It's worth the down votes each time I add a comment on this topic, but it bears repeating that since electronic elections are not verifiable in any meaningful way, their legitimacy is suspect, and electronic voting actively creates the conditions for violence in response to contested results.
Everybody knows this now and the effects are so predictable it brings into question the motives of people who have an interest in both undermining and discrediting the democratic process by using these machines.
> since electronic elections are not verifiable in any meaningful way
As I once saw someone point out here, the crucial thing is that they be verifiable by the average person.
Imagine a technically perfect electronic voting system, immune to tampering, preserving anonymity, etc. It's provably perfect - but only to the handful people who can understand the proof.
Average people could not have confidence in such a system, so it undermines democracy. (This may also be a barrier to using vote counting systems better but more complex than "first past the post" unless they can be explained clearly.)
"Put your paper ballot in that bin everyone can see and we'll all count them together at the end of the day" is a process that anyone can see is legitimate. So that's what we should do.
I think a lot of the verification problems for electronic voting could be solved by simplification and using old 'outdated' technology. You don't need a full fledged PC to tally votes, you need the computing power of a 30 year old calculator that could be built on a 2-foot wide board with large and simple traces. Something somebody at home with a multi-meter could probe around and test.
We need the equivalent of a moped to do what we need done, but are being sold on F1 racecars which end up being built by equivalent of rednecks in a scrapyard to line the pockets of the scrapyard owners.
I think you're making quite the leap to state that average people could not have confidence in the system, people seem to have confidence in things that they can't prove all the time.
> As I once saw someone point out here, the crucial thing is that they be verifiable by the average person.
But that undermines the purpose of moving to a black-box system.
No, seriously. Every cash register can spit out a receipt; the idea behind audit trails has been around since Hammurabi. The fact that voting systems have none for something as important as the foundation of democracy betrays their purpose.
Every successive society insists on subjugating the plebes by imposing some new barrier to understanding the rules that govern them.
* You can't read the written word of God because you're illiterate. You have to come to church.
* Oh, but you learned to read? Well, only the priests can actually talk to him. You still have to come to church and talk to God through the priest.
* (Who the hell does this Martin Luther guy think he is?)
* Now we have complex tax and legal codes only accountants/lawyers can understand and negotiate. What started as a goat theft escalates to 20 other charges you don't understand the nuances of to successfully defend yourself in court.
* We have voting systems only the administrators have visibility into. Does your vote matter? Was it even recorded in the first place, or did it get wiped out by convenient Russian floating-point rounding errors?
* Our understanding of the world around us is no longer driven by dogma, but personalized algorithms administered by a handful of corporate gatekeepers hell-bent on driving engagement and consumption. If the Faceless Oracle of Google doesn't want you to see it, you'll never discover it organically.
* Freedom of movement is being replaced with self-driving cars, powered by math and code only its engineers (supposedly) understand.
* Soon our personal assets will be governed by the blockchain, another technology understood and exploited by its administrators (and their scammer buddies).
It's a classic hustler and cult-leader tactic. The less someone understands, the easier it is to fleece them.
The first line of your post is not necessary, and against HN guidelines. Your post doesn't need such either as it stands on its own. It only weakens your argument as an appeal to pity. Don't do that please.
It’s totally necessary because HN is predictable as clock work to downvote when you insinuate the liberal standard has flaws, the biggest of which is the inability to be critical of themselves without instinctively reacting to inflict pain (downvoting)
With all due respect, that appeal to pity only weakens the argument of his post is read from a persuasive writing perspective. However, in viewing this post in an exchange of ideas, it carries necessary information. OP cites the unpopularity not as an appeal to pity but as an expression of ideas. To require all posts adhere to a framework of persuasion is unnecessary speech censorship.
The first time I remember people making comments of this nature on tech sites was close to 20 years ago, when in the aftermath of the 2000 elections, some said electronic voting was the answer, but the companies promoting such solutions seemed universally slimey and not security conscious.
I don't think anything has changed since those days.
I think part of the problem has got to be that non-experts cannot judge how good a security solution is, so local governments are ill equipped to view it with a skeptical eye. There might also be in some way a downside of federalism here - if the states pooled more resources perhaps they would be able to solve the problem once instead of 50 times.
It begs asking at which election would this matter spring to true light. The last election was so crowded with attention baiting headlines that the real conversation wasnt had.
