Attacking Researchers Who Expose Voting Vulnerabilities

Researchers found voting-system flaws in New South Wales, and were attacked by voting officials and the company that made the machines.

Posted on April 9, 2015 at 6:45 AM • 32 Comments

Comments

ThothApril 9, 2015 7:04 AM

At least the researchers are still safe and resting instead of having their house doors kicked down by Anti-Terror teams armed with assault rifles, flashing lights and ballistic shields or being silenced by snipers on the pavement or reputations destroyed by some kind of phony lawsuit.

If they were in South East Asia, Near East, Asia, Africa or some other tyrannical regime realms, the consequences would have been worse.

ThothApril 9, 2015 7:06 AM

On a hindsight, I wonder if more countries would start to prevent access to vulenrable scanning tools and web portals like Qualys SSL testing suites and to the extend of totally prohibiting unauthorized security research (as it is deem a National Security Threat) ?

Martin WalshApril 9, 2015 9:01 AM

Wasn't Thomas Edison's first invention a voting machine? And nobody wanted it because it improved the accuracy of the process.

albertApril 9, 2015 10:15 AM

IIRC, in the 2000 prez elect, Ohio had major problems with the Diebold machines. (The Diebold CEO was a personal friend of the Bushes). During the kerfuffle, past studies were brought out to show that exit polls were shown to be consistently accurate to within 1-2%, yet the results in some counties showed a Bush margin of several percent, much higher than the exit polls, which had him losing.
.
Put that (easy rigging) in the mix, along the Supreme Courts absurd rulings, and you got a tossed election.
.
'Secure' voting machines are a myth. When will Americans wake up and see these elections for what they are: pure entertainment, like 'professional' wrestling.

65535April 9, 2015 10:36 AM

This a hot button issue!

Once the internet is converted into a weapons platform and spy machine with Quantuminsert, Quantumbot and other various “injection mechanisms” all manner of shenanigans can occur – including vote-rigging.

By chance or not, these 'National Security' internet injectors could or already have helped certain powerful people remain in power. Votes could be switched, polls could be manipulated, the media could be fooled and democracy destroyed – all in the name of ‘National Security’.

It’s quite clear that attacking Researchers who find these Voting Vulnerabilities could become a major target of attack, or sign of a storm brewing on the horizon.

If internet vote rigging were proven it would crack the foundation of our elections systems. No one would trust the voting system again and a huge backlash could occur.

We need to control so-called 'National Security' apparatus to provide reasonable security against real wars but does not supersede Judicial and Congressional authority via secret spending and secret search and destroy powers.

Currently, invoking the word ‘National Security’ is the trump card to hoodwink every Judge and lawyer. This must stop now.

The people should control the government and by extension the military – not the other way around. We should not pay for a weapons system that is turned against us. Don't let them point the cannon at your family or mine.

EvilKiruApril 9, 2015 10:55 AM

@Martin Walsh: The problem with Edison's vote recording device wasn't that it improved accuracy. The problem was that it sped up voting, leaving no time for filibustering or trying to sway others to vote your way. Source: http://edison.rutgers.edu/vote.htm.

anonApril 9, 2015 11:14 AM

If the diebold / bush criminal conspiracy to subvert our elections is clearly shown by such unusual deviations from exit polling, then why are they not brought up on charges of vote manipulation and treason? We need to fucking ban electronic voting. It's beyond mentally incapacitated.

If the feds won't do it, then this demands some sort of citizens arrest. Seriously fucked up.

TomboyApril 9, 2015 11:20 AM

Could we please reserve words such as attacks for actual attacks? Physical, electronic, reputational, legal, you name it -- anything really, but not mere criticism, no matter how scathing and unjustified it may be.

EvilKiruApril 9, 2015 11:26 AM

@Tomboy: The reaction from the election officials wasn't criticism, it was attempted character assassination.

Clive RobinsonApril 9, 2015 1:35 PM

I feel sorry for the researchers who's reputations have been unfairly tarnished by self interested election officials.

Perhaps people should look carefully at where these election officials get various things... and ask when does the required impartiality of such a position become degraded to self interest or worse?

History shows that computerized electronic voting is very vulnerable especially to "insider attacks" and if people want to look back far enough on this blog they will see I thought up a way to turn an external attack into an insider attack, that could cross air gaps and get around "locked storage room" security.

I did this some time prior to the apperance of what we call Stuxnet, which used almost exactly the same infection route I had identified.

Thus it is very safe to assume that there are those in the non-elected side of US and Israeli Governments that know how to "fix" the election to get the elected officials and administration if they so wished. Whilst they might not wish to use it at home, it's more than clear that both the US and Israeli Foreign Policy objectives is to control who runs other countries. So I would expect such activities to become the norm if not presently but in the future.

And compared to the normal election campaign costs that in the US now run into several billion dollars a few million puting the fix in on the electronic voting equipment and it's related standards is dirt cheap in comparison.

Oh and as has been noted before, take a long carefull look at the political alliance of those who own or back financialy the voting machine companies, it tells a tale in it's own right.

As a number of people have said in the past there realy needs to be full open design not just of the equipment but all parts around them, including the vulnerable Internet Standards etc.

Voting is primarily about the open process that is easily verified by interested lay people, but with one exception the privacy of the individuals cast vote. This apparent conflict has been conflated with all sorts of other things often quite deliberatly when it comes to anything other than the simple paper ballot system. Many assume incorrectly it is a "cost" issue, after a few moments thought on the matter most with a security background will realise that the simplicity and transparency of the paper ballot system is going to be considerably less expensive than the cost of the required security measures for any electronic system.

We also need to realise as voters that no system is perfect, votes can always be rigged one way or another. Thus any system we use should be focused on easy oversight by lay people from start to finish. There should not be any "secrets" in the system be they company or otherwise if people are to trust such systems. We do not need "secrets" being used to hide what is primarily shoddy workmanship that contains faults by accident or design that others can exploit very very cheaply, for immense gain.

Thus along with transparancy the systems must be such that rigging an election must be not only easy to spot but importantly expensive to do and thus leave paper trails etc. The way to do this is to make individual votes expensive but the system cheap, which is what paper ballots err towards. Electronic systems however make the individual votes effectivly free, but the system expensive, thus strongly favouring fraud.

Tim!April 9, 2015 1:41 PM

Woah:

The chief information officer at the NSW Electoral Commission, Ian Brightwell, acknowledged the error, but said the risk of fraud was always present in any voting system, whether online or paper-based.

“Is it possible that one person’s vote could be manipulated? That is a chance. Is it possible that one person’s ballot paper could be lost? That is a chance,” he said.

“We acknowledged in our risk assessment that there’s always been the potential for the voting client to be corrupted and votes to be tampered with, we can’t do anything about that.”


http://www.theguardian.com/australia-news/2015/mar/23/nsw-election-result-could-be-challenged-over-ivote-security-flaw

Actually there is anything you can do about that sir.

EvgenijApril 9, 2015 2:13 PM

So how were researchers exactly attacked? I don't see anything in the article.

EvilKiruApril 9, 2015 2:32 PM

@Evgenij:

The Chief Information Officer of the Electoral Commission, Ian Brightwell, claimed Halderman and Teague’s discovery was part of efforts by “well-funded, well-managed anti-internet voting lobby groups,"...

evgenijApril 9, 2015 3:18 PM

open-source government is what we need, not electronic voting machines, and certainly not the goddamned NSA

ThomasApril 9, 2015 4:20 PM

I'm confused.

I thought the Australian internets were safe now that all our metadata was being recorded.

"It's not the people who vote that count. It's the people who count the votes"
- someone who may or may not have been Stalin

TreadmillApril 9, 2015 4:41 PM

Safer internets: KwikDesk is a platform that supports the discreet and secure movement of data. The founder, Kevin Abosch, a world-renowned visual artist created Kwikdsk as a conceptual art-project to facilitate the anonymous exchange of information through a website,[2] and as a response to trends amongst existing social media platforms. KwikDesk requires no login or password to use.[1] KwikDesk doesn't use cookies and doesn't track IP addresses.[2] Users set a date their submitted kwiks will self-destruct; either 24 hours, or 10 days. The Chinese version of KwikDesk was launched with the participation of human-rights activist and Tiananmen protest leader Wu'erkaixi.
https://en.wikipedia.org/wiki/Kwikdesk
If you are captured or killed the secretary will disavow any knowledge...

sd4fApril 9, 2015 11:56 PM

As a New South Welshman, I'm continually amazed at how often I found out about this stuff from American media, whilst over here, the two biggest scandals are a missing white woman, and a cricket commentator dying at age 84.

I seriously get the feeling that online voting could potentially create an undesirable situation in that first of all, it condenses information storage, meaning that the potential for one person to rig an outcome becomes possible, but also, rigging could reach the point of not being able to be scrutinised, in other words, if the vote was rigged, would it ever be found out?

As it is currently, the bulk of the votes are still people attending a polling booth and lodging their intentions meaning that the potential for abuse is still contained.

And just for the record, I've been one of the people who has counted votes in federal and state level elections in Australia. I'm very confident that the procedure, while not perfect, is really difficult to abuse, it's really limited to individuals going in and voting multiple times, this means that in order to successfully rig the election of just one candidate, the scale of the conspiracy would have to be very large, unless the electorate is on a really tight margin where few votes could determine the outcome, but that's difficult to predict in the first place.

The procedures are straight forward, and able to be understood by many. When it comes to digital security, well, understanding it is not something everyone will be able to process. This makes me sceptical of internet voting because it can't be scrutinised by anyone. Source code isn't open source, because private companies are trying to obtain contracts, whereas polling booth procedures are legislated and for all intents and purposes, open source.

DavidApril 10, 2015 12:56 AM

".... attacked by ... the company that made the machines"

What company? Which made what machines?

The EFF page to which you link doesn't mention machines. It does say that "iVote was designed to make it easier for disabled people, residents not in NSW during voting hours, and rural residents 20 kilometers away from a polling location to vote". That last bit was apparently lifted from the NSW Electoral Commission website, which also says "The iVote system is a form of voting using a telephone or the internet at a location of your choice".

The voter accessed the iVote website via internet (which is where the SSL vulnerability came in) from the computer or device of their choosing. (This caused a separate problem: it was not always clear to voters that they needed to scroll horizontally to see the entire virtual ballot paper.) The "voting machine" was supplied by the voter.

Yes, the NSWEC stupidly attempted to shoot the messenger about flaws in the system. Bit I have no idea whence you got the idea that some "company that made the machines" got in on the act.

lynxApril 10, 2015 3:08 AM

@Treadmill: "KwikDesk doesn't use cookies" you and wikipedia are wrong,
kwikdesk.com did send cookies to my lynx browser.

VanessaApril 10, 2015 3:19 AM

Right. It was an Internet voting system implemented by Scytl. Also available by phone or by polling-place computers (connected to the Internet). So there were no specific voting machines. And just for the record the company itself hasn't attacked anyone directly as far as I know.

Z.LozinskiApril 10, 2015 4:55 AM

@sdf4,
Absoloutely.

I'm strongly in favour of boring paper ballots, because the integrity of the process (and thus the result) is much easier to verify.

Here in the UK, we actually do verify elections in practice. The count for an election is performed by local government staff working overtime (as the actual counts are usually done over-night). In the UK, the local government authorities are responsible for organizing elections. Each of the candidates can bring scrutineers to the count. These are party workers for the main parties who have been up and down the streets canvassing. The counters sit on one side of a table, and the scrutineers stand on the other side. Ballot boxes are brought in, the seals are verified, they are opened. The ballot papers are then sorted into stacks per candidate, and then counted. When I was doing this, you had three pair of eyes watching this sorting, and so honest mistakes like the counter mistakenly putting a ballot in the wrong pile were easy to correct. Equally, there is the question of incorrectly completed ballots - are they valid votes or not? The counter will refer these to the scrutineers. Technically, the voter is supposed to make the mark inside the box next to the candidates name. What happens if the mark goes outside the box. This is a human judgement call, but is usually resolved on the principle "is the voter's intention obvious?" (Don't get me started on hanging chads ... ). Once the counting starts the scrutineers are checking the count is correct, and feeding the results back to the election agent. Since they know the areas involved, anomalies would be be flagged.

Sometimes (if they have enough workers) the parties will have monitors outside the individual polling stations. They ask people for their electoral number - *NOT* how they have voted. This is to manage canvassing to get out the vote during the day. However, these people are in a position to spot repeat visitors to polling stations.

One of the reason the system works is that many of the scrutineers are deeply, personally, committed to the process. Everyone wants their candidate to win, but many of them will be back at the next election and they don't want the process to be broken.

Now, this is not to say that the system is flawless. One of the recent issues was with postal votes which were block voted for one party. The "fraud that would disgrace a banana republic" according to the judge at the election court. One of the elections involved was delcared void, but I am disappointed we did not see prison sentences.

http://www.theguardian.com/uk/2005/apr/05/politics.localgovernment

Wasn't it Churchill who observed in the Commons "Democracy is the worst form of government, except for all those other forms that have been tried from time to time."

