
Voting machines pose a greater threat to our elections than foreign agents - howard941
https://thehill.com/opinion/technology/464065-voting-machines-pose-a-greater-threat-to-our-elections-than-foreign-agents
======
eli
Election and voting security is a phenomenally difficult problem space. Much
harder than it seems at first.

The National Academies wrote a report not long ago that gives a nice overview,
has lots of detail, and makes specific policy recommendations to Congress:
[https://www.carnegie.org/media/filer_public/34/9d/349d3207-d...](https://www.carnegie.org/media/filer_public/34/9d/349d3207-d994-4838-8b79-5f8d88e0e412/nas_report.pdf)

~~~
srajabi
Have you heard about the STAR-Vote system? What do you think about it:
[https://www.youtube.com/watch?v=Cl8q_356zZs](https://www.youtube.com/watch?v=Cl8q_356zZs)
[https://en.wikipedia.org/wiki/End-to-
end_auditable_voting_sy...](https://en.wikipedia.org/wiki/End-to-
end_auditable_voting_systems#Use_in_elections)

~~~
eli
Looks genuinely interesting. But also looks complicated and hard to explain.

------
Mikeb85
Of course they do. Voting machines can be rigged by domestic agents to subvert
democracy.

Honestly, it's actually kind of hilarious that some people think Russian
trolls and Facebook ads somehow turned the election and not socio-economic
factors (for example, those outlined in the Paul Krugman article and thread).

~~~
chrisdhoover
And its an age old problem. We have expressions for it, ballot stuffing, and
quips about it, vote early and often. We even had a partisan judiciary decide
an election since the machines failed to fully punch cards.

------
xanth
Having watched this[1] talk concerning how they secured the Xbox One to the
degree that it's in millions of peoples homes but it's not been hacked onced
in 6 years, it's pretty disappointing they've not just lifted nearly exactly
the same tech for voting.

1:
[https://www.platformsecuritysummit.com/2019/speaker/chen/](https://www.platformsecuritysummit.com/2019/speaker/chen/)

~~~
SkyMarshal
Cool, though hacking Xbox is probably less valuable to would-be attackers than
hacking US elections.

------
frozenlettuce
I find this topic fascinating. Here in Brazil, anyone that dared to oppose
voting machines was called anti-democratic and conspiracy-theorist by the
mainstream media and public officials.

~~~
devtul
Not even oppose really, the mere act of questioning how secure they are given
their track record of being prohibited in Germany, Holland, and India would
attract not opposing arguments but name-calling. We are supposed to just trust
that everything is well and good.

~~~
rmetzler
Germany's stance on voting machines is not in a small part due to the history
of the CCC and their expertise. Without the CCC it might be much different,
but they recognized and spoke about the risks years ago.

------
maximente
> Nevertheless, Democratic chair Damon Circosta reached across the aisle to
> join two Republican commissioners in opening the North Carolina market to a
> barcode ballot-marking system. The vote presents a setback to a multi-year
> effort to provide secure, accurate elections for North Carolina voters.

nice to see that this is a bipartisan issue.

~~~
nickthemagicman
I'm confused. They're actively fighting secure elections?

------
kleer001
Paper and pencil should be good enough for every election.

~~~
bilbo0s
Well, just to be fair, paper and pencil are not good enough _any_ election.

I mean, what about elections that you want to steal?

It's a whole lot harder to steal an election without an electronic voting
scheme in place.

/sarcasm

~~~
kleer001
No no, there's several ways to help you steal the election:

Control who counts the votes and report it the way you want.

Stuff the ballots with more votes than people.

Still, with good faith all around, oversight, and decent security that won't
happen.

~~~
bilbo0s
I don't know man?

Just hacking the machines seems a lot easier than hiring an army of vote
counters or ballot stuffers.

~~~
kleer001
And we've come full circle.

High five!

------
mikece
“Right now there are no mandatory federal cybersecurity standards for
elections...”

And that's a good thing. Each state/county/city can implement the election
however they want which makes it practically impossible to rig the vote. If we
all used the same system/procedures/process then hacking the election could
scale much more easily as the same tricks that works in Manhattan would work
in Montana.

~~~
kadoban
That would only makes sense to me if rigging only one state was near useless.
It's very much not. If you rig say, Florida, there's a fairly high chance of
deciding the election.

~~~
parvenu74
I don't think the machines matter as long as the vote can be
replayed/recounted without ambiguity.

An idea: [https://medium.com/@dotnetmike/touch-screen-voting-should-
be...](https://medium.com/@dotnetmike/touch-screen-voting-should-be-
illegal-59295dbabc27)

~~~
swader999
It needs a paper record, this needs to be the source of truth.

~~~
daveguy
Not just a paper record. A hand marked paper record. If it doesn't go through
a computer first it can't be altered. There are several states that do it this
way. It's a "Scantron" style ballot. Fill in the vote, run it through a tally
machine and save the ballot. The tally machines could be messed with, but if
there is evidence of tampering with the tally there is always the authentic
original ballot.

