~~~
grzm
I think your parent was implying that some sort of classification would be
used to predict where the vote would likely be close, so you would know which
precincts to target. As I'm not the poster, this is just speculation of
course, and can be worth the electrons used to transmit the comment :)

~~~
pvaldes
Yep, that was the idea.

------
jjuhl
Relevant video:

Was YOUR vote counted? (feat. homomorphic encryption) - Numberphile :
[https://m.youtube.com/watch?v=BYRTvoZ3Rho](https://m.youtube.com/watch?v=BYRTvoZ3Rho)

------
javajosh
It's interesting to view recent events in the US as a crisis of measurement.
The news media measured the voting public with polling samples, we then
measured the voting public with a vast government apparatus. Clearly, the
measurements did not agree. Logically there are three possibilities: the media
was right, the polls were right, or neither were right.

It's actually quite a good thing that we start to speak openly about threat-
models against all voter sentiment measuring tools, especially the official
ones.

~~~
theoh
The idea that an electoral poll incorporates a random error (and maybe a
systematic one too) is alien to the discussion about recounts etc.

~~~
dmfdmf
Yes, this was one of my questions. What is the accuracy and error margin of
the voting system itself (and each state seems to have different methods so
its not even uniform). Of roughly 126 million votes cast, 1% accuracy would be
1.26 million votes which would be of the same order of magnitude of Clinton's
"win" of the popular vote. I have no idea if 1% accuracy is close or wildly
too high or too low but we can't have a meaningful discussion without it.

Correction: Actual total was 126M votes for the presidential election not 160M
votes as I stated. But the question remains.

~~~
theoh
Don't hold your breath.

Consider the case, in the technology of proportional representation, of the
Hagenbach-Bischoff quota: [https://en.wikipedia.org/wiki/Hagenbach-
Bischoff_quota](https://en.wikipedia.org/wiki/Hagenbach-Bischoff_quota)

It's (it seems to me) obviously arithmetically unfit for purpose compared to
the Droop quota. In some cases more candidates can meet the quota than seats
are available. Yet it remains in use/part of the credible discussion.

------
quinndupont
This headline massively misconstrues Snowden's role and technical capacity in
any such voting machine hack. Snowden merely said that it could be done, and
pointed to a video published by Cylance.

------
ajf3
Why hasn't some state used a hash to allow trustworthy online voting? They
could add a unique id on the back of your driver's license and then allow you
to use your unique id to generate anonymous/one time use id's. They could then
have a publicly accessible server that at all time displays a column with
anonymous id, vote and every person can verify that their personal vote is
correctly displayed.

~~~
twright0
In general, any process that allows an individual to verify their vote after
the fact will enable coercion over voting. For example, in your proposal, an
unscrupulous boss could make a demand before the election: "You must tell me
the one-time ID you're voting with. If you choose not to, or if that ID
doesn't show up in the registry having cast a vote for <candidate>, you're
fired." I think that, no matter what the process is, if I can check how I
voted I can also be _made_ to check how I voted while someone watches over my
shoulder and threatens consequences.

~~~
rpearl
Potentially, a canary id, "show this one and it'll claim you voted for ____
and also alert the state election board that it was accessed"

~~~
bbcbasic
That solves the boss problem. What about the government?

~~~
rpearl
vote manipulation by a foreign government is solved by having a verifiable
id/token in the first place.

vote manipulation by the government the election is happening for isn't really
something you can solve because in that case the election isn't the problem.

------
xrd
More and more I think our election system is ripe for foreign manipulation.
I'd love to be proved wrong in an audit.

------
_pdp_
E-Voting can be easily solved with ID cards combined with something similar to
the blockchain so that you can verify your vote if you need to.

The technology is there but I don't think there is any incentive to make it
happen.

The only problem that I can see is that we cannot be certain that any e-voting
technology will survive future information security research and as a result
the design needs to factor continuous upgrades.

~~~
destructaball
The problem is that if you can verify your vote you can be coerced into voting
in a certain way. There would need to be some sort of plausible deniability
built in.

~~~
_pdp_
Only you will be able to verify your vote. All votes are anonymous. You should
be able to verify the very first vote as well and as a result of that verify
the entire chain up to your vote. The last vote should also be verifiable to
ensure that the chain is complete.

~~~
rtkwe
That doesn't solve the problem of verifiable votes. If you are able to verify
your vote you can be coerced the verify it in the presence of someone else.

------
miguelrochefort
Wouldn't a voting system that let people confirm that their vote is taken into
account be trivial to implement?

I can't believe we still rely on trust for this kind of thing.

~~~
krapp
> Wouldn't a voting system that let people confirm that their vote is taken
> into account be trivial to implement?

How do you verify that your vote is actually "taken into account?"

You may be shown that your vote matches what you intended, but then it can be
manipulated or discarded somewhere else in the process, beyond your ability to
verify. It's like reading open source code without validating the operating
system or physical machine it runs in - the _entire environment_ contains the
potential for hostility, and it's too complex for one person to comprehend in
its entirety.

Also, any such system, assuming it works as intended, may also give interested
third parties a way to spy on someone's voting habits. Historically, knowledge
of a person's vote has been used by governments and employers to coerce votes
and to retaliate against political opponents or supporters of unpopular
causes.

~~~
miguelrochefort
Let's start with a simple example. A spreadsheet with your name and your vote.
You can be sure that your vote is taken into account by the SUM function.

~~~
grzm
If this is an area of interest to you, I encourage you to take the time to
review the work that's already been done in this area. The example you provide
doesn't even address the concerns in your parent, much less others that have
been identified by those working in the domain.

As a starting point, you can review Rivest's slides for an overview.

Ron Rivest, "Auditability and Verifiability of Elections", March 2016.
[https://people.csail.mit.edu/rivest/pubs/Riv16x.pdf](https://people.csail.mit.edu/rivest/pubs/Riv16x.pdf)

Edit to add: I see I've already suggested this to you earlier today.

