Voting is such a simple and cheap thing to undertake if you do it on paper.
It's precise, it's easily observable, it's easy for people to understand where their vote goes. It's also easy to grasp how the election is protected from manipulation.
With electronic voting systems it is physically impossible to prevent manipulation and provide control.
In 2009 the German Constitutional Court (similar to the U.S. Supreme Court) had to decide about voting machines and made an interesting decision which de-facto banned them. They didn't really ban them, but simply set some requirements (apart from the usual as anonymity etc.) for voting machines which as of today none of them can meet:
"When electronic voting machines are deployed, it must be possible for the citizen to check the essential steps in the election act and in the ascertainment of the results reliably and without special expert knowledge."
So your average neighbor, grandma and co-worker must be able to understand how you came to the result because that's important in a democratic process. Your open-source voting machine software doesn't meet that requirement and neither does your fancy blockchain-based cryptographic system. But paper does: You make a cross on paper, you count them.
Backstory: outsourcing our election administration to corporations. With the business model switching from bulk rates to per voter (whether they voted or not). That's the driver for all these disruptive changes.
With paper based precinct voting, perhaps 20% of the work is done outside. Mostly printing, ballots, pamphlets, poll books. But also buying some simple gear, like the optical (scanotronic style) scanners or punchcards (whatever is used).
Adding touchscreens to the mix outsourced more stuff.
With postal balloting, I'd estimate 50-60% is outsourced. For more printing. Signature matching. Ballot image scanners. A lot of bookkeeping software.
With internet voting, closer to 100% of the elections will be outsourced. What jurisdiction is sophisticated enough to build, run, maintain voting systems? None. So every jurisdiction will be like the state of Georgia, where all of election administration is conducted by a corporation.
--
Buddy of mine is trying to sell me on blockchain voting. Claims it'll protect privacy via some kinda tor like onion routing whatever.
I don't even care.
If we adopt some magical crypto voting system that actually work for our form of elections (unlikely), we'll completely forfeit the primary function of our governments, which is administrating elections.
> With electronic voting systems it is physically impossible to prevent manipulation and provide control.
Seems like a double standard. With paper it is impossible to prevent manipulation & provide control as well. To wit, the countless examples of election fraud:
Right. Even if the system is fraud proof. It must be so transparent so everybody understands how it works.
The US has not experienced (yet) a candidate that refuses to accept the results of an election. An unloyal candidate will claim fraud without any proof. And enough people would believe him to cause internal division or even a civil war or a coup d'etat.
That's just it, it isn't precise, at all. No one seems to remember 2000. It was a disaster in large part due to the lack of precision of paper voting. Those who don't remember are doomed to repeat I guess.
> With electronic voting systems it is physically impossible to prevent manipulation and provide control.
I don't know with a key tied to your vote that can be verified by yourself isn't half bad. Though then the exploit moves to the tallying of the votes since no one can independently do that...
I feel like electronic voting systems have to be the future but so many seem to think it's impossible it makes me wonder what the ultimate solution will end up being.
all of it will be tallied up electronically regardless and you can manipulate it in any number of ways paper or not, challenged elections have shown as much.
so I don't understand this fantasy that "paper" which is an ambiguous term is bandied about as the ideal solution. From paper ballots to punch cards, there are hundreds of stories of fraud. If you don't just up and lose them or mysteriously get different votes than the district involved would imply. If you can't find fraud you simply challenge the votes until you get the results you want, keep some polls open than longer, or take people to vote and help them.
The ideal solution is getting it out of the hand of politicians into an independent board which can implement and secure it as needed.
The real reason this comes up is because one side or another wants an excuse for losing over and over at various levels. It also is because it is becoming even more difficult to hide fraud that they have to scream its more rampant than ever or lurking right around the corner.
Australia has already crossed the Rubicon with electronic counting of votes. The sweeping changes to the preference rules just before the last election also meant all the votes are tallied by Fuji Xerox in Canberra. They produced a video of the entire process and posted it to YouTube with locked comments. I have put a copy of this on Vimeo so others can comment on it as it is the scariest thing I have seen in a long long time. Please give it a watch even from 2:10 when the scanning in batches with the Windows PC is being done... https://vimeo.com/177354514
Seems like the best system is electronic that prints out a machine readable and human readable tape that the voter can verify, and in the event of a dispute, a human recount based on the tape is the final word on the result.