Then again, in the bush election the judiciary decided floridas votes and not a peep was heard. American poltical machinery is far from perfect
This is incredible. Rules of engagement are in profound need of overhaul. This is nothing less than a military attack on the US, via computer. No sufficiently large nation state is innocent, but targeting voting systems (and potentially vote totals) should be a glaring red line that has consequences, taking into account that attribution is falsifiable and hard.
Sounds like what Nathaniel Fick has been saying about cyber warfare should also have a degree of proportionality. Mostly, due to the fact that security favors the attacker, deterrence should be based on fear of retaliation vs. a perfect virtual environment.
But if it helps the political establishment that's in power then they can just not enforce the laws or change the laws to make it legal for them... everybody (that is them) wins!
These aren't about the 2016 election in particular, but it would seem that there is strong evidence that the security practices in place by many US states are inadequate, and there is often no "paper trail" to verify that results were tallied accurately after the fact if a recount is needed.
Considering the poor security, if the 2016 election was targeted, it is likely that the attacker(s) succeeded.
> Between June and October of 2016, the group associated with the election hacking "researched websites and information related to elections in at least 39 states and territories, according to newly available FBI information," the bulletin states. "The same actors also directly visited websites in at least 30 states, mostly election-related government sites at both the state and local level—some of which overlap with the 39 researched states."
> The "actors" performed their research "in alphabetical order by state name," the bulletin states, "suggesting that at least the initial research was not targeted at specific states." The research focused on Secretary of State voter registration and election results sites, but it also drilled down on some local election officials' webpages. As they accessed sites, actors "regularly attempted to identify and exploit SQL database vulnerabilities in webservers and databases."
Voter registration information is public (although not technically to Russian citizens!).
Visiting the front end websites of the state election authorities and attempting SQL injection on the web forms is not what some downthread are calling a military attack.
However, I think it’s great to be sent such a wake up call in the form of a “tap on the shoulder” because these systems should be heavily monitored and better protected.
The true election systems should require feet on the ground to compromise in any form. And they should not be electronic without a proper auditable paper record.
But what will they do about it? Absolutely nothing. Republican politicians don't care and I honestly don't understand why not. Election security should be a truly non-partisan issue, yet whenever they talk about election security it's not this it's about disenfranchising certain voting blocks.
“Republican politicians don't care and I honestly don't understand why not.”
If your party is the minority (in votes, not representatives), but you need votes to win, gerrymandering, vote suppression, unaccountability, and fraud are all welcome tactics. Majority party does it too, but doesn’t rely on it quite as much
Gerrymandering can be used to unseat an incumbent, but often it creates a safe district for one. The candidate can then loan out their warchest to members of their caucus running in closer elections. Ending the practice may end the horse trading that takes place behind closed doors. Maybe then GOP senators can spend July 4th at home rather than in Moscow presumably as some kind of a low man on the totem pole cleanup crew.
Then why are Democrats against showing an ID to prove you are who you say you are? Why are Democrats OK with allowing ballot harvesting in California when the election in North Carolina was invalidated for the same reason?
For the record, showing an ID would __not__ help with the sort of absentee ballot shenanigans that took place in NC9 (which was election fraud not voter fraud). If anything, it doesn't do anything at all - it's elections security theater.
Because there’s no significant amount of fraud occurring that ID requirements would fix, and ID requirements are often made to unfairly disenfranchise certain groups.
Ballot harvesting is not de facto bad. It can help increase turnout with indigent, disabled, and elderly.
However, what happen in North Carolina was 1) ballot harvesting 2) alteration of the harvested ballots. They picked up the ballots and then changed the ballots they collected
Identity fraud when voting basically doesn't happen. We're talking dozens of cases in a given election, even when people investigate it.
There are other kinds of fraud that are pervasive (like harvesting absentee ballots and modifying/discarding them) and those should be policed, but voter ID laws historically do literally nothing except punish people who don't have access to ID - like people whose birth certificates burned up in a fire, or people whose nearest DMV office is hours away.
We have decades of evidence that voter ID is a waste of time and money. It has one very obvious reason. It also seems to be pretty close to illegal, if not illegal.
Wild guess -- Rep. & Dem. political parties are more motivated by self-serving interests than guided by any sustained principles.
Both will easily flip on war, justice, tax reform, voting, etc. as needed.
