Hacker News new | past | comments | ask | show | jobs | submit login
[flagged] Soon all the voting machines in U.S. will be powered by FreeBSD/RISC-V (twitter.com)
67 points by cnst 51 days ago | hide | past | web | favorite | 36 comments

This whole "open source voting machine" idea completely misses the point why electronic voting is a bad idea in the first place. The obvious attack against such a system is to secretly use different software or hardware in the machines than was published and audited. For the voter it is impossible to know which software or hardware the black box in the voting booth actually runs, and even for experts it can be made arbitrarily hard to detect. Furthermore, it should be possible for the average voter to understand the whole election process. I don't think that any single person, let alone the average voter, can understand and audit a complex FreeBSD/RISC-V computer.

Honest question: how is <secretly using different software or hardware in the machine> different from <someone secretly switching or altering ballots> in our current system?

If we can't trust checks and balances saying, "Your vote will be counted properly here", how do we trust any of it?

The process you described would require a group of humans to conspire together and carry out voter fraud. Which is not only illegal (and thus carries high risk on an individual level), but probably difficult to pull off without anyone finding out about it. Compare that to totally opaque code running on a system only a very few select people will ever get to observe. Not only that, the average person may not even be able to spot malicious code even if they were given the opportunity to stare right at it. It would be pretty hard not to notice someone dumping ballots or stuffing ballot boxes if you were observing a counting room, even with no prior knowledge of the process.

The sheer volume of fraudulent paper ballots needed, combined with manual partial counts to ensure automated scanner accuracy has ensured the security of paper based voting compared to alternatives.

The difference is that paper ballot voting can be easily introspected, whereas computers cannot. In many countries with paper ballots, the entire process from setting up the urns to counting the results is entirely done in public, usually with members of different parties being present. If you want to make sure that your vote is not tampered with, you can show up in the morning to see that the urn is empty, cast your vote, and watch the urn until it is opened in the evening and the votes are counted.

Because the paper ballot system is audited live by all participating entities. The box that you put your ballot into is watched continuously by a member of your political party, by one state official and by a member of the at least one opposing party. Once the votes are in, then the two party people watch while the state official's team counts all votes and writes down the total. At this point they can take a picture of the final tally and send to party membership.

To mess with the election, you have to turn all three persons mentioned above, who all have conflicting interests [1]. And then do this for a significant fraction of the voting centers in one constituency to change the overall result. It's almost impossible to do this to any appreciable degree.

What more, explaining the above to regular people is as easy as repeating the above paragraph to them. As long as people trust that their party member's are not double crossing them, they will trust the process.

[1] the person of the opposing party might have ethics, so it's not given that they will just agree to blatant vote manipulation.

Simply have all citizens be able to inspect the process? Where I live the political parties generally take that role since they are the stakeholders and they can request recounts if they see anything weird going on.

And even though we do manual counting we get a preliminary election result the same night, simply by having adequately sized voting districts and then everything is recounted a couple of times for the final certified result.

That's technically true also in my country (Spain), but if you talk with polling station presidents they will tell you there's a lot of allowed fraud and fake votes. Usually, they're not evil, but if you sum up one here and another... My friend had to invent two votes because they were missing in the ballot box, the political parties there agreed to do that like if it was normal. He was also very angry because there was no anonymous vote, he couldn't put all parties in the secret rooms, so you were only able to vote for some parties in public and not so anonymous rooms.

They all seem like small things, but you sum up... This year we had the most fragmented political spectrum and small differences make big changes. In Leon, a polling station made a mistake and put the votes for a party in a different row. Nobody there noticed the mistake except the far-right party Vox. One simple polling station mistake changes the mayor of the city because they were enough votes.

Another problem I see is the mail vote. Mail vote is extremely popular in Spain (4-5% of total votes) and it's very easy to manipulate, not able to be inspected.

because the cost of the attack is very different at the scale required to influence the outcome. thus electronic voting is less secure.

