• Now's your chance win big! Join our community and get entered to win a RTX 2060 GPU, plus more! Join here.

    Meet Stan Dmitriev of SurrogateTV on the Pi Cast TODAY! The show is live August 11th at 2:30 pm ET (7:30 PM BST). Watch live right here!

    Professional PC modder Mike Petereyns joins Scharon on the Tom's Hardware Show live on Thursday, August 13th at 3:00 pm ET (8:00 PM BST). Click here!

News DARPA Wants to Prove Secure Voting Hardware Is Possible

Aug 6, 2019
18
8
15
0
They can secure the systems all they want, but as long as people still run the process there's always a security risk.

That being said, you can't run the process without people, and it only takes 1 person to fudge everything up.
 
Reactions: bit_user

Math Geek

Champion
Ambassador
i don't see any reason to take it online. works fine the way it is. i am a poll worker in VA and keeping everything offline keeps it very secure. complete paper trail as multiple devices keep counts and can quickly be crossed checked. in fact it's done every hour to ensure all the numbers match as far as voters checked in, ballots handed out, ballots cast and actual ballots used!! takes 5 minutes every hour to do.

we phone in the results at the end of the night after everything has been counted and verified. the results will be on the news within 10 minutes after we phone them in. it really does not need to be any faster than that and can't be tampered with.

we've seen attempts to tamper out of some states last few elections and the paper trail made it rather easy to identify the attempts and who did it. putting things online, makes it more vulnerable, easier to hide and much harder to figure out what happened later on.

somehow, the political BS being spread as a losing candidate pretends it was somehow voter fraud, has worked its way into the real world and for whatever reason, some people are actually trying to "secure" something that is already secure. not sure what the end game is, but it almost seems like the idea is to actually make it less secure so lots of doubt and conspiracy theories can be thrown around easier.
 

Math Geek

Champion
Ambassador
which has nothing to do with the voting system itself. if that's the concern, then look at that problem and come up with solutions.

won't fix that problem messing with the voting booth.
 

TJ Hooker

Glorious
Ambassador
@Math Geek who said anything about "taking it online"?
somehow, the political BS being spread as a losing candidate pretends it was somehow voter fraud, has worked its way into the real world and for whatever reason, some people are actually trying to "secure" something that is already secure. not sure what the end game is, but it almost seems like the idea is to actually make it less secure so lots of doubt and conspiracy theories can be thrown around easier.
This isn't some crazy conspiracy theory. E.g. the bipartisan Senate intelligence committee report states "Russian cyberactors were in a position to delete or change voter data" in an Illinois voter database. They didn't find any evidence that they did so, but the fact they were able to achieve that sort of access is obviously troubling.

If you want some examples of vulnerabilities in current voting machines, they talk about it in the report starting at page 40.
https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf
 
Reactions: bit_user

bit_user

Splendid
Ambassador
i don't see any reason to take it online. works fine the way it is. i am a poll worker in VA and keeping everything offline keeps it very secure.
Voter registration is kept in databases, which can be hacked. The Mueller Report identified several known cases where hackers accessed voter registration databases, and of course there could've been other cases we don't know about.

So, what can you do with a voter registration database? You can scrape data, to be used in targeted advertising (either convince swing voter to vote for your candidate or convince likely dedicated opposition voters to stay home - Cambridge Analytica's psychometric profiling also helps with this). You can kick someone off the roles, if they have an opposing party affiliation, or perhaps fiddle with their address so their normal voting precinct turns them away.

somehow, the political BS being spread as a losing candidate pretends it was somehow voter fraud, has worked its way into the real world and for whatever reason, some people are actually trying to "secure" something that is already secure. not sure what the end game is, but it almost seems like the idea is to actually make it less secure so lots of doubt and conspiracy theories can be thrown around easier.
We have documented evidence, from multiple states, of attempted and possibly successful tampering with the voting system. It must be taken seriously. You don't wait until your PC gets infected with a virus to install an anti-virus program and you don't wait until your country gets invaded to establish a military. How much proof do you need of foreign (or domestic) hacking, before you're willing to accept that election security needs to be improved?

Paper voting systems require more work to hack, but they're not as inherently secure as you suggest. Ballots can be forged, ballot boxes can be stuffed, and paper ballots can be prematurely destroyed (didn't this just happen in a House election that had to be re-run?). Machines doing the counts can also be tampered with. Even if they're offline, they're probably not invulnerable to a stuxnet-type hack.

Wouldn't you agree that a voting system which relies on cryptographic techniques to ensure that any tampering with a registration database is detectable and ensures the authenticity of each ballot (while respecting privacy) is a good thing? Your voting system might be good, but it could probably be better. It's surely not immune from malevolent administrators or workers, even if attacks by such individuals aren't trivial feats. The stronger the system, the more faith we can have in it. Isn't that what we all want?
 
Reactions: TJ Hooker

bit_user

Splendid
Ambassador
which has nothing to do with the voting system itself. if that's the concern, then look at that problem and come up with solutions.

won't fix that problem messing with the voting booth.
Actually, I'd submit that election security should not depend on faith in the administrators.

Just like crypto-currencies don't depend on faith in the counter-parties of your transactions, we should use robust voting systems that are resilient to attacks and mistakes by both external entities and insiders.
 
Reactions: TJ Hooker

Olle P

Distinguished
Apr 7, 2010
618
31
19,040
23
Is it technically possible to make a secure voting system?
Probably.

Is it advisable to trust a system made by somebody else?
Not at all!
 
As long as they want it on a computer it cannot be totally secure. You can do a lot to mitigate issues from outside influence, but physical access to the machine is still absolute access and all you need is a sleeper agent to mess things up.
 

dorsai

Honorable
Secure voting isn't the issue...it's what happens after the voting that's the issue. Accurate vote reporting by partisan voter officials and who has access to the hardware and the vote tallies before and after the vote is the issue.

I trust hardware a lot more than I trust voting "officials" in todays partisan environment where votes disappear, don't get counted, or are declared invalid after someone stuffs them in their car trunk...I'm looking at you Florida
 

bit_user

Splendid
Ambassador
Is it technically possible to make a secure voting system?
Probably.

Is it advisable to trust a system made by somebody else?
Not at all!
You do this all the time.

And, due to its fundamental importance, that's all the more reason the system should be open and transparent!

I hate to sound like a broken record, but crypto currencies are a perfect example. Anyone can download and inspect the bitcoin source and even setup their own node, but that doesn't mean they can compromise it.
 
Reactions: TJ Hooker

bit_user

Splendid
Ambassador
As long as they want it on a computer it cannot be totally secure. You can do a lot to mitigate issues from outside influence, but physical access to the machine is still absolute access and all you need is a sleeper agent to mess things up.
That's why auditability is so important. A crypto chain would enable anyone to go back and check whether there was tampering at any point.

Using the example of crypto currencies, an exchange or your wallet can get hacked. So, the policies and procedures around the system cannot be overlooked. But you can't have a secure system without a robust foundation - whether paper-based or not.
 
Reactions: TJ Hooker

ASK THE COMMUNITY

TRENDING THREADS