"Our election infrastructure is designated as critical infrastructure by the DHS
Let the Kremlin decide if the vulnerabilities have been fixed/patched or not.
In the meantime, someone stole me coat. WTF. Vlad, was that you?
Just hours after Professor Matt Blaze today discussed the state of election system security in America, one of the largest US voting machine makers stepped forward to say it's trying to improve its vulnerability research program. Election Systems and Software (ES&S), whose products include electronic ballot boxes and voter …
critical, but inherently vulnerable, as opposed to paper versions which have had most of the kinks worked out....
Given the delay between the election and the implementation of the result, does it really matter if it takes 36 hours to count the votes?
Apparently no mention of improving software development standards though. I would have thought that reducing the prevalence of exploitable bugs might be a better long term strategy than simply expanding the base of folks approved for find them when it's rather late in the day.
It seems that we have been brainwashed into accepting that software is fundamentally broken and needs constant fixing to be "secure". How about trying to get it right instead? Particularly in domains such as voting, flight and medicine, that seems to me somewhat desirable.
Testing things properly is very difficult these days. Firstly its enormously time-consuming so it interferes with those 6-monthly release cycles everybody seems to love so much. Secondly you need reasonably intelligent people to do it well, but it is also frequently extremely tedious and repetitive, so intelligent people get bored and move on after a year or so. The answer is automation, but automation isn't intelligent s you still need the people to check what the automation is doing.
The days of the 1990s, when companies I worked for didn't get to release new products until QA said they were allowed to, are long gone. The irony is that people expect frequent updates, but it's the frequent updates that cause the bugs the frequent updates are needed to fix....
Difficult to do continuous rollout testing for an election.
You could decide to redo the elections every month on patch tuesday but people might object
Best way is some sort of chaos-monkey approach where you try and inject some totally crazy inputs and see if it gets elected
"The days of the 1990s, when companies I worked for didn't get to release new products until QA said they were allowed to, are long gone."
In general, those days are still here where the application is life or safety critical. Clearly something as critical as an election should be treated the same way. If only one of the "voting machine" builders would work that way, they'd amortise the cost over the much larger market they could command for a reletivley modest increase in the sale price.
"trying to improve... will soon take... will employ... will beef up... will be able to... plans to involve... plan to use..."
That's an awful lot of talk about what they plan to start doing at some point in the future. The next major US election is in less than three months. Sure, it's better for them to be thinking about all this than to ignore it entirely, but it really feels a little late to be announcing that they plan to start thinking about maybe improving things at some point.
...you could just not add a bunch of massive problems to the process of counting votes for absolutely no gain what so ever? I mean, paper, pencil, big clear plastic box... any of this ringing any bells? Pretty much impossible to manipulate on a bulk scale, been used successfully for hundreds of years? I mean, honestly, what does involving computers in this process improve in any way?
"pencil, big clear plastic box..."
You have to get the voters to the pencil and big clear plastic box. This is a major problem in very rural voting districts on this side of the pond. In other parts of the world*, getting people past the various partisan citizens militias standing guard outside polling places is a problem.
Vote by mail has been proposed. It's actually a pretty secure system once all the bugs have been hammered out. Tampering with it doesn't scale well for national elections. But for local districts, fraud has occurred. Particularly one of the features often added to vote by mail: The volunteer ballot collection. A local GOP election win was invalidated for exactly this reason. The volunteers were picking up ballots and either revising or throwing out ballots from know Democrat leaning voters. And now that vote by mail is a hot topic again, volunteer ballot collection is a 'feature' that now the Democrats are pushing. They either forgot the last controversy. Or they think it's now their turn to fiddle with the results.
*Our dear mayor tried to invoke scenes of 'Federal troops invoking martial law and standing guard around polling places' come our November election day. No doubt all for the sound bite on a national radio show intended to trigger fear and doubt in the voting process. Because we have no polling places in our state (each state defines its own processes) and she damned well knows that. It's 100% vote by mail. But perhaps others don't know this.
And now that vote by mail is a hot topic again, volunteer ballot collection is a 'feature' that now the Democrats are pushing. They either forgot the last controversy. Or they think it's now their turn to fiddle with the results.
Knowing the current state of the Democratic party, I think that's *EXACTLY* what they're aiming for.
Why don't they just remove the wifi and cell modems from the voting machines? And stop connecting the tabulators to the Internet? And stop using an opaque non-human-readable barcode as the official "paper ballot"?
But ES&S has an entire C-suite full of rabid Trump donors, so instead they talk about "bug bounties" to stall discussing real issues until after the election.
Or states could just choose to use hand-marked paper ballots. But that's not the way America rolls. Sad.
Biting the hand that feeds IT © 1998–2021