Buying Used Voting Machines on eBay

This is not surprising:

This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were before­ -- dispersed, disorganized, and susceptible to manipulation.

Cory Doctorow's comment is correct:

Voting machines are terrible in every way: the companies that make them lie like crazy about their security, insist on insecure designs, and produce machines that are so insecure that it's easier to hack a voting machine than it is to use it to vote.

I blame both the secrecy of the industry and the ignorance of most voting officials. And it's not getting better.

Posted on November 1, 2018 at 6:18 AM • 30 Comments

Comments

Shaving manNovember 1, 2018 6:54 AM

I tend so see it like this;

Voting is like shaving (with a blade). A humdrum old-fashioned activity, but gets the job done. Electronic voting is like gluing a bunch of razor blades to a desk fan in order to increase speed and efficiency. Surely that's a good idea, right?

Mike AckerNovember 1, 2018 7:33 AM

There seems to be a pervasive cavalier attitude regarding security through much of the IT business.

Just this week I received an eMail from the company that provides AV software for the two Windows computers I've not yet managed to exterminate.

The message was a proper warning regarding Business eMail Compromise ( BCE ).

and it properly advised us not to click on links found in eMail messages.

there were five (5) hyperlinks in their message.

oh well

Me myselfNovember 1, 2018 8:38 AM

Here in Brazil the situation isn't exactly great either.

We had elections just last week. During the campaign the candidate Bolsonaro stated that he was very concerned about the possibility of tampered voting machines (or more precisely, voting machines's code tailored to give the governing party the win). He asked for the return of paper ballots but the Electoral Tribunal's president shot down the request on the premise that "the machines are secure because I say they are, our tech people is really that good". Right...

Even tho Bolsonaro managed to win, I still have my doubts whether the machines weren't tampered with, just not enough to sway the result. I certainly wouldn't be surprised because the former governing party doesn't exactly have a stellar track record on following rules.

So in this case it would be an even more complicated situation than foreign powers trying to influence the election. How do you ensure that an internal adversary does not sabotage the election?

CallMeLateForSupperNovember 1, 2018 9:03 AM

I remember it so clearly, as if it happened just .... well, *two*years* ago: discussions here, on this very blog, about the abysmal state of elections security. And, IIRC, there was even an article or two in be media about security researchers tearing into and pwning voting machines that had been purchased from Ebay. Deja vu all over again.

David RudlingNovember 1, 2018 9:26 AM

You guys have an organisation called NIST which produces excellent Federal Information Processing Standards. I should have thought that votes (which determine the Executive branch of the Government for 4 years) would be considered Federal Information and so a security standard would be within their remit. States which failed to conform to the Federal standard would probably find themselves more likely to have their results challenged even if that conformity to a Federal standard were not mandatory.
Major risk-reduction solutions are technically quite feasible, it just needs some small political will from Congress or the White H...
Oh, I see the problem.

Matt from CTNovember 1, 2018 9:53 AM

>How do you ensure that an internal adversary does not sabotage the election?

Historically in the U.S. you just assume each others shenanigans offset each other.

One of the problems that folks who oppose Voter ID laws face is the long history of possibly tongue-in-cheek comments like Chicago mayor Richard J. Daley saying "Vote Early, Vote Often" and the bona fide history of voter fraud in the U.S. -- read up on some of Lyndon Johnson's elections for Congress in Texas, or point where representatives for Kennedy and Nixon faced each other over problems in Illinois and concluded they'd all go to jail if either party challenged it.

Or Connecticut (where we have had Voter ID laws since 1988, and use scanned at the polling place paper ballots) where our current Governor won by 5,000 votes -- and was behind until the largest city in the state reported its totals hours after all other towns and cities had finished. Occam's razor is that Bridgeport is just that incompetent to tally the totals from the scanners in a timely basis that similar sized cities could (after all their Mayor is a convicted felon for corruption he committed previously as Mayor, and one of their city councilors lost his state representative seat after a corruption conviction). That it would come in heavily Democratic was a foregone conclusion; the delay in reporting the totals makes it possible to worry about manipulation.

The mitigating control to that is the state does select a sample of precincts at random for a manual count after the election in order to validate the scanners were working correctly. (Formerly 10%, now 5% of precincts chosen at random...enough to detect widespread failure of scanners, not enough to assure you find a given stuffed ballot box or two.)

Impossibly StupidNovember 1, 2018 10:10 AM

@Me myself

Even tho Bolsonaro managed to win, I still have my doubts whether the machines weren't tampered with, just not enough to sway the result.

