Next week at the annual DEF CON security conference, hackers will demonstrate severe flaws in our democracy, but not the ones they expect.
Before the conference has even started we’re already seeing a swirl of recycled reports from last year touting hackers’ success in breaching election machines. Those reports are at best misleading, playing on ignorance and fear. By the time they filter beyond the trade press to mainstream news media, their contents are fake news in the truest sense – stories tainted with falsehood, repeated uncritically, stirring up fear to sell clicks.
Here’s the problem in a nutshell. Few hackers understand the details of the election process. Election officials don’t understand computer security. And the journalists reporting on these events don’t understand either. Hackers “breach” election equipment during a highly publicized workshop via methods that bear no resemblance to the real world. Workshop sponsors report their success to credulous reporters who print them under inflammatory headlines. And voters are worked into a lather, inspiring larger and larger budgets. Vendors are standing by, ready to capitalize on this cycle of fear and misinformation.
Russian intelligence explored many potential angles of attack against our system in 2016, stealing data from political parties, candidates, and even stealing voter records. But they don’t appear to have wasted any energy on voting machines. The explanation is fairly plain. A regime with deep experience generating phony election results knows how difficult it is to compromise voting machines. In fact, such a project was much simpler and more common in the age of paper ballots. To put the matter in perspective, Russian elections use paper ballots.
If there’s anything we learned from the subversion of our democracy in 2016 it’s this: the easiest target of mass hacking in our political system is not our voting machines, but our voters.
Is it possible to compromise our voting infrastructure? As my great-grandpappy used to say, “given enough time and money I can do anything.” Subverting election results with machine voting would require the same logistics necessary under simpler processes, and then some. It would take planning, access to the equipment, collaboration from sympathetic or corrupt officials, and help from many people performing manual tasks all through the process. Adding to the complexity, those collaborators would need a sophisticated understanding of technology to avoid leaving a trail, a problem much more complex than dropping ballots in a dumpster or stuffing a box. Our fear that electronic voting might allow some “400 pound guy in New Jersey” to steal an election just for giggles is a paranoid fantasy.
With a few variations, voting machines work like this. Machines are stored in a secure warehouse between elections, with their storage media removed and access to the warehouse recorded. Early versions used full computer operating systems, like the ones on a commercial laptop. Modern machines either use custom operating systems or modifications of stripped-down OS’s like Windows CE.
In better jurisdictions, updates are performed on a regular schedule. In many places updates are rare. Prior to deployment, the machines are tested to demonstrate a “zero-vote.” They are tested again by poll workers before voting commences.
When voters arrive their names are checked against a list of registered voters. Once confirmed, a voter is issued a smart-card activated to allow a vote to be cast. A voter inserts the card into a machine, is issued a ballot on a touch-screen, makes and checks their selections, then submits their vote. Most machines print and store a paper version of the ballot selections. The card is deactivated by the machine and the voter’s selections are stored on a removable media, like an SD card or similar device.
Some machines perform a running tabulation. Others merely record each vote. Newer machines encrypt their stored data so that only the tabulation application can read it. Access to the removable media is usually behind a locked door or seal. Some have the capability to be connected to a network. This connection would have to be physical (plugged into a wire), designed to facilitate software and firmware updates. Machines currently in use do not have wireless access to the Internet. Few voting machines have any networking capability. They can only be accessed directly, in-person. A detailed description of available voting machines is provided by the group, Verified Voting.
So, how would you hack this system?
Traditional network-connected hacking is usually summarized into five phases, reconnaissance, access, persistence, exploitation, and concealment. It begins with an assessment of the target to identify vulnerabilities. Those vulnerabilities are leveraged to gain access to the target system. Some method must then be found to maintain access long enough to complete the desired exploit, whether data exfiltration, surveillance, compromising the machine with malicious software, or some other purpose. Finally, action should be taken to conceal the hack, sometimes deleting or altering logs, or ensuring that the exploit itself is made to look “normal,” conforming with the machine’s ordinary function.
Without access to the Internet, whatever process might compromise these machines will not be the kind of invisible, remote computer hack we’ve grown accustomed to seeing. That means the first two steps of any hack would involve putting hands on machines under the control of supervision of a local government. Making the attack meaningful to an election outcome would require anticipating far ahead of the election what outcome was desired, then somehow programming that outcome into hundreds or even thousands of machines, without detection or error. Any effort to tamper with removable media on individual machines at a polling place would have to be repeated on a mass scale, a sophisticated and time-consuming sleight of hand effort requiring collaboration and repeated success under adverse, hostile scrutiny.
Some remote precincts report results back to election authorities over an intranet connection. In theory, compromising that connection would allow hackers to substitute fake results for the real ones. However, even after solving the puzzle of which connection would need to be hacked, how to intercept it, executing the hack, and inserting fake data formatted to convincingly match real results in real time, that still leaves the media at the local site with different results that would need to be destroyed. And precincts using this arrangement tend to be very small, which make them lousy targets for influencing an outcome. A year’s worth of planning by sophisticated hackers could be thrown in the toilet by an election official who makes an ad hoc decision to pick up the phone to report results instead of using the network connection.
Is it possible to hack our voting machines? Almost anything is possible with enough resources, but it would be much easier to steal an election with paper ballots, which explains Putin’s preference for the old methods.
