Land of the free!
Free to vote any way (or number of times) you like.
Hackers probing America's electronic voting systems have painted an astonishing picture of the state of US election security, less than six weeks before the November midterms. The full 50-page report [PDF], released Thursday during a presentation in Washington DC, was put together by the organizers of the DEF CON hacking …
We're now so conditioned to accept both weak security and lack of true representation that it will take a major, apocalyptic, catastrophe for anything meaningful to be done about this. That is, the people who are responsible for this crap will not be sent to jail, will not be fined, and won't be fired. If anything, they'll create a commission to look into creating a standard that won't get implemented. We'll be lucky if we get a law requiring a paper trail. Sigh.
We're now so conditioned to accept both weak security and lack of true representation that it will take a major, apocalyptic, catastrophe for anything meaningful to be done about this. That is, the people who are responsible for this crap will not be sent to jail, will not be fined, and won't be fired. If anything, they'll create a commission to look into creating a standard that won't get implemented. We'll be lucky if we get a law requiring a paper trail.
In other words, the status quo....
The article heavily promotes the idea of federal fixes for voting security, but in fact there are NO federal elections whatsoever. All national elections are held at the state level with each state responsible for its own separate voting system. If the Feds try to stick their big oar into that existing system it will constitute a major change far more sweeping than just tightening security.
Currently the states are generally moving away from voting machines and towards paper ballot systems. The problem may still partially exist for the upcoming election but the future looks better. I, as a small government proponent, would prefer the Feds keep their sullied hands off our election apparatus. A distributed system seems safer than a centralized system to me, even with a few temporary vulnerabilities.
The only clause that I can think of that would permit is that "congress shall guarantee to each State a
rRepublican form of government".
Yes, that was Tom DeLay's dream, wasn't it...
Link provided for those of you too young, or too East, to remember this sorry-assed bastard. Pay special attention to the section about his trial...
Funny, that Wiki page has this:
"The trial court's judgment was overturned by the Texas Court of Appeals, an intermediate appellate court, on September 19, 2013, with a ruling that "the evidence in the case was 'legally insufficient to sustain DeLay's convictions'", and DeLay was formally acquitted. The State of Texas appealed the acquittal to the Texas Court of Criminal Appeals On October 1, 2014, the Texas Court of Criminal Appeals affirmed the appellate court decision overturning DeLay's conviction."
So DeLay was indicted for technical violations of election law, in the only county in Texas that isn't Republican-leaning, and that court was finally slapped down twice, exonerating DeLay. But in the mean time Tom Delay was made to suffer and his career was ended, the true goal of the exercise. I suppose he was just too effective a legislator for some people's taste.
I agree, the federal government should set standards like:
1) all votes for federal office (i.e. president, senate, congress) must leave a human readable paper trail
2) every state must conduct a hand recount of a statistically significant portion of precincts for votes for federal office, prior to final certification, and if sufficient statistical deviation is found must conduct a full state-wide hand recount of all votes for federal office that will be the final certified total
3) if states require state/federal issued ID to vote, the state must issue state approved voter IDs for free to any resident who doesn't already have another form of state approved ID (such as driver's license) and provide transportation to/from the site where this is available for any resident who lives more than 5 miles away, or is disabled (for those who wonder why, this is to discourage states making the locations inaccessible to make voting more difficult for the poor or minorities)
4) states that require state/federal issued ID to vote must accept social security cards, along with a signature attesting they are that person and whether they filed federal taxes last year and if so in what state and attest they have moved if not this state, as proof of identity to obtain a free stated issued voter ID. The forms filled out for all IDs issued in that manner will be forwarded to the federal government to be cross checked and confirm that a) that person is still alive, b) there are no duplicate voter IDs with that SSN issued elsewhere in the US, c) what they said about if/where they filed federal taxes matches IRS records
"Currently the states are generally moving away from voting machines and towards paper ballot systems."
Having worked on federal elections as a CPS (integrity) - basically a roving troubleshooter / problem solver / support person reporting to the riding returning officer (the person with total responsibility for running the election in the riding), I now appreciate that a properly designed and run paper ballot based system is extremely secure and difficult to compromise.
Anyone who wants to take a hard core look at the processes and safeguards hidden behind the relatively simple outward face of the election process, for an example electoral system, can find them here, in the Elections Act:
Unlike many acts this does not just allow for establishing regulations, it specifies in great detail exactly how things *must* work. Fair warning - as a result it runs over 500 pages, but the section and subsection headings are fairly clear and useful for finding specific issues, solutions, and processes.
There are very strict laws about confidentiality, validation, custody of materials and ballots, and so on, and electoral workers are bound under oath to maintain these things in a secure manner.
Anyway - lots of stuff there if you like process details, or you are having trouble getting to sleep.
"If the card reader has wireless NFC support, you can hold your NFC smartphone up to the voting machine, and potentially cast a ballot many times over."
A "malicious voter" may do that on purpose, but I'll bet that many perfectly honest voters might just present their NFC-enabled phones more than once simply because they're not sure their vote was recorded properly. No malice needed.
The whole sorry saga of electronic voting machines paints a vast canvas of clueless PHBs barking orders at harassed coders who couldn't give a shit and just churned out whatever met the specs, with a cursory test to make sure the bloody thing didn't crash on the first try.
Facing such incompetence, I think it is very unlikely that the NSA had anything to do with this - it's just the cherry on top of a mountain-size cake of incompetence and carelessness, frosted with greed.
The DEF CON village was not without its share of controversy. Voting machine maker ES&S condemned the conference's workshops and contests as a security threat...
The controversy here is ES&S claim that anyone looking at the man behind the curtain (the level of security they provide) is a security threat while bunch of security professionals is laughing at them by way of rebuttal. "Controversy" in the sense of "contention or argument against well established practices and in complete disagreement with common sense".
Th Feds are doing (almost) nothing because the current system favors the party in power. Despite the fact that actual voter fraud has been proven to be minuscule, the fear of system being abused inflames their voter base, as well as creating impetus for stricter voter ID laws that tend to limit the turnout of some of the voters that tend to favor the other party. WE ARE ONLY DOING THESE THINGS TO KEEP THE ELECTION SACROSANCT (re: fear and paranoia that brings out our base)
As far as I can see, ES&S is reluctant to lift a finger about the security vulnerabilities uncovered. Why?
1. There are only 207 units out there (and it's all about the money);
2. There are no proof that anyone has exploited the vulnerabilities at any time;
3. No proof-of-concept exploit code available; and
4. It's a "cultural" thing: The strong believe that "it can't happen in America".
...or for someone with sufficient resources to craft a specialist piece of malware to infect the computers used to load the settings or software onto the voting machines to modify what gets loaded to achieve whatever nefarious intent they have in mind, as was done with PLCs with Stuxnet.