The US similarly had a candidate crying about "rigged" elections, who also then won said election. There is no need to doubt anything: if the candidate was sincere they would call for a formal investigation of the election, because now they have the power to do so. If they don't, they're just another corrupt politician more interested in wielding power.

How do you ensure that an internal adversary does not sabotage the election?

Follow the same process regardless. There's nothing particularly secure about paper ballots, it's just that we have a process surrounding them that (when followed) most people accept is reasonably secure. There really isn't any of that for electronic voting, and none of the people involved seem very interested in establishing a scientific approach to it.

TantereiNovember 1, 2018 10:53 AM

Makes me glad that things in Germany are still conservative. We still vote with pen-and-paper.

Isn't there some open-source and open hardware movement that could preempt such dispersion of money and resources? Have a hardware and software validated by multiple institutions and an open community and compel producers of voting machines to use the verified architecture.

GwornNovember 1, 2018 11:38 AM

I'm also in Germany and I've counted the paper ballots last time. It's obviously easier if everyone just makes two checks on the ballot. (Would be even easier if it was just one.)

Compared to that, you sometimes have to make 20 or even more choices in US elections. Voting for so many different offices and ballot measures. I'm not sure how possible that even is to do by hand. If you don't use voting machines, would there be the money or volunteers to do all the counting by hand?

Jeff HallNovember 1, 2018 11:47 AM

I don't get why election systems need to be totally software based. Is it all about being "sexy" because it sure seems that way? IMVHO, the old-fashioned method of using paper-based ballot technology using fill in the circle/oval speeds the counting process and provides a real-world auditable byproduct in the event of questions/concerns. Anything else just seems to introduce risk into the election process.

MartinNovember 1, 2018 11:59 AM

@David Rudling

...which determine the Executive branch of the Government for 4 years

Actually I don't thing that voting machines are used to determine the Executive Branch (President of the U.S.A.) every four years. The President is elected via the electoral college which has representatives from each state. There are 538 members of the college; their votes determine the presidency. Also, their vote does not have to represent the outcome of the voting by the greater populaces.

From a Wikipedia article about the U.S.A. electoral college..."These presidential electors in turn cast electoral votes for those two offices. Electors usually pledge to vote for their party's nominee, but some "faithless electors" have voted for other candidates or refrained from voting."

Paul HampsonNovember 1, 2018 12:31 PM

Oregon and Washington have paper ballots that are delivered to your mailing address, you either return them in the mail or drop them at designated locations. California has increasing participation in absentee (vote by mail) paper ballots as well. Seems to work pretty well and voter participation is higher.

JoaoNovember 1, 2018 12:46 PM

I was under the impression that the electronic vote problem was already partially solved with something like: Helios Voting ( https://vote.heliosvoting.org ) where you vote, and you can check later that the vote was properly send to main server (and since the other candidates can also have their own mirror systems of that main server, one can verify at the main server and in their trusted candidate mirror system that the vote was in fact properly received).

David RudlingNovember 1, 2018 1:12 PM

@Martin
You are of course quite correct about the electoral college system but votes still count.

"After you cast your ballot for president, your vote goes to a statewide tally. In 48 states and Washington, D.C., the winner gets all of the electoral votes for that state. This means his or her party’s electors in that state will vote in the Electoral College. Maine and Nebraska assign their electors using a proportional system called the Congressional District Method."

I should perhaps have said
"..which INDIRECTLY determine the Executive branch of the Government for 4 years"

TimothyNovember 1, 2018 1:18 PM

I appreciate that security authors+researchers Cory Doctorow and Brian Varner evaluate the architecture and accessibility of voting infrastructure to identify specific, potentially impactful vulnerabilities. It is hard to manage something if you can’t measure it, and they are unafraid to pull up their sleeves to better understand the inner workings of these machines and share what they find.

Their approach to evaluating voting infrastructure appears to define a core principle of DHS S&T’s newly released Cyber Risk Economics Capability Gaps Research Strategy. The strategy has a theme of Risk Quantification including ‘measuring the nature, size, and frequency of cyber risks in the ecosystem.’ I hope what Brian and Cory report is able to better help decision makers evaluate the state of voting infrastructure and ready resources for both immediate needs and long-term planning.

timNovember 1, 2018 1:26 PM

@David Rudling

US elections are managed by the individual states and not the federal government. And elections could cover county, city, state, or federal offices as well as other questions to the voters like propositions. And local or state elections can be scheduled at anytime per the election laws of that individual state, county, or city.

GenieNovember 1, 2018 2:15 PM

Voting is more complicated than it needs to be.

Partisan cash is greasing the palms of election officials and observers.

