News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • New Election Systems use Vulnerable Software

    Home Forums Code Red – Security/Privacy advisories New Election Systems use Vulnerable Software

    This topic contains 11 replies, has 7 voices, and was last updated by  Bluetrix 1 month ago.

    • Author
      Posts
    • #1874938 Reply

      Geo
      AskWoody Plus

      The county I live in , in Pennsylvania just paid $5 million for one of these systems.AP Exclusive: New election systems use vulnerable software

      1 user thanked author for this post.
    • #1874972 Reply

      MrJimPhelps
      AskWoody_MVP

      They need to go back to old-fashioned mechanical voting machines. I know, I’m a dinosaur for saying that. But they were much more hack proof than the computerized machines.

      Yes, it takes a little bit longer to get election results, but so what, if our elections are better protected from hacking.

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
      4 users thanked author for this post.
    • #1874980 Reply

      Bluetrix
      AskWoody MVP

      @geo,

      FWIW, Jill Stein, the 2016 Green Party presidential candidate’s lawsuit is what pushed Pa. to change voting systems. The lawsuit was about Pa’s  “systems’ susceptibility to hacking,” however, several other states were included in the lawsuit. That opened up a fight for $100 million dollars worth of upgrades to companies that provide voting systems.

      The article you linked to said: (I’m just picking and choosing)

      “ES&S said it expects by the fall to be able to offer customers an election system running on Microsoft’s current operating system, Windows 10. It’s now being tested by a federally accredited lab.”

      Uh~huh, trust the government to do it right.

      This is the same company that was thrown under the bus in a mid west state last year for disabling a safeguard on the poll tablets that prevented people from voting twice in two different precincts because it caused a long wait for voters to be verified. Apple provided a different system that prevents that issue. Bottom line, the new ES&S system still requires a connection to the internet and relies on the ‘New and Improved’ Windows 10 for security. (Pardon me while I wipe the coffee off my screen)

      That the other big two  rely on soon to be out of date OS’s (Win7) to provide security, you need not worry, ES&S says Microsoft is working with them to provide security updates until 2023 for those systems. How nice, out of date again just in time for the 2024 elections.

      The EAC may test the systems, but relying on those tests or buying tested systems is voluntary, not law.

      The Voluntary Voting System (VVSG) are guidelines adopted by the United States Election Assistance Commission (EAC) for the certification of voting systems. The National Institute of Standards and Technology’s Technical Guidelines Development Committee drafts the VVSG and gives them to the EAC in draft form for their adoption.

      Each state is free to choose any system they want. Standardization is a bad word, and three martini lunches still seem the norm.

      Even the tiny country of Estonia thinks we can learn how to vote from them. Note: Estonia’s voting population is 1.3 million, not 250 million (est) as the USA has, and dozens of states have chosen to go back to paper voting.

      I think mail in voting is the least likely way to get your vote counted, somehow votes manage to end up in the trash, or lost behind stacks of boxes, or destroyed. That’s exactly what happened in the county I live in … several times. Once, a federal judge said she wanted to see the disputed paper votes.  The supervisor of elections declined to produce them and told the court the votes (over 28,000) had been destroyed by mistake. More Uh~huh.

      Obfuscate the facts enough so no one can make heads or tails of them seems to be the preferred and taken direction. There’s enough blame to go around, but in defense of profit  and name recognition, companies try to make share holders proud, even if their product isn’t a proud accomplishment. It’s a grin and bear it situation for us minions, we have little to no say in the choices at all.

      This prolly belongs in Rants. One could write a book on the voting non-options forced upon us, but that too would be out of date by the time it reached print.

      Windows10 Home 1809 | Mint19 on VM

      4 users thanked author for this post.
    • #1874991 Reply

      OscarCP
      AskWoody Plus

      People make the key decisions are probably in way over their heads with the practical and technical issues they never thought or knew about before they started the implementation of an insufficiently tested system, but trying their best to look good or, at least, not terrible. Has anybody in charge of this mess in the making ever heard of the concept of “making pilot tests” before going all out with the wholesale implementation of a new way of doing things? Particularly things that really matter?

      • This reply was modified 1 month ago by  OscarCP.
    • #1875005 Reply

      Geo
      AskWoody Plus

      Auditor General DePasquale: Officials in 18 Counties Report Accepting Gifts from Voting Equipment Vendors   https://www.paauditor.gov/press-releases/auditor-general-depasquale-officials-in-18-counties-report-accepting-gifts-from-voting-equipment-vendors

       

      Edit: Removed HTML

    • #1875081 Reply

      Paul T
      AskWoody MVP

      What’s wrong with paper? Easy, auditable, hack proof.

      cheers, Paul

      • #1875135 Reply

        mn–
        AskWoody Lounger

        Paper voting isn’t actually all that much more secure for one individual vote. It’s just, the hackers don’t get to use economies of scale unlike with digital…

        Meh, digital voting could be done right if it was enough of a political priority to do so. Same as with paper voting.