There's many techniques and practices of creating trust and more resilient election processes:

0. international independent observers following the entire chains-of-custody of votes and the tallying process

1. vote as did the Greeks or Googlers' for their lunch: place a physical token in the particular container for a given candidate, and then weigh them and measure their volume. There's no hanging chads or ambiguity.

2. place non-partisan, professionals with integrity in-charge of and with elections

3. seek a wide pool of volunteers, and randomly assign them

4. randomized double/triple/quad verify chain-of-custody at key activity steps to reduce chances of many types of impropriety

5. transparency: lots of public live video streams of election process areas as it's occurring

Pretty much everyone, given the opportunity, is capable of noticing a switch or modification of paper ballots.

Very few, even when given all the opportunities in the world, are capable of determining if something is wrong in the software or hardware in the machine.

The difference is between having to trust a small group of people who have to be trusted to be experts, vs trusting that the average of random groups of people will be good enough to minimize fraud.

One requires drastically more joules and seconds.

DARPA doesn't have any regulatory power over how elections are run in the United States. So as of right now this tweet is wishful thinking.

The way it is presented on HN is active disinformation. The headline is simply false.

Sadly, even the federal government has very little power over this, it will be a battle state by state to force corrupt incumbents like Diebold out.

A FreeBSD.org confirmation below; note the sponsored-by part:

* https://www.freebsd.org/news/status/report-2019-01-2019-03.h...

Hand counted paper has less unfixable fundamental flaws.

U.S. voting is extremely decentralized [0], with the procurement of machines procured at the state or even the county level. This mention of "U.S. Government Furnished Equipment" sounds like FUD.

[0] http://www.ncsl.org/research/elections-and-campaigns/electio...

edit: The user's bio says he's on the "DARPA CHERI" team, which is in Cambridge? [0]

Yeah, DARPA funded OpenBSD development in Canada in the past, so, not much surprise that they also fund research at the University of Cambridge, I guess.


The web-page itself makes no mentions of DARPA or AFRL, but if you click on any of the papers, the notices are all there.

P.S. ARM is HQ'ed in Cambridge, so, location-wise, probably a lot of talent that can do these kinds of things there.

Why don't voting machines have their own specialized operating system? There's no need for all the extra baggage that comes with a general purpose operating system since all voting machines do the same stuff. I would think that, even if the source code was leaked, there'd be fewer vulnerabilities for the hacker to take advantage of.


I like this video by Tom Scott explaining why electronic voting is a terrible idea. https://youtu.be/w3_0x6oaDmI

I'd love to see this happen, but the realist side of me would bet money that no American will cast a vote on a FreeBSD/RISC-V machine in the next 5 years.

The idealist in me hopes that no american will cast a vote on a FreeBSD/RISC-V or any other voting machine in 5 years.

What were they running on until now?

Windows 7

from https://apnews.com/e5e070c31f3c497fa9e6875f426ccde1

> An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts.

Definitely not windows 7 in my town. Looks more like 2k.

Might have been 7 with the classic theme? It looks basically like 2000


I agree. But do you think FreeBSD will be much worse than the Windows 7 they have been previously using? I assume they will harden FreeBSD as much as they can (hopefully).

Also, what *is" a more appropriate OS to use on these systems? OpenBSD? Linux?

Why not fix the problem and go to paper?

Budget more workers and do it the right way.

I just wanted to point out something about US voting machines for seriously interested people to research and ponder.

From what I've read, the sole motivation for the large "investment" in electronic voting machines was an ADA requirement. City and state government committees felt obligated to budget for electronic voting machines for compliance reasons only. So ADA compliance was the sole requirement, and the security requirements were never a factor.

This is similar to Dieselgate in Europe. Diesel is a filthy fuel, but there is one pollution component, I believe it's CO2, that is emitted less than gasoline. All of the other pollutants are worse, but European governments incentived diesel ICE engines for that one molecule.

