> Konnech distributes and sells its proprietary PollChief software, which is an election worker management system that was utilized by the county in the last California election. The software assists with poll worker assignments, communications and payroll. PollChief requires that workers submit personal identifying information, which is retained by the Konnech.
I'm so very tired of proprietary software made by tiny little outfits being critical to elections.
in my previous/previous/previous career I was heavily involved with various states election systems (juicily enough starting in hanging chads Florida). The field is full of tiny little outfits AND huge consultancies (Accenture in my personal example) doing stuff. The quality varies tremendously from amazing to amazingly atrocious. When I did all this work the cloud was not yet a big thing so no servers were provisioned in anything other than well known data centers, but it's you get what you pay for. Since it's secretaries of state paying for some, and then tons of random counties paying for some others, these are not incredibly lucrative contracts, and it does attract just random small software firms.
I wonder what an ideal solution might look like. I kind of envision the Federal government funding a small organization overseeing an open source "election software" system, which would be run on some sort of well-defined stock hardware. The government would periodically pay for the hardware and software combination to be audited against a variety of attacks. The machines would produce standardized audit logs, published as openly as possible (someone smarter than me should figure out whether it's safe or good to publish the times or votes or the votes themselves. I'm leaning towards yes to both, but I'm concerned that you could figure out someone's vote if you knew the timestamps of the individual votes). Security researchers could purchase the hardware, install the software on it, and analyze it on their own. Then you'd do the same thing for the vote tabulators or whatever hardware and software exists asides from the voting machines themselves.
Then I think about what might look like a nice halfway point. Voting machine software is still written by companies, but we require that all software running on a voting machine be published and hermetically reproducible. They don't have to take pull requests, they still own it, but we should be able to open one up and be 100% sure that the software running on it is exactly what they've documented.
make it a highly promoted position in the space force. we did this with AEGIS stuff and the navy, as well as SPAWAR and SCC software, and it was generally quite successful. release early and often, and always AGPL3. consider pull requests to be a civic minded thing and recognize courageous and hard working citizens who find security bugs and flaws in the code.
I'm just tired of the rhetoric that 100% of such software is 100% unassailable and 100% utilized by 100% honest actors with 100% honest motives, 100% of the time, and anything else is a "conspiracy theory."
Nobody believes this: there's a reason why DEF CON has had a voting village for years.
What people believe is that, in spite of numerous flaws in voting software, the integrity of the vote is not seriously in question. And there are good reasons for believing this: physical backups, consistency with exit polling and, well, the fact that no party in this godforsaken country has been able to hold onto the presidency for more than 2 terms in nearly 30 years.
Oh, I agree that elections are not 100% unassailable. In fact, I strongly believe that they are being assailed. Mostly through voter suppression and disenfranchisement.
A good example of this is when the state tells you that you can vote, and then arrests you and charges you with voter fraud, because you actually can't. [1]
Or, alternatively, when the state bars you from voting until you pay all outstanding court fees and fines, but also refuses to tell you whether or not you actually owe any outstanding court fees or fines.
You can't have a free and fair election when you secretly disqualify people from voting, but refuse to tell them that until after they vote.
This is a kind of strawman fallacy. You're starting with an argument (of the form "this particular idea about election software is a conspiracy theory"), and then pretending that it was actually an argument for the maximal refutation of the original, which you then show to be "wrong". But that's not an argument in favor of the original contention!
No one serious argues that election management systems are bug free or that their operators can't possibly make mistakes. We're just saying that nothing has broken yet.
Can you point to a single person who has asserted even one prong of that supposed rhetoric? All anyone reasonable is saying, is if there's widespread or systemic wrongdoing, where's the evidence?
This particular role of the software doesn't sound particularly critical, in the sense that if it caught fire tomorrow, elections would still happen in the same way, maybe with more human labour involved on the planning side.
But sure, I agree that it's stupid to have every municipality and polity, down to the five mud farmers living in unincorporated East Mudsville, Nowhere figuring out how to do their elections in their own special way. Perhaps it would be good to look into how Elections Canada[1] does things?
[1] It has the unfortunate side effect of providing federal oversight over elections, which is not something that republicans seem to be interested in this year.
No this is false. Imagine if tomorrow all GOP poll workers were 'dismissed' due to a technical glitch and lo and behold a democrat one a formerly red district. Or vice versa.
This opens up the election to unnecessary allegations of fraud.
Unnecessary because of how simple this is to manage.
There is no evidence of "infiltration" here. The reality is that, in its march to privatize everything it can, the US government has incentivized a race to the bottom. If Chinese companies provide the cheapest services, then American data is going to end up on Chinese servers until the incentives are fixed.
Is this good? No. But it also isn't CCP infiltration; it's the logical consequence of trying to channel public money into private economies, public money that is meant to fund our most basic civic activity.
