
Soon all the voting machines in U.S. will be powered by FreeBSD/RISC-V - cnst
https://twitter.com/onewilshire/status/1163792878642114560
======
fsh
This whole "open source voting machine" idea completely misses the point why
electronic voting is a bad idea in the first place. The obvious attack against
such a system is to secretly use different software or hardware in the
machines than was published and audited. For the voter it is impossible to
know which software or hardware the black box in the voting booth actually
runs, and even for experts it can be made arbitrarily hard to detect.
Furthermore, it should be possible for the average voter to understand the
whole election process. I don't think that any single person, let alone the
average voter, can understand and audit a complex FreeBSD/RISC-V computer.

~~~
drusepth
Honest question: how is <secretly using different software or hardware in the
machine> different from <someone secretly switching or altering ballots> in
our current system?

If we can't trust checks and balances saying, "Your vote will be counted
properly here", how do we trust any of it?

~~~
lwansbrough
The process you described would require a group of humans to conspire together
and carry out voter fraud. Which is not only illegal (and thus carries high
risk on an individual level), but probably difficult to pull off without
anyone finding out about it. Compare that to totally opaque code running on a
system only a very few select people will ever get to observe. Not only that,
the average person may not even be able to spot malicious code even if they
were given the opportunity to stare right at it. It would be pretty hard not
to notice someone dumping ballots or stuffing ballot boxes if you were
observing a counting room, even with no prior knowledge of the process.

~~~
StudentStuff
The sheer volume of fraudulent paper ballots needed, combined with manual
partial counts to ensure automated scanner accuracy has ensured the security
of paper based voting compared to alternatives.

------
ENOTTY
DARPA doesn't have any regulatory power over how elections are run in the
United States. So as of right now this tweet is wishful thinking.

~~~
cryptoz
The way it is presented on HN is active disinformation. The headline is simply
false.

------
cnst
A FreeBSD.org confirmation below; note the sponsored-by part:

* [https://www.freebsd.org/news/status/report-2019-01-2019-03.h...](https://www.freebsd.org/news/status/report-2019-01-2019-03.html#FreeBSD/RISC-V-Update)

------
jakeogh
Hand counted paper has less unfixable fundamental flaws.

------
danso
U.S. voting is extremely decentralized [0], with the procurement of machines
procured at the state or even the county level. This mention of "U.S.
Government Furnished Equipment" sounds like FUD.

[0] [http://www.ncsl.org/research/elections-and-
campaigns/electio...](http://www.ncsl.org/research/elections-and-
campaigns/election-administration-at-state-and-local-levels.aspx)

edit: The user's bio says he's on the "DARPA CHERI" team, which is in
Cambridge? [0]

~~~
cnst
Yeah, DARPA funded OpenBSD development in Canada in the past, so, not much
surprise that they also fund research at the University of Cambridge, I guess.

[https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/](https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/)

The web-page itself makes no mentions of DARPA or AFRL, but if you click on
any of the papers, the notices are all there.

P.S. ARM is HQ'ed in Cambridge, so, location-wise, probably a lot of talent
that can do these kinds of things there.

------
ravenstine
Why don't voting machines have their own specialized operating system? There's
no need for all the extra baggage that comes with a general purpose operating
system since all voting machines do the same stuff. I would think that, even
if the source code was leaked, there'd be fewer vulnerabilities for the hacker
to take advantage of.

~~~
eeZah7Ux
Nonsense.

------
solarkraft
I like this video by Tom Scott explaining why electronic voting is a terrible
idea. [https://youtu.be/w3_0x6oaDmI](https://youtu.be/w3_0x6oaDmI)

------
mrpippy
I'd love to see this happen, but the realist side of me would bet money that
no American will cast a vote on a FreeBSD/RISC-V machine in the next 5 years.

~~~
solarkraft
The idealist in me hopes that no american will cast a vote on a FreeBSD/RISC-V
_or any other_ voting machine in 5 years.

------
shmerl
What were they running on until now?

~~~
jerkstate
Windows 7

from
[https://apnews.com/e5e070c31f3c497fa9e6875f426ccde1](https://apnews.com/e5e070c31f3c497fa9e6875f426ccde1)

> An Associated Press analysis has found that like many counties in
> Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide
> use Windows 7 or an older operating system to create ballots, program voting
> machines, tally votes and report counts.

~~~
deelowe
Definitely not windows 7 in my town. Looks more like 2k.

~~~
lxhmj
Might have been 7 with the classic theme? It looks basically like 2000

------
redis_mlc
I just wanted to point out something about US voting machines for seriously
interested people to research and ponder.

From what I've read, the sole motivation for the large "investment" in
electronic voting machines was an ADA requirement. City and state government
committees felt obligated to budget for electronic voting machines for
compliance reasons _only_. So ADA compliance was the sole requirement, and the
security requirements were never a factor.

This is similar to Dieselgate in Europe. Diesel is a filthy fuel, but there is
one pollution component, I believe it's CO2, that is emitted less than
gasoline. All of the other pollutants are worse, but European governments
incentived diesel ICE engines for that one molecule.

We are in a post-facts era, and as technologists we need to be at the table
before one-dimensional public policies are made, as in the above examples.

~~~
addicted
Wasn’t dieselgate about companies rigging their software to trigger emissions
control only during testing to meet NOx standards? And wasn’t dieselgate about
trying to trick US standards rather than about European standards?

The irony of your comment...

Edit: I don’t know anything about the impact of the ADA on the choice of EVMs
in the US, so I haven’t commented on it too much, but even ignoring how wrong
your dieselgate comment is, your claim about ADA doesn’t pass the smell test
for me because EVMs are (or were, until courts stopped them or countries
realized how insecure they are) being adopted in large numbers in other
countries, many of which don’t have the equivalent of ADA laws, and don’t
particularly care about the disabled.

~~~
redis_mlc
No irony, you just don't understand the complete picture. I wasn't offering my
opinions, I was reporting on what the press had previously written.

Most press on dieselgate was superficial, but there were a few articles that
went deeper into why diesel and why mfgs. rigged exhaust tests.

The actual origin of dieselgate was government regulations incentivizing
diesel use in Europe for misguided emissions reasons.

A related factor is that mfgs. can apply fuel economy improvements from one
model to other models based on percentage.

Regarding voting machines, city and state councils would not budget for new
equipment without a good reason. That's why ADA seems like the most compelling
reason from what I've read.

Under "Voting Systems Standards" in the link below, an electronic system is
required with multiple language support under ADA:

[https://www.govinfo.gov/content/pkg/PLAW-107publ252/pdf/PLAW...](https://www.govinfo.gov/content/pkg/PLAW-107publ252/pdf/PLAW-107publ252.pdf)

~~~
danso
> The actual origin of dieselgate was government regulations incentivizing
> diesel use...

Dieselgate is about a specific scheme designed to bypass regulations. Your
reductive reasoning makes as much sense as saying "it's superficial to think
of Watergate as anything else but the byproduct of democratic elections"