The general public dares not even vote anymore. Fines and prison time are threatened for voting outside a certain inviolable party line, and dissident balots are not even entered into the totals.

dslsynthNovember 1, 2018 4:00 PM

Personally I don't get why voting machines are relevant at all. Well, unless elections are a question of letting best hacker win rather than letting the election result match the votes made. But of cause that is a matter of taste.

Anon Y. MouseNovember 1, 2018 6:33 PM

"Those who vote decide nothing. Those who count the vote decide everything."
-- Joseph Stalin

ThothNovember 1, 2018 9:28 PM

Completely off-topic below.

The USA and EU countries are much more fortunate than many of the countries in other continents (i.e. China, Russia, Africa, South East Asia).

For us in Singapore, we are still using paper votes and does it really matter when you gave effecticely a One Party rule and any dissent or misrepresentation of orthodox views is put down as state treason ?

We claim to be democratic when free speech is only free if it is pro-orthodox doctrines and inline with the ruling party since 1965 when the British left here and also left behind a political system that encouraged such authoritarian behaviours.

You can use a paper vote or an electronic vote but it completely doesnt matter if the One Party wants to be the only party in town, there is no such thing as votes and dissent is never tolerated.

Most elections in Singapore is a walk-over despite with political oppositions, they will find some way to make it a walk-over.

Even our current president of Singapore which is claimed to be democratically elected to office via populace vote with Paper Votes doesnt matter because the ruling party decided to invalid all opposition preaidency candidates by finding an excuse that each of these peesidential candidates do not have "valid reasons" or "dubious birth heritage" or "incorrect ethnical group" to be a president. What happened was all but one candidate was disqualifies and that single candidate was a Parliament Speaker for the ruling party..... how twisted is it ....

Now our current "president" was never elected by us in any way or form using paper or electronic votes. The president was simply declared the "People's Democratically Elected President of Singapore" when nothing was democratic and no such electiins actually took place.

How fortunate you guys are with the ability to actually vote although gang coercions do exist but compared to the rest of the world where the word "Democratic" or "People's Elclected" is simply fake and a marketing terminology.

Such privilege of choice given and rarely treasured.

echoNovember 2, 2018 5:22 AM

@Thoth

You arenot off topic for my purposes. All technical systems exist within a history and context and your comment highlights a valuable perspective. You have said a lot very concisely which I believe people should bear in mind and I don't doubt many agree with.

bttbNovember 3, 2018 8:23 AM

Thoth wrote:

“The USA and EU countries are much more fortunate than many of the countries in other continents (i.e. China, Russia, Africa, South East Asia [ perhaps soon in Brazil or Columbia in the Americas, USA or Western Europe ] ).

For us in Singapore, we are still using paper votes and does it really matter when you gave effecticely a One Party rule and any dissent or misrepresentation of orthodox views is put down as state treason ?

We claim to be democratic when free speech is only free if it is pro-orthodox doctrines and inline with the ruling party since 1965 when the British left here and also left behind a political system that encouraged such authoritarian behaviours.

[…]

How fortunate you guys are with the ability to actually vote although gang coercions do exist but compared to the rest of the world where the word "Democratic" or "People's Elclected" is simply fake and a marketing terminology.

Such privilege of choice given and rarely treasured.”

+1

From Snyder's opinion piece, https://www.theguardian.com/commentisfree/2018/oct/30/trump-borrows-tricks-of-fascism-pittsburgh :

“The governing principle of the Trump administration is total irresponsibility, a claim of innocence from a position of power, something which happens to be an old fascist trick. As we see in the president’s reactions to American rightwing terrorism, he will always claim victimhood for himself and shift blame to the actual victims. As we see in the motivations of the terrorists themselves, and in the long history of fascism, this maneuver can lead to murder.

[…]

In the United States today, reporting was already in trouble for similar reasons before Trump, like Hitler, began to claim that the reporters who seek the facts are liars and enemies. Naturally, the president denies responsibility when people take him at his word and draw instead from the conspiracy thinking he himself spreads. Trump blames the press for attempts to murder members of the press. He seizes the occasion, as always, to present himself as the true victim. The facts hurt his feelings.

[...]

Thus Trump can base his rhetoric on the fascist idea of us and them, lead fascist chants at rallies, encourage his supporters to use violence, praise a politician who attacked a journalist, muse that Hillary Clinton should be assassinated, denigrate the intelligence of African Americans, associate migrants with criminality, … – but he and his followers will puff chests and swell sinuses if anyone points this out.

