voting machines
Latest
Many of Georgia's new voting machines aren't working on primary day
Many voters are enduring long waits and some poll locations quickly ran out of provisional ballots.
HBO’s 'Kill Chain' doc highlights the flaws in US election machines
While COVID-19 might be putting just about everything else on hold, we're still marching towards a presidential election later this year. After the high-profile interference of 2016, election security and foreign meddling are still critical issues, but many states still aren't doing enough to ensure the integrity of the process. A documentary premiering tonight on HBO proves a sobering reminder of the fragility of America's voting infrastructure.
Security fails we’re kinda thankful for
As we gather 'round the fire, warming our facepalm-weary hands, the blaze burning bright with the shreds of our privacy and security, it's important to reflect on what we're grateful for: Companies that did the infosec version of stepping on a rake, forcing them to secure us better. Idiots who tried to "hack" the FCC comment system while leaving their OPSEC cake out in the rain. Whatever geniuses left road signs eminently hackable, and the ones who made ATMs susceptible to malware that literally spits out cash. Here are the "winners" of utter and complete security failures we're almost grateful for. Let's hope the next time these clowns fall off a stack of servers, they don't fail to miss the ground.
Researchers easily breached voting machines for the 2020 election
The voting machines that the US will use in the 2020 election are still vulnerable to hacks. A group of ethical hackers tested a bunch of those voting machines and election systems (most of which they bought on eBay). They were able to crack into every machine, The Washington Post reports. Their tests took place this summer at a Def Con cybersecurity conference, but the group visited Washington to share their findings yesterday.
Judge orders Georgia to ditch 'vulnerable' voting machines by 2020
A federal judge has ordered Georgia to stop using its old, "vulnerable" paperless voting machines by next year. US District Court Judge Amy Totenberg will allow the state to use the machines for special and municipal elections in November, accepting an argument that it would be too disruptive to switch to paper ballots, but that'll be the last time they're used.
Key U.S. election systems could have been exposed online for months
More than 30 backend election systems over the last year -- including some in key swing states like Florida, Michigan and Wisconsin -- have been left online and were susceptible to hackers. A Motherboard investigation published today revealed that systems made by ES&S, one of the largest makers of voting machines in the country, were connected to the internet for long periods of time, in some instances as long as a year. This information contradicts prior claims by election officials that voting machine systems were no longer connected after Election Day.
Major voting machine maker backs away from paperless models
Voting machine security is still a sore point, but at least some vendors are starting to change their tune. ES&S chief Tom Burt has declared that his company will "no longer sell" paperless voting machines as the "primary" voting device for a given jurisdiction. It's just too hard to conduct a "meaningful" audit of election results without a physical record, Burt said. He went so far as to ask the US Congress to mandate a paper record for all voters.
FTC appoints Ed Felten as agency's first Chief Technologist
It may come as a bit of a surprise to some considering that seemingly every company and government agency has one these days, but the Federal Trade Commission has never had a Chief Technologist. It's now finally filled that gap, however, and has appointed Edward W. Felten to the post. As you may be aware, Felten's a professor of computer science and public affairs at Princeton and the founding director of the university's Center for Information Technology, but he's probably best known for his efforts to expose problems with electronic voting machines, and for his vocal advocacy against DRM -- he also uses his Mii for his profile image on the Freedom to Tinker blog, so you know you're not exactly dealing with your usual government bureaucrat. Felten has actually already been serving as a part-time adviser to the FTC, and it seems like he'll now basically be continuing that role in a full-time capacity, with the FTC only saying that he will "advise the agency on evolving technology and policy issues."
E-voting whistleblower Hari Prasad arrested, taken to Mumbai for questioning
In America, when you demonstrate what a racket e-voting is, you get to play Pac-Man. In India? You just might get arrested. Security researcher Hari Prasad made waves earlier this month when he demonstrated how an e-voting machine might be compromised, live on national television. It is now being reported that police have taken Prasad into custody, ostensibly for the theft of the machine, although folks in the know are suggesting that a cover-up is in the works. For Prasad's part, he refuses to give up the source of the machine -- and has been taken by police to Mumbai (a fourteen hour drive) to undergo questioning. According to researcher Alex Halderman there are some 1.4 million e-voting machines in use in India, all of which the government keeps out of the hands of researchers on intellectual property grounds -- and all of which might be vulnerable to fraud. There's a brief discussion with Prasad after the break.
