Election Security

I joined a letter supporting the Secure Elections Act (S. 2261):

The Secure Elections Act strikes a careful balance between state and federal action to secure American voting systems. The measure authorizes appropriation of grants to the states to take important and time-sensitive actions, including:

  • Replacing insecure paperless voting systems with new equipment that will process a paper ballot;

  • Implementing post-election audits of paper ballots or records to verify electronic tallies;

  • Conducting "cyber hygiene" scans and "risk and vulnerability" assessments and supporting state efforts to remediate identified vulnerabilities.

    The legislation would also create needed transparency and accountability in elections systems by establishing clear protocols for state and federal officials to communicate regarding security breaches and emerging threats.

Posted on February 23, 2018 at 6:11 AM • 62 Comments

Comments

Bauke Jan DoumaFebruary 23, 2018 6:40 AM


Great.
The world wishes the USA all the best on this historic path to becoming a true democracy.


bubba nustafaFebruary 23, 2018 7:03 AM

I like the dip finger in ink method to avoid multiple voting.
(of course I'm sure it discriminates against the poor and minorities in some fashion)

Clive RobinsonFebruary 23, 2018 7:15 AM

What's the odds of the current administration and Congress actually alowing such legislation to pass unmolested?

I fear that you are in effect "breaking rice bowls" and opportunists generally like an unrelated "Midnight amendment" or three...

It amazes me sometimes how the US legislative process actual manages to achive anything worth while these days without some lobbying organisation sticking their ore in.

supersaurusFebruary 23, 2018 7:38 AM

hard to believe grover norquist signed the letter. are tax cuts for the rich somehow implied?

odds of passing unmolested: vanishingly small. members of congress believe in the technology tooth fairy, never mind that a low tech solution (paper) could work better than something they are clueless about.

Papa Roberto February 23, 2018 8:40 AM

Doesn't matter if we cannot ID voters any election can be rigged. If you can't authenticate users your system will NEVER be secure.

Anon Coward in PAFebruary 23, 2018 9:10 AM

New voting machines won't be secure either. Here's something better:

(1) After polls close, use an ordinary video camera on a copy stand to videotape every hand-marked paper ballot as it comes out of the ballot box.

(2) Post the video and its checksum to the internet immediately.

(3) Publish the number of voters, the file size and its checksum in the local newspaper.

Once the video of every ballot is public, I don't care which hacked PC and scanner combination is used to tally at the polling place. Scan away.

Any interested party can write software to extract and tally ballot frames from the video file. Your bowling team could invent a drinking game and tally ballots under the influence. Eventually, semi-automated video analysis will be done before the official scanning is through. The end result is multiple independent (re)counts for free, every time.

Not bad for a $400 video camera/copy stand. You also don't have to buy, configure, secure, maintain and ultimately replace several $2,500 voting machines.

Impossibly StupidFebruary 23, 2018 9:54 AM

@Anon Coward in PA

(1) After polls close, use an ordinary video camera on a copy stand to videotape every hand-marked paper ballot as it comes out of the ballot box.

You have already failed. Anything hand-marked is going to potentially contain identifying information, either intentional or unintentional. Any information that gets released must be sufficiently anonymized to allow the voter to verify that they were counted, but at the same time give them plausible deniability when it comes to other people finding out how they voted. It's doable, but I'm not sure that, as a whole, our society is anywhere near sophisticated enough to adopt a real solution. I mean, hell, the US still does winner-takes-all elections despite being an almost evenly divided population between two parties that always run on empty promises they they are never accountable for.

Mike BarnoFebruary 23, 2018 10:05 AM

@ Clive Robinson :

It amazes me sometimes how the US legislative process actual manages to achive anything worth while these days...

In fact, it doesn't. If you review the laws actually passed by the 2017-2018 115th Congress ( https://www.congress.gov/public-laws/115th-congress ), you will see a small number of acts compared to many previous Congresses, and virtually none worthwhile. Almost all fit into three categories:

1) Naming or renaming of post offices and other Federal buildings.

2) Acts passed on party-line votes by Republicans that act against the public interest, often to the benefit of the party's major donors, such as reversing previous laws or executive orders that were meant to reduce pollution, fight corruption, stop abusive corporate behavior, keep citizens healthy, prevent discrimination against racial/ethnic/gender groups, collect scientific data to better understand problems, or protect public lands for future generations.

3) Acts designed to provide "fig leaf" cover to make Congressmen appear to be taking action desired by the public, while actually failing to address root causes of problems and providing loopholes to ensure donors' continuing profitability.

Mike BarnoFebruary 23, 2018 10:20 AM

@ Clive Robinson :

To follow up on the above, there is only one law passed by the 115th Congress that will deliver benefits for millions of citizens, and it clearly falls into category 2: the tax "reform" bill that gives a trillion-dollar boon (over a decade) to the top few percent of earners (via individual income tax reduction) and business owners (via corporate income tax reduction). The rest of us get tiny tax reductions and have to hope for higher wages and more job opportunities, while the Fortune 500 largest companies are passing an average of just six percent of their tax savings to their employees. Countering those benefits are probable inflation, almost certain reduction of public services such as Medicare/Medicaid, and a huge debt load whose interest costs will dominate the Federal budget and pass an insolubly huge problem to the next generation.

keinerFebruary 23, 2018 10:21 AM

@Mike Barno

"2) Acts passed on party-line votes by Republicans that act against the public interest, often to the benefit of the party's major donors, such as reversing previous laws or executive orders that were meant to reduce pollution, fight corruption, stop abusive corporate behavior, keep citizens healthy, prevent discrimination against racial/ethnic/gender groups, collect scientific data to better understand problems, or protect public lands for future generations."

That's exactly what orange guy was elected for. Are you really surprised?

Not in 100 years will this law pass, nor will garrymandering end or other conservative election hacks. You are basically lost. Buy a gun or become a teacher and get one for free (together with a sniper in-3-weeks course, of course).

Dan HFebruary 23, 2018 10:50 AM

@Mike Barno @keiner

"2) Acts passed on party-line votes by Republicans that act against the public interest,"

Like Democrats passing BarryCare without knowing what was in the Bill? Remember Pelosi's famous comment to pass it so we can find out?

As far as taxes go...
45% pay no US federal income tax.
Approx 85% of the taxes are paid by the Top 20% of wage earners.
Approx 15% of the taxes are paid by the Top 21-50% of wage earners.
Less than 2% of taxes are paid by the Bottom 50% of wage earners, but they paid 12% in the 70s.

"fight corruption,"

You don't honestly believe Hillary and Bill are not corrupt?

Matt from CTFebruary 23, 2018 10:59 AM

>Here's something better:
>
>Not bad for a $400 video camera/copy stand.

And that's your fail.

You would have competing videos posted purporting to be the true ballots being counted, perhaps with some nice video forgery with newer technologies.

Multiple groups trying to conduct their own counts to "verify" is not the land of the trust-but-verify, but instead the land of paranoia and propaganda.

>Anything hand-marked is going to potentially contain identifying information

Connecticut has adopted a scanned paper system. Overall it's not a bad system and an improvement in most respects from the previous machines*.

There are three material weaknesses towards privacy that are clear in it -- we no longer have booths but tables with paltry privacy screens, most folks do not use the privacy "sleeves" (a file folder you can conceal your ballot in until inserting it), and the machines presumably record the votes in order they placed in the machine (and/or stack the ballots inside in order received) -- thus subject to possible surveillance by security cameras, etc., and cross-indexing.