If Trump is not a fascist, this is only in the precise sense that he is not even a fascist. He strikes a fascist pose, and then issues generic palliative remarks and denies responsibility for his words and actions. But since total irresponsibility is a central part of the fascist tradition, it is perhaps best to give Trump his due credit as an innovator."

Timothy Snyder is a Professor of History at Yale University. He is the author of several books of European history as well as "On Tyranny" and "The Road to Unfreedom"


VinnyGNovember 3, 2018 10:00 AM

@David Rudling re: electoral voting - actually there is a small additional wrinkle. While 48 states award all of their electoral votes to the winner of the popular vote, Maine and Nebraska go to the Congressional District level to determine how those votes should be awarded, which can (and does) result in split awards...

VinnyGNovember 3, 2018 10:06 AM

@Thoth re: utility of voting - one could view the Singapore situation as a matter of degree. The utility of voting where the system is rigged to prohibitively favor candidates from two more-or-less "fixed" political party options, and the actual governance afforded by those parties and candidates (as contrasted with announced campaign positions from same) differs almost exclusively on issues that do not materially affect kleptocracy and graft is quite subject to question.

bttbNovember 3, 2018 2:08 PM

Published 9 October 2018, from Willie Nelson's song "Vote 'Em Out":
... The biggest gun we’ve got
Is called the ballot box …, https://www.youtube.com/watch?v=bt-n0zu6MjM (about 2:30)
Lyrics ( https://www.lyricsmode.com/lyrics/w/willie_nelson/vote_em_out.html ):

[Verse 1]

If you don't like who's in there, vote 'em out

That's what Election Day is all about

The biggest gun we've got

Is called "the ballot box"

So if you don't like who's in there, vote 'em out

[

Chorus]

Vote 'em out (vote 'em out)

Vote 'em out (vote 'em out)

And when they're gone we'll sing and dance and shout

Bring some new ones in

And we'll start that show again

And if you don't like who's in there, vote 'em out

[Verse 2]
If it's a bunch of clowns you voted in
Election Day is comin' 'round again
If you don't like it now
[You can change it anyhow]
[or]
[If it's more than you'll allow]
If you don't like who's in there, vote 'em out…”

Another take of "Vote ‘Em Out"
https://www.schneier.com/blog/archives/2018/11/friday_squid_bl_649.html#c6784422

PerryDNovember 3, 2018 7:52 PM

The underlying problem is the same one that plagues online and POS transactions, as well as the banking / credit industry. Over the past twenty years, all of these industries have assumed that consumers want everything RIGHT THE HELL NOW and will choose another vendor if that vendor offers faster delivery or service.

This is just patently ridiculous. Take voting. What's the rush? The people elected to office in November won't go to work until January. There's plenty of time to count paper ballots, twice if necessary. Same with the breathless real-time coverage of elections. Just wait until the weekend paper comes out to find out who won! This notion that everything has to be instant and easy has led to nearly all of our security problems.

PadNovember 5, 2018 9:02 AM

My personal take on this voting machine fiasco, it's been done on purpose, with the intent to manipulate elections.

bttbNovember 5, 2018 3:22 PM

@PerryD

"The underlying problem is the same one that plagues online and POS transactions, as well as the banking / credit industry. Over the past twenty years, all of these industries have assumed that consumers want everything RIGHT THE HELL NOW and will choose another vendor if that vendor offers faster delivery or service.

This is just patently ridiculous. Take voting. What's the rush? The people elected to office in November won't go to work until January. There's plenty of time to count paper ballots, twice if necessary..."

Makes sense to me.

iirc, part of the problem with the "Florida Recount" of the year 2000 presidential election, hanging chads and all that, was that at least one TV Network had already called the election, perhaps prematurely, to have been won by George W. Bush.


All

Here are some thoughts on the USA election tomorrow on the current Squid.
https://www.schneier.com/blog/archives/2018/11/friday_squid_bl_649.html#c6784502

WendyNovember 15, 2018 3:01 PM

Last election (2016), it was mostly paper, and there were one or two electronic machines they'd invite you to if the lines were long. This year (2018), they had an electronic machine for each ward and directed you to them by default.

Now, I'm not thrilled about these electronic machines (they're actually slower, because only one person per ward can be voting at a time vs. 3-4 voters filling out paper ballots in the carrels and only needing a few seconds to scan them into the recievers), but I don't see how much more hackable they are than the paper-ballot scanners. They're no easier to get at unobserved than the scanners, they create a physical voting "receipt," and the voter has to acknowledge the receipt before leaving the voting machine.

So how are touchscreen voting machines more vulnerable than ballot scanners, or is there some flavor of voting machine I'm not familiar with?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.