Contrast these real world challenges with the structure of the DEF CON demonstration. Organizers cobble together a collection of voting machines scrounged from eBay or wherever else they can get them, often relying on outdated equipment. Hackers perform the reconnaissance portion of the cycle in person, looking at the machines, often taking them apart to peer at their innards. One machine in particular, an out-of-service AVS WINVote model is particularly popular in these stunts because it can be accessed if you can get close to it, thanks to a vulnerable Wi-Fi connection.
What follows is a brief race to hack the machines, likely won by whoever went after the WINVote. Success in these stunts means getting only to the second stage of a five-part process, under conditions that would never be replicated in real life. Reports generally claim that all of the machines were “hacked,” even though in most cases all they did was identify a potential vulnerability. Nobody wants to stage a hackathon just to watch everyone fail.
Want to see a real demonstration of election hacking? Put those same hackers in a room in St. Petersburg with nothing but a laptop and an Internet connection. Ask them to hack a single voting machine anywhere in the world. Watch them fail. You won’t see that demonstration because that story makes lousy clickbait.
This bring us to the real hack, the one undermining democracy on a day-by-day basis. As the complexity of our world accelerates to a blur, it’s getting harder for us to keep pace. Our political system gains its stability by resting on the expressed preferences of the widest possible collection of citizens. A delta between the level of expertise necessary for making competent policy decisions and the median expertise of the electorate is growing into a chasm. This is not a story about dumb people. This is not a problem that can be remedied by education or training. Your doctor and your professor don’t understand the relative security of different voting machines or, for that matter, the detailed requirements for assembling a competent national health care system. No human being has the time to keep pace with the explosion of data all around us, or the public policy demands rising from that data flood.
Where there’s a problem, there’s a market, and opportunists are capitalizing on this delta. Our voting machine panic is just one feature of this larger breakdown. Smart, educated people are refusing to vaccinate their kids. Clever people who should know better believe climate change is a hoax. We already live in a world where only our machines can keep pace with the demands created by our machines. What this means for the future of our democracy is hard to say, but what it says about our elections is pretty clear. The biggest threat to the integrity of our elections isn’t the machines, but the users.
***
This post is part of a series exploring what’s next after liberal democracy and what we should do to prepare. Much of this material was covered in The Politics of Crazy, though from the perspective of a more optimistic era. The work fits better as a whole, but reading through a 6000+ word piece on a computer seems impractical. When these are complete I’ll gather them into a series of links on a single page.
But the Department of Homeland Security warned him that hacking was a possibility. He ignored that until 2016, when, at a DefCon hacker convention in Las Vegas, an organization took control over the way Georgia’s voting machines register and store votes, although it had little expertise in voting matters. Mr. Kemp finally accepted federal dollars, which he had refused for years, to update some of the machines. But his efforts were too little, too late.
https://www.nytimes.com/2018/08/11/opinion/sunday/brian-kemp-enemy-of-democracy.html
Hmmm……
https://www.bbc.com/news/technology-45154903
Ugh. This is part of the election hacking stunts at DEF CON this week.
It would take about five minutes for the discrepancies rising from a hack of the state reporting databases to become blatantly obvious to the public. Campaigns are watching poll results as they come in all the way down to the precinct. State results include data all the way down the precincts. The delta between state-reported and county or precinct-reported results would show up on giant screens at results-watching parties in real time. If this was as easy as it sounds, the Russians would have done it. Hell, they would have replaced their own paper ballots by now to make the election-stealing process easier.
You’d have to eliminate all of the precinct level results in the hands of precinct officials and local counties. You’d have to eliminate all of the data sources with different data, engineer your false results to exactly match the dozens, or in some states, hundreds, of other databases with turnout data, and coordinate the silence of everyone involved in the process. It’s too much for the Russians to attempt in Russia, let alone here.
As for the people engineering these stunts, they sell security software for a living.
Chris, I think you are missing the point, to a certain degree.
No doubt if the russians, working with the U.S. Fascist Party, want to just cast doubt on the entire election process, they can, and will, make obvious, clumsy attempts, that they will WANT to be found out. If the Fascist Party looks to be losing, (polls have to show at least a 10% bulge for the Dem’s), they can do this to have the puppet tyrant call the whole 2018 elections null and void, until “we can sort this out”.
But the REAL pro’s will be working on hacks that can’t be seen nearly as easily, ones that that no one notices unless there is serious investigation post-election, or serious prevention, both which the Fascist Party is fighting against.
If the Israeli’s, likely, with the help of the U.S., could get a worm into the Iranian nuclear program and wreck so much, there is no doubt that the fascists with their russians allies can hack the elections in key states and congressional seats, ESPECIALLY in states where the fascists are already in control.
https://motherboard.vice.com/en_us/article/mb4ezy/top-voting-machine-vendor-admits-it-installed-remote-access-software-on-systems-sold-to-states?utm_source=mbfb
Yet another example of how unsafe the election process is.
Focuses on how exposed the voter database is, but also the outright failure plus various malfunctions of the voting machines.
Two takeaways from this article:
Georgia using 16 year old voting machines.
Georgia one of 4 states with zero paper trail.
http://amp.mcclatchydc.com/latest-news/article216056560.html
It’s actually perfect. A long list of anecdotes. You could remove all the words referring to elections and replace them with words related to GMOs it still works.
