Vote-hacking shitshow roundup

Cash-strapped states brace for Russian hacking fight:

In fact, some in the Capitol are trying to defund the 15-year-old federal agency that helps states and counties administer elections. The National Institute of Standards and Technology, which has three full-time staffers examining elections, would also see budget cuts in the pending congressional spending bills.

Three! A whopping three!

The biggest financial need is replacing voting machines. Flush with Help America Vote Act money in the early 2000s, states purchased new machines, with many opting for electronic touchscreen devices for the first time. But by now, 43 states rely on at least some electronic machines that are more than 10 years old, according to the Brennan Center.

"That kind of gear you usually figure should have a lifespan of eight years, maybe 10," said Menzel, of the Illinois election board. "Most of it's been running 10 years, maybe 12."

Moreover, election security experts say these aging machines are riddled with flaws, and warn that electronic devices that leave no paper trail make it impossible to check the results against a physical vote count. At least four competitive states in the 2016 election still used paperless electronic voting machines. [...]

Election security experts and many Democrats fear that all this deliberation will be for naught unless security advocates can persuade President Donald Trump to act.

"Any other Republican president might be easier to communicate with," said Rep. Mike Quigley (D-Ill.), a House Intelligence Committee member backing an amendment to restore EAC funding. "This one now believes any discussion about how the election was operated is through the prism of questioning the validity of the election. I desperately want to get past that."

Cybersecurity experts were blocked in their push to patch voting systems in 2016:

Their five-page list of recommendations focused on two gaping holes in the U.S. election system. It warned that internet voting by at least some citizens in 32 states was not secure and should be avoided. And, critically, it advised how to guard voting and ballot-counting machines that the experts knew could be penetrated even when disconnected from the internet.

But the list was stopped in its tracks. A year later, even as U.S. intelligence agencies warn that Russian operatives have their eyes on 2018 and beyond, America's more than 7,000 election jurisdictions nationwide still do not have access to those guidelines for shielding the voting process. [...]

A decade ago, when Congress tried to enact the most obvious solution to that problem -- a law requiring all electronic voting machines to have a "verifiable paper trail" -- state and local officials largely opposed it.

Beyond the voting machines themselves, other dangers lurk: Scott, of the Institute for Critical Infrastructure Technology, said his group warned NASS last year that bad actors were likely to try to infect vote-tallying equipment through vendors.

"We told them and we told them," he said. "We showed them two schematics of exactly where the attacks would come from" months before the election.

Russian Election Hacking Efforts, Wider Than Previously Known, Draw Little Scrutiny:

The assaults on the vast back-end election apparatus -- voter-registration operations, state and local election databases, e-poll books and other equipment -- have received far less attention than other aspects of the Russian interference, such as the hacking of Democratic emails and spreading of false or damaging information about Mrs. Clinton. Yet the hacking of electoral systems was more extensive than previously disclosed, The New York Times found. [...]

Intelligence officials in January reassured Americans that there was no indication that Russian hackers had altered the vote count on Election Day, the bottom-line outcome. But the assurances stopped there. Government officials said that they intentionally did not address the security of the back-end election systems, whose disruption could prevent voters from even casting ballots. [...]

The Russians shied away from measures that might alter the "tallying" of votes, the report added, a conclusion drawn from American spying and intercepts of Russian officials' communications and an analysis by the Department of Homeland Security, according to the current and former government officials.

The most obvious way to rig an election -- controlling hundreds or thousands of decentralized voting machines -- is also the most difficult. [...] Beginning in 2015, the American officials said, Russian hackers focused instead on other internet-accessible targets: computers at the Democratic National Committee, state and local voter databases, election websites, e-poll book vendors and other back-end election services.

Apart from the Russian influence campaign intended to undermine Mrs. Clinton and other Democratic officials, the impact of the quieter Russian hacking efforts at the state and county level has not been widely studied. Federal officials have been so tight-lipped that not even many election officials in the 21 states the hackers assaulted know whether their systems were compromised, in part because they have not been granted security clearances to examine the classified evidence.

The January intelligence assessment implied that the Russian hackers had achieved broader access than has been assumed. Without elaborating, the report said the Russians had "obtained and maintained access to multiple U.S. state and local election boards."

I can't believe I've been posting about the pathetic state of voting security for fourteen years now.

Previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , , ,

4 Responses:

  1. Dan Wallach says:

    If there's one thing I've learned, working on security for electronic voting machines since, roughly 2001:

    You know that whole "Internet time" thing? Where things happen really quickly? And we change the whole world by releasing a new piece of software? And some crazy research result in machine learning turns out to lead to self-driving cars and better language translation and all that?

    Yeah, whatever the opposite of "Internet time" is, that's how change happens in the world of voting.

    Previously / see also.

  2. PaulJBis says:

    Jon Stokes (former ArsTechnica) has been sounding the alarm about this for months. "The russians did not alter vote tallies? And... how can you be so sure?"

  3. Zygo says:

    I'm consistently amazed by the combination of how badly this gets fucked up, and how few fucks are given about it. Election procedures in America seem to be optimized for making scrutiny difficult or impossible. Worse, people seem to be afraid of questioning results even when they make no sense (like a machine's straightfaced return of a negative vote count) because being seen to follow the process is literally more important than the result.

    Canada votes on paper ballots. Our electronic voting machines (if we bother with them at all--they are only used in city elections so far) scan the paper ballots on the way into the collection box, and people count some of the paper anyway to make sure the machines aren't just multiplying rand() by a medium-sized signed integer. This isn't rocket science.

  4. James says:

    I can't believe I've been posting about the pathetic state of voting security for fourteen years now.

    The wrong people have been reading.

  • Previously