Diebold's e-voting machines violate GPL, good taste
Diebold just can't seem to keep its nose clean these days. The nation's largest manufacturer of ATMs admitted not too long ago what everybody already knew: that their e-voting machines were totally bunk. Apparently in the course of that investigation it emerged that the company also thought it would be a laugh to load the open source Ghostscript Postscript interpreter software into those faulty machines without releasing its changes or paying the proprietary usage license fee -- leading Aritex, its developer, to file a lawsuit. It doesn't really instill confidence any further to hear that our nation's terrible electronic voting machines are running on stolen software, guys -- and to be honest, we're kinda starting to wish you'd get out of the ATM business, too.
Unloved e-voting machines cluttering warehouses, losing value fast
Just as the world's landfills could soon see an influx of unwanted televisions, many American warehouses are packed with e-voting machines that once held promise for a better way to vote. Instead, they turned into a multi-year fiasco, with hackers figuring out how to do everything save for their income taxes on 'em and states reverting back to less vulnerable methods. Now, many states are scrambling for ways to recoup costs, even for outlets that will take them in for recycling. Oddly, Ohio cannot ditch the systems it purchased until a couple of related lawsuits get dealt with. The result? Buckeyes will probably still be using e-voting machines come November.[Via Slashdot, image courtesy of BradBlog]
PSA: Super Duper Tuesday voting machines could be at risk
Attention voters: if you're casting your ballot for a special someone on this Super Duper Tuesday, you might want to hear what the folks over at Common Cause have to say. The nonpartisan, nonprofit voting machine watchdog wants you to know that six out of the 24 states involved in the presidential primaries today are using voting machines that are at "high risk" for malfunction or tampering. In all, 17 states have some risk factor -- based on the advocacy group's rating system -- though the machines in Arkansas, Delaware, Georgia, New Jersey, New York, and Tennessee are the most likely to give the votes to Darth Vader, Dr. Evil, or Lord Voldemort. You have been warned.
Colorado voting machines don't make the grade
In a terrifically unsurprising blow to electronic voting fans everywhere, Colorado's Secretary of State has declared the machines unreliable -- and apparently in need of a software patch. While not as harsh as some rulings on the systems, Secretary Mike Coffman decertified three out of four machines which had been tested. Why the bad grade? Apparently the machines failed on accuracy and security, two sort-of-crucial components to dependable voting solutions, and two components which have been lacking in many systems. Coffman believes Colorado's findings could have a larger impact, stating, "What we have found is that the federal certification process is inadequate." Clearly another blow for the Diebolds (er, we mean Premier Election Solutions) of the world, but hopefully a sign that we can expect tough love for suspect voting machines.