There’s a mirror of this on the right, with their various immigrant terrors. Our border is never “secure.” Every couple of years we get a wave of neurotic concerns about Muslim terrorists flooding across our “open” Southern border. Those stories are accompanied by anecdotes about suspicious items found on frequent migrant paths or suspicious migrants intercepted by Border Patrol. And of course, every time an immigrant commits a crime its evidence that immigration is destroying the country.
Since you used that example, I find it necessary to reiterate that not every concern about immigration is based on cherry-picked anecdotes. I think you mentioned once that ambitious social programs (as well as rampant capitalism) are detrimental to strong community bonds, so I’m a bit surprised that you would lean towards open borders, which is both, but oh well.
More important is the analogy to vaccine and climate change deniers. While I think we’re all in accordance that such crowds are idiots, what’s the basis for it? Is it an appeal to authority or to having followed the data? I remember reading a couple years’ back about how there were political battles between MDs and nurses, with the latter charging that the former unnecessarily restricted their autonomy and ability to act even in instances that fell well within their range of expertise, or even when a nurse might have had 15 years of experience to a doctor’s 0. (Then there’s the related prospect of professional accreditation societies that are just as motivated by limiting their members’ competition as they are by maintaining standards.) I’m throwing that story out there not for its own sake – my memory is too hazy for one thing – but as a candidate for an instance in which we should go against the “official” narrative of a complicated issue. One might also look at ever-shifting dietary guidelines, or any branch of science with a replication problem, like psychology, for candidates.
I think it is quite tricky, except in a few cases that get constant attention, to know when or when not to outsource forming an opinion to someone else. And we don’t always have the option of simply not having an opinion.
Definitely off topic, but I have to post this news about Wilbur Ross. He’s called a “grifter” !!! for siphoning off millions of dollars? Ross has smelled to me for a very long time. Good thing he’s a Republican. Democrats who do things like this are called “thieves” and are charged and brought to trial. As they should ALL be.
More.
https://www.forbes.com/sites/danalexander/2018/08/06/new-details-about-wilbur-rosss-businesses-point-to-pattern-of-grifting/
As interesting as the electronic shenanigans are, I remain more worried about human interference with such mundane contrivances as voter suppression, knocking voters off the rolls, shortened voting hours and early voting dates, fewer and less conveniently located polling sites, and any number of other nefarious tricks Republicans seem to pull out of the hat come election time.
And right on time, a XKCD webcomic on electronic voting machines for your consideration:
XKCD: https://xkcd.com/2030/
Explain XKCD: https://www.explainxkcd.com/wiki/index.php/2030:_Voting_Software
Not to split hairs, but he was writing about WV’s plan to introduce voting by smartphone (the blockchain reference). That plan is premature and it’s no accident that it’s being launched in a place too backward to know better. By contrast, our voting machines at polling places are barely even computers.
Give it some time though, and just like with cloud computing, we’ll have remote computerized voting that’s more secure than in-person.
Nowadays, “bad idea” and “exciting new use for a blockchain” almost look like synonyms, even with the definition of “blockchain” having expanded to include almost anything including a Merkle-tree.
Personally, I’m less worried than Munroe is. Yes, software is not perfect and can never be secure, but in a country where fascists march down the road with police protection and 40% of people think Trump is a great leader, it’s probably not the main issue affecting American democracy.
My thoughts exactly. We have seen the enemy and it is us.
I’ve written quite enough regarding my thoughts on voting technology. However, I’d like to add that I do see the potential for blockchain technology to enable voting from home via a computer or using a mobile device such as a tablet or cell phone. However that time has not yet arrived and prior to adoption it does need to be field proven and tested far beyond the present. No business would use technology that is as unproven as blockchain for a mission critical function such as voting. It does have the potential for being compatible with my criteria listed in my earlier comment.
That being said I echo EJ and Mary in their sentiments. We have far bigger problems in the US now than what type of voting technology will be used. I generally concur that hacking of voting machines is not a really significant problem. Nor is voting fraud in general. The bigger problem is the various unwarranted influence peddling , voter suppression, gerrymandering and tampering with the voter databases.
Opening up voting systems, expanding the franchise and truly becoming a liberal democracy would be far more beneficial. That would fully be
Off topic and early, but preliminary results from yesterday’s WA State Primary is GOOD NEWS FOR DEMOCRATS.
1. As many as three CD seats are on track to be flipped from R to D. The R’s have less than 50% of the vote in all three. These are the 5th CD which is represented by Cathy McMorris-Rodgers, #4 in the House Republican Leadership, who has 47.5% of the vote; her nearest challenger has 47%. Also included is the 3rd CD, Jaime Herrera-Beutler, and the 8th CD, which has been high on the national radar and rated even by the prognosticators. It is a Seattle ex-urban district with a large rural component, where Reicher, R, is retiring.
I have expected a close race in the 5th but this is better than I hoped for. I did not expect the 3rd to be so close. As far as the 8th I have been expecting that there was strong possibility that would flip, but I expected a closer race. One item to note is that the D vote typically expands 3-4% in the General Election, since our primaries are held in early August, the best weather period and while many families are on vacation or otherwise occupied.
2. The 4th CD will have a Democrat on the General Election Ballot for the first time since 2014. It has a Cook PVI of R+13 and is the most Republican in the state.
3. It appears that the Democratic legislative majorities will expand significantly in both houses. There are 3-4 districts that will only have Democrats vying for house seats.
