Microsoft announces that US voting systems running Win7 will get free updates through the 2020 elections

Topic

New Reply

Per MS corporate VP Tom Burt: As we head into the 2020 elections, we know there is a relatively small but still significant number of certified voting
[See the full post at: Microsoft announces that US voting systems running Win7 will get free updates through the 2020 elections]

2 users thanked author for this post.

Bluetrix, AJNorth

Reply | Quote

Replies

Our county just installed  new voting machines with W7  for 5 million dollars from Election Systems and Software.  The company  said they will upgrade them to W10 at no extra cost to the county when Microsoft stops updating the W7 machines.

Reply | Quote

[Pim]

Here in the Netherlands voting machines have been banned since 2007. Some hackers proved that they could be unsafe, although the “main-stream” thought they were. One of the issues was that the electro-magnetic interference could be received over tens of meters away and it was possible to check from that distance what somebody voted. Also, the lack of a paper trail could be problematic. I do not know how the machines have been declared safe, but I am still amazed that their use is so widespread in the US.

• This reply was modified 5 years, 8 months ago by Pim. Reason: More text added

3 users thanked author for this post.

wavy, abbodi86, AJNorth

Reply | Quote

It’s incredibly scary that anyone would consider running a voting machine on any desktop Windows operating system.

Edit: Link removed.

Reply | Quote

According to the article referred to by Woody: “We are also announcing today that, as part of the Defending Democracy Program, we are proactively identifying and engaging election authorities that are Microsoft Azure customers to provide guidance and technical assistance in using the most advanced security features in Azure. We provided this service ahead of the 2018 election cycle and will again ahead of the 2020 cycle.”

That means the elections in November of next year are going to be counted and the results communicated using Azure, MS’ “Cloud.” And those “most advanced security features” might have to defeat some advanced, military-grade form of malware used to try to hack the electoral process through the computers used for running it. A first step in that direction was taken already, for example, in November of 2017, when foreign actors began to disseminate false information to confuse voters through social media in the US, doing that, since then, also in other countries that have had elections. So this November election next year might be the one when things get taken to the next level: the direct hacking of the electoral process itself, to discredit and thus destabilize the democratic political system. Not just in the USA, but in similarly conducted elections in other democracies.

Those working at MS to make the process safer as well as those organizing the elections in this way are taking, in my opinion, a lot on themselves.

I wish them all the luck in the world with that. But can’t help but to shake my head and throw up my hands at the thought of it.

So what alternative would I propose if consulted on this? I would probably say: “Electronic counting of votes collected on the Cloud and with the final results likely to be available in the very night of the day of the elections, is nice and convenient, but do you know Aesop’s’ fable of the hare and the tortoise? Well: let this democracy be like the tortoise, not like the hare. We’ll be all better off waiting a bit longer for the final results, as will also have to wait a bit longer the candidates and their close supporters ready to celebrate with, or find consolation in, the champagne they’ll have ready to go as soon the final results come out, at their election headquarters.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

wavy

Reply | Quote

It’ll be interesting to see how public authorities handle the end of support for Windows 7.

Local authorities in the UK are particularly strapped for cash these days, and upgrading computer systems across a major network doesn’t come cheap. I was at a meeting at my local council offices the other evening and we were using their computer system for a Powerpoint display. When our laptop was unplugged from their system at the end of the meeting I noticed the large display screen was displaying the Window 7 logo accompanied, inevitably, by the message “Do not turn off or unplug your computer or device, installing 1 of 9 updates…” ;)!

Fun times ahead!

3 users thanked author for this post.

abbodi86, OscarCP, geekdom

Reply | Quote

The Election Systems and Software machines use duel  calculation.  Both electronic  and a separate paper ballot.  The paper ballot  is  put in the machine and you vote electronically, it is then checked by the voter for any changes or mistakes then if satisfied the voter then scans it and places the paper ballot in a lock box.  Both totals are checked and compared at the county elections office.

Reply | Quote

Geo wrote:

The Election Systems and Software machines use duel  calculation

They fight each other to see who is the best and then announce the result. 🙂

As I understand it each state / county has its own system so even the voting method is democratic. 🙂

cheers, Paul

Reply | Quote

This is just great. With no QA at Microsoft and no home/pro W7 beta users the test patches, Microsoft’s patching voting systems could introduce security bugs up to faking 2020 election results.