Of course many left wing partisans in the U.S. no longer believe in privacy, as they want to encourage mail-by-vote schemes where anyone can intimate anyone else over a kitchen table with how to fill out the ballot, and the same risks of recording the order ballots are removed from the outer envelopes. Sometimes assisted by fiscal conservatives who don't want to fund the privacy protections afforded by maintaining actual voting booths anymore.

*The history of machine voting, in turn, goes back to 1920-30s era America when rural dominated, Republican legislatures in places like New York & Connecticut adopted them in what I believe was primarily an effort to screw with Democrats in political-machine controlled cities; not that it would help the Republicans but it screwed with the ballot-stuffing efforts of one Democrat against another. And when I say rural dominated, we're not talking the natural Republican advantage today created by Democrats packing themselves into urban areas, but a situation in Connecticut where something like 16% of the population elected 90% of the legislators.

hmmFebruary 23, 2018 11:25 AM

Dan H

"Less than 2% of taxes are paid by the Bottom 50% of wage earners, but they paid 12% in the 70s."

Are you truly unable to see how massive runaway money at the top end would affect this?

Jesus, learn some basic math please...

"Barrycare" is that how you describe Mitt Romney's MA health plan? Learn to read please.

Pelosi was correct in noting that nobody knew exactly how every aspect would shake out once implemented - Go figure, dishonest soundbite-based-intellects turned candid if clumsy words into an undefined problem that they can't actually point to in the legislation.

Nobody mentioned Clintons, we were talking about Congress and what they accomplished or refused to. Apparently it's just too difficult for you to keep on the topic or even know what it was without your full-throated defense of selling out to the richest 1% and multinational corporations, a massive giveaway without even a PLAUSIBLE means of paying for itself as Republicans have at least facially lied about constantly over the years. They barely even tried this time - because they didn't have to, their flock doesn't fact check. They only fact deflect. Fact checking is their enemy.

https://www.nytimes.com/2018/02/10/opinion/sunday/republicans-deficit-debt.html

As far as taxes go, you really can't twist in the wind and pretend this was anything but a massive giveaway of public money to multinational corporations and the ultra-wealthy. There's no other possible reading of that, even by morons intent on any other reading. In fact it's implausible that you'd defend it if you knew anything about it, really.

Because it's clear you're not billionaire material, just their caddy at best.

It's just another kick of the can, another move of the goalposts, from the so-called "Family values" and "balanced spending" party that has never been able to play by its own rules or even rudimentarily follow its own stated values that they love to enforce on everybody else. Of COURSE they gave away HALF of the corporate tax rate. I'm a little surprised the full-turncoat traitors didn't give ALL of it away! That's been their John Birch Society ideal for longer than I've been alive.

A few quite obviously are willing to suffer full treason and disgrace of our national offices to get those tax cuts, and those doled out a few crumbs (1,000 per worker? Fight over your crumbs, slave!) while putting future generations of children on the hook for a massive increase in the debt/deficit.

That is, unless they're born into Republican real-estate fraud families, they don't need to show how much of their taxes they actually pay because they're "special" right? Laws don't apply to them.
*(Until Mueller applies them of course...)

Maybe we'll all get back to discussing how ineffective this corporate giveaway and nothing else Congress has been in accomplishing any meaningful reforms in any sector, as you find the "new nepotist movement" and counter-mission sabotage in each bureau "refreshing" in a Grover Norquist kind of way.

http://thegreatrecession.info/blog/wp-content/uploads/IncomeGrowthRates1948-2005-1024x768.png
- Work on that Stockholm syndrome Dan, it's getting ridiculous.

AnuraFebruary 23, 2018 12:18 PM

@Dan H

Like Democrats passing BarryCare without knowing what was in the Bill? Remember Pelosi's famous comment to pass it so we can find out?

So you take a quote out of context, pretend the ACH was not public for months before the vote, and then use that to justify Republicans actually doing what you falsely accuse Democrats of doing... No wonder this country is so screwed up; half the voters are nihilists who have no concern for the truth, and are willing to make any excuses for the reckless, bad faith actors in their party.

jonesFebruary 23, 2018 12:46 PM


@bruce

I like the paper ballots provision in 5(d) and the prohibition on certain types of machines in 7(c)3.

In the "Hack the Election" section 8(b) however, is a note that participation in security audits by private "election service providers" is VOLUNTARY, which seems at odds with the liability waivers in 4(n).

It also seems that the intended scope of the legislation is a little more narrow than the whereas clause indicates, as a lot of the text of the bill seems concerned about foreign threats as indicated in 2(4), and the lack of explicit provisions for code audits would seem oriented towards excluding as threats corporate malfeasance or deliberate election rigging by interested domestic parties.

This would not be terribly out of step with the voter fraud vs. election fraud bait-and-switch that has left us with a lot of propagandistic rhetoric about the need to reform our election systems.

This may just be a way for congress to say "look we fixed it!" and then go on divvying up the "issue voters" 50-50 between the parties, disenfranchising black voters with minimum sentencing guidelines, gerrymandering, deregulating political spending, and gaming the electoral college.

Mike BarnoFebruary 23, 2018 3:08 PM

@ Bruce Schneier and all rational-minded, security-interested readers :

... turning into a two-minute hate fest.

On that note, I apologize for responding to a tangential comment from Clive by pointing to the actual track record of the US legislature, whose election's security was the topic of this thread. We are in a period when any mention of anything to do with government immediately triggers Manichaean us-against-them-at-all-costs rants. In such an atmosphere, the "Internet Research Agency" has most of their work done for them by USians.

This leaves little space, even here, for calm, fact-based, impartial discussion that might lead to any sort of improvement.

Frank WilhoitFebruary 23, 2018 4:05 PM

No law can prevent itself from being violated; yet this is the only valid goal, as once a violation has occurred, the situation is irretrievable, by definition.

Long ago, we began to choose the wrong side of the tightrope to fall off of: accountability versus prevention. Let it happen -- no matter how unacceptable, unforeseeable, uncontainable "it", and its consequences, may be; just make sure that someone can be punished afterwards.

The difficulty is that every mechanism of accountability is constructed with the intent to impose punishment on the wrong actor(s); and, once this has been seen to be done, the mechanism is discredited, and the concept of accountability is discredited along with it.

So, today, we can prevent nothing, and it is unthinkable to hold any actor accountable.

albertFebruary 23, 2018 4:38 PM

@Anura,
Correction. Us nihilists have no party affiliations. :)

@Mike Barno, @Dan H, @hmm, @Clive, et al

Guys, you are bringing up good points here.

Try being nicer about it.

Snarky or sarcastic references/questions to other commenters -dilute your message-, and will eventually be ignored, or silenced.

Yes, I am not without sin.....but I'm not the Moderator.

Going too far OT is usually the slippery slope.

As I have stated earlier (in one of my more lucid moments) ***Cyber-security issues invariably intersect politics***

That's life, we gotta live with it. If we don't promote standards and regulations, who will? It can't be Congress; they don't have the technical skills. Neither does J.Q. Public*. If they just understand that good cyber-security benefits -everyone-, maybe that's a good start.

This is rather unlike me, bit I've said it, and I'll stand by it.

------------
* notice how I made that gender-neutral. I'm so proud of myself:)
. .. . .. --- ....