I think that the future should lie in digital democracy, where elections and referendums will be held constantly and this will require a well-working electronic system.
I have no faith in current crowd-validation elections.
I find it amazing how strong the anti-Russian rumor mongering is in this election.
I thought we already had reached the point where 'Terrorism' has replaced 'Russia' as the perpetual enemy figure.
Is Trump's soft stand on Russia so scary to some? Apparently attributing anything unattributable to Russia is having a massive comeback right now.
If China and others would at least be occasionally mentioned as potential alternative attackers, these reports would look a lot less as some one sided opinion engineering operations.
Aside from the fact that Russia really does seem to be implicated in this...
That you're hearing so much about Russia this year is due to the fact that the Democrats have made it something of a theme of this campaign season [0].
I would suggest that, the Republicans having already "won" terrorism messaging, the Democrats have embraced anti-Russia propaganda so they can have their own bogeyman to fight against. With Trump's documented ties to Russia, the Democrats can "own" attacks on Russia without risk of retaliation.
Perhaps there is evidence as others have suggested (as I am sure there is of US involvement in Russian affairs). In fact it would be surprising if Russia weren't at it. This is after all the age of cyber warfare so it is extremely unlikely that all major powers aren't trying to coerce the system to their advantage. That said it seems that most of the Russian scare tactics are coming out of the Hilary camp as an attempt to deflect from her own shortcomings. Every time something illegal she did comes up the Russian scaremongering gets ramped up a notch. Classic deflection tactics. It is also convenient given that Trump seems to be pro-Putin and many Americans have been conditioned to fear the Russians for decades. America has already lost this election regardless of the outcome.
This is really due to the increasing tension between the two super powers. Russia has been on the loose, and Obama has done little to challenge them to try and reign them in. I would suspect this is why they get blamed for everything - regardless of the evidence. It's very "cold war era" feeling to me when both sides would blame each other for the smallest thing.
Lots of increasing geopolitical drama and it probably won't end anytime soon.
>I find it amazing how strong the anti-Russian rumor mongering is in this election.
Because there's evidence? If there was countervailing evidence that some other organization was at fault, I'm all ears, but there's currently only one probable explanation.
Give me a break. The issue is not only that Trump has taken a "soft stand" on Russia, as you put it. It's that the guy running his campaign (Paul Manafort) has very clear ties to pro-Russian politicians in Ukraine, and Trump himself appears to have financial ties to Russia. Not to mention that everything the guy is saying publicly about Russia is against even the Republican playbook, so it looks like he is aligning closer to Russia over the United States.
Because there's evidence. The same way there's evidence of ransomware and other malware industries being propped up by Russia, Russia cheating in the Olympics, Putin murdering journalists and rivals, Putin annexing parts of Ukraine, Putin powering the eastern conflict in Ukraine, Putin purposely bombing US aligned rebels in Syria, etc, etc. All these things were denied by Russia and Russophiles. And that's on top of Russia's incredibly corrupt economic system, where 35% of the wealth in Russia belong to about 100 people.
I think a lot of Russophiles are getting the big dose of reality we've been warning about for quite some some. I don't think how its even possible to start giving Russia this benefit of the doubt considering its leadership's recent actions and the evidence we have. If you think Russia doesn't have a non-stop cyberwar with us then I've got a bridge to sell you.
> Apparently attributing anything unattributable to Russia is having a massive comeback right now.
Could that be because the US and Russia are currently engaged in a low level proxy conflict in Syria? The "Great Game" (https://en.wikipedia.org/wiki/The_Great_Game) of exerting economic and political influence continues...
I'd imagine that every major US bank, healthcare provider and government department have been breached at some point by unauthorized person or persons. It's almost impossible for this not to be the case to my mind.
"Still, the FBI warning seems likely to ramp up pressure on the Department of Homeland Security to formally designate state election systems as part of the nation’s “critical infrastructure” requiring federal protection"
I can't believe what I am reading!
What are they waiting for ? For the Russians to rig the election? seriously...
My thoughts on e-voting have changed as I've grown older.
In high school and college I said technology is the future! It's insane that we're still using paper and pencil for something so important. Computers are better at counting than humans. Yay e-voting!
Then I realized that you can't trust individual company or organization with that much power & any trusted e-voting software would have to be open source so that it could be independently verified by security experts everywhere.