Part of the problem is it's easy to complain and spitball ideas when you're out of power, it's a lot more complex to gain consensus and implement policy when you're in power.
Fully in favor of universal voter ID. It should be issued by the federal government to all US citizens of voting age. It's letting individual states decide what ID they will accept that's the problem.
Unfortunately there is no way that Republicans would agree to it. I don't know if Democrats would or not.
Does anyone know the details of these "election systems"?
> Russian cyber actors in the summer of 2016 conducted online research and reconnaissance to identify vulnerable databases, usernames, and passwords in webpages of a broader number of state and local websites than previously identified
This makes it sound like just election-related state websites.
> a Russian campaign seeking vulnerabilities and access to election infrastructure
For me, the term "Election infrastructure" sounds like it would include voting machines, voter registries, vote counts, etc.
Until now this has all been bullshit accusations. The "false positives" are very common in these security reports, because they want a warning when there might be an attack.
They do not list the numerous internal attacks that were reported too. These actually modified the votes. These votes can only be changed via physical access. But this is probably not politically interesting, and it involves corrupt staff members and such.
I have been following a lot of this kind of security news. But let's follow the money. Homeland security has already prepared a plan to take over the election system in all states (from before 2016). It seems to me that these accusations are used to push to take over the voting system.
Such a change would theoretically be good, but who watches the watchers? And why does DHS not report on the internal problems that actually changed votes?
Do we know anything about what these hackers accomplished / what effect they had on the election?
The idea that our election infrastructure is "targeted" is scary but not very surprising. Every web server on the internet is "targeted", so why wouldn't something as valuable as election infrastructure?
That's what I was wondering too. I mean, I'd expect all major Nation States to "research" each other's voting systems and "direct visits to—election websites". Duh why wouldn't you?
I guess this is what I'm asking. Were the attacks repelled, or did the hackers actually hack/break/change something? What was that thing? I'm genuinely asking.
Readit News
Everybody knows this now and the effects are so predictable it brings into question the motives of people who have an interest in both undermining and discrediting the democratic process by using these machines.
As I once saw someone point out here, the crucial thing is that they be verifiable by the average person.
Imagine a technically perfect electronic voting system, immune to tampering, preserving anonymity, etc. It's provably perfect - but only to the handful people who can understand the proof.
Average people could not have confidence in such a system, so it undermines democracy. (This may also be a barrier to using vote counting systems better but more complex than "first past the post" unless they can be explained clearly.)
"Put your paper ballot in that bin everyone can see and we'll all count them together at the end of the day" is a process that anyone can see is legitimate. So that's what we should do.
We need the equivalent of a moped to do what we need done, but are being sold on F1 racecars which end up being built by equivalent of rednecks in a scrapyard to line the pockets of the scrapyard owners.
But that undermines the purpose of moving to a black-box system.
No, seriously. Every cash register can spit out a receipt; the idea behind audit trails has been around since Hammurabi. The fact that voting systems have none for something as important as the foundation of democracy betrays their purpose.
Every successive society insists on subjugating the plebes by imposing some new barrier to understanding the rules that govern them.
* You can't read the written word of God because you're illiterate. You have to come to church.
* Oh, but you learned to read? Well, only the priests can actually talk to him. You still have to come to church and talk to God through the priest.
* (Who the hell does this Martin Luther guy think he is?)
* Now we have complex tax and legal codes only accountants/lawyers can understand and negotiate. What started as a goat theft escalates to 20 other charges you don't understand the nuances of to successfully defend yourself in court.
* We have voting systems only the administrators have visibility into. Does your vote matter? Was it even recorded in the first place, or did it get wiped out by convenient Russian floating-point rounding errors?
* Our understanding of the world around us is no longer driven by dogma, but personalized algorithms administered by a handful of corporate gatekeepers hell-bent on driving engagement and consumption. If the Faceless Oracle of Google doesn't want you to see it, you'll never discover it organically.
* Freedom of movement is being replaced with self-driving cars, powered by math and code only its engineers (supposedly) understand.
* Soon our personal assets will be governed by the blockchain, another technology understood and exploited by its administrators (and their scammer buddies).
It's a classic hustler and cult-leader tactic. The less someone understands, the easier it is to fleece them.
Deleted Comment
I don't think anything has changed since those days.