Clive RobinsonFebruary 23, 2018 5:04 PM

@ albert, and other readers to this thread,

As I have stated earlier (in one of my more lucid moments) ***Cyber-security issues invariably intersect politics***

It is sadly something that can not be avoided at any level of the computing stack even those at layer seven and below.

That said my comment was in no way ment to be partisan but a comment on the legislative system as it is and has been becoming for some considerable time period. It is also not a "US Only" problem as anyone living in the UK or many other European and Western nations will know.

As some who have been long term readers will know, if I could I would put what appears quite minor changes into the legislative process that would to some extent deter politicians from avidly sticking their snouts in where ever they can (sunset clause with mandatory benifit auditing in every law for instance).

As has been observed by others a camel may follow it's nose into your tent, but this does not mean you have to cut it's nose off to deter it or make your tent as sturdy as a house. Sometimes a simple hobble to limit it's speed and distance is sufficient.

AnuraFebruary 23, 2018 5:48 PM

@albert

What good points are those? The comment I responded to was literally just reciting right-wing propaganda. If you have to lie to make your point then you have no point at all. As for you, you've shown that you don't care about the truth either. You are dedicated to your predetermined position that no matter what Republicans do they are no worse then Democrats. When I pointed out to you that Republican actions are worse than Democrats actions, your response was "but Democrats have a hidden agenda, and that makes them worse!" It's clear that you are incapable of addressing any points that are actually made, don't pay attention to the issues at hand, and are unwilling to put thought into your beliefs. So why do you even bother?

RatioFebruary 23, 2018 6:26 PM

@Anura,

No wonder this country is so screwed up; half the voters are nihilists who have no concern for the truth, and are willing to make any excuses for the reckless, bad faith actors in their party.

What’s the math behind your “half the voters”?

albertFebruary 23, 2018 6:39 PM

@Anura,

Good question, why -do- I bother? You have your -opinions- and I have mine.

So we disagree.

I try to point out that the Dems and the Reps are two sides of the same coin. I did -not- say "but Democrats have a hidden agenda, and that makes them worse!" Who is 'better' or 'worse' is a matter of -opinion-.

I do not lie. I may be misinformed at times, perhaps even often, but I do not lie. Today, in the fake news era, what is truth is also a matter of -opinion-. Truth is not democratic. One cannot vote to determine truthfulness. But one must not confuse truth with desire. Value judgments are matters of opinion. There's and old joke that illustrates this point:

Masochist: "HIT ME!"
Sadist: "NO!"

I see right wing and left wing propaganda here. How do I wrestle truth from propaganda*? Perhaps I must consider sources that live outside of the left/right, good/bad, white/black dichotomy that we've inherited from our Western culture.

---------
*actually, -well written- propaganda requires substantial truths to be effective.
. .. . .. --- ....

thurmanFebruary 23, 2018 6:49 PM

@ Papa Roberto

The level of insecurity coming from the authentication system can be estimated, such as by people showing up to vote and being told they'd already done it. Or someone seeing their never-voting spouse had cast a ballot. We could keep stats of how many people vote with bad/no ID vs. good ID and make sure it matches the demographics. We can cross-check death registers to make sure the dead aren't voting.

As reports of voting irregularities go, ID fraud has never been fingered as a high-runner. Disenfranchisement from strict ID checking *has* been called statistically significant.

hmmFebruary 23, 2018 6:54 PM

Well there's "politics" and then there's pure damn unadulterated lies. The distinction is required.

A political opinion or preference is a different thing than a distinct set of facts.

At the end of the day there is only the underlying mathematics of how these things actually work.
Political labels have no bearing on that, they're just for selling support for things.

You can take the undisputable facts, acknowledge that they exist, and then work them into your narrative of pros and cons and priorities as they fit per your interests and values. There are more than one way of seeing things, some will have insights that others do not and vice versa. However what I think we're seeing increasingly though is disingenuous (intentionally so) folks taking a given political narrative and then trying to work around the facts with it, away from them with some being ignored and others dishonestly framed in a deliberately limited perspective intended to be a false narrative and obfuscation effort. You can often tell when someone is spitting out a few hand-picked talking points without anything else offered.

Dan's 2% vs 12% citation fits that. It's obviously intended to mislead as it has no other purpose or value as information. He's leaving off the massive runaway growth of the 1% wealth that actually skewed his figure and intones instead that the lower income earners are historically under-taxed compared to the 70's. That's not a political opinion based in fact, that's not valid math, that's pure unadulterated dishonest BS in defense of same. If he wants to pretend he didn't know that when he said it, fine, but I don't believe that's true either.

The Trump corporate tax cuts are another prime example. Economist HAVE determined what they will cost and accomplish (in a range of outcomes) and while those numbers are in flux as time goes on within that range, it is a factually-derived range. It is demonstrable and peer reviewed. It also completely flies in the face of disingenuous Republican promises of 4% growth and ~20% income growth expectations over a few years. It's also 100% the opposite of "fiscal responsibility" as preached just a few years back before these same Republicans filibustered veteran's health care to ensure the richest 1% got their massive giveaway that time also.

It's trickle-down economics redux. There are ZERO actual guarantees of growth but very real actual debt is being piled on for this huge gift. That money is given to the corporate owner class directly, the lion's share of 1.5 TRILLION in future taxpayer debt just handed to the "people" who need it absolutely the least of any Americans. To add insult to financial theft the extremely tiny individual income tax breaks are set to expire whereas the massive ~half-off corporate tax breaks NEVER do. This is uncontested because they can't find a way to lie about it plausibly. So they blow it off and say "Ah, we'll fix it later maybe, we'll see."

But someday never comes. These people have been pulling the same song and dance for decades already.
They didn't solve a single deficit. They didn't balance a single budget.

When they fail to achieve 4% growth or have this "pay for itself" it will be just another avoided fact.
The deficits this causes will be instead used as impetus to trim vital programs the poor depend on.

https://www.thebalance.com/president-george-bush-tax-cuts-3306331
(A quick primer for the uninitiated to recent historical precedent of tax giveaways)

So while I agree we need to be nicer, and I do, and while I'd like to be respectful of all points of view on politics or anything else, some things just simply aren't valid ideologically even on the face of themselves. They are lies. They are being stated for a deceptive purpose by people who have no interest in a factual discussion on the merits. Their interest isn't the discussion of the problems in reality, it's political gotcha points and thumb poking. Hence "Barrycare" as another hint obviously. That crap isn't even up to the low bar of political discourse even in America. If we want to talk specifics about how that half-butchered-pig of a compromise bill was doomed from inception, we sure could do that, but honesty would be requisite there also.

These outright deceptions need to get checked one way or another. It's perhaps not polite to call someone a liar, I'd personally much prefer to avoid that, but if someone continually blurts out in a blog some steaming series of "horse capital" untruths in defense of a massive theft, they really are getting a comparably polite wake up call to be called out on it in relatively polite terms and without expletives as above.

It's damn exhausting to deal legitimately with illegitimate actors but I do need to give them longer rope.
I can't disagree that we all need to be nicer and I pledge to try harder to find better euphemisms.

https://i.pinimg.com/236x/29/98/ee/2998ee8dad3c0133cbfad8fb49226cf7--work-memes-work-funnies.jpg


hmmFebruary 23, 2018 6:58 PM

@ Anura

"The comment I responded to was literally just reciting right-wing propaganda."