Voting machine producers criticize critiques
Voting machine makers scoffing at bad reviews? That's preposterous! Actually, it's not all that alarming to hear that Diebold, Hart InterCivic, and Sequoia Voting Systems all had less-than-amicable responses to a state study that "found that their machines could be breached by hackers." Of course, we're not exactly sure what all that groaning is about, as we've seen nothing but proof to back the investigation up. Nevertheless, Sequoia dubbed the review "an unrealistic, worst-case-scenario evaluation," Diebold kvetched that the study didn't look at its most recently developed software, Hart found "several inconsistencies, alternate conclusions, and errors," and Elections Systems & Software bypassed the rigmarole entirely by failing to provide their information to the secretary of state. Oh, the irony. [Warning: Read link requires subscription]
California white hat hackers: 3, Diebold and friends: 0
In a move which will bolster your undoubtedly high sensations of "faith" in the US voting process, a group of University of California researchers have just hacked their way through security on nearly every voting machine certified by the state of California. According to Secretary of State Debra Bowen, who initiated these tests, the team was able to "bypass physical and software security in every machine they tested." The group, which was sanctioned by the state, was given full access to the machines, as well as their source code and manuals, leaving some to argue that the test doesn't accurately depict how vulnerable the machines are -- because we all know how hard it is for hackers to get their hands on that kind of stuff. The report will affect whether or not Bowen approves the systems for use throughout California in its upcoming presidential primaries. It looks like 2008 is going to be an exciting year, to say the least.[Via The Raw Feed]
US bars Ciber from testing e-voting terminals due to negligence
Call us crazy, but we had a sneaking suspicion all along that all these e-voting woes were due to a lack in quality control testing somewhere along the approval line, and now it seems the US government has found its scapegoat. Ciber, Inc., the Colorado-based company responsible for testing a majority of the nation's electronic voting terminals, "has been temporarily barred from approving new machines after federal officials found that it was not following its QC procedures, and moreover, could not document that it was conducting all the required tests." Aside from wondering where the oh-so-critical auditors were during this entire debacle (read: federal scrutiny of the testing began just recently), this brings into question the legitimacy of the votes that were actually placed and counted through the potentially faulty machines, but alas, what's done is (presumably) done. Eager to keep that expectedly gigantic government contract money pouring in, Ciber seems to be on top of the issues at hand, and a spokesperson for the outfit even stated that "the company believed that it had addressed all the problems, and that it expected to receive its initial federal accreditation later this month." We just hope that undercover chess functionality somehow goes unnoticed.[Via Slashdot]
Open your Diebold AccuVote-TS with a minibar key
Remember those guys from Princeton who recently dissected a Diebold voting machine and wrote a serious academic paper laying the smack downon our favorite shady e-voting company? The plot thickens with those Jersey brainiacs: after giving a presentation to some computer science colleagues last week, Prof. Ed Felten was approached by Chris Tengi, a member of the department's technical staff, who pointed out that the key that opens the AccuVote-TS voting machine is very similar to a key that he has at home. Tengi's key opened the voting machine, and upon further investigation, the Princeton posse discovered that both keys are actually a common office furniture type used for hotel minibars, electronic equipment and jukeboxes. Furthermore, said keys can easily be bought on eBay or from various online retailers. So, all you need to hack Diebold's crackerjack security is to spend a little cash on these keys, bring 'em to your next local election along with a cheap-o flash drive, and you can easily open the lock that houses that Diebold memory card while you're in the voting booth -- good times, hey? If your locality uses these machines, you may want to write your Congressional representative and your county authorities to alert them to this, erm, "feature" -- better yet, buy them one of these keys and send it along with your letter, inviting them to test it out for themselves![Via Boing Boing]
Researchers show Diebold voting machines unsecure, citizens shocked
We're all for hacking stuff, generally, but hacking democracy for malicious purposes is just plain uncool. While no one's definitively proven that such a scenario has ever actually happened in real elections, vote-hacking remains a distinct possibility, given the state of our electronic voting equipment. If you were unconvinced the last time we covered this, of just how shoddy these Diebold voting machines are, here's another arrow in our quiver: Princeton University researchers have taken apart a Diebold machine, examined it from every angle, written a new paper on its flaws and have come to the following conclusions: 1) Malicious code "can steal votes with little if any risk of detection." 2) Said code can be installed in one minute or less. 3) The Dieblod machines run Windows CE 3.0 -- so, they're susceptible to viruses. 4) Some problems would require the entire replacing of hardware, yet another security risk. Still though, we would love to see a debate between the two candidates in this fictitious election: George Washington and Benedict Arnold.[Via Boing Boing]
Diebold Voting Machine hacked in four minutes flat
It's an old adage in politics that you need truckloads of money to get elected. Apparently you can now buy an election for what you'd spend in a few days on cups of coffee. Black Box Voting found that given $12 in tools, four minutes, and a little determination, you can access a Diebold voting machine's memory card, remove and replace it without a trace. This new development really isn't all that surprising given that it's been shown that these machines can be hacked in more than one way, even by monkeys. Concerned citizens, just switch to absentee paper ballots from now on -- it may be low-tech, but it's a hell of a lot more secure going the "old-fashioned" way.[Via Slashdot]
