> By law, voter registration lists are available to the public and contain the following information: voter name, residential address, mailing address if different, race, gender, registration date, and last voting date. Pricing is set by the Secretary of State's Office.
So I guess now the hackers improperly know everyone's birthday?
You can say someone can buy their privacy by avoiding Gmail, Facebook, etc., but no one should feel like they have to choose between privacy and voting.
In some states you can even buy all this information on a CDROM. This is how canvassers know your name, especially when there's maybe a parent and adult child living at home (if the old person shows you ask to speak to the elder, otherwise ask for the child). I just don't see this as that big a deal.
>> By law, voter registration lists are available to the public
Someone may have stolen information they are legally entitled to have. That's not a scandal.
Until a few years ago (10?) each city got a block of consecutive numbers and used it until it got exhausted, so with the birthplace it was easier to get a more smaller range even with an approximate birthdate. (Some cities used to continue the numeration after their block was exhausted, but these numbers where in the block of another city, so there is some duplication.)
(And many years ago, the numeration for men and women was independent, because they had a different ID. When the ID were unified there was a lot of duplication.)
Note that both Obama campaigns illegally distributed voter registration data freely and without qualification or tracking via their volunteer app.
Do you get entries like 1 person's race being "25 % native Filipino, 10 % Chinese, 15 % "black", 25 % Arab, 25 % Caucasian"?
How do you even...?
Since I can answer in the Best Possible Way - old white guy - I don’t mind answering these optional questions. They never ask about how cynical I am though!
* many includes Job Applications, Loan applications, and, it seems, for voting too
This isn't really something to worry about. The odds are pretty good that there is no person in the world with the ancestry you describe; if you did get input like this, the sensible thing to do would be to discard it.
(Note also that Arab is a strict subset of Caucasian...)
Very naive, especially considering you're european. Race has much less to do with genetics and biology and more to do with perceived social norms. During the 1800s in the US, person who is 10% black is still often considered black. In Nazi Germany, a person who was 10% jewish was still considered jewish.
Putting people into race buckets is often based on unscientific (and immoral) notions of "purity" and a "natural hierarchy" of disparate societies.
So I doubt it'll have this impact.
I'm confused. Why are these records on the device at all? Why not a server? Why spend $100 million just to move it from paper to an iPad?
Some states seem to be moving towards absentee voting over the internet, which will be a mess when accusations of hacking start flying.
Still I don't get it why voting in the US is so complicated and difficult. Even India does a better job. There is also a reason why most other western countries have a paper ballot, they are harder to temper with.
Upon deployment of such scheme, it will be quickly discovered - or claimed - that some of the voters had their voting software MITMed, or their computers hacked, or whatever.
With electronic voting, you have to secure the whole chain, starting from a person interacting with their device. It's not like finance, where you can paper over malware or direct attacks on people's devices through police investigations, reimbursements and insurance payouts. Mere accusation of a e-voting's equivalent to Zeus being deployed would call an election into question.
There cannot be a black box in a voting system.
It works perfectly well in the UK and is literally impossible to hack because all the candidates are in the room with the people counting the votes. There are also two people with the votes (in a sealed bag) at all time during transit
It depends on the country, but typically you need some valid reason to require recounting. And "my favourite candidate got less votes than I expected" doesn't sound like a valid reason.
How would remotely wiping an iPad help? What if the stolen iPad is never allowed to connect to a network?
To me, as someone from a country where this data is considered sensitive, the fact that you can purchase this data is mind-boggling.
* A list that's available for purchase electronically, used by marketers, you can opt in or out of this list when registering to vote or renewing a registration. I have no idea why anybody would choose to be on this list; when it was last my job to care, the size of the list was falling but not as precipitously as I'd expect.
* The full list, available electronically to a limited set for specified purposes: law enforcement and intelligence for obvious reasons, candidates standing for election in order to send out literature to voters, elected politicians likewise, the Credit Reference Agencies for name + address matching on credit applications, I'm sure there's a few others, but most people don't have this.
The full list also exists on paper for anyone to read, but the law is clear that even if you were interested in painstakingly copying data from the paper records that's illegal unless you already have a purpose for which you'd be able to buy an electronic copy. This allows people to be individually nosy still, which feels proportionate. e.g. "How are fifteen people registered in the two bed cottage next door to me? I should go ask someone what's up with that."
The UK still doesn't have a secret ballot though which is crazy. If we're going to have the technical capability to reverse ballots we should use it OR if we don't want to use it, we should stop marking ballots so that it'd be technically possible to reverse them. Parliament periodically asks witnesses about this, but like the US Congress periodically asking whether ¢1 coins make sense (no, no they don't) it doesn't act on what it gets told.
Also, your name, birthday, and address will never be very private. You give it to so many different people/companies.
The information is stored locally on the iPads because doing so on a server greatly increases both the potential failure scenarios and the potential attack surface of the system. Think about the impact of that server going down or a DDOS of the server. Also think about the communication infrastructure needed to and within the polling place for those iPads to reliably be able to reach the server.
And before you say this is impractical, that is exactly what they do in the UK:
Of course this system still allows falsifications. But it is still better than any electronic system because the violations are easily noticeable.
Yes, there are procedural countermeasures against many of these attacks.
One of the greatest advantages of paper voting systems is that we have decades (if not centuries) of experience with subversion attempts and appropriate defenses and that these defenses are often procedural, not technical.
This means that many attacks can be prevented and you don't have to be an expert to do so.
Will they be able to delete votes for a wrong candidate remotely too?
This does say check in.
As a tech worker, and as someone who knows about computers, I very strongly oppose electronic voting. And the more I know, the more I oppose it. It's slightly more convenient, but in exchange it's way way less secure.
Also, this is not the first time Georgia has had problems related to electronic voting: see https://www.theinquirer.net/inquirer/news/1003966/diebold-in....