That is factual.

RatioFebruary 23, 2018 7:21 PM

@albert,

Today, in the fake news era, what is truth is also a matter of -opinion-.

No, it’s not.

Clive RobinsonFebruary 23, 2018 7:39 PM

@ Ratio, Anura, Albert,

What’s the math behind your “half the voters”?

I see you are reverting to your old habits. Thus perhaps first you might care to explain the real reason you are making your demands of others that in the past have caused issues.

Further you are demonstrating once again your absolutive and derailing view point with,

No, it’s not.

Rather than be both demanding and negative in a way which has previously been problematic, you should try a different approach to other commentors, lest you become ignored as has happened previously.

It realy is your behaviour choice, thus your choice of outcome when it counts against you as it has in the past.

hmmFebruary 23, 2018 7:52 PM

"We are in a period when any mention of anything to do with government immediately triggers Manichaean us-against-them-at-all-costs rants. In such an atmosphere, the "Internet Research Agency" has most of their work done for them by USians."

This is an underlying truth here I think. It takes relatively little effort to disrupt a contentious conversation as compared to making a convincing argument that both sides could agree to. Russia didn't "invent" the wedge issues, they just hammered them with nonsense fuzzing until it achieved the desired result. It's so trivial even internet trolls could accomplish it with some time in field.

It's just sad that in our system some would validate and welcome such plainly divisive efforts.
We are reduced to this as a result of the 'veritas vacuum' that was Fox New's sole aim since inception: http://gawker.com/5814150/roger-ailes-secret-nixon-era-blueprint-for-fox-news

Such trolls need to be dealt with by means other than valid political arguments they eschew.
I have a solution but it involves too much hot tar and feathers to really be viable at scale.
So for now I guess contentious argument is the default. (for now.)

Mike BarnoFebruary 23, 2018 10:58 PM

@ Dan H :

The Patient Protection and Affordable Care Act was passed by the 111th Congress, not the 115th.

We Need to FLOSSFebruary 24, 2018 7:10 AM

I'm sorry, but this act is worthless.

Unless voters can audit the source code of the machines validating the ballots, there will always be room for skepticism. If the voting process is a proprietary secret in the hands of a corporation, you can be sure the next President elected will be the one who has promised better support for that corporation, its policies and its future endeavors.

Without the source code being open, we would have no way of knowing that vulnerabilities are being addressed and fixed in a timely manner, since the election is a time-sensitive issue. Speaking of which, is there a "Plan B" for if a vulnerability is discovered right before or during the election, when it would be too late to mitigate the problems? I didn't see one. Having a fallback would seem like common sense, no?

I'm less concerned about foreign nation state influence and more concerned about multinational corporations. They're the ones with the money, the tech and the motive to pull off an election rigging. especially while the government is so slow to pass any digital security laws with real teeth.

We had paper ballots in Florida back in 2000 being scanned by machines, the same sort of hybrid technology this act is proposing. I suppose 16 years later is far past the memory span of any voter or legislator, so of course no one remembers any lessons that could have been taken away from that debacle.

I think it's hilarious how they think they'll get any real pentesting data with this "Hack the Election Program" while still continuing to prosecute people who report security vulnerabilities under the CFAA and providing no legal reforms whatsoever to improve that situation, either. No one will help you if helping still comes with the threat of jail time.

IvyFebruary 24, 2018 1:13 PM

> Unless voters can audit the source code of the machines validating the ballots, there will always be room for skepticism.

Although this stuff shouldn't be proprietary, elections must be perceived as secure by a large majority - not just people who can understand source code.

> Speaking of which, is there a "Plan B" for if a vulnerability is discovered right before or during the election,

Unless it's an infoleak-type vulnerability, each voter would verify their paper ballot before depositing it, and the ballots would be counted manually. If vote secrecy would be compromised, we might have to fill in the ballots manually too.

> We had paper ballots in Florida back in 2000 being scanned by machines, the same sort of hybrid technology this act is proposing. I suppose 16 years later is far past the memory span of any voter or legislator, so of course no one remembers any lessons that could have been taken away from that debacle.

You must mean this thing:
https://en.wikipedia.org/wiki/Florida_election_recount

It doesn't prove your point. "In punchcard counties, 1 in 25 ballots had uncountable presidential votes. In comparison, counties that used paper ballots scanned by computers at voting places (in order to give voters a chance to correct their ballot if it had an error) had just 1 in 200 uncountable ballots"

The controversies were about voter roll management, bad sample ballots, ballots with instructions ("vote every page") that would produce invalid votes, suppression of free speech (vote pairing), the actions of the courts, etc... What's the paper-scanning "debacle"?

hmmFebruary 25, 2018 2:26 AM

@ Gordo

"Whatever these keyboard drones might be, they are not professional Russian intel operators"

IRA != APT29 for sure.

But we can't underestimate how much of an demonstration of capability this event was either.
Imagine a really well funded and coordinated series of interwoven campaigns. Defense is hard.

Clive RobinsonFebruary 25, 2018 7:44 AM

@ Gordo,

Mr Stockman's facts appear to be factual as far as basic searching etc is concerned. It also fit's in with the time line many non American's remember.

Apart from one thing it makes a good read.

Sadly the one thing is to a non US eye the occasional divertion into "rabid point pushing" that we see way way more of from others. I guess sometimes you have to get a little down and dirty and fight fire with fire.

JFFebruary 25, 2018 7:55 AM

@Clive

"if I could I would put what appears quite minor changes into the legislative process that would to some extent deter politicians from avidly sticking their snouts in where ever they can (sunset clause with mandatory benifit auditing in every law for instance)."

I think that anything you devise has potential for a down side. In the US Senate, requiring a sunset clause creates a perverse side effect of instability, with the natural swing of control from one party to the other.

Consider the fates of the Affordable Care Act and the Federal Assault Weapons Ban. The ACA, passed without a sunset provision remains the law of the land despite concerted efforts to undo it, while the FAWB passed with a sunset provision, and its renewal has been prevented by the simple expedient of not allowing proposals to renew it to come out of committee.

Without discussing the merits of each of these laws, I don't think good governance is served by on again, off again legislation.

Anon Coward from PAFebruary 25, 2018 8:01 AM

@"Imposs. Stupid" and @"Matt from CT"

Thank you a proper, reasoned beat-down. Allow me to nerd harder.

>> Anything hand-marked is going to potentially contain identifying information, either intentional or unintentional.

Polling places supply identical #2 pencils. Erasures are not allowed--you must ask for a new ballot. Any marks outside the bubbles, incomplete marks, fancy hash marks, red ink, smiley faces, "Hi Mom" or anything other than clean SAT-style marks will invalidate the ballot.

As an alternative, you might use hand-operated hole punches to remove the X next to your candidate to mark ballots. Anyone who had a newspaper delivery route in the 1970's knows what I mean. Any mark, tear, fold, spindle or mutilation invalidates the ballot. The infirm ask for assistance from poll workers, same as it ever was.

I concede that putting multiple races on a single paper ballot allows coerced voters to identify themselves in the minor races. "You don't get paid unless I see a vote for Lincoln for President and 1-2-1-2-3-1-1 in the other races." Use moar paper. Put one race per slip of paper and you lose the bits to encode a VoterId if you're trying to uncloak a lot of voters that you're paying.