MarkHApril 10, 2015 9:46 AM

For what it's worth, where I live the election officials were uncharacteristically (for local government, that is) sensible, when switching to electronic voting machines ... this was maybe ten years ago, I don't recall now.

The machines themselves are kind of clunky, but usable.

But what's great about them, is that after a voter makes his/her selections, each machine prints a paper record of the vote, which is visible (but not accessible) behind a window. The machine then asks the voter to confirm that the paper record matches the vote. If they don't agree, the voter can cancel and restart, or raise an exception to the election supervisors; if the voter chooses to cancel, then the paper record is marked accordingly.

In this system:

• there is a paper record that can be used to audit any questionable or disputed vote tally

• discrepancies between the voter's choices and the paper record are visible to the voter -- even if only a small percentage are mismatched, the probability of detection is substantial

• an independent record of the number of votes (kept by election supervisors) protects against the voting machines either "losing" or "adding" votes

I like this system very much -- nothing is perfect, but I think it offers assurance at least as good as our previous paper ballot system.

If my government had established electronic voting without a voter-verifiable physical record, I would have resisted with extreme vehemence.

pedantic slayerApril 10, 2015 9:54 AM

Can we not all agree that software and systems are indeed a subset of "machines"?

"Machines are hardware" isn't exactly correct, considering the evolution of the meaning of the word "machine" and the old definition of having to contain moving parts already defunct.

Take out your Fan, is a desktop computer a "machine"?
electric > gates > code that controls electric > electric >.....


Bob S.April 10, 2015 9:55 AM

Technology marches on and so internet voting is coming, without doubt.

However, the oligarchy and big brother are here already. There is no better or cheaper way to buy elections and thus own the government than through fraudulent internet voting.

A few simple key strokes can add or subtract millions of votes. Done right, no one is the wiser.

So, it is essential voting technology is impeccably safe, secure and private. Obviously the heavy hitters will be working feverishly against honest voting.

I would guess our own government/military would want an opportunity to fix votes in foreign lands, too. Maybe right here in the USA.

Frankly, my vote is internet voting will be crooked to the core. Everywhere.

There is no way the elite will allow anything else. Hanging the messenger will be SOP, too.

dpApril 10, 2015 9:59 AM

@Z.Lozinski

Scottish elections use vote-counting machines for ballot papers. I'm sure they are just as accurate and faster, but they introduce a single point of vulnerability where there was none before.

Estonia not only does voting electronically but virtually all government interactions with citizens, using Bluefish Technologies SIMs - a company listed as a target of the NSA in the Snowden releases.

pedantic slayerApril 10, 2015 10:10 AM

@Bob S That is the salient point right there.

Verification by humans is needed. Oversight and verification of those verifying the vote count is also needed. Distributed network rather than a central point of control. Can't see any way around it.

Voting machines are a snake oil solution.

BriiiiiiiiiianApril 10, 2015 3:55 PM

When I started using my cell phone while in line to vote last year, a pollworker told me it was illegal for me to use my phone within a certain distance of the voting site. We argued. He said the cell phone ban was in place to protect me from people who might try to influence my vote. I said that made no sense, particularly given that I could have voted from home by mail without any such "protection." But let's assume there is merit in this cell phone ban law and ask, "If we all vote by internet, who will protect us from the people who would use the internet to influence our vote?"

sd4fApril 12, 2015 6:11 PM

@Z.Lozinski

Our election procedure is largely the same as in the UK. The only difference I can see is that when the polling booth doors close at 6pm, the election officials (just the ordinary workers who have been handing out ballots that day) manning that booth count the votes that night. These figures are mostly used for determining the outcome of the election, however, the votes are all then verified by the electoral commission in order to determine the official results, which are usually released a few weeks later. Obviously if there's a major discrepancy, then that would result in further investigation.

Mark WonsilApril 15, 2015 9:01 AM

One can have the most perfect voting system in existence and still have a rigged election. A powerful few can determine the results of an election and make it look like "democracy". I highly recommend reading "Choosing in Groups: Analytical Politics Revisited". If you don't feel like reading the book, you can get the idea on this podcast. http://www.econtalk.org/archives/2015/02/michael_munger_1.html

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.