~~~
swader999
Yes!

------
notadoc
Hasn't this always been the case?

Without a verifiable paper trail, why would anyone trust a voting machine?

------
scohesc
I think the key issue is that these machines are internet or network
connected.

If we're really concerned about this - get rid of the network connectivity.

Obviously this is over simplified, but just make a simple locally ran app or
web application that refreshes once a vote has been cast. Store the vote in a
simple SQLite database and at the end of the day, have a voting official go to
the machine, and unlock the case, press a button on the back, which prints out
or shows vote counts on the back on a small screen or something. They then can
report that to whatever commission, committee, or otherwise is monitoring the
election.

It's all locally stored, maintained, and under lock and key.

Why does this seem so difficult? We don't need democracy hindered by "network
connectivity", just make it more environmentally friendly so however millions
of people times the size of the paper ballot isn't wasted needlessly.

~~~
cwkoss
How does the voter verify that their vote was counted correctly?

All electronic voting machines should output a paper human readable 'scantron'
type ballot that is safely stored for verifying the internal digital tally.

~~~
wang_li
>All electronic voting machines should output a paper human readable
'scantron' type ballot that is safely stored for verifying the internal
digital tally.

We should just have paper scantron style ballots that people fill out. Then
have scantron counting machines to tally them up after all voting nationwide
has closed.

All the other issues people are trying to do to "fix" some aspect of voting
are fundamentally flawed and those who are advocating for them are either
desiring the ability to violate election integrity or don't understand the
requirements of voting. Or trying to get money because someone in power sits
in one of the two prior camps.

~~~
pmoriarty
_" We should just have paper scantron style ballots that people fill out. Then
have scantron counting machines to tally them up after all voting nationwide
has closed."_

Vote counting machines are just as problematic as voting machines. We should
just get rid of all of the machines and both vote and count by hand.

------
eloff
Why can't we just have block-chain based voting where the vote is secret, but
you get a paper receipt, and you can run open-source code (like scan a QR
code) to check the blockchain if your vote was counted the way you expected.
Everything is immutable, and cryptographically verified.

Block-chain seems to be a failure for money so far, but voting seems like the
killer application. The technology is there, well understood, there are even
companies that offer a solution along those lines. Why don't we use them?
Isn't it so much better than electronic voting machines in every way?

~~~
azov
Because if you can check how your vote was counted, you may be coerced to
check it with, say, your boss standing behind your back - so, your vote is no
longer secret.

But, of course, voting by mail is even worse, and most of the US seems to not
care about it a slightest bit.

~~~
eloff
Or sell your vote, that'd be a way for the wealthy to more directly take
control of society.

I'm sure there's solutions to that though, either technical or legal.

------
a11yguy
It's almost like foreign threats are discussed to avoid us looking inside.

------
thrower123
Since it is software, there's virtually no chance it will be implemented in a
bug-free way, so even leaving out malice, things are liable to go horribly
wrong at some point.

------
ENOTTY
I'm going to disagree. We have evidence of foreign agents interfering in US
elections and no evidence of actual attacks on US elections carried out via
voting machines.

~~~
chillacy
Maybe the old saying "Absence of evidence is not evidence of absence" applies.

~~~
JohnFen
I don't see how, honestly. That's a saying that is almost always misapplied.

------
Cyder
Any voting progress can be manipulated. Imagine trying to do it in the early
1800s. Thus the inevitable necessity of the electoral college...

------
harry8
Gerrymanders by both Democrats and Republicans an order of magnitude or two
bigger threat than voting machines and foreign agents put together.

How many states matter in the presidential election? It's insane disgrace that
number is not always exactly 50.

Every other threat is trivial in comparison.

------
not_a_cop75
Foreign agents are always discussed because frankly, they are almost
completely outside of the law. But what about non-foreign agents? Surely, they
exist, and the ones that break the laws to get their way should be thrown in
jail, but when do you ever see that?

~~~
bediger4000
North Carolina, Congressional District 9 -
[https://www.theatlantic.com/ideas/archive/2019/09/north-
caro...](https://www.theatlantic.com/ideas/archive/2019/09/north-carolina-
ninth-district-fraud-mccready-bishop/597412/)

It sounds like there was a more-or-less professional election rigger involved:

"According to prosecutors, McCrae Dowless, a contractor for the Harris
campaign, oversaw extensive election fraud in Bladen County, in the district’s
rural east, affecting potentially hundreds of votes."

Details about McCrae Dowless:
[https://www.charlotteobserver.com/news/politics-
government/a...](https://www.charlotteobserver.com/news/politics-
government/article226864674.html)

He sounds extra sketchy.

------
samstave
In a perfect world, I want to be able vote from my phone/online.

~~~
samstave
OK, so if that's an unpopular opinion, then lets at least make voting a
national holiday, move it to a weekend day, or make it last more than one day?

A single Tuesday in November seems like an awfully thin window to measure the
sentiments of a nation of ~350MM, no?

Why are we married to such an archaic idea of what is a reasonable time to
cast a vote?

------
excursionist
For something as important and simple as voting, I'd think we could develop an
unhackable, fully open-source, formally verified voting system...?

~~~
andrewla
I think this is a hopeless goal, sort of related to Reflections on Trusting
Trust.

Even the most basic version of this, a ballot-marking system, is pretty much
infeasible unless you have formally verified hardware as well, which is not
even possible even for commercial vendors. At least for them, selling sealed
units that are somewhat resistant to physical modification is possible, but
even there physical compromises have been demonstrated.

Ballot scanning machines (for hand-marked ballots) are a pretty good balance
of time/accuracy/simplicity, with the auditability being a big bonus for both
random checks and for disputed elections.

To take New York state as an example, it has manually marked ballots now with
ballot scanners for tabulation, and I'm reasonably comfortable with the
tabulation and placement aspects; where NY fails is largely in usability --
ballot design is worse than terrible, and borders on misleading. That plus the
inscrutibility of NY's ballot initiative system (trying to find the actual
text of the ballot measures is nearly impossible) makes the whole system a
little shakey. And part of that as well is the scope of elected positions for
minor things (what the hell is a Comptroller and why are we voting for one);
they basically are a power transfer from the executives to the party machine
to allow them to essentially give positions to people favored by the
(unelected) party apparatus, which give toeholds to higher positions.

~~~
excursionist
> is pretty much infeasible unless you have formally verified hardware as
> well, which is not even possible even for commercial vendors

Why is it not possible? Formal hardware verification is probably more common
than formal software verification.

------
andrewla
I'm of the opinion that the headline is true, but only vacuously -- foreign
agents are not a threat to our elections (except where they attempt to
directly compromise voting infrastructure), and similarly the threat from bad
voting machines is extremely small.

There are enough checks in the system (bipartisan counting and validation
committees) that a pure digital compromise of an election that would not be
flagged and detected is very small.

There are much more pressing matters, like access to voting stations (both
distance and time), voter roll purging, ballot design flaws that make voting
fundamentally error prone, and (controversially) a lack of identification
requirements for elections that make certain classes of fraud difficult to
detect.

I think on balance, all-remote elections, like Oregon has had for a while, and
I think Washington now too, are the best balance here. There are certain
vulnerabilities around buying, compelling, and selectively harvesting votes,
but with universal cell phones, "proof of vote" is too easy to obtain anyway
so those ships have mostly sailed, and it seems like a reasonable tradeoff to
make.

~~~
Someone1234
How do you do "bipartisan counting" and validation in an all digital voting
system? Reading the same digital information twice, doesn't verify it.

If you have paper ballots, sure, but the US does not have paper ballots in
some states and won't by the next national election. And even if they did (as
many do), few states have a uniform system of random vote audits.

So I'm not sure what you're referring to with this:

> There are enough checks in the system (bipartisan counting and validation
> committees) that a pure digital compromise of an election that would not be
> flagged and detected is very small.

I literally read the Diebold Voting machine source code (and tabulator) that
was leaked (twice). There's nothing remotely like that in there. There's no
facility to do that. And while most of those are now retired, there's similar
machines that work exactly the same way still in usage.

~~~
andrewla
> US does not have paper ballots and won't by the next national election

This isn't true universally, in fact, fair to say it is rarely true [1]. Often
the vote is tabulated electronically, but there is always a bipartisan
committee overseeing random re-tabulations and recounts as a matter of course.
In the process of rolling up results, there are cross-checks with voter rolls
that make certain types of ballot stuffing infeasible (that is, an attack
would have to be a read/modify/write).

There are also state departments that are tasked with overseeing the general
quality of elections that will spot outliers and investigate. It's always
possible that corruption or partisan efforts will bypass scrutiny (and there
have been several iffy cases of precincts in previous election cycles) but
that has been a problem even pre-electronic equipment.

[1]
[https://ballotpedia.org/Voting_methods_and_equipment_by_stat...](https://ballotpedia.org/Voting_methods_and_equipment_by_state)

EDIT: the parent post has been modified to be slightly less aggressive in its
claims, including limiting the scope to "some states". Also added "And even if
they did (as many do), few states have a uniform system of random vote
audits", but can easily be refuted [2].

[2] [http://www.ncsl.org/research/elections-and-campaigns/post-
el...](http://www.ncsl.org/research/elections-and-campaigns/post-election-
audits635926066.aspx)

~~~
rexaliquid
I would really appreciate if my county actually did random re-tabulation or
integrity checks on my electronic/paper record ballot.

~~~
eli
I'm a fan of "Risk Limiting Audits" which is a type of post-election integrity
check. It's required by law in a few states.

~~~
donarb
Washington state does this. Random precincts are post-election audited by
matching the electronic count with hand counted ballots, this is done before
the counts can be certified.

