Ahead of midterms, election security better then 2016, but still very vulnerable - Polidicks

https://www.vox.com/2018/10/25/18001684/2018-midterms-hacked-russia-election-security-voting Too large for a summary, some choice bits: The consequences of this unregulated, for-profit system can touch the absurd. This year, FBI agents briefed Maryland Gov. Larry Hogan on some disturbing information about ByteGrid, a third-party vendor that hosts Maryland’s voter registration database, election management system, online ballot delivery system, and election-night results website. Unbeknownst to Maryland officials, ByteGrid had been purchased two years earlier by a Russian fund manager whose largest investor is Russian oligarch Vladimir Potanin, who in turn has close ties to Russian President Vladimir Putin. (A Maryland election official tells Vox the FBI “had no evidence of a breach or fraudulent transactions.) During one conversation I had with Masterson, he began talking enthusiastically of a “product” the Election Task Force had built, custom-designed for election officials in Iowa. A malw are scanning system? Proprietary software? “We can show you a picture of it,” Masterson told me. “It’s a big poster.” The poster, which will hang on the walls of dozens of Iowa election offices, includes phone numbers to call in an emergency, reminders about “risks and mitigations,” and a checklist of good practices. Today, in fact, such a poster does exist inside the headquarters of both the DNC and the DCCC. It reminds employees about the dangers of communicating over email and other security hazards. In both offices, it hangs in a place that is unlikely to be ignored: in bathroom stalls and above the urinals. But the most prominent of these efforts is the Senate’s Secure Elections Act, sponsored by Sens. James Lankford (R-OK) and Amy Klobuchar (D-MN). The bill would grant security clearances to each state’s top election official, create a technical advisory board to proliferate best practices in cybersecurity, and require states to conduct manual, paper-based election audits. The mystery was solved when it was announced that the shelving of the Secure Elections Act came at the behest of the White House. “We cannot support legislation” that “moves power or funding from the states to Washington,” the White House announced in a statement. No particular objections to the bill were identified. More consequential are the White House’s lesser-known administrative moves. In the past two years, the administration has eliminated three vital positions in cyberdefense: cybersecurity coordinators at the State Department and Homeland Security Council, and, most critically, its White House cybersecurity coordinator.

Electronic voting is a disgrace to democracy.

Vladimir Potanin sounds like Putin's cover name, except he came up with it after too much vodka

Maybe the red scare wasn't quite so ridiculous

I think my state still uses paper ballots. Those are much harder to fake than just a digit.

We've voted by mail for like 20 years in Oregon, you get your ballot and an information packet in the mail like a month before it's time to vote. You fill in the bubbles for the shit you want to vote for and you either drop it into a ballot drop off box usually at a publicly owned building like a library or stick it back in your mailbox by a certain date and time. There's a physical paper trail and the process is all done by the state, no sketchy ass private companies with sketchy databases and infrastructure. You're also registered to vote when you get a drivers license or a state issued ID. Voting any other way seems so insanely foreign, unsafe and an absolute waste of everyone's time. https://en.wikipedia.org/wiki/Vote-by-mail_in_Oregon https://en.wikipedia.org/wiki/Elections_in_Oregon

It sounds like the fake name Putin would come up with because he has so much power that it doesn't matter if he gets caught, what's exactly is anyone going to do to him?

No it isn't. Just our current machines are.

it works fine if states spent 20 minutes figuring out what they needed before they spent all their money. these electronic voting machines seem to be a product of ready fire aim acquisitions

It doesn't matter how much you 'secure' machines, it's still not as secure as paper try altering millions of paper votes... now do that to a computer. Big difference. https://www.youtube.com/watch?v=w3_0x6oaDmI

I've critiqued that video before, it's entirely based on existing technogy and he acts like he's whacked out on cocaine for the entire duration. That video has far more emotional than factual content.

guess what's never gonna happen the risk really isn't worth the debatable marginal gain in convenience the entirety of Canada uses paper ballots and somehow we haven't gone bankrupt why go from a system that is literally impossible to manipulate to another system which is just rife with possible avenues for interference also haha wow it's not like it's impossible for state-sponsored entities to just use the massive resource at their disposal to penetrate sensitive systems you got shit like China using its massive manufacturing monopoly to compromise hardware at the point of fabrication: China Used a Tiny Chip to Infiltrate U.S. Companies now you're asking state governments, probably some of the most tech-illeterate people on the planet, to properly secure their machines when big companies can't even guarantee it? give me a break

The Constitution devolves oversight of the elections to the states, it's a possibility the feds could withhold funds until they stop being retarded with how elections are handled but it'd probably struck down in court.

I've seen your argument before, it relies on those systems being implemented "properly" but OOOH BOY is that a big "if".

