Yet Another E-voting Machine Vulnerability Found

from the because-of-course dept

We've been talking about the ridiculousness of e-voting machines for well over a decade. If a machine doesn't include a paper trail for backup, it's suspect. That's been the case since e-voting machines have been on the market, and many of us have been pointing this out all along. And the big e-voting companies have a long history of not really caring, even as their machines are shown to be vulnerable in a variety of ways. So it come as little to no surprise to find out that security firm Cylance has announced that it's found yet another set of e-voting vulnerabilities in the Sequoia AVC Edge Mk1 voting machine. Sequoia especially has a long history of buggy, faulty machines.

Of course, with all the talk of "rigged" voting this year, the fact that some machines are hackable is very, very bad. Mainly because it just enables conspiracy theory talk to seem much more believable. It remains true (for somewhat ridiculous reasons) that while these vulnerabilities do exist, a widespread hack would be quite difficult. The real problem is at the margin, where low level vote changing could occur. As Ed Snowden rightly notes, the hacking may not be difficult, but using that to rig an election is much more difficult, and would almost certainly be caught.
That said, this remains ridiculous. Even the appearance of potential vote hacking is a problem in actually getting the public to trust the results of an election. I can pretty much guarantee that no matter who wins tomorrow, someone will allege e-voting machine hacking, and point to this (or perhaps other) vulnerability disclosures in the days leading up to the election. And that's bad. For over a decade we've been sounding