Note, we have 10 CDs, so a risk of flipping 30% of the seats is HUGE. but Trump’s policies have won no friends. His deportation and immigration policies are putting severe strains on the agricultural sector and putting at risk the fruit crops. Also ICE is deporting people from rural areas who have been long established productive members of the community with families. That gets a lot of attention. The tarif wars are putting at risk wheat and corn exports. Also one of the biggest exporters in the nation, Boeing, is also threatened. That has impacts on some of the rural areas, as Boeing has major facilities in those areas. For example, they have plants in the 5th and 8th CDs, and have a major testing and delivery center in the 4th CD. There is a major carbon fiber manufacturing facility in the 4th CD, built specifically for Boeing.
As explained earlier, with our elections there is a lag of several days in getting firm results, but these preliminary results are too good to delay posting on and based on historical records, the trends look good.
The Rachel Maddow Show tonight was a blockbuster, with audio from a Cathy McMorris-Rogers closed fundraiser in which Devin Nunes spoke. Only problem, one of the donors who bought a ticket recorded the comments. If you missed the live program, she has posted the Nunes comments on her website. Well worth your time. Happy things are going well in WA…smart folks there….McMorris-Rogers has a tough race against her Democratic opponent. Good.
Hi Chris
That is exactly what I am saying and YES it is possible and YES that is what “proprietary”
means
The software used by Diebolt and others is SECRET – nobody is allowed to look at it – and nobody has access to it
A direct comparison would be the “cheat” software that VW used that detected when an engine was being emissions tested and then ran on different parameters
There were millions of cars built – and each one had the cheat software in it – but nobody found the cheat – it was only “found” when some engineers reported odd results and some others spilled the beans
That was a situation when people could and did “hack” into their cars (there is thriving industry in “upchipping cars”) and nobody found the hack
Voting machines are a much more “secure” environment – the chances of anybody finding a cheat would be much much lower
I honestly don’t know how to respond to this. Nobody is sitting in a room somewhere, deciding when to turn the election stealing machine on and off. A hack that crude would show up the first time someone tested an election on their first machine, and almost every jurisdiction does that.
As for the all-caps secretness of the software, boring ordinary people work at Diebold on that code, in the most boring imaginable corner of Ohio, along with partners and vendors and God knows who else. They may not be posting the source code on Github, but it’s not the NSA. Believe me, their election business is a hell of a lot less secretive than their ATM business, but somehow their ATMs aren’t stealing from us. Diebold doesn’t pay enough to buy the silence of hundreds of code monkeys who work on this software on any given day, and then follow them around to future careers to make sure they never spill the beans on their dark secret.
This is what I’m talking about. Doctors, professors, attorneys; people with lots of brains and world-wise-ness and exposure to the world end up not vaccinating their kids because they read something on a blog. We live up to our ears in systems we not only don’t understand, but probably could never hope to understand. It breeds paranoia. I don’t know what to do about it.
I used to work at Diebold and, yes, North Canton Ohio is rather boring but, trust me, there are plenty of more boring places in Ohio.
For what it is worth, I doubt Diebold voting machines would be intentionally rigged by people working at Diebold.
In summary, I am more concerned with targeted voter suppression than vote counting fraud.
I used to work at Diebold and, yes, North Canton Ohio is rather boring but, trust me, there are plenty of more boring places in Ohio.
For what it is worth, I doubt Diebold voting machines would be intentionally rigged by people working at Diebold.
In summary, I am more concerned with targeted voter suppression than vote counting fraud.
Chris
That is exactly what VW actually did – their software went into action when it determined that an emissions test was in process
Think about it – a simple only switch on when the correct date and when you have been working at a certain rate for a certain time – would NOT trigger when you were testing
And that is just a simple test – it would be trivial to put more parameters in
As far as the “hundreds of code monkeys” – there are not that many and they would not know anyway
In the VW case there will be literally hundreds of times as many programmers – and NONE of them noticed
As far as the question “why aren’t the bank machines robbing us?” – because there IS an audit to that – I check my account regularly – and so do most people so fiddling the bank machines is a stupid idea
To dfcord’s point voter suppression is a major worry – but voting machines without a paper trail is a larger one
Taking a step backwards the problem with the USA is that you use the one voting occasion to do too many things
Here we vote for – our district MP – and a Party – just two ballots
This means that we can simply sort them into piles
Pile for Fred, Pile for Harry
Pile for Labour, Pile for National
Dead easy – fast and difficult to mess with
If I understand the US system you are voting for a number of different offices at the same time so you end up with a ballot that can’t simply be put on one pile or another
The solution to that is several ballots
You go to your voting station – get your name ticked off and are given your “set of ballots”
Tick one for each office
Then they could be simply sorted into piles
That would cost a bit more paper – but it would be much faster and more bullet proof
Appropriate to the conversation….This is just the first step, with the ultimate one where everyone votes using their smart phone…..if you can manage to register.
This is madness.
https://money.cnn.com/2018/08/06/technology/mobile-voting-west-virginia-voatz/index.html
You beat me to posting about Voatz. Here’s a guy poking around in their system:
https://twitter.com/GossiTheDog/status/1026603800365330432
Chris’ argument mostly makes sense today, but things are rapidly changing. The most important component to security is (lack of) access to the target system, so as long as the machines are air gapped, there’s going to be a lot of difficulty hacking them. That’s one essential aspect that shouldn’t be allowed to change.