Then I learned more about how many 0-day vulnerabilities exist and are being stock-piled by state actors for every layer of the stack -- routers, firmware, operating systems, browsers, popular code libraries, etc. It's all been compromised. You can't trust any of it. So you'd have to open-source the hardware too & probably keep the whole thing air-gapped from the internet. And still that might not be enough!
Today I believe there's no way to secure a system (electronic or not) without publishing a log of every vote cast. This gets tricky when you have secret ballots, but there are a couple ways to handle it. The first way would to be to allow people to choose whether they want their ballot to be public or private. That way you'd end up with enough public votes that you should be able to tell whether the election was massively rigged or not (assuming you expect the private votes to follow the same distribution as the public ones). The second option would be to assign everyone a private one-time key when they vote -- a receipt they can look up later. Everyone can then look up the key from their voting receipt on the public log and make sure their vote was tallied correctly. The second option has the benefit of keeping secret ballots, but you'd need a separate way to verify that the number of lines in the public log is the same as the number of people who showed up to vote. That can be solved by publishing a list of who showed up to vote.
Of course, we can't know for sure that we've had a fair election while the NSA dragnet continues to exist. We would never know which candidates were forced to drop out from those in power using their access to surveillance intel to blackmail a candidate or leak their dirty secrets to the press.
Don't assume that the private votes follow the same pattern as the public votes. When you have an election where there is public shaming of people voting for one side, even exit polls are off.
For example, in the "should Scotland leave Great Britain" referendum, there was a lot of public pressure for voting to leave. Those who voted to remain were much more quiet, but in the end, they were the majority. I was actually in vacation just before the vote. Even as an outsider, I could tell that the leave faction was much more vocal, but the remain faction was quietly solid.
If they gained read access, who is to say they didn't also gain write access? What if they started selectively deleting voter registrations from a given party? Or changing the party affiliation to obstruct primary voters?
Just have a SMS message texted to voters once their vote is counted with a link to a scan of their paper ballet. Would make voter fraud a bit harder as each person could validate their vote was correctly counted. If the voter doesn't get their SMS, then provide a 1800 number for them to figure out what happened. This would only stop the changing and non counting of a real voter, but does not stop fake voters from adding their vote....which would need a diff fraud protection scheme.
Voters must not be allowed to prove to others how they voted. That's also a disaster scenario of a different kind. Not just vote selling but voter intimidation.
Yeah I was thinking blockchain based voting would be cool but how do you hand out keys to people, how to make it easy for anyone and then what about privacy if who you voted for is recorded in the blockchain.
Yahoo is (among other things) a news organization. Of course they are going to publish this, it's clearly newsworthy. Presumably for Yahoo to get ahold of the PDF in the first place, someone else that wasn't supposed to share it did so, but that's not a reason to be mad at Yahoo.
> The FBI bulletin listed eight separate IP addresses that were the sources of the two attacks and suggested that the attacks may have been linked, noting that one of the IP addresses was used in both intrusions... “Attempts should not be made to touch or ping the IP addresses directly.”
The whole thing just sounds so basic and rudimentary. They didn't spoof ip addresses or cover their tracks. Then FBI has to remind techs not to contact the hackers directly by resolving the ip. It reminds me that we are a sitting duck if someone with skills wants to do damage.
Just because they used the same IP twice doesn't mean the IP address corresponds directly to an ISP account paid for by the attacker(s). Could just be a zombie or any of a dozen other means of misdirection. It's a safe assumption that the FBI is competent in these matters and knows a lot more about this than they're saying even in this leaked document.
[+] [-] rawfan|9 years ago|reply
It's precise, it's easily observable, it's easy for people to understand where their vote goes. It's also easy to grasp how the election is protected from manipulation.
With electronic voting systems it is physically impossible to prevent manipulation and provide control.
[+] [-] skrause|9 years ago|reply
"When electronic voting machines are deployed, it must be possible for the citizen to check the essential steps in the election act and in the ascertainment of the results reliably and without special expert knowledge."
So your average neighbor, grandma and co-worker must be able to understand how you came to the result because that's important in a democratic process. Your open-source voting machine software doesn't meet that requirement and neither does your fancy blockchain-based cryptographic system. But paper does: You make a cross on paper, you count them.
You can find an official, full English translation of the ruling here: http://www.bundesverfassungsgericht.de/SharedDocs/Entscheidu... (my quote is from paragraph 119).