    • #1875304 Reply

      Bluetrix
      AskWoody MVP

      @mn-,

      Mehreen Kasana, (providing supporting links in her article for  Bustle.com) wrote:

      In comments to Bloomberg Businessweek, voting security advocate Marilyn Marks said that the safest choice was to turn to paper ballots. She said that the stakes are high as voting machines “are a national security risk.” Bloomberg Businessweek reported that federal officials’ main concern about voting machines is the lack of federal security guidelines around them.

      I talked about that in my earlier post.

      Just days ago on Gizmodo  Marilyn Marks said:

      “Is this a bad joke?” said Marilyn Marks, executive director of the Coalition for Good Governance, an election integrity advocacy organization, upon learning about the Windows 7 issue. Her group sued Georgia to get it to ditch its paperless voting machines and adopt a more secure system … If Georgia selects a system that runs on Windows 7, Marks said, her group will go to court to block the purchase.

      Mehreen:

      Given the fact that such machines produce zero paper record, voters don’t have the power to authenticate their input. On top of that, auditors can’t carry out their own evaluations. Paper ballots, on the other hand, would require an optical scanner — though skeptics worry it is more time-consuming than voting machines.

      Still, Georgia Institute of Technology’s cybersecurity professor Richard DeMillo echoed Marks’ support for paper ballots in Bloomberg Businessweek.

      “It’s absolutely the safest way,” he said. “All this fancy stuff — you are talking to a computer scientist, and it breaks my heart to say this — but it just drives up the cost and doesn’t add anything.”

      Mehreen continues:

      Paper ballots may have a variety of problems: officials may lose track of paper trails, they may fail to audit them, it can be a whole lot of manual work, paper is vulnerable to environmental damage like a fire or other spoiling dangers, and more. But they do have one unmistakable advantage over electronic voting machines: they are hack-proof.

      Hack-proof, probably, but as I pointed out in my earlier post, hey, I don’t feel like counting all those votes, what the hell, I’ll trash them, no one will ever know. [GULP!, how did they find out!]

      I dunno, using plastic or clicking “Buy it Now” online for sure is convenient, but I do like to trade with paper money from time to time. It’s like not using poker chips in the game, it’s real, you can see it, touch it and if you have a penchant, smell it. Paper money isn’t going anywhere soon despite the fervor to eliminate it with the likes of ether cash like Bit Coin. Here’s where I totally agree with my late Aunt Mary,  “gimmie cash” .

      Paper voting needs to be retained, even if it does cost more of your time. As long as states can buy any system they want, there will be no standardization and votes cast are subject to local systems whims and fail-abilities.

      With some elections decided by a +/- degree (one vote) of accurate count, I prefer paper votes, something I can hold and recount if needed.

      It really isn’t that inconvenient, one big vote every 4 years, and one ‘take back’ vote every 2 years. I vote every 2 years in person. I grew up in a value system where you get what you pay for, in cash, time or sweat, for the satisfaction of a job worth doing. I want my vote, for what it’s worth, to count. Gimmie paper!

      The Final Senate Report on the voting fiasco recommends:

      Build a Stronger Defense.
      Part IV: Take Steps to Secure the Vote Itself

      •States should rapidly replace outdated and vulnerable voting systems. At a minimum, any machine purchased going forward should have a voter-verified paper trail and no WiFi capability. If use of paper ballots becomes more widespread, election officials should re-examine current practices for securing the chain of custody of all paper ballots and verify no opportunities exist for the introduction of fraudulent votes.

      •States should consider implementing more widespread, statistically sound audits of election results.

      •DHS should work with vendors to educate them about the vulnerabilities of both the machines and the supply chains.

      Really? I could have saved them a whole lot of wasted time, it’s called common sense. The single most lacking item in this whole mess. I’ll get an early start to my polling place next year, in my solid horse and buggy, made of paper.

      Windows10 Home 1809 | Mint19 on VM

    • #1875305 Reply

      johnf
      AskWoody Lounger

      I don’t know why Scanned Ballots aren’t more popular. They are easy to mark (#2 pencil, fill in the circle), you scan the ballot in, and the ballot goes right to a secure box to be collected and stored in case there is a recount or challenge. Simple, nearly impossible to hack, more reliable and cheaper.