As new voting systems come out, and increase their attack surface with more “features”, accompanied by a consolidation of voting machine suppliers, the ability to hack the results becomes easier and more tempting.
Wow. Maybe West Virginia shouldn’t lead the way on this one.
Well Chris, some facts about that company that is being handed a chunk of West Virginia voting.
From their Aug 7th blog: “With each election we’ve learned something new, and we will continue to take the time necessary to ensure that the voting process is secure for voters.”
So basically, this is a learn as you go operation, which is responsible for protecting the integrity of the vote. Oh, and the name of the blog? : Chronicles Of An Audacious Experiment
From the website below:
Seed money in 2018…that’s right, this year they actually got the money to go truly commercial. Size of company : 1-10 employees.
https://angel.co/voatz/jobs
So, no Chris, you are dead wrong about the technology protecting the integrity of the election being “safe”.
But special prosecutor Robert Mueller’s latest indictment accused Russian hackers of infiltrating a Florida-based company that supplies software for voting machines across the country. And cybersecurity experts have demonstrated an ability to breach at least some versions of the machines, sometimes in minutes.
https://www.politico.com/story/2018/07/27/trump-election-security-2020-states-714777
Sorta off-topic:
Chris, have you read “Pax Technica”? It’s more optimistic than your normal fare, and I’d really enjoy your view on it.
Just ordered it. Thanks for the recommendation.
Pax Technica is rocking my world. Great recommendation.
Chris, I fundamentally disagree with your points about the technology being hacked, but I have made my points before on that, so will not rehash.
But the safest way IS paper ballots, with zero electronic access. I would be happy to see the chalkboards of much earlier times. As for someone setting fire to a ballot box, pretty sure that would be noticed. An electronic hack has a far higher chance of passing un-noticed.
The entire debate about safety of voting machines is moot though.
Numerous TV commentators made the point this weekend, and I believe you have to. Anyone wanting to wreck the election just has to have its integrity called into question. A failed but very public hack can then be spun by anyone into the entire election being fraudulent. There is a reason the fascists are cutting, not increasing, spending on protecting the integrity of the election.
If by some miracle the Dems take the House of Reps this fall (not a chance they take the Senate), and by an equal miracle the 2020 polls indicate any kind of advantage for whomever is up against the puppet tyrant, you can be guaranteed he will make sure a hack is tried. If it is found out, his regime will scream the whole process is failed and he must stay in power until it is sorted out. If the hack succeeds, well, then all is well with the electoral system.
The only safe way forward is to ensure the puppet tyrant is incapable of running in 2020.
That post is my argument about expertise and democracy in a nutshell.
The Russians use paper ballots for a reason.
Chris, you can’t possibly suggesting that any national election in russia has any elements of a election in a supposedly democratic state. Whether the election is only paper, or vote cast by each voter doing a retinal scan and voiceprint, any “election” in russia is rigged.
I completely agree with your premise that technology has far outrun the ability for even the average “smart person” to keep up. But that is for fuel for the argument to remove as much technology as possible from the entire election process, and I am obviously talking about all the stuff before the election, not just the stuff that happens on voting day.
Keep in mind, I am the guy that would try to stuff the genie back in the bottle, and try to shut down Facebook, Twitter, YouTube, Instagram, et all because of the social damage they do, let alone the political damage. Capitalism be damned, these uses of the Internet are far more damaging than their benefits.
***Whether the election is only paper, or vote cast by each voter doing a retinal scan and voiceprint, any “election” in russia is rigged.***
That is correct. If you want to rig an election and make it look credible, and you have access to any methods in the world, what methods would you use? Russia is demonstrating the answer to that question.
Just because a particular thing is complex, sophisticated, and difficult for a layman or even a highly educated non-expert to understand, does not mean it is vulnerable.
When my kids are my age, they won’t trust anything that isn’t connected to the Internet.
I’m told that the best attack against voting is to hack the voter registration rather than the voting machines. Not only is it far less secure, but voter registration allows far more targeted attacks.
In a swing state like Florida, how many people’s addresses would you have to mess up to stop them voting, in order to tip the entire country? How many of those people would blame Russians, rather than believe in local American attempts to de-register ethnic minorities?
Paper votes are wonderfully accurate, but a complex system like democracy is only as strong as the weakest part of its tech-stack.
That gets to the more interesting angles in the Russian hack. Yes, there’s the option of selectively deleting or corrupting records that look, from a demographic profile, like they might favor your opponents. But that gets back to the usual problem with such direct attacks, like trying to attack election machines – you can only do it once, and then your targets will wise up.
What the Russians were probably doing with those election records, which for some reason they decided to steal even though they are publicly available, is honing their AI for social media attacks. You don’t need to leave such an obvious fingerprint of disruption when you can build a massive database of voter habits and preferences and target them for disinformation.
Again, the weakest link in this process is isn’t the machines.
What you describe is well known in actual security circles (vs the circus show known as DefCon). It’s called social hacking. How do you get someone’s password to their secret accounts? You can employ an elite team of Bulgarian code breakers to crack Gmail’s security protocols, or you can just ask them. 90% of the time, people will simply give it to you. How do you gain access to the CEOs inner sanctum? You can steal blueprints, get a master locksmith to drill out the lock, swoop down from the ceiling panels, etc. etc. like in the movies, or you can swipe the janitor’s key during his break. It will open every single door in the building. (Plus you don’t really ever need access to a CEO’s desk. His secretary’s desk and computer will contain far more valuable information).