I'll concede that writing in a candidate reveals your handwriting. Use your other hand to write. Print oddly. Bring a Brother Label Maker label and stick it in the write-in box. Cut letters from a magazine like a serial killer and affix with transparent tape. Privacy preserved.

Now you have your anonymity and plausible deniability back, so coercive spouses will use absentee ballots over the kitchen table, same as it ever was.

>> You would have competing videos posted purporting to be the true ballots...video forgery.

Your polling place posts the official video. They have to login to post. Add two-factor authentication for good measure. The number of voters, the file size, the video elapsed time and the checksums of the video file will be captured, publicly announced and then published on the internet and in the local newspaper. You can use multiple checksum methods. If the official video is edited or replaced online, the checksum fails to match what's in the newspaper. God bless checksums and local newspapers.

Instead of a forgery, it'd be easier to threaten/bribe both sides to look the other way while Murry the local birthday clown/stage magician palms a subset of the undesired ballots and hands over bogus ones for the videotaping as paper is being removed from the ballot box. Still, he risks discovery.

> Multiple groups trying to conduct their own counts to "verify" is not the land of the trust-but-verify, but instead the land of paranoia and propaganda.

I don't want to trust, I want anyone to be able to conduct their own count with the closest thing to the real ballots which can't be shared universally because they have voter fingerprints on them. It's a control against both corruption and malware in the scanner, the PC, or the tallying software.

Suppose I lose by 13 out of 2000 votes for Dog Catcher, I can recount. I can't complain that the election board is too lazy, budget-constrained, busy or corrupt to do a recount. Transparency defeats paranoia, cynicism and learned helplessness.

I don't understand how "propaganda" applies.

> we no longer have booths but tables with paltry privacy screens, most folks do not use the privacy "sleeves"

Might you petition your election commission to add the old "shower curtain?"

> the machines presumably record the votes in order they placed in the machine...

You must wait until the polls close before opening the ballot box and giving it a stir before the videotape and scan process. Order must be obscured.

> Of course many left wing partisans...

Left/Right/Other--I don't care who wants to bend the tally. I want a process that's robust against motivated attackers with lots of money.

Additional costs: Ballot box, government-supplied pencils, USB write-blocker hardware, 2FA hardware key, an extra $300. Still cheaper than one new voting machine.

albertFebruary 25, 2018 10:31 AM

@Ratio,
"...Today, in the fake news era, what is truth is also a matter of -opinion-...."

Correct. That should read 'truth'.
. .. . .. --- ....

gordoFebruary 25, 2018 12:51 PM

@ Hmm,

Yes, toolsets being what they are, whether an APT, Facebook, Twitter, etc., in the "wrong" hands, their usage is a matter of "kind and degree".

@ Clive Robinson,

Yes, with the daily spoon-feeding of "the narratives" being delivered by the "local" news media outlets here, relief from said "onslaught" is, at best, meager.

Clive RobinsonFebruary 25, 2018 1:00 PM

@ JF,

I think that anything you devise has potential for a down side. In the US Senate, requiring a sunset clause creates a perverse side effect of instability, with the natural swing of control from one party to the other.

All action begats a reaction at some point, that as they say is life.

The problems that representational democracies have that probably need fixing the most urgently arr,

1, Keeping legislation concurrent with the moors of the society it is there to protect.

2, Reducing the speed and "midnight addons" that happen with current legislation methods.

3, Removing bias caused by lobbying and other unrepresentational input to the process.

My aim with sunset clauses is to cause the first two too happen with minimal changes, thus hopefully minimal side effects.

As you note throwing things into the long grass via committee is one method to deal with sunset clause issues. But committees were invented primarily to do not just that but divert blaim. As a method they are distinctly detrimental, but fairly easy to remove. Likewise there are simple techniques to remove long grass kicking, but they have known downsides as the US budget game has demonstrated.

The real question at the end of the day is can we reel the politicians in to do what the citizens want, not what those with "influence" want.

Impossibly StupidFebruary 25, 2018 1:18 PM

@Anon Coward from PA

Polling places supply identical #2 pencils. Erasures are not allowed--you must ask for a new ballot. Any marks outside the bubbles, incomplete marks, fancy hash marks, red ink, smiley faces, "Hi Mom" or anything other than clean SAT-style marks will invalidate the ballot.

You do know these things are being handled by humans, right? There is always going to be some threshold to which a mark must be acceptable, and within that there are always ways information can be transmitted (e.g., the stroke direction of the pencil can be varied to encode 3+ bits for every answer given). And allowing anyone to invalidate an entire ballot just by making a small mark makes it really easy to further disenfranchise specific people or groups.

It is a mistake to try to handle all the edge cases like that when the obvious solution is to simply not push all of that data from end to end. What matters from an auditing standpoint is not that I (and the world) can see my exact ballot, but just that I can easily verify that the votes on it were correctly counted (and specifically refer back to it in case a problem is detected). Think of it as a one-way function done in many steps, and it's only worth working backwards all the way if the results are very, very wrong.

I'll concede that writing in a candidate reveals your handwriting. Use your other hand to write. Print oddly. Bring a Brother Label Maker label and stick it in the write-in box. Cut letters from a magazine like a serial killer and affix with transparent tape. Privacy preserved.

You again make it very clear you don't understand either what privacy is or how information can be encoded. The more ways you allow something to be done, the more information there is that can be used to pierce the veil of privacy. The correct strategy is to remove at every step the differences that make no difference.

Your polling place posts the official video.

I believe the point being made was that "fake news" is all about instilling mistrust in the official records and other forms of truth. For people who inherently mistrust the government, it doesn't matter that they can verify that one specific video is the one that was produced by election officials, because they'll continue to believe that other videos are the ones that show what "really" happened.

Left/Right/Other--I don't care who wants to bend the tally. I want a process that's robust against motivated attackers with lots of money.

Then you need to stop suggesting processes that are trivially easy to corrupt.

Mike BarnoFebruary 25, 2018 8:49 PM

"Governors fear for Election Security Amid Russian Cyberattacks"

https://talkingpointsmemo.com/news/governors-fear-for-election-security-amid-russian-cyberattacks

State leaders of both parties worried aloud Sunday about the security of America’s election systems against possible cyberattacks ahead of this fall’s midterm elections, aware that Russian agents targeted more than 20 states little more a year ago, and the Trump administration has taken a mostly hands-off approach to the continued interference.
... Few governors could detail what specific steps are being taken to strengthen election security when asked.

RatioFebruary 25, 2018 9:31 PM

@albert,

That should read 'truth'.

As in “today, in the fake news era, what is ‘truth’ is also a matter of opinion”?

Untruth isn’t a matter of opinion either.

Clive RobinsonFebruary 25, 2018 11:20 PM

@ Mike Barno,

The article you link to should come with a health warning I nearly hurt myself laughing ;-)

Right up front it complains that the Executive are not doing anything... Yet as voting is a State responsability, the Executive would be accused of meddling in State business if it did anything. So that's a "damed if you do damed if you do not" position those State Politicians are trying to foist.

The State Politicians by the way have no right to complain, people with expert knowledge were expressing concerns about electronic voting systems so long ago and warning those with responsability in the States that electronic systems were insecure, and more importantly could not be made secure by traditional understandadble methods.

I even worked out a way to get at electronic voting machines and showed how they could be got at with "fire and forget" malware techniques. That was considerably prior to Stuxnet which then went on to use the same fire and forget techniques to attack North Korea.