[+] [-] specialist|9 years ago|reply
With paper based precinct voting, perhaps 20% of the work is done outside. Mostly printing, ballots, pamphlets, poll books. But also buying some simple gear, like the optical (scanotronic style) scanners or punchcards (whatever is used).
Adding touchscreens to the mix outsourced more stuff.
With postal balloting, I'd estimate 50-60% is outsourced. For more printing. Signature matching. Ballot image scanners. A lot of bookkeeping software.
With internet voting, closer to 100% of the elections will be outsourced. What jurisdiction is sophisticated enough to build, run, maintain voting systems? None. So every jurisdiction will be like the state of Georgia, where all of election administration is conducted by a corporation.
--
Buddy of mine is trying to sell me on blockchain voting. Claims it'll protect privacy via some kinda tor like onion routing whatever.
I don't even care.
If we adopt some magical crypto voting system that actually work for our form of elections (unlikely), we'll completely forfeit the primary function of our governments, which is administrating elections.
Private voting and public counting will be gone.
[+] [-] wdr1|9 years ago|reply
Seems like a double standard. With paper it is impossible to prevent manipulation & provide control as well. To wit, the countless examples of election fraud:
https://en.wikipedia.org/wiki/Electoral_fraud
With either system is a question of risks & mitigation strategies. Neither system can guarantee the elimination of fraud.
[+] [-] huherto|9 years ago|reply
The US has not experienced (yet) a candidate that refuses to accept the results of an election. An unloyal candidate will claim fraud without any proof. And enough people would believe him to cause internal division or even a civil war or a coup d'etat.
[+] [-] mentat|9 years ago|reply
[+] [-] BinaryIdiot|9 years ago|reply
I don't know with a key tied to your vote that can be verified by yourself isn't half bad. Though then the exploit moves to the tallying of the votes since no one can independently do that...
I feel like electronic voting systems have to be the future but so many seem to think it's impossible it makes me wonder what the ultimate solution will end up being.
[+] [-] Shivetya|9 years ago|reply
so I don't understand this fantasy that "paper" which is an ambiguous term is bandied about as the ideal solution. From paper ballots to punch cards, there are hundreds of stories of fraud. If you don't just up and lose them or mysteriously get different votes than the district involved would imply. If you can't find fraud you simply challenge the votes until you get the results you want, keep some polls open than longer, or take people to vote and help them.
The ideal solution is getting it out of the hand of politicians into an independent board which can implement and secure it as needed.
The real reason this comes up is because one side or another wants an excuse for losing over and over at various levels. It also is because it is becoming even more difficult to hide fraud that they have to scream its more rampant than ever or lurking right around the corner.
[+] [-] ryebuck|9 years ago|reply
[+] [-] empath75|9 years ago|reply
[+] [-] guard-of-terra|9 years ago|reply
I have no faith in current crowd-validation elections.
[+] [-] thecrow1213|9 years ago|reply
[+] [-] 1337biz|9 years ago|reply
I thought we already had reached the point where 'Terrorism' has replaced 'Russia' as the perpetual enemy figure. Is Trump's soft stand on Russia so scary to some? Apparently attributing anything unattributable to Russia is having a massive comeback right now.
If China and others would at least be occasionally mentioned as potential alternative attackers, these reports would look a lot less as some one sided opinion engineering operations.
[+] [-] JeremyNT|9 years ago|reply
That you're hearing so much about Russia this year is due to the fact that the Democrats have made it something of a theme of this campaign season [0].
I would suggest that, the Republicans having already "won" terrorism messaging, the Democrats have embraced anti-Russia propaganda so they can have their own bogeyman to fight against. With Trump's documented ties to Russia, the Democrats can "own" attacks on Russia without risk of retaliation.
[0] https://theintercept.com/2016/08/08/dems-tactic-of-accusing-...
[+] [-] rorykoehler|9 years ago|reply
[+] [-] at-fates-hands|9 years ago|reply
Lots of increasing geopolitical drama and it probably won't end anytime soon.
[+] [-] akhilcacharya|9 years ago|reply
Because there's evidence? If there was countervailing evidence that some other organization was at fault, I'm all ears, but there's currently only one probable explanation.