      2 users thanked author for this post.
    • #1875454 Reply

      OscarCP
      AskWoody Plus

      Quoted by Bluetrix from an US Senate report: ” States should rapidly replace outdated and vulnerable voting systems. At a minimum, any machine purchased going forward should have a voter-verified paper trail and no WiFi capability.

      I entirely agree. It might mean verifying the electronically kept tally by scrutinizing paper ballots by hand, using a proper statistical sampling method (no need to go over all the paper ballots to make a verification), unless someone contests the voting results and a recount is ordered (“hanging chads” anyone?)

      Electronic polling with results available in near real-time over the Internet certainly makes it possible to get the results, by and large, of an election the same night of the poll. But what is the hurry here? Elections are meant to decide who will be running the country, state or town, for the next several years. So “don’t just sit there: hurry up and go mess up something” (as the old Navy saying goes, only using a somewhat stronger language than “mess up”) seems an appropriate description of the “fast, all-electronic approach” to me. How does it sound to you?

    • #1875523 Reply

      Paul T
      AskWoody MVP

      I don’t feel like counting all those votes, what the hell, I’ll trash them, no one will ever know.

      Counting votes is not done by one person alone, it’s a group process with oversight by election and party officials. Each polling station does it’s own count (manually) and the numbers passed up the chain. There is no need for electronic devices and re-counting is simple.

      The only cost is in staff for a couple of days during the vote and count, plus some short term storage for the voting papers.

      cheers, Paul (former election official)

    • #1875790 Reply

      Bluetrix
      AskWoody MVP

      @paul-t,

      The SOE, (supervisor of elections) in Broward County (my home) became the subject of nightly news because the SOE couldn’t do what all 65 other SOE’s in my state could. The SOE couldn’t follow the rules and count votes by the book, even though a county devastated by a category 5 hurricane managed to. (paraphrased)

      To quote from the link:

      SOE broke the law in at least three ways:

      SOE neglected to notify the secretary of state of the number of ballots counted and the number of ballots still to be counted.

      SOE violated state public records laws when she refused to tell either campaign about voter tallies.

      SOE mixed legitimate absentee ballots with absentee ballots pending approval.

      Once the SOE illegally destroyed ballots (28,000) from 2016 that were subject to an ongoing lawsuit. Another time SOE lost between 58,000 and 60,000 absentee ballots ahead of the 2004 presidential election.

      Worst of all though was an unflinching sanctimony so bizarrely terrible that its author must have been detached from reality. Even after 93,000 votes showed up overnight and out of thin air, SOE refused to admit fault, telling the New York Times she wasn’t “going to say that I made major mistakes; I’m not going to say that. A lot of things that we planned went exactly as planned.”

      Judge won’t suspend Florida recount deadlines, calls state ‘laughingstock’

      In the SOE’s final act of defiance, she withheld reporting a recount of the counties votes (electronically), which by law was required, thereby negating the recounted votes by two minutes. Oddly enough the new tally was in favor of the other party. That was the straw that broke the camels back.

      How could this happen you ask? There is only one way, power. We know absolute power corrupts absolutely.

      In a county ran by one party, that has overwhelmingly voted one party since 1917, the powers that be (one party) merely looked the other way, even though it was headline news. One might think this certainly was an anomaly, it could never happen with all the focus on the SOE. You would be wrong. This SOE’s predecessor, another one party SOE, was suspended by the Governor for “…grave neglect, mismanagement and incompetence.” In 2005, the Florida Senate voted 33 to 6 to uphold the Governor’s removal of that SOE. Out of the frying pan into the fire we went.

      So, while you paint a selflessness picture of ethics in YOUR office of elections, which IT SHOULD BE, it isn’t always. Truly bizarre eh?

      My county is a running joke during elections. The News quips: “lets wait and see who Broward County votes for this time” (wink, wink) My whole state can have their votes tallied, yet they wait for my county to report, election after election. We’ll see how the newly appointed SOE works out.

      I am not in to habit of posting unsubstantiated comments, wouldn’t help, certainly not in a room full of computer sleuths.

      With all that said, maybe it would be safer/better/more honest if we did allow Windows (7,10) to run the election count … in my county. (Yup, cynicism, but probably true)

      One vote per person, and that vote should be counted accurately.

      cheers (a Floridian who votes)

      Windows10 Home 1809 | Mint19 on VM

      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: New Election Systems use Vulnerable Software

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.