There have been court cases surounding electronic voting machines. In fact it would not be difficult to show that those buying electronic voting systems have been significantly negligent to the point of criminal behaviour.

So State politicians having negligently spent the money and put themselves in a very very insecure place, are now blaiming people who had no control over their spending and were not even in politics at the time of the State Politicians negligence. Thus using the "manufactuted blaim" to try to force the Executive to give the States Politicians more money to spend, presumably as negligently as before. All just to cover up the State Politicians previous negligence thus their embarrassment...

That is very low, dirty reprehensible behaviour and I'm amazed people don't call out the State Politicians for their gall.

Yup that sure sounds like US Politics at work... At least to an outsider like myself ;-)

On a slightly more serious note, history has shown that low tech as it is the "X marks the spot" paper ballots are still the most reliable way of making and recording votes. It's also incredibly long lasting and very low cost technology to implement, that is increadibly easy to secure and verify there has been no tampering with. So probably has the best return on investment that can be made when it comes to making and recording in an easy and auditable way peoples votes.

So why go to a very expensive, unreliable, difficult thus costly system to maintain that is impossible to secure or verify is not tampered with, can not be audited and that also happens to be obsolete befor it's even delivered?

Could it be that previous mechanical "pregnant chad" vote casting systems were likewise a bad use of money by the State Politicians?

Answering those two questions is almost certainly not something State politicians who bought into electronic voting are going to want to answer...

But it does prove one thing, that the philosopher George Santayana, observed,

    "Those who cannot --or chose not to-- remember the past are condemned to repeat it."

Thus ensuring a continual boondoggle of cash flowing to suppliers of "snake oil" who then kick back a small percentage to the politicians... Thus the wheel on the pork sausage machine keeps turning, and the gravy machine keeps squirting, all running like wheels on a track. So business as usual and as I said,

    Yup that sure sounds like US Politics at work

Pass another bowl of pop corn please ;-)

hmmFebruary 25, 2018 11:51 PM

"the Executive would be accused of meddling in State business if it did anything"

Clive I don't believe that's true. There's a whole series of Federal bureaus that DO things.

"Earlier in the month, senior officials from the Department of Homeland Security participated in a series of “coordination meetings” with state and local election officials and private companies to discuss cybersecurity for the nation’s election infrastructure, the White House said last week. A Trump spokesman, however, declined to respond to the governors’ concerns when asked to comment Sunday."

https://www.nytimes.com/2018/01/03/us/politics/trump-voter-fraud-commission.html

Trump literally set up a special commission on fraud, told them specifically NOT to investigate Russian influence, then when they didn't find the illegal aliens voting that Trump was trying to get draconian voter-ID restrictions (which are in fact unConstitutional for your above-mentioned reason Clive, a big problem with that push) he disbanded it on a whim overnight. His entire contribution towards investigating actual fraud found in this election is to deny it, and say the agencies investigating it are wasting their time looking at it - to the point of using school shootings as he props.

If Republican Governors (who happen to back Trump) are taking the same line as the President is, that none of this is real, it's a hoax, it's sour grapes, it's crybabies, it's anything except what the evidence shows it to actually be, then that's obstructing the investigation plain and simple for politics. Which go figure is exactly what he and other Republican allies are accused of right now. Treason, were we at declared war with Russia that provably committed acts that can be considered cassus belli. Nobody wants that. Trump is playing a very dangerous game, but thankfully Mueller is about to take him right the hell out of it with the help of a few dozen grand juries.

"On a slightly more serious note, history has shown that low tech as it is the "X marks the spot" paper ballots are still the most reliable way of making and recording votes. It's also incredibly long lasting and very low cost technology to implement, that is increadibly easy to secure and verify there has been no tampering with. So probably has the best return on investment that can be made when it comes to making and recording in an easy and auditable way peoples votes."

-That, I fully agree with. Absolutely right.

gordoFebruary 26, 2018 3:55 AM

Though I think it was a coincidence, and, depending upon how one looks at it, maybe a case of bad timing, a month after the ICA report of January 2017, the Republican-led House Administration Committee passed a measure to eliminate the Election Assistance Commission "on the grounds that it has outlived its usefulness." The Election Assistance Commission is the "Commission" defined in S.2261 - Secure Elections Act. Protecting election infrastructure should be neither partisan nor a states' rights issue, but I wouldn't be surprised if it somehow turns out that way.

Exclusive: U.S. official focused on election security will be replaced
Dustin Volz | Reuters | February 22, 2018

The head of a federal commission who has helped U.S. states protect election systems from possible cyber attacks by Russia or others is being replaced at the behest of Republican House of Representatives Speaker Paul Ryan and the White House.


[. . . ]

Some Republicans over the years have sought to eliminate or reduce the Election Assistance Commission, arguing that it represents a federal overreach into the role of states in running elections.

[. . .]

Under law, the Republican and Democratic leaders of the Senate and House each recommend one commissioner to be nominated by the president to fill the agency’s four spots. The Republican-led House Administration Committee last year [February 2017] passed a measure that would terminate the agency on the grounds that it has outlived its usefulness.

https://www.reuters.com/article/us-usa-cyber-election-masterson-exclusiv/exclusive-u-s-official-focused-on-election-security-will-be-replaced-idUSKCN1G62NI

---

https://cha.house.gov/press-release/harper-time-eliminate-obsolete-election-assistance-commission-presidential-election

https://www.eac.gov/

---

S.2261 - Secure Elections Act
115th Congress (2017-2018)

SEC. 3. DEFINITIONS.

4) CHAIRMAN.—The term “Chairman” means the Chairman of the Election Assistance Commission.

(5) COMMISSION.—The term “Commission” means the Election Assistance Commission.

HermanFebruary 26, 2018 5:03 AM

A simple fluorescent ink finger dip will ensure that people cannot vote twice. This is used all over Africa. However, it will not guard against illegal aliens voting, ballot stuffing, deliberate miscounting and other electronic shenanigans.

Mike BarnoFebruary 26, 2018 8:13 AM

@ Clive Robinson :

There was no news to me in your seventeen paragraphs on USA voting systems; I was arguing many of those points decades ago. My only disagreement is with the second paragraph's implication that the federal government is entitled to no role at all:

Yet as voting is a State respons[i]bility, the Executive would be accused of meddling in State business if it did anything.

Of course; anything the executive branch does draws such accusations from one side or the other. But the states have finally realized that they have screwed this up so badly for so long, including inability to properly audit the swing-state tallies that decided the 2016 presidential election, that they have asked for this help for which they lack the expertise. And the legislative branch provided it. Even the more anti-federal reactionary state governments see this as necessary.

Can you really imagine fifty state governments, ranging from huge to tiny, with a wide range of political philosophies, all making separate redundant efforts to develop comprehensive bodies of expertise in security of voting and tabulating systems? If they genuinely tried independently to do so, there would be one hundred domestic efforts at partisan corruption of the process, and vast numbers of foreign-sourced efforts.

Since James Madison and the Constitutional Convention left this power with the states, rather than centralizing power over elections for federal offices, we aren't simply facing one great big central corruption fight instead.

As hmmm and Gordo noted in direct response, the DHS does have a group reviewing known problems and informing state election commissions of mitigations, including expensive scrapping/replacement of the most unverifiable and unfixable hardware/software.