I'm not saying that this entire notion isn't a risk and it could certainly happen in the future and for all we know has happened and went undetected who the fuck knows when. But that Bloomberg story provides no evidence and all of the major players (Apple, Amazon, etc.) have fully denied everything. Even the NSA publicly said "uhh we'd love any proof anyone has about this". I think Bloomberg got taken for a ride and that particular incident may not have ever happened.

This is such an absurd post, it's almost cartoonist naive Do you actually believe a computer system with perfect security exists? The problem could be programmed into the system itself, making it undetectable. A bug could be found that could get around the detections or alter it before the detection would be used The program itself could simply glitch and cause problems that way Data could be corrupted Even in a well made system there are many possible problems that could arise and its impossible to 100% account for all of them, and even then, setting the system up to begin with creates far more trails for lawmakers that it's simply far too unrealistic to even ask for, especially considering most of these old fucks don't even know what a computer is let alone has ever used one. E-Voting doesn't even have an actual point in going in that direction. It's nothing more than a dumb technological novelty. We've been using paper for hundreds of years, what the fuck is the point. You have to Make laws to check the programming behind E-voting machines, and the company making it, and actually have people check them to begin with Check multiple times to make sure the systems all work and are in full order Make sure that during transportation, preparation, production, etc nothing has been tampered with. Replace or repair any systems that don't work Make sure that all repairs are within spec With paper you Put a mark on a paper and your done Supporting this is worthless because Your magical perfect system doesn't exist and won't be made There are far too many technicalities to account for Lawmakers do not give a shit and it's objectively easier to go with paper. You haven't even posted factual arguments, all you did was lazily brush it aside and pretty much say "He sounds like too much of a spaz to be correct". That makes you sound very idiotic if you ask me.

Lol who are you to decide what can and can’t be posted?

If the question is whether or not the concept as a whole is invalid, then it becomes a non-factor; of course, any system will fail if improperly implemented. Care to reread my post? I'm not dictating that something must not be posted.

yup i guess youre right man, we should just magically make these systems unhackably perfect and its all fixed, no loose ends behind them too, no problems!

AFAIK in computer security it's never about making a system unhackable (since that's available), it's just about making the system secure enough for the stakes involved which is what 90% of companies and decision-makers completely and utterly fail at. Realistically the people in power usually give contracts to the lowest bidder because they want to be "seen" as fiscally responsible but this the EXACT OPPOSITE of what needs to happen and that's why electronic voting will never work. For the amount of effort and funding required to make a proper e-voting system it would just be simpler and cheaper to do it by paper ballot.

Where is this magic properly implemented system, I want to see it.

Estonia has one of the most secure e-voting systems in the world. There's a paper which describes weaknesses in the system but it's absolutely not adequate, and relies in its pen testing unrealistic scenarios (Like completely reinstalling all central vote counting OSes without anyone noticing lol), and considers them credible. They did mention some credible weaknesses, which are for the most part easy enough to eliminate (employee access rights and 24/7 on site security.)

Thank you for posting facts and examples, rather than "yeah well if it were done right". I believe you. On the other hand the US doesn't seem to give a shit about legitimate paper votes, let alone e-votes, shit is fucking sad. The entire point of the US is the avoid that.

I think if you want an example as to why electronic voting in the US can't be trusted, just look at our electronic payment systems and well we've implemented security features nation-wide: https://www.epicmerchantsystems.com/wp-content/uploads/2016/08/BN-PF341_STERN0_12H_20160802115209.jpg

You're partially correct. The purpose of any secure system is to make it secure enough; it is the exact same with paper ballots. That being said, it is significantly easier to detect a breach than it is to prevent it entirely. Any system, including paper ballots, will be poorly made if done via cheap contractors. That doesn't mean that the core concept is bad, which is what I was arguing. Of course an acrually good implementation would have to be executed either federally (with proper oversight), or by a firm worth their salt. I agree that with our current situation, electronic voting might not be the answer; but, that doesn't mean that the entire concept is a slap to the face of democracy or that it will never be worth the associated costs. I'm open to investigating anything that might increase polling rates, since currently they're absolutely abysmal largely due to how much of a hassle voting is.

Electronic funding just has a larger array of issues versus physical. The hassle with voting isn't paper/machine, its the fact we don't have it as a federal holiday and that states have been pushing thing like voter ID laws or closing down places in minority areas. Low voter turn out has nothing to do with paper/electronic, electronic machines that aren't kept up to date or don't leave a paper trail by design are. Paper voting is a tried a tested method, bar none and we've had two centuries to work out the issues. Electronic voting just has too many vulnerabilities and will never be nearly as secure as properly done paper system.