I think part of the problem has got to be that non-experts cannot judge how good a security solution is, so local governments are ill equipped to view it with a skeptical eye. There might also be in some way a downside of federalism here - if the states pooled more resources perhaps they would be able to solve the problem once instead of 50 times.
Then again, in the bush election the judiciary decided floridas votes and not a peep was heard. American poltical machinery is far from perfect
I'd guess that 50+% of 3rd world leaders are supported by some foreign government financially or militarily which keeps them in power.
But yes, it doesn't feel good when a foreign government tries to pick a winner in our elections.
No, I do not think those are remotely equivalent.
I believe this is the most up-to-date publication on the subject: https://cse.sc.edu/~buell/Public_Data/2019_VotingMachines.pd...
I would also recommend the documentary "I Voted" (https://www.imdb.com/title/tt4081950/).
These aren't about the 2016 election in particular, but it would seem that there is strong evidence that the security practices in place by many US states are inadequate, and there is often no "paper trail" to verify that results were tallied accurately after the fact if a recount is needed.
Considering the poor security, if the 2016 election was targeted, it is likely that the attacker(s) succeeded.
> The "actors" performed their research "in alphabetical order by state name," the bulletin states, "suggesting that at least the initial research was not targeted at specific states." The research focused on Secretary of State voter registration and election results sites, but it also drilled down on some local election officials' webpages. As they accessed sites, actors "regularly attempted to identify and exploit SQL database vulnerabilities in webservers and databases."
Voter registration information is public (although not technically to Russian citizens!).
Visiting the front end websites of the state election authorities and attempting SQL injection on the web forms is not what some downthread are calling a military attack.
However, I think it’s great to be sent such a wake up call in the form of a “tap on the shoulder” because these systems should be heavily monitored and better protected.
The true election systems should require feet on the ground to compromise in any form. And they should not be electronic without a proper auditable paper record.
If your party is the minority (in votes, not representatives), but you need votes to win, gerrymandering, vote suppression, unaccountability, and fraud are all welcome tactics. Majority party does it too, but doesn’t rely on it quite as much
However, what happen in North Carolina was 1) ballot harvesting 2) alteration of the harvested ballots. They picked up the ballots and then changed the ballots they collected
Did that happen in California?
There are other kinds of fraud that are pervasive (like harvesting absentee ballots and modifying/discarding them) and those should be policed, but voter ID laws historically do literally nothing except punish people who don't have access to ID - like people whose birth certificates burned up in a fire, or people whose nearest DMV office is hours away.
We have decades of evidence that voter ID is a waste of time and money. It has one very obvious reason. It also seems to be pretty close to illegal, if not illegal.
Both will easily flip on war, justice, tax reform, voting, etc. as needed.
Part of the problem is it's easy to complain and spitball ideas when you're out of power, it's a lot more complex to gain consensus and implement policy when you're in power.
Unfortunately there is no way that Republicans would agree to it. I don't know if Democrats would or not.
> Russian cyber actors in the summer of 2016 conducted online research and reconnaissance to identify vulnerable databases, usernames, and passwords in webpages of a broader number of state and local websites than previously identified
This makes it sound like just election-related state websites.
> a Russian campaign seeking vulnerabilities and access to election infrastructure
For me, the term "Election infrastructure" sounds like it would include voting machines, voter registries, vote counts, etc.
They do not list the numerous internal attacks that were reported too. These actually modified the votes. These votes can only be changed via physical access. But this is probably not politically interesting, and it involves corrupt staff members and such.
I have been following a lot of this kind of security news. But let's follow the money. Homeland security has already prepared a plan to take over the election system in all states (from before 2016). It seems to me that these accusations are used to push to take over the voting system.
Such a change would theoretically be good, but who watches the watchers? And why does DHS not report on the internal problems that actually changed votes?
The idea that our election infrastructure is "targeted" is scary but not very surprising. Every web server on the internet is "targeted", so why wouldn't something as valuable as election infrastructure?
Like, okay? Here's my state's website. Have fun?
https://www.michigan.gov/sos/0,4670,7-127-1633-49313--,00.ht...
Reports of attacks that aren't repelled corrodes trust in the integrity of elections. http://time.com/5510100/risk-limiting-audit-election-securit...
I guess this is what I'm asking. Were the attacks repelled, or did the hackers actually hack/break/change something? What was that thing? I'm genuinely asking.