This is the Election Assistance Commission authorized in law by last December's Secure Elections Act. Its Advisory Panel is empowered to:

... provide recommended policies, best practices, and overall security strategies for identifying, protecting against, detecting, responding to, and recovering from the risks identified ...

The Commission is charged to provide these guidelines to the states. The DHS is charged to provide threat reports to Congress, and to the Secretary of Homeland Security, and to the states if state action is appropriate.

This act also provides grants to help states fund their efforts including buying more-secure systems and implementing audit programs.

Reports indicate that a major obstacle this year is getting an election official in each state a security clearance sufficient to be told about known attacks more direct than voter-suppression and influence campaigns.

Other than imposing a "duty" on election agencies and election equipment providers to assess and report election cybersecurity threats, this law provides recommendations, not requirements, so it doesn't replace states' Constitutional power over elections with a takeover by the federal government.

Clive RobinsonFebruary 26, 2018 11:30 AM

@ Mike Barno, hmm, gordo

Can you really imagine fifty state governments, ranging from huge to tiny, with a wide range of political philosophies, all making separate redundant efforts to develop comprehensive bodies of expertise in security of voting and tabulating systems? If they genuinely tried independently to do so, there would be one hundred domestic efforts at partisan corruption of the process, and vast numbers of foreign-sourced efforts.

I don't need to, we've lived through it a number of times, I did mention "pregnant chads" I would have thought people in the US over 35 would have made the connection...

Speaking of which, if you go back, you will see that my assumption was the State Officials had one thing in common, blackmailing more cash out of the federal budget, that is the pork and gravy trains "stay on track" So the State Officials can do what they did last time with the likes of Diebold, give them tax cash for a pile of near worthless crap and get a small percentage back as kick back into their campaign funds which suprise suprise some of the old timers get to treat as a pension pot as well.

Maybe I should add more smiling winkies for that.

Oh and before I get accused of being partisan with diebold they were not the only "cash back" contributers in the game, either with the computer solutions or earlier mechanical machines. Such bungs and kickbacks are "just politics" with no party bounds if you go far enough back in history.

My serious point other than on the greed was to make it clear that when it comes to "the casting and auditing of votes" with a high degree of anonymity and security the old X marks the spot and tin ballot box lasts for years (some are pre WWI in the UK) and cost next to nothing. Importantly they are fairly simple to check for tampering and keep secure as well. On an ROI basis they are realy hard to beat, and they are very very flexible as most "paper and pen" systems are, so don't need boondongle software updates etc etc. Oh and think back to why NASA scraped the Space Shuttle, one less than insignificant reason was getting replacment computer chips for repairs. I don't think many people have thoight about that issue with electronic voting machines...

Yes the tin ballot box system has other potentialy up and down stream security issues. For instance ballot stuffing, stoping it is not as difficult as is made out to be if enough people do their civic duty and volunteer to do election officer/observer duties (which suprise suprise happens a lot in other western nations).

The thing is the deficiency of the down stream process of the ballot box system will not be improved by a high tech solution no matter what vested interests may claim. All an attacker will do is fritz the process either before the down stream process or after it. As supprise supprise already happens in the US with voter roll manipulation and gerrymandering.

As I noted with the two question point you can show what the reak game is with asking them, or more correctly asking why other people are not asking them...

As for what XXX might or might not have done is irrelevant, State Officials would claim interference in their perogative if it was God sitting in the White house and acting compleatly impartialy... It has nothing to do with personalities or parties, but everything about personal power bases and money, which runs way deeper in US politics than many other places.

If people don't get that then they realy sat in on the wrong course on civics and politics. Any street person who's had contact with drug gangs could fill in your missing knowledge.

As I keep telling people I don't do party politics only processes, as for political personalities, I'm fairly even handed on pointing out they are crooks and idiots at best, sticking their nose in the trough/tent where ever they can and leaving great steaming piles of "organic fertilizer" behind, that everybody else has to live with, if they can not clean it up.

Further as a "process" the current nonsense in US Politics is a "nothingburger" lots of noise will happen lots of citizens will get blood preasure and at the end of the day nothing will realy happen because in a two party system it's in neither sides interest to allow it to get more than a distraction.

The only difference this time is "The Thurd Way" about the only thing the two parties can agree on is he's a common place to land a few punches to keep the citizens distracted.

If US citizens don't get this maybe they should get a book on card tricks and magic and read it. Because quite a large chunk of the rest of the western world is getting quite a bit of amusement out of the whole shebang, it would make P.T.Barhnam proud to be fooling nearly all of the US people for nearly all of the time...

I'm sorry if that seems harsh but quite a few people on this blog think it's ok to try and make it appear that I'm taking sides, when even a little look back will show very much otherwise. It's also very worrying that so many people commenting on this blog appear to lack knowledge of what the US is realy all about, or don't care to think it through. Again a look back on this blog will show you I've given not just watning signals but the basis for why I made them that people could check with just a few moment clicking of a mouse. Maybe people are too scared to look to find out what is actually going on. It's not a "Dark State Conspiracy Theory" it's a logical follow on that you will find from studying history. You could start a couple of centuries back with the stupid political choices made in the US that ended up forging a new nation called Canada, and the US getting invaded by the English who chased the then moron sitting in the "Presidential Palace" into a swamp, then torching the place so badly that the moron and his cohort had to "White wash it out of history" which is why it's now called "The White House"...

JimFebruary 26, 2018 12:59 PM

Mike Barno (https://www.schneier.com/blog/archives/2018/02/election_securi_2.html#c6770730):

Sounds like you have posted a Democrat talking points memo, with some tech thrown in to make it sound like it fits here at Schneier.com.

By the way, you aren't concerned about acts passed on party-line votes by Democrats?

I come here to learn about IT security issues. If I want to discuss or debate politics, I go to Facebook.

Mike BarnoFebruary 26, 2018 1:54 PM

@ Jim, Dan H, etc., and Clive Robinson :

By the way, you aren't concerned about acts passed on party-line votes by Democrats?

Of course I am. Can you show me any that were passed under the 115th Congress? The original comment that prompted that February 23, 2015 10:05 AM post said:

It amazes me sometimes how the US legislative process actual manages to achive anything worth while these days without some lobbying organisation sticking their ore [oar?] in.

I reviewed the sitting Congress "these days" which is the 115th Congress. I linked to its actual record of legislation. Some of the laws in my category 3, "Acts designed to provide "fig leaf" cover to make Congressmen appear to be taking action desired by the public...", were introduced by Democratic legislators, but fewer of those have been passed than in previous Congresses because Democrats cannot now win party-line votes unless enough Republicans in both houses are absent or abstain. If we were to look at the records of past Congresses in the Seventies (when I started paying close attention) through the first half of the current decade, there would be plenty of reasons to criticize behavior of both parties for many reasons including Democratic party-line votes that also served donor interests at the expense of the public interest including election verifiability. But several of you STOPPED READING as soon as you saw one group of Republican actions criticized. You accused me (a consistent third-party voter for 35 years despite its futility) of partisan bias that had no part in my posting. This is a frequent problem deriving from the "Manichaean us-against-them-at-all-costs rants", and it even affects this forum. Enough to drive me away, I guess.

And Clive, you have been misdirecting far too many smug, snide insults like

could fill in your missing knowledge

like the ones about which you keep berating the more-argumentative frequent posters. "Physician heal thyself."

hmmFebruary 26, 2018 3:35 PM

@ Mike B

True. We can't discuss the Republican majority nomatter what they do despite control of all 3 branches.
The "whatabout hillary" types can't handle that type of introspection. It would destroy them.