[+] [-] eeeeeeeeeeeee|9 years ago|reply
http://www.politifact.com/global-news/article/2016/may/02/pa...
http://www.nytimes.com/2016/04/06/us/politics/donald-trump-s...
https://www.washingtonpost.com/politics/inside-trumps-financ...
http://time.com/4433880/donald-trump-ties-to-russia/
[+] [-] drzaiusapelord|9 years ago|reply
I think a lot of Russophiles are getting the big dose of reality we've been warning about for quite some some. I don't think how its even possible to start giving Russia this benefit of the doubt considering its leadership's recent actions and the evidence we have. If you think Russia doesn't have a non-stop cyberwar with us then I've got a bridge to sell you.
[+] [-] knz|9 years ago|reply
Could that be because the US and Russia are currently engaged in a low level proxy conflict in Syria? The "Great Game" (https://en.wikipedia.org/wiki/The_Great_Game) of exerting economic and political influence continues...
[+] [-] neom|9 years ago|reply
[+] [-] Globz|9 years ago|reply
I can't believe what I am reading!
What are they waiting for ? For the Russians to rig the election? seriously...
[+] [-] specialist|9 years ago|reply
[+] [-] joshfraser|9 years ago|reply
In high school and college I said technology is the future! It's insane that we're still using paper and pencil for something so important. Computers are better at counting than humans. Yay e-voting!
Then I realized that you can't trust individual company or organization with that much power & any trusted e-voting software would have to be open source so that it could be independently verified by security experts everywhere.
Then I learned more about how many 0-day vulnerabilities exist and are being stock-piled by state actors for every layer of the stack -- routers, firmware, operating systems, browsers, popular code libraries, etc. It's all been compromised. You can't trust any of it. So you'd have to open-source the hardware too & probably keep the whole thing air-gapped from the internet. And still that might not be enough!
Today I believe there's no way to secure a system (electronic or not) without publishing a log of every vote cast. This gets tricky when you have secret ballots, but there are a couple ways to handle it. The first way would to be to allow people to choose whether they want their ballot to be public or private. That way you'd end up with enough public votes that you should be able to tell whether the election was massively rigged or not (assuming you expect the private votes to follow the same distribution as the public ones). The second option would be to assign everyone a private one-time key when they vote -- a receipt they can look up later. Everyone can then look up the key from their voting receipt on the public log and make sure their vote was tallied correctly. The second option has the benefit of keeping secret ballots, but you'd need a separate way to verify that the number of lines in the public log is the same as the number of people who showed up to vote. That can be solved by publishing a list of who showed up to vote.
Of course, we can't know for sure that we've had a fair election while the NSA dragnet continues to exist. We would never know which candidates were forced to drop out from those in power using their access to surveillance intel to blackmail a candidate or leak their dirty secrets to the press.
[+] [-] AnimalMuppet|9 years ago|reply
For example, in the "should Scotland leave Great Britain" referendum, there was a lot of public pressure for voting to leave. Those who voted to remain were much more quiet, but in the end, they were the majority. I was actually in vacation just before the vote. Even as an outsider, I could tell that the leave faction was much more vocal, but the remain faction was quietly solid.
[+] [-] farico|9 years ago|reply
[+] [-] JoeAltmaier|9 years ago|reply
But its just data taken, right? Aren't voting records public domain already? Is this equivalent to stealing a phone book?
[+] [-] colinbartlett|9 years ago|reply
[+] [-] pulisse|9 years ago|reply
[+] [-] blasteye|9 years ago|reply
[+] [-] pjc50|9 years ago|reply
[+] [-] losteric|9 years ago|reply
[+] [-] ourmandave|9 years ago|reply
[+] [-] camillomiller|9 years ago|reply
[+] [-] Keverw|9 years ago|reply
[+] [-] throwanem|9 years ago|reply
[+] [-] bsbechtel|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] 1024core|9 years ago|reply
[+] [-] xxdesmus|9 years ago|reply
Look up the definition of TLP:AMBER. You weren't supposed to publish this you asshat.
Love, People who understand TLP
[+] [-] 0xffff2|9 years ago|reply
[+] [-] philip1209|9 years ago|reply
[+] [-] headShrinker|9 years ago|reply
The whole thing just sounds so basic and rudimentary. They didn't spoof ip addresses or cover their tracks. Then FBI has to remind techs not to contact the hackers directly by resolving the ip. It reminds me that we are a sitting duck if someone with skills wants to do damage.
[+] [-] heartbreak|9 years ago|reply
[+] [-] wcummings|9 years ago|reply
The ip's are prolly proxies/owned boxes/relays.