While I agree with you, I will note that, just because social hacking is easier doesn’t mean actual computer hacking is all that hard. It’s exceedingly hard to get security right, and when security is farmed out to the lowest cost bidder, is viewed as a low priority bolt-on rather than an intrinsic part of the system, it’s rarely done well. For example, the media industry has every incentive to get security right, in order to protect their copyrights. Yet their security measures are routinely cracked, usually within days of them announcing them. They’ve gone so far as to get laws written (e.g. the DMCA) that allow them to prosecute people merely for analyzing their security measures for weaknesses, since they have no luck actually designing protocols that could withstand that scrutiny.
But about those voting machines… I agree that actual hacking of machines is rare (though not because it’s hard, but because it’s so much easier to hack voters, which has been a time-honored polling practice since Chicago invented the slogan “vote early, vote often” and deceased Chicagoans somehow magically arose from graves on election day to cast their votes). For me the most troubling part of this entire brouhaha about voting machines is that it’s another step in delegitimizing the very voting process of our democracy. Even if our system throws up nincompoops like GWB and DJT, we’ve always believed that they at least won “fair and square” and our only option for rebellion was to wait 4 years and vote them out.
Stories about faulty voting machines is the liberal equivalent of conservatives’ concern about voter fraud (at least while we’re losing. I’m sure conservatives will pick up the rallying cry when they lose an election): neither happen with much frequency, but both serve to allow people to deny the results of our elections. And if you believe that our democracy can’t even properly tally the will of the majority, then you have no choice but to take other means of installing your chosen candidates. Unfortunately, those other means generally involve violence.
I have no real answer to this dilemma. But I don’t think it’s because we’re less able to handle the complexities of modern society. Yes, modern society is getting more complex, but we’re evolving with it. I remember once reading somewhere that the entire amount of information processed in the lifetime of an average person in the 1800s was less than was found in a modern Sunday edition of the NY Times. The vast majority of people (even white male voters) were illiterate, and probably had never traveled more than 50 miles from their place of birth. They were hardly paragons of somber voters: Boss Tweed, of corrupt Tammany Hall fame, went after Thomas Nast, one of the first political cartoonists. Notably he didn’t bother going after the newspaper itself. Why? Because his supporters were illiterate so they couldn’t read what the papers said. But they could see and understand Nast’s pictures.
I would say the real problem is that the internet has allowed such a profound fragmentation of views and thoughts that there is no such thing as a shared experience among the majority of people. Democracy doesn’t have to be right all the time. It just has to have 51% of people who believe in the same thing. Walter Cronkite might have been wrong sometimes, but at least we all believed him. Liberal or conservative, we all watched shows on 3 networks, which shaped our common culture, and meant that a guy in California and a guy in Mississippi both understood what Archie Bunker was saying.
Yes, the internet allows alternate viewpoints that mainstream media never allowed. But if allowing all those alternate views merely fractures any sort of cohesion we used to have, it weakens democracy. It’s even worse when many of those alternate viewpoints are wrong but still not filtered out: we are less informed *and* we’re less cohesive, unable to rally around common truths and values (even if they’re wrong).
Here’s a way to crystallize both the yin and the yang of the modern media landscape. It is commonly acknowledged that we are in a Golden Age of television programming. Rather than the saccharine sitcoms and formulaic dramas of my youth (always centered around cops, courtrooms, or doctors), television has witnessed an explosion of thoughtful, innovative stories that actually analyze our society and culture in a way that TV did only rarely before. The only problem? We all watch different shows. Is it any wonder then that my vision for our country is incompatible with my neighbor’s? When was the last time a show had the same general impact of e.g. Roots? There have been plenty of impressive shows about slavery since then. None can claim its effect on the masses.
Every person, liberal or conservative, watched Archie Bunker back in the day, because we had no choice. But based on if you’ve seen HBO’s The Wire, I bet I can tell whether you’re a liberal or conservative (not to mention urban or rural, but that’s the same thing these days). The Wire is universally acknowledged as perhaps *the* best tv show made in the history of television. People who watch it get the equivalent of an advanced sociology class on the complex problems vexing American cities and urban society. The only problem is, very few people have seen it. I’m sure there are amazing stories about rural life being broadcast, but I don’t even know of them, much less have seen them. Who will force me to watch them, when there are 50 channels on cable, and hundreds of shows on netflix that I can choose to watch? Multiply those choices by 300 million people and you don’t just have a majority vs. minority, you have 50 different groups, each with their own ideologies, founding myths, and versions of truth (and each, I should add, very well informed within their sphere), battling for dominance. Throw in a repudiation of our election process itself, and you have the makings for anarchy.
The issue isn’t whether electronic voting can be hacked, it’s whether people believe it can be hacked. Because depending on your objectives if you can undermine faith in election results, you really don’t need to tamper with the actual election results.
From a couple of posts back. Just finished Andrew Yang’s book. Most impressive book I have read since The Age of Uncertainty. I will work at getting this man elected. All his assertions are backed by facts and numbers. He provides actual solutions to the problems we face.
I remember a post about the cost of the book. Ben Franklin fixed that for you. Check out the book, not only is his view of the future legit, he has the stones to go after the arse in cheif.
He just sent some preliminary replies to a Q&A. Looking forward to getting that polished up and posted.
A lot of what he talks about dovetails with your book. What I salivate over is the thought of a debate. An empty suit that talks shit meets someone that actually does what he says.
The intellectual slaughter of a bogus BS artist on national TV might be worth 4 years of this asshole.
Also in Washington State ballots which are poorly or ambiguously marked are turned over to election officials charged with determining the intent of the voter. If need be a separate ballot is constructed from any valid vote which can be determined. Officials can determine that certain votes were invalid or not able to be determined. There is a member of both political parties who are expected to agree on these determinations.
I personnally like and feel that the vote counting system in WA state is secure, has little likelihood of being hacked, is convenient and promotes high turnout elections – not that we always get a high turnout. Let me describe it the best I am able.
1. Paper ballots are used. We fill in ovals with a black pen to enable scanning. The only means of tracing the ballot is by means of a perforated tag which is removed by the voter. The ballot will not fit in the return envelope unless the tag is removed.
2. Voting is almost totally by mail, with return postage paid. Ballots are mailed out approximately two weeks prior to the election. That enables us to fill out the ballot at home and research issues or candidates at our leisure. Numerous drop boxes are available and provisions are made for voting in person at designated places.
3. At each county’s election center, the signature on the return envelope is compared against the signature on file. This is done in a secured environment. Then the envelope is opened and the ballot separated from the envelope.
4. On election day the returned ballots are electronically scanned and counted.
5. Problem ballots will then be manually counted.
6. All ballot processing is done in a secure environment with provisions for impartial observers to observe the processing.
7. In the event of a close election an automatic recount is triggered at a specific figure, which I can’t remember at the moment.
8. If necessary a manual recount is done. In I believe the 2000 gubernatorial election we went through 2 recounts and a suit prior to the election being settled.
9. The electronic scanners are not connected to the internet or outside communications media. Programming for each election is handled by the county elections department again in a secured environment.
10. There are a couple of difficulties that need to be resolved. The first is that state law allows the ballots to be postmarked no later than midnight on election day. This creates a lag of approximately one to two weeks for the results to be finalized. To me that is not a problem.
11. A second difficulty is that the individual can email or fax their selections. However, except in the case of military personnel on overseas deployment the actual ballot must be returned via mail or other secure means. The email linkage here is a potential problem. Efforts are being made to further secure this for both individuals and military personnel.
12. Also we do not allow same day registration. Efforts are also underway to correct this. Both of the last two items require legislative action.
Most voters seem satisfied with this system. There is always room for improvement of course, but it does seem secure and there is a paper trail to enable manual recounting and auditing. Most of the complaints arise from the delay in getting results that are stable.
As far as getting people to vote, the biggest problem of course is motivation. For the primary election on Tuesday, only 30 minutes were required for me to complete the battot, walk to the corner post box and deposit the ballot.
First, what’s “mail?”
Second, this seems like a pretty reliable system, though slow and as imprecise as any manual method. The litigation over spoiled or ambiguous ballots in non-electronic systems is essentially unresolvable. In close races, judges just flip a coin and dress it up the outcome in a legal justification. That said, the remote nature of this system sounds nice. I’ve heard people rave about it.
1. Snail mail is still considered very reliable and does work; despite all the electronic imitations. It is not readily hackable; the USPS is considered to be very reliable for first class postage. I’ve had far fewer first class postage items not be delivered than email or electronic messages.
2. When it comes to voting, speed is not that important. I would rather have something accurate, reliable and readily accessible for all.
3. Unspoiled ballots are counted electronically by optical scanners. There is no manual counting. Spoiled ballots are at least counted. In a purely electronic system a ballot is forced to fit the defined criteria or it is rejected and not counted.
4. In electronic systems, there is no such thing as an ambiguous ballot because they are not allowed. People do have 2nd thoughts or make mistakes.
5. If an outcome is so close that the ballots cannot be resolved, then ethical judges will call for a redo. If the judge is not that ethical most of the time they will decide in accordance with their biases. Rarely will there be a coin toss, then dressed up in legalistic jargon. We saw the biased judging in VA last year.
It comes down to preferences in the end. I’d rather see a result that’s prompt and unambiguous than wait two weeks for judges to issue a subjective ruling on ambiguous ballots.
As for the security of mail-in ballots, that remains the one area of voting fraud that’s still rich with abuse and nearly impossible to stop. Texas’ Rio Grande Valley has a long tradition of “politiqueras,” local entrepreneurs whose core business is selling absentee votes, usually harvested from nursing homes. They also maintain a core of voters they corral with small payments. As you’d expect, this is a Chicago thing, too. It doesn’t get tons of publicity because the practice is only effective enough to swing local elections, but in the places where it’s entrenched it’s nearly unstoppable. It just becomes part of the political culture.
Republicans in Texas have been trying to crack down on the practice, but their efforts have been complicated by the fact that both parties use them, and Republicans in the Valley are pushing back. Fun stuff.
That about sums it up. I want a voting system that is:
1. Simple and easy for all to relate to and understand. That includes the 95-year-old grandmother who is easily intimidated by computers and electronics, is disabled and has probably never missed a vote since she was first eligible to vote. Understanding filling in an oval adjacent to the choice with a black ink pen is easy.
2. A ballot that is available in multiple languages, with help that is readily available for those who are disabled or handicapped or who are aged. That help can come from trusted family members or if need be from official electoral personnel. Our ballot has provisions for someone who helps fill out the ballot to sign as required.
3. A system that provides explanatory documentation and position statements from the candidates and groups in favor or opposed to various issues. This guide needs to be published by the governmental elections agency and distributed with the ballots. The guide also needs to be readily available in multiple languages.
4. Easily accessible to all without having to go to a special place and who can sit in the comfort of their home to fill out a ballot.
5. A system that is as secure as possible.
6. A system that allows for the vagaries of human behavior and gives people who may not fit into various narrowly defined categories the opportunity to have their vote count.
7. A system that fosters trust in the voting system and encourages all to vote. To do this it needs to be transparent and subject to rigorous auditing, checks and balances.
To me the WA state system accomplishes all this and more. We rarely get ambiguous results. If the election is close, there are recounts and open and transparent means of auditing the results. To accomplish this, I am willing to sacrifice a few days of uncertainty. The future of democracy does not depend on having a crystal-clear definitive result within minutes of the polls closing, rather getting the process and results right is more important. Life is messy and so accordingly is democracy.
A system that I describe does require that adequate money and personnel be devoted to the electoral process. The amount of money WA and the local government agencies spend on elections is certainly higher than some other states, but I doubt that it is excessively high. However, when the integrity of our government and the wellbeing of the community is at stake, I believe it is money well spent. Providing a secure, transparent, and fully accessible electoral system is one of the basic functions of government, in the same category as policing, safe utilities and well maintained and supported commons. But that is one of the characteristics of Yankeedom, the Left Coast and other regions that value the community.
Chris
In this you are wrong – in an ideal world where all of the people involved cared and worked to prevent hacking – AND understood what they were doing – then you could be correct
But that is NOT NOT NOT todays America
In today’s America we can’t even check what a voting machine is doing! – because the software is propriety!
It’s simply too obvious but we could have a date/time subprogram that simply said – today is voting day – we have been voting for some time – for the next hour 20% of Dem votes change to GOP – if there is a “gap” go back to normal
As the software is “proprietary” nobody could look for it and no tests would find it
That is batshit crazy.
In what way?
We are not permitted to examine the software used as it is “proprietary”
Putting a loop in there would be very easy –
And there are no audits
So what I suggested could be done easily – and if we look at the exit polls it WAS done at a number of locations
Paper ballots – and an automatic random audit – that is what you need
That’s not what “proprietary” means.
You seem to be suggesting that vendors would be introducing a bias in the core of their operating systems, without anyone, anywhere ever discovering that bias.
And then you’re claiming it’s actually been done.
That’s nuts.
What would happen if I carried a battery-operated magnet in my handbag as I walked the line of voting machines down to my assigned place?
What if my friends in different precincts did the same thing?
Messed up machines would have the same societal impact as a more precise change of specific results.
Well, 007, let me suggest that this method might be impractical, barring the used of highly specialized equipment. And needless to say, it would be far easier to just start a fire in a paper ballot box. Don’t want to get into a lot of specifics here (not wanting to publish a blueprint), but that’s probably the easiest way to create havoc on election day.
Doesn’t change the fact that everyone should be using some kind of paper voting system. Any electronic voting machine, especially ones that have no paper trail, is a hazard to democracy.
> Election officials don’t understand computer security.
This is the crux of the problem. The people in charge of securing the system not only don’t understand computer security, they don’t want to understand computer security and furthermore, act as if understanding computer security is impossible. Saying “computer systems get hacked” in the information age is like saying “everyone gets small pox” in the Enlightenment. When options for protection exist, even primitive options, those in authority should seek to learn about them as best as possible to assess those options as best as possible and use those options as best as possible. The reason that doesn’t happen, is because that takes hard work and time which election officials don’t think are worth spending. Reaching out even to an open source security group like OWASP would be preferable to having election officials throwing their hands in the air and walking away. It would be better America had some uniform election security plan, but the Federal Election Commission is toothless, the Congress is useless, the Executive Branch (i.e. Justice Department/intelligence services) is in disarray, and the President is at best an idiot and at worse a traitor.
Thanks for the explanation of why it is hard to hack voting data. I understood it. But I also have run Linux for years and do occasionally program. My professional career was water treatment and chemistry. That gets pretty esoteric. complicated and I wonder if I could do half as good a job simplifying and explaining it. Civilization takes much specialize knowledge to run. No one lives long enough to master but a small piece of it. The American Indian civilizations fell some think because of the disease Europeans brought which killed off too many specialist. Our machines may provide a backup for us and a way to preserve knowledge and pass it on if the human link fails. Our culture and technology are thoroughly intertwine with our biological evolution. And have been for awhile. Mitochondria originally were separate organisms and still have a separate and distinct DNA. Now they are a part of our whole. Along with many other flora and fauna that live in and on us. I suspect our machines are the next integration for us.
The time of our founding fathers was pretty heady politically too. As was the Civil War, the Great Depression and WWII. From the mid seventies to the early 2000 were quieter than normal. Strife and turmoil has been norm for most of our history. Stupid people and smart people have always been around. But we seem to muddle through anyway. Many eyes are on our election process now. I suspect that it will be much harder for the Russians or others to pull the wool over as many peoples eyes again. I am vigilant but not overly afraid. We have over come much worst in our past.