@ Clive

I don't accuse you of taking sides per se. You make some fair points and some excellent points.

Voting is a quintessential security problem, always has been. Graft an existential threat.
I think where we've allowed money into the process we've given up on due process for convenience.
That responsibility falls in many ways on the Judicial branch to manage, and I think they've failed.

But when you say the executive has no ability to do "anything" that's not accurate.
In saying so in defense of this particular executive, it seems side picking,
only because this executive has fallen so far short of standards in every respect.

Hobbling and disbanding agencies and bureaus and setting them against their own charter, surely you don't defend those actions even as you rightly point to corruption and conflicts of interest in the state election procurement processes. It's not an either-or situation, those problems are all real. Gerrymandering, new voting restrictions, rescinding traditional protections in law for historically disenfranchised voters in rural states for example, a lot of this is going on with the winked blessing of the current executive-appointed AG and other branch heads. They seem to see law as a means to a political end where loopholes are sufficient to slide things through.

What some seem to fail to realize is this comes about by deliberate long-standing strategy, Donald Trump being a culmination of several aspects of that effort in one person. Jeff Sessions being another obvious supporter of voter disenfranchisement historically.

What we need now are yet-sane Republicans to realize that allowing this to continue in their short-term interests will ultimately dissolve the 'public' aspect of our Republic. This fits 1:1 with the John Birch Society stated goals of complete governmental capture by industry owner classes. In the end they don't want a Republic, they want a cabal.

I would be absolutely up in arms if elderly Republicans were being systematically targeted in coastal blue states and given disinformation by robocall, or having polling places near them shut down and limited deliberately. Fortunately for them there doesn't seem to be a corporeal effort to accomplish that while there very clearly is an effort in converse in red states among minority and elderly voters. Well documented. ANYONE who considers themselves a Republican in the strict sense of the word out to be FULLY outraged by that effort. The leadership vacuum at the top is incandescently obvious.

It won't be solved in a day, but do not be misunderstood to say that nothing can be done about it from each of the three branches of government when in fact each of the three are facilitating our slide into despotism right now. There is A LOT that can be done.

TRXFebruary 26, 2018 3:53 PM

My county went to electronic machines a few years ago. We don't even have a "secret ballot" any more.

An adjacent county where my Dad lives is still on the old system. Cardboard ballots and laundry markers. You mark your ballot and put it in a box. Periodically the boxes are empted onto cafeteria tables, where senior citizens count and collate them, right there in public.

I have zero confidence in the electronic system I had to use. Conversely, while it would probably be possible to cheat on the paper ballot system, it would require collusion of quite a few people at each polling station.

RatioFebruary 26, 2018 6:30 PM

@Mike Barno,

I linked to its actual record of legislation.

And you wonder why people accuse you of bias, linking to actual evidence like that?

hmmFebruary 26, 2018 6:53 PM

"Conversely, while it would probably be possible to cheat on the paper ballot system, it would require collusion of quite a few people at each polling station."

Exactly.

gordoFebruary 26, 2018 7:59 PM

My two cents on election security from a maybe naïve, 20,000-foot view:

Two parts of the election process require paper backups for audit: Ballots and registration rolls.

Ensure those and any arguments over election outcomes, however long and heated, become academic.

Anything else, cyber security, etc., gets filed as pork barrel.

When failures of any consequence occur, name and shame.

Wash, rinse, repeat.

Anon Coward from PA, chastisedFebruary 27, 2018 11:25 AM

@Impossibly Stupid February 25, 2018 1:18 PM:

You're right. Several times in a row. Video of a complete pencil and paper ballot potentially leaks identity in several ways. Same would be true for punchcards with chads--publishing full images of any ballot that voters can touch puts the voter and their vote at risk. It took me a while to see it.

...give them plausible deniability when it comes to other people finding out how they voted.

I was thinking that I needed ballot secrecy so I could keep my preferences secret.

The flip side I didn't see--we need a secret ballot so nobody else can be reliably bribed, bullied or blackmailed. Those voters want to reveal their identity and their votes so they can be paid or to avoid retaliation. I completely missed this use-case. Thanks for setting me straight.

It's doable, but I'm not sure that, as a whole, our society is anywhere near sophisticated enough to adopt a real solution.

This Senate bill looks like a voting machine cash-for-clunkers. One $386M grant "shall remain available without fiscal year limitation until expended." It shall be spent!

There's an (unpaid) Advisory Panel of appointed worthies to write guidelines. I hope Bruce accepts an appointment. It looks like voter-verified paper output is going to be the primary vote medium, even if its subsequently scanned for the tallies. Audits come off the paper. This should kill off DREs.

I'm a swing voter in a swing district within a swing state. My vote matters but it's cast on a DRE voting machine without paper confirmation and without a traditional audit trail. I trust the good local people who watch over our polling place, but I don't trust those voting machines. Good riddance.

Anon Coward from PA againMarch 1, 2018 4:40 PM

If we allow a single paper ballot for each voter to be the primary proof-of-vote, we enable a coerced voter to prove their identity on their ballot. This is required to run bribery, bullying and blackmail schemes.

Use Case 1: Identify your opponent's voters. Cross reference to Ashley Madison. Blackmail as follows--tell the voter to write-in a specific (identifying) name for President, neutralizing their vote.

Use Case 2: Pay people to vote Smith for President. Only pay if the voter identifies himself by voting the other 9 races according to a sample ballot you provide. While it would be easier to use unique write-in names, a huge surge in unique write-ins in swing districts will trigger scrutiny.

Use Case 1 and 2 can be used together to reduce the number of unique write-in names.

To prevent vote buying, bullying and blackmail...

(1) Voting machines must not put all your votes on one sheet of paper. Each race must go on its own separate sheet of paper, punch card, index card, or slip of cash register thermal paper.

(2) Elections must prohibit write-in candidates.

(3) As discussed in prior messages, the voter must not be allowed to touch or mark the paper during their verification stage so they cannot to identify themselves.

(4) The paper ballots must not use barcodes or QR codes alongside names. We must prevent programmers from tallying a hacked barcode in lieu of the candidate's name. Programmer one says "my QR code was hacked in the field--I did nothing wrong." Programmer two from another company says "I read the QR code because it was faster and more accurate than OCR on the name, as specified." If you can't see this "innocent bug" coming, you're not cynical enough.

(5) The voting machine must not use a printers that reveal what they are printing with sound or response time. "Joe Dirt" will sound like "zzziip" but "William Terrance Alonzo-Schwartz" will not.

You may be thinking the paper ballots are secret, but once a vote is done, people will neglect physical security. It only takes one person to copy the scanned ballot images. It might even be an insider who is tasked with destroying the ballots. Lastly, write-in candidate names often become public even if they lose, no breach required.

If these new constraints aren't adopted, the new paper-output-verify-scan may be worse than the DRE--since DRE-hacking required technical skill and these hacks only require planning and organizational skill.

It's going to be tricky to physically design a system that does all of this. I'm afraid that we'll get "good enough"--a laser printer outputting a single sheet of legal paper that the voter grabs so they can verify before shoving it down the ballot box slot.

If so, the law should include rewards for revealing voter fraud and intimidation upon conviction. Otherwise, it's fire-breathing dragons against a wall of ice.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.