Reply | Quote

It ‘s  Catch 22.  With paper ballot’s  we will have the “hanging chads” again or finding boxes of uncounted ballots  in poll workers car trunks or lost in the county court house janitor’s closet weeks after the election.

Reply | Quote

Voting systems running Windows 7 are pretty much under some Enterprise/Volume licensing agreement anyways so that’s subject to those entities deciding to purchase extended Windows 7 updates from MS at some point in time while they try and get the voting software Vetted/Certified to work under windows 10.

It’s good that MS has given the voting related system vendors some latitude with free updates until the 2020 election cycle is over. And it takes time for for Vetting/Certification process to be finished and that software able to be securely used on any new OS/OS version.

And any Voting Software and OS ecosystem is under some very strict state/federal regulatory rules and conditions that have to be legally met so MS may have had to offer some remediation options for those Voting System vendors. And they have already  been running locked down Windows 7 Enterprise OS images and will be running the same sort of locked down Windows 10 Enterprise Edition image once that voting software vetting/certification process is completed under Windows 10. And that will be some specialized LTSC Enterprise edition of Windows 10 anyways.

Reply | Quote

If “locked down” means the same as “never connected to the Internet, unless necessary to get updates such as those under consideration here”, then why is MS mentioning “Azure” to reassure the electoral authorities responsible for the use of computers to conduct and tally the elections that it will be very safe to use those computers for… whatever?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

wavy

Reply | Quote

No intent to imply that locked Down has anything to do with disconnected from the internet. When I say Locked Down I’m referring to the Enterprise versions of Windows getting the full set of permissions made available via a UI/Application settings panel that allows for all the spying and telemetry to be disabled, and that settings ability accessible without having to use any Registry Editor hacks to disable things.

So for Enterprise OS licensees there is that top level IT department’s system level fully enabled control over what the OS is allowed to share with MS or anyone else for that matter.

And the Government of the US, and the States, can be, and are granted, source code auditing of any Election related OS/API/Application software that are approved for use in any voting machine vendors’ products. The US Federal Elections Commission and the US Justice Department and related state/federal agencies and courts have strict rules in place for monitoring and auditing any voting related software and hardware apparatus and the systems to which they are connected.

But really I’d prefer a paper trail where the voter is offered a paper printout of their votes along with there being a dual digital and paper audit copy of the voting record that’s been anonymized with a random transaction number as to be untraceable to any individual by name but still auditable to the machine and system where the vote was cast. That way the election results can be tabulated quickly in a digital manner but still paper auditable by the state and federal elections commissions.

Computers can never be fully trusted what with that JTAG and PSP/ME other functionality that are ubiquitous on processors. And voting machines need hardware based Firewalls and some from of Blockchain level of transactional functionality all along the different interface points from the voting machine to the District’s/the District’s Vendor for voting systems, voting database. I’d even go as far as saying that for voting systems there needs to be a dedicated back-haul that’s used for any voting related functionality/services and an isolated intranet that’s not accessible via any protocol that’s approved for wider use.

Reply | Quote

Back in July 2019 I posted a long reply to a thread discussing voting machines and peripherals reliability. If they disable security functions on the election Poll verification machines it’s all moot.

An excerpt:

Uh~huh, trust the government to do it right.

This is the same company[ESS] that was thrown under the bus in a mid west state last year for disabling a safeguard on the poll tablets that prevented people from voting twice in two different precincts because it caused a long wait for voters to be verified. Apple provided a different system that prevents that issue. Bottom line, the new ES&S system still requires a connection to the internet and relies on the ‘New and Improved’ Windows 10 for security. (Pardon me while I wipe the coffee off my screen)

That the other big two  rely on soon to be out of date OS’s (Win7) to provide security, you need not worry, ES&S says Microsoft is working with them to provide security updates until 2023 for those systems. How nice, out of date again just in time for the 2024 elections.

The EAC may test the systems, but relying on those tests or buying tested systems is voluntary, not law. [and testing takes forever]

The Voluntary Voting System (VVSG) are guidelines adopted by the United States Election Assistance Commission (EAC) for the certification of voting systems. The National Institute of Standards and Technology’s Technical Guidelines Development Committee drafts the VVSG and gives them to the EAC in draft form for their adoption.