> it's the logical consequence of trying to channel public money into private economies, public money that is meant to fund our most basic civic activity.
Yes, and that logical consequence is being exploited by foreign governments. By "infiltrate" I mean "taking advantage of our shortsightedness," similar to how we ignorantly offshored pharmaceutical sourcing/production to China [1].
There's plenty [2] of loose threads that warrant my "only the paranoid survive" POV on stuff like this.
Hell, there's even a book that goes into detail about the strategy [3]:
> "If one party is at war with another, and the other party does not realize it is at war, the party who knows it is at war almost always has the advantage and usually wins.” And this is the strategy set forth in Unrestricted Warfare: waging a war on an adversary with methods so covert at first and seemingly so benign that the party being attacked does not realize it’s being attacked." - Qiao Liang
I'd buy what you're saying if it was nearly anything but servers. It's still not proof, but either the DA is using the wrong word (quite plausible) or it's very fishy.
Because of various implantation details it's inconvenient and expensive to operate servers in China if you don't need to. Even the IoT crap I've bought to disassemble on AliExpress phoned home to us-east-1.
To be fair, this is probably a guy going to jail because he used a text message sending API that used tencent cloud somewhere in their backend or something...
I wish that were true but considering his ties, expertise, and the general theme of his patents I'd say that's a naive interpretation. That said I certainly hope you're right and I only say "naive" to discourage people shrugging it off as a nothing burger.
> Update, Oct. 5: After this article was published, the chief executive of Konnech was arrested on suspicion of theft of personal information about poll workers.
That is the most bullshit "update" I have ever seen. NYT shouldn't just "update" that article, they should issue a retraction and a major apology, and fire people involved with the story. Maybe if the update had said this I'd be OK with it:
> Update, Oct. 5: After this article was published, the chief executive of Konnech was arrested on suspicion of theft of personal information about poll workers. Prosecutors asserted that the chief executive had poll worker information stored on servers in the People's Republic of China, which in our original article we disparaged as an "unfounded conspiracy theory", and the statement in our article, "It said that all the data for its American customers were stored on servers in the United States and that it had no ties to the Chinese government." is likely totally false.
>Using threadbare evidence, or none at all, the group suggested that a small American election software company, Konnech, had secret ties to the Chinese Communist Party and had given the Chinese government backdoor access to personal data about two million poll workers in the United States, according to online accounts from several people at the conference.
> In the ensuing weeks, the conspiracy theory grew as it shot around the internet. To believers, the claims showed how China had gained near complete control of America’s elections.
That part is still valid. And really we don't actually know what evidence the DA has or if the scope of the arrest warrant matches the theory. All they've said is that some data was stored in China.
I am from the East Lansing area and went to high school in Okemos. I know both communities very well. I've spent 30 years in developer and founder circles and never knew a single person from this company. The company's original headquarters is near my old high school in what was once a lumber yard. They were getting ready to move into an old department store that is owned by the city of East Lansing.
This company was exceedingly good at getting money from both the local economic development people as well as the state. Told someone today that I felt like I was in the middle of a spy novel ;<).
It is also the first time to my knowledge the little village of Okemos was ever mentioned in the old grey lady (aka NYT).
"Konnech was required to keep the data in the United States and only provide access to citizens and permanent residents but instead stored it on servers in the People’s Republic of China."
I think we'll soon learn that his ties to China run far deeper than simply storing data.
You can't just accidentally create resources in one of AWS's mainland China regions. ap-east-1 in Hong Kong, maybe, but the AWS china Beijing and Ningxia regions are not just a misclick away.
Yet my voter records are public with my name, address, and phone number. Curious. Also the DMV sells my information. Also the post office forwards my information to companies who have my previous address when I file a change of address form. Also my property records are public.
I would love if the government gave me the ability to opt out (or better, opt in) to these practices. They are a huge source of data leaks.
35 states do have some kind of program for protecting addresses if you are at risk of stalking, DV etc. See https://www.sos.wa.gov/acp/about.aspx for an example and the 35 state number.
The USPS sent my phone number to scammers as soon as I signed up for SMS package notifications. I'm hoping the FTC cares enough to investigate my report...
those USA records are huge sources for local law enforcement, credit card companies, anyone in consumer credit, private detectives, insurance industry and more.. anyone with property is being tracked since the 1960s at least. You just didnt get the memo.
Just a note to you and the other commenter with a similar comment, they said “counties”, not “countries” and linked to a piece about a county in the US.
Readit News
I'm so very tired of proprietary software made by tiny little outfits being critical to elections.
Then I think about what might look like a nice halfway point. Voting machine software is still written by companies, but we require that all software running on a voting machine be published and hermetically reproducible. They don't have to take pull requests, they still own it, but we should be able to open one up and be 100% sure that the software running on it is exactly what they've documented.