We are in a post-facts era, and as technologists we need to be at the table before one-dimensional public policies are made, as in the above examples.

Wasn’t dieselgate about companies rigging their software to trigger emissions control only during testing to meet NOx standards? And wasn’t dieselgate about trying to trick US standards rather than about European standards?

The irony of your comment...

Edit: I don’t know anything about the impact of the ADA on the choice of EVMs in the US, so I haven’t commented on it too much, but even ignoring how wrong your dieselgate comment is, your claim about ADA doesn’t pass the smell test for me because EVMs are (or were, until courts stopped them or countries realized how insecure they are) being adopted in large numbers in other countries, many of which don’t have the equivalent of ADA laws, and don’t particularly care about the disabled.

>Wasn’t dieselgate about companies rigging their software to trigger emissions control only during testing to meet NOx standards?

Essentially yes.

>And wasn’t dieselgate about trying to trick US standards rather than about European standards?

No, most likely not. The main motivation at the time they put these "devices" in place was to trick the European standards, the so called Euro 1 to Euro 6, and regulators. Of course it helped with the US/Californian standards too, but hardly the main concern. But the primary diesel market was (and still is) the EU, also with new diesel models introduced there first. E.g. in 2015 over half of all new passenger cars in Europe were diesel. At the same time the US diesel new passenger cars were about 3%. Diesel was incentivized by European governments in particular the German.

What's more is that a lot of other countries outright adopted the Euro standards too, or based their local standards directly on the Euro standards, e.g. Israel, Turkey, Australia, India, and even China to a degree, to name a few. Getting e.g. an Euro 5 certification meant you not only were able to sell in the EU but a lot of those places too.

Of course, it was US researchers and regulators who uncovered this fraud first (or at least the first who made it public and issued fines), kudos to them, so that's probably why there is a perception that this thing was about US and US standards.

BTW, those "cheat devices" really aren't devices per see but ECU configuration data to instruct the ECU to limit the urea solution (AdBlue) use to likely test scenarios. And they started doing this cheat mainly because they fucked up their designs installing too small, tiny urea solution tanks (which often were hard to access) which would have required car owners to refill that tank really often.

No irony, you just don't understand the complete picture. I wasn't offering my opinions, I was reporting on what the press had previously written.

Most press on dieselgate was superficial, but there were a few articles that went deeper into why diesel and why mfgs. rigged exhaust tests.

The actual origin of dieselgate was government regulations incentivizing diesel use in Europe for misguided emissions reasons.

A related factor is that mfgs. can apply fuel economy improvements from one model to other models based on percentage.

Regarding voting machines, city and state councils would not budget for new equipment without a good reason. That's why ADA seems like the most compelling reason from what I've read.

Under "Voting Systems Standards" in the link below, an electronic system is required with multiple language support under ADA:


> The actual origin of dieselgate was government regulations incentivizing diesel use...

Dieselgate is about a specific scheme designed to bypass regulations. Your reductive reasoning makes as much sense as saying "it's superficial to think of Watergate as anything else but the byproduct of democratic elections"

I was a poll worker in Chicago's latest election so I have done some reading and research about the paper and electronic voting machines. Before I worked the polls, I had no idea the wide array of user edge cases I had to prepare for, particularly with the wheelchair bound (quadriplegic or not) and the visually-impaired. Electronic machines are vastly more suited for the disabled. The paradox is that I found administering the e-voting machines more annoying than paper ballot, because people more frequently requested the latter, so I just didn't get as much practice throughout the day. I personally prefer the paper ballots, but I do see a very pragmatic reason for having e-voting machines used in tandem at polling locations, and not just by the disabled.

I don't know where you're going with the whole Dieselgate thing. But I do agree that part of the appeal of e-voting is the ADA accessibility. Can you point me to where you found in your research where voting officials felt "obligated" or otherwise encouraged to ignore everything else for the sake of compliance? Just because a bank is forced to install a wheelchair ramp doesn't mean they remove the door locks.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact