Why can't we get a handle on voting equipment

[CO. Hoosier]

We are going to have to debate what secure means because people are buying voting systems with USB ports.

I’m not gettin’ your point. The author said physical access to the machine is necessary to corrupt it. That’s what I have been saying. Hacking isn’t the issue. Inside corruption is the issue. The law is pretty strict about unauthorized access. I don’t think one can design a system that would not be vulnerable to inside corruption.

 

[UncleMark]

I don’t think one can design a system that would not be vulnerable to inside corruption.

A "system" consisting of properly configured hardware (and properly configured and audited accompanying software) that utilizes paper ballots which are scanned into local tabulators is probably as close as one could get. The Feds should be making every effort to making sure that is the standard as soon as possible.

 

[Marvin the Martian]

I’m not gettin’ your point. The author said physical access to the machine is necessary to corrupt it. That’s what I have been saying. Hacking isn’t the issue. Inside corruption is the issue. The law is pretty strict about unauthorized access. I don’t think one can design a system that would not be vulnerable to inside corruption.

We need to debate secure then. Here is one in use that a college student picked the lock to in 7 seconds.

 

[CO. Hoosier]

We need to debate secure then. Here is one in use that a college student picked the lock to in 7 seconds.

Marv you link an article about directly tampering with a machine and then the article seamlessly moves into Russian remote hacking as if it is the same problem. This is why we can’t cave a discussion.

For the record I am strongly in favor of improving physical security of voting equipment. I am also in favor of utmost honesty and integrity in those who administer the voting process.

 

[Marvin the Martian]

Marv you link an article about directly tampering with a machine and then the article seamlessly moves into Russian remote hacking as if it is the same problem. This is why we can’t cave a discussion.

For the record I am strongly in favor of improving physical security of voting equipment. I am also in favor of utmost honesty and integrity in those who administer the voting process.

Correct, there are two distinct issues. But a workaround to both is a paper trail. I assume you recognize it is a GAAP as you haven't commented on that part of my argument at all. Why don't we REQUIRE a paper trail? It makes no sense to me. If the end voter submits a piece of paper with their totals in addition to what is stored in the machine's drive, we can audit to make sure the drive agrees with the physical paper. I've worked with high speed scanners scanning forms for some time now, it wouldn't take very long to scan a precinct to compare the totals. Yes, it would take some time (or a lot of scanners) to compare all the votes in a major metropolitan area. But generally speaking we can just audit random precincts and use it in extremely tight recounts.

 

[UncleMark]

Correct, there are two distinct issues. But a workaround to both is a paper trail. I assume you recognize it is a GAAP as you haven't commented on that part of my argument at all. Why don't we REQUIRE a paper trail? It makes no sense to me. If the end voter submits a piece of paper with their totals in addition to what is stored in the machine's drive, we can audit to make sure the drive agrees with the physical paper.

COH appears to have an issue with any attempts to federally mandate more secure systems with a paper trail backup, because that's the Republican position. This should be a no-brainer, but for whatever reason the Republicans have dug in their heels and aren't going to allow it to happen, at least not any time soon. It boggles the mind.

 

[Courtsensetwo]

some really impressive know-how on this thread. If it were left up to me, we would have to vote via a show of hands.

 

[Rockfish1]

COH appears to have an issue with any attempts to federally mandate more secure systems with a paper trail backup, because that's the Republican position. This should be a no-brainer, but for whatever reason the Republicans have dug in their heels and aren't going to allow it to happen, at least not any time soon. It boggles the mind.

Republicans: Why we can’t have nice things.

 

[Ladoga]

None of that precludes the Federal government from mandating standards for machines used in Federal elections.

The feds control some voting rights issues and the dates of federal elections, but nothing else. Research it and tell me why Broward Co., FL has voting machines so different from , oh, say, Monroe Co., IN. Why re ballot access laws different state to state? There that ugly thing called the Bill of Rights that holds the feds partially at bay in some matters. Its not enough, but at least its something.

 

[UncleMark]

The feds control some voting rights issues and the dates of federal elections, but nothing else. Research it and tell me why Broward Co., FL has voting machines so different from , oh, say, Monroe Co., IN. Why re ballot access laws different state to state? There that ugly thing called the Bill of Rights that holds the feds partially at bay in some matters. Its not enough, but at least its something.

So Freedom!, right? Let the states and localities determine it, right? That's all fine and dandy in theory, but I'd prefer mandated standards nationwide, rather than leaving the county clerks to the mercy of the vendors and their sales pitches when it comes security. Like any other consumer, those people are going to be looking more at convenience and ease of operation, rather than understanding system security and insisting on it above most other considerations.

 

[Marvin the Martian]

So Freedom!, right? Let the states and localities determine it, right? That's all fine and dandy in theory, but I'd prefer mandated standards nationwide, rather than leaving the county clerks to the mercy of the vendors and their sales pitches when it comes security. Like any other consumer, those people are going to be looking more at convenience and ease of operation, rather than understanding system security and insisting on it above most other considerations.

Yep, as it is hackers just have to be smarter than the local voter office. No offense to them, I'd rather see hackers matched up against the NSA. That is a slightly more fair fight (though to be fair the hackers still have an advantage).

The number one point of weakness in any computer system today is located between the chair and keyboard. I've seen spearfishing attacks that fail because they look better than the original. All it takes is to convince one of those objects between chair and keyboard to open an attachment on a computer that is used to download patching updates for voting machines then plug in a USB to move the update to the voting machines. Again, that is exactly how stuxnet became pretty much the greatest worm ever.

 

[UncleMark]

The number one point of weakness in any computer system today is located between the chair and keyboard. I've seen spearfishing attacks that fail because they look better than the original. All it takes is to convince one of those objects between chair and keyboard to open an attachment on a computer that is used to download patching updates for voting machines then plug in a USB to move the update to the voting machines. Again, that is exactly how stuxnet became pretty much the greatest worm ever.

Gotta love how Windows auto executes everything.

 

[Marvin the Martian]

Gotta love how Windows auto executes everything.

Yes, but that can be turned off. We have to lock down Win boxes for critical data often.

 

[UncleMark]

Yes, but that can be turned off. We have to lock down Win boxes for critical data often.

I'm not trusting the county clerk's office to know what we're even talking about.

 

[TheOriginalHappyGoat]

Correct, there are two distinct issues. But a workaround to both is a paper trail. I assume you recognize it is a GAAP as you haven't commented on that part of my argument at all. Why don't we REQUIRE a paper trail? It makes no sense to me. If the end voter submits a piece of paper with their totals in addition to what is stored in the machine's drive, we can audit to make sure the drive agrees with the physical paper. I've worked with high speed scanners scanning forms for some time now, it wouldn't take very long to scan a precinct to compare the totals. Yes, it would take some time (or a lot of scanners) to compare all the votes in a major metropolitan area. But generally speaking we can just audit random precincts and use it in extremely tight recounts.

When I lived in Ohio, the machines had what seems to me is the obvious solution you are talking about. After I cast my vote, the machine would print a copy of my completed ballot on a long ticker tape and display it through a window. If it was correct, I'd hit accept, and the computer would record my vote, and the paper copy would scroll up ready for the next voter. So both a digital and a paper record were created as I cast my ballot.

Ever since moving back to Indiana, I have been uncomfortable about that missing roll of printer tape.

 

[UncleMark]

When I lived in Ohio, the machines had what seems to me is the obvious solution you are talking about. After I cast my vote, the machine would print a copy of my completed ballot on a long ticker tape and display it through a window. If it was correct, I'd hit accept, and the computer would record my vote, and the paper copy would scroll up ready for the next voter. So both a digital and a paper record were created as I cast my ballot.

While it does check off the "paper trail" box, that to me seems overly complicated. As I described early in this thread, the way it's done in Monroe Co IN seems to me to be ideal, for its simplicity, its redundancy, and its minimal use of electronic devices.

 

[CO. Hoosier]

COH appears to have an issue with any attempts to federally mandate more secure systems with a paper trail backup, because that's the Republican position. This should be a no-brainer, but for whatever reason the Republicans have dug in their heels and aren't going to allow it to happen, at least not any time soon. It boggles the mind.

My participation in this thread was about hacking vs in-house corruption. I have no problem with more secure systems, and I said optical scanners of paper ballots are probably the best way to deal with security. I think you are mistaken if you think the answer to more secure systems lies more laws and regs.

 

[TheOriginalHappyGoat]

I have no problem with more secure systems, and I said optical scanners of paper ballots are probably the best way to deal with security. I think you are mistaken if you think the answer to more secure systems lies more laws and regs.

In other words, you're only cool with more secure elections if they aren't required.

 

[TheOriginalHappyGoat]

While it does check off the "paper trail" box, that to me seems overly complicated. As I described early in this thread, the way it's done in Monroe Co IN seems to me to be ideal, for its simplicity, its redundancy, and its minimal use of electronic devices.

It's really not complicated at all. I probably explained it poorly. The point was that the computer is easy to use, and it creates a paper backup immediately, which I, as the voter, get to confirm as accurate before I actually cast my ballot. It literally probably only took me 20 seconds longer to vote in Ohio than here in Indiana. And that's being pessimistic.

 

[UncleMark]

It's really not complicated at all. I probably explained it poorly. The point was that the computer is easy to use, and it creates a paper backup immediately, which I, as the voter, get to confirm as accurate before I actually cast my ballot. It literally probably only took me 20 seconds longer to vote in Ohio than here in Indiana. And that's being pessimistic.

I meant that systematically, having people vote on a machine rather than on a paper ballot, is more complicated than necessary.

 

[CO. Hoosier]

In other words, you're only cool with more secure elections if they aren't required.

Lol. I think you nailed it. Let’s pass a law requiring secure elections. That will stop hacking and corruption.

Why didn’t we think of this before your post?

 

[CO. Hoosier]

It's really not complicated at all. I probably explained it poorly. The point was that the computer is easy to use, and it creates a paper backup immediately, which I, as the voter, get to confirm as accurate before I actually cast my ballot. It literally probably only took me 20 seconds longer to vote in Ohio than here in Indiana. And that's being pessimistic.

I like paper, bar codes, and optical scanners the best. Frankly I don’t know why all don’t use that. It’s relatively inexpensive, easy to use, doesn’t require much upkeep and maintenance, and secure storage, transportation, and programming, of voting machines and equipment is a nonexistent issue.

Colorado is 100% mail with vote sites only as a backup. I was skeptical at first, but after learning about how ballots are verified, I think the risk of fraud and corruption caused by mail is minimal. Oh, and comparing one’s signature on file with the ballot signature is an efficient voter ID system, probably better than picture ID. All voting is provisional until signatures are verified.

 

[Marvin the Martian]

I like paper, bar codes, and optical scanners the best. Frankly I don’t know why all don’t use that. It’s relatively inexpensive, easy to use, doesn’t require much upkeep and maintenance, and secure storage, transportation, and programming, of voting machines and equipment is a nonexistent issue.

Colorado is 100% mail with vote sites only as a backup. I was skeptical at first, but after learning about how ballots are verified, I think the risk of fraud and corruption caused by mail is minimal. Oh, and comparing one’s signature on file with the ballot signature is an efficient voter ID system, probably better than picture ID. All voting is provisional until signatures are verified.

I don't understand how signature is such a good comparison. My signature varies wildly, depending on many factors. Especially how much of a hurry I am in.

It seems more like the fingerprint reader on my phone. I added my fingerprint 3 different times (and I think each time took 5 different scans) to get it to where when I put my finger on the scanner it actually picks up what it needs.

 

[TheOriginalHappyGoat]

Lol. I think you nailed it. Let’s pass a law requiring secure elections. That will stop hacking and corruption.

Why didn’t we think of this before your post?

Nonresponsive.

 

[Rockfish1]

Nonresponsive.

It’s almost like he’s posting in bad faith.

 

[iuwclurker]

How about a system with two or even three independent tabulators? For example, the vote card gets scanned into three independent readers, with different software, etc. The hardware costs these days are trivial.

 

[Spartans9312]

Voting machine companies add things like USB ports that can be easily accessed. Think of Florida, 10 people in 10 of the heaviest D precincts in South Florida inserting code to change one in 10 D votes to R would make a big difference.

Source of USB.

I have posted about this long before we were crazy enough to elect Trump.

Edit to add link.

Or a change in South Florida could just be a rise of the far-right Latina

 

[GuyDatHoo]

Or a change in South Florida could just be a rise of the far-right Latina

You’re seeing far right Latina candidates pop up all across the Rio Grande Valley and South Texas as well. They’re fueled by nothing but white rage and xenophobia.

 

[i'vegotwinners]

idiocracy on steroids.

people think voting machines can't be guaranteed safe, because they literally can't ever be guaranteed safe.

nothing software based is guaranteed safe, nor ever can be.

and the idiot Dems falling on their sword in defense of voting or counting machines is political stupidity on top of logistical stupidity.

hand marked paper ballots all around, hand counted at the polling place before the ballots ever leave the polling place.

once the ballots are hand counted, you then run them through a counting machine to validate the count.

if the tallies don't match, repeat the process until they do.

ballots don't leave the polling place until the counts match.

that should guarantee the people trust the count, which is needed to preserve the process.

that said, for election night purposes, an "unofficial" machine count can be done first, and reported to the media as the "unofficial" count. (or run through the machines as an unofficial running count as ballots are turned in).

said "unofficial" count should be pretty accurate, as there would be no real incentive to rig the machines when a hand count will be done of every ballot, and be the only official count.

any idiot that says a hand count is impossible, is saying all election counting was impossible until computers or any kind of vote counting machines were invented.

 

[bub-rub]

idiocracy on steroids.

people think voting machines can't be guaranteed safe, because they literally can't ever be guaranteed safe.

nothing software based is guaranteed safe, nor ever can be.

and the idiot Dems falling on their sword in defense of voting or counting machines is political stupidity on top of logistical stupidity.

hand marked paper ballots all around, hand counted at the polling place before the ballots ever leave the polling place.

once the ballots are hand counted, you then run them through a counting machine to validate the count.

if the tallies don't match, repeat the process until they do.

ballots don't leave the polling place until the counts match.

that should guarantee the people trust the count, which is needed to preserve the process.

that said, for election night purposes, an "unofficial" machine count can be done first, and reported to the media as the "unofficial" count. (or run through the machines as an unofficial running count as ballots are turned in).

said "unofficial" count should be pretty accurate, as there would be no real incentive to rig the machines when a hand count will be done of every ballot, and be the only official count.

any idiot that says a hand count is impossible, is saying all election counting was impossible until computers or any kind of vote counting machines were invented.

or we could use the tried and true polling methods republicans and democrats have been agreeing upon for more than 200 years and not play this ridiculous f*cking game….

 

[TomEric4756]

they can pass a law to stop voting machines from being hacked, but you already knew that.

They may think they can pass a law … but any electronic device will have cybersecurity assets that engender hacking risks. Gun control doesn’t stop criminals from buying guns illegally does it?

 

[82hoosier]

Last year, ESS admitted to putting remote access capabilities into their voting systems. Now it turns out that VR Systems opened up remote access to their systems as well. Further, as Politico reports, it appears the Russians infiltrated VR Systems itself.

Now before things digress, this is the disclaimer that I am not suggesting anything untoward happened in 2016.

But the argument we often here is the system cannot be hacked. Well it turns out our vendors are installing remote access and not telling anyone. I do somewhat get the reasoning, how can someone like VR Systems have enough people trained and staged in every county that buys their system to troubleshoot election day problems. It isn't going to happen.

But that is a secondary concern, paper ballots can replace machines that have to be brought down. But IF someone hacks the system there is no good recovery mechanism. Anything on the internet can be hacked. Frankly, probably has been hacked to some extent if contains interesting information to foreign powers or the NSA.

I get that many of us hate the idea of a top down system. But what we have isn't working. To major suppliers have now admitted to doing exactly what they said they would not do. This has invalidated the entire claim that "the system is safe because it is not reachable" invalid. We need to get these systems under control before there is a hacking. Let me ask this. Let's suppose in 2020 a candidate wins and then it is discovered massive hacking occurred. Look at the constitution and tell me what remedies are listed?

Do you accept that the 60 plus lawsuits filed by the Trump team claiming that there was fraud in the elections were all thrown out?

 

[Marvin the Martian]

Do you accept that the 60 plus lawsuits filed by the Trump team claiming that there was fraud in the elections were all thrown out?

If you will note the date, that post was discussing 2016. I do not in any way believe there is rampant voter fraud.

 

[i'vegotwinners]

idiocracy on steroids.

people think voting machines can't be guaranteed safe, because they literally can't ever be guaranteed safe.

nothing software based is guaranteed safe, nor ever can be.

and the idiot Dems falling on their sword in defense of voting or counting machines is political stupidity on top of logistical stupidity.

hand marked paper ballots all around, hand counted at the polling place before the ballots ever leave the polling place.

once the ballots are hand counted, you then run them through a counting machine to validate the count.

if the tallies don't match, repeat the process until they do.

ballots don't leave the polling place until the counts match.

that should guarantee the people trust the count, which is needed to preserve the process.

that said, for election night purposes, an "unofficial" machine count can be done first, and reported to the media as the "unofficial" count. (or run through the machines as an unofficial running count as ballots are turned in).

said "unofficial" count should be pretty accurate, as there would be no real incentive to rig the machines when a hand count will be done of every ballot, and be the only official count.

any idiot that says a hand count is impossible, is saying all election counting was impossible until computers or any kind of vote counting machines were invented.

They may think they can pass a law … but any electronic device will have cybersecurity assets that engender hacking risks. Gun control doesn’t stop criminals from buying guns illegally does it?

you don't stop election machine hacking by making it illegal.

you do so by making it non computer based in the first place.

because as you have so succinctly pointed out, if computer based, no way to stop them from being hacked, no matter how many laws against doing so you have..

what you can have though, is laws banning computer based voting machines.

obviously.

as i said above, and on previous pages, and in previous threads, multiple times, including yrs ago, literally no software based voting or vote counting machine is safe.

all voting should be hand marked on paper ballots.

all "official" vote counting should be hand counted.

machines can be used for verification of hand counts, and unofficial early reporting only.


a stance i've taken here long since before this thread.

 

[outside shooter]

I am fine with optical scanners, not connected to wifi or to the internet at all, reading paper ballots that can then be hand counted. Ballots with the "connect the arrow" method I think have been determined to read with fewer errors, as opposed to "bubble filling" method.