It's closed source and they've fought FOI requests to get access.
All we have been able to find out is that it's written in visual basic 6.
https://www.theguardian.com/world/2014/jul/04/aec-threatens-...
What people believe is that, in spite of numerous flaws in voting software, the integrity of the vote is not seriously in question. And there are good reasons for believing this: physical backups, consistency with exit polling and, well, the fact that no party in this godforsaken country has been able to hold onto the presidency for more than 2 terms in nearly 30 years.
A good example of this is when the state tells you that you can vote, and then arrests you and charges you with voter fraud, because you actually can't. [1]
Or, alternatively, when the state bars you from voting until you pay all outstanding court fees and fines, but also refuses to tell you whether or not you actually owe any outstanding court fees or fines.
You can't have a free and fair election when you secretly disqualify people from voting, but refuse to tell them that until after they vote.
[1] https://www.clickorlando.com/news/local/2022/08/27/2-people-...
No one serious argues that election management systems are bug free or that their operators can't possibly make mistakes. We're just saying that nothing has broken yet.
Dead Comment
But sure, I agree that it's stupid to have every municipality and polity, down to the five mud farmers living in unincorporated East Mudsville, Nowhere figuring out how to do their elections in their own special way. Perhaps it would be good to look into how Elections Canada[1] does things?
[1] It has the unfortunate side effect of providing federal oversight over elections, which is not something that republicans seem to be interested in this year.
This opens up the election to unnecessary allegations of fraud.
Unnecessary because of how simple this is to manage.
> District Attorney investigators found that in contradiction to the contract, information was stored on servers in the People’s Republic of China.
It's shocking how effective the CCP has been at infiltrating Western governments and institutions.
My favorite turn to date has to be Charles Lieber from Harvard [1]. He's got some fun patents [2] floating around.
[1] https://www.justice.gov/usao-ma/pr/harvard-university-profes...
[2] https://patents.google.com/patent/WO2015199784A2/en
Is this good? No. But it also isn't CCP infiltration; it's the logical consequence of trying to channel public money into private economies, public money that is meant to fund our most basic civic activity.
Yes, and that logical consequence is being exploited by foreign governments. By "infiltrate" I mean "taking advantage of our shortsightedness," similar to how we ignorantly offshored pharmaceutical sourcing/production to China [1].
There's plenty [2] of loose threads that warrant my "only the paranoid survive" POV on stuff like this.
Hell, there's even a book that goes into detail about the strategy [3]:
> "If one party is at war with another, and the other party does not realize it is at war, the party who knows it is at war almost always has the advantage and usually wins.” And this is the strategy set forth in Unrestricted Warfare: waging a war on an adversary with methods so covert at first and seemingly so benign that the party being attacked does not realize it’s being attacked." - Qiao Liang
---
[1] https://www.nbcnews.com/health/health-care/u-s-officials-wor...
[2] https://www.businessinsider.com/china-houston-consulate-docu...
[3] https://www.amazon.com/Unrestricted-Warfare-Chinas-Destroy-A...
Because of various implantation details it's inconvenient and expensive to operate servers in China if you don't need to. Even the IoT crap I've bought to disassemble on AliExpress phoned home to us-east-1.
Dead Comment
https://www.nytimes.com/2022/10/03/technology/konnech-electi...
> Update, Oct. 5: After this article was published, the chief executive of Konnech was arrested on suspicion of theft of personal information about poll workers.
> Update, Oct. 5: After this article was published, the chief executive of Konnech was arrested on suspicion of theft of personal information about poll workers. Prosecutors asserted that the chief executive had poll worker information stored on servers in the People's Republic of China, which in our original article we disparaged as an "unfounded conspiracy theory", and the statement in our article, "It said that all the data for its American customers were stored on servers in the United States and that it had no ties to the Chinese government." is likely totally false.
Deleted Comment
Unreal that they published this.
That part is still valid. And really we don't actually know what evidence the DA has or if the scope of the arrest warrant matches the theory. All they've said is that some data was stored in China.
This company was exceedingly good at getting money from both the local economic development people as well as the state. Told someone today that I felt like I was in the middle of a spy novel ;<).
It is also the first time to my knowledge the little village of Okemos was ever mentioned in the old grey lady (aka NYT).
Here's how local media covered the story: https://www.lansingstatejournal.com/story/news/2022/10/05/ea...
I think we'll soon learn that his ties to China run far deeper than simply storing data.
I would love if the government gave me the ability to opt out (or better, opt in) to these practices. They are a huge source of data leaks.
https://news.ycombinator.com/item?id=33050320
https://safeguarddefenders.com/en/blog/230000-policing-expan...
This is going to be fun...