Each state is free to choose any system they want. Standardization is a bad word, and three martini lunches still seem the norm.

/quote

I’m sure they saw the error of their ways and now do everything above board. Uh-huh

Reply | Quote

Bluetrix: “I’m sure they saw the error of their ways and now do everything above board. Uh-huh.”

Come on! Some people never make mistakes: they say so themselves, or imply it with their actions, so it has to be true!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Well non nondescript brown envelops passed around can and does work to the detriment of voters/voter security in more than just election software and equipment  related vendor contracts. So the quid pro quo can be lunch related  or even after that lunch at that 5 star restaurant and more than 3 martinis later at the bar as well.

If it’s not the local politicians it’s the state and federal ones and they all have access to that taxpayer gravy train that’s 10 miles long, and all high capacity gravy tank cars as far as the eye can see.

Reply | Quote

anonymous wrote:

But really I’d prefer a paper trail where the voter is offered a paper printout of their votes along with there being a dual digital and paper audit copy of the voting record that’s been anonymized with a random transaction number as

I have a problem with this as well as with the current use of e-voting machines (in my city at least). Here we fill out a form w/o any real privacy, then are ‘assisted’ by ‘helpers’ to insert the form in a tabulating machine with even less privacy. Voting in my country is supposed to be anonymous and private, this process is neither.

As for a paper record being offered to the voter this also so violates the privacy mandate. The possibility is open for vote retailing, with proof that you fee for voting a particular line was well paid for.

😱 🤪 😵 😡

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

I am all for a “paper trail” where the votes, as they are entered by the voters in whatever serves as “ballot box”, are registered mechanically or electronically, to be kept as secure from meddling as possible, either on paper or in a text file that can be looked at on a computer screen, to be revised and counted later, and even recounted, if necessary, by those officially designated to do so. But only for the purpose of finding out how many votes each of the contending candidates has received. And with absolutely no additional information that may allow someone in possession of it to find out who voted for whom. The moment that he or she has voted, the voter must “disappear” from the picture (except for an entry in a ledger that this person has voted, to confirm officially this has been done, particularly where the vote is obligatory, and also to avoid the same person voting more than once) and only the vote itself must remain available for later counting.

I agree with Wavy: giving a voter written proof of having voted that includes for whom they voted is a really bad idea that compromises the integrity of the electoral process instead of benefiting it as, I’d like to imagine, was the intention of those who came up with and implemented this notion in the case he is describing.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Interesting (not much) KB article regarding ESU, which is not working currently

Procedure to continue receiving security updates after extended support ends on January 14, 2020
https://support.microsoft.com/en-us/help/4522133/procedure-to-continue-receiving-security-updates

google cached text version:
http://webcache.googleusercontent.com/search?q=cache:https://support.microsoft.com/en-us/help/4522133&strip=1&vwsrc=0

Reply | Quote

I get a 404 on both links.

Reply | Quote

[abbodi86]

Cached still works for me
how about this?
https://webcache.googleusercontent.com/search?q=cache:JP-8xwrsPqMJ:https://support.microsoft.com/en-us/help/4522133/procedure-to-continue-receiving-security-updates+&cd=15&hl=en&ct=clnk&gl=us&lr=lang_en&strip=1&vwsrc=0

anyway, here’s the article content, not very much interesting (yet)
https://i.imgur.com/uDy3EsQ.png

• This reply was modified 5 years, 7 months ago by abbodi86.
• This reply was modified 5 years, 7 months ago by abbodi86.

1 user thanked author for this post.

PKCano

Reply | Quote

Another catch 22.  As a machine inspector at the polls we tell the voter to look at the material and ask questions before going into the voting booth.  Our’s are private booths with curtains.  99% just walk in and go into the booth and ignore us.  Once inside the booth  they are on their own and are lost and want help.  State privacy laws do not allow us to go inside the booth and help them.  Unless they fill out a assistance form there’s nothing we can do.  They get frustrated and walk out leaving the machine  as is and we have to take the machine out of service and fill out  a “fleeing voter” form before resetting the machine all because their egos get in the way and refuse to ask for help before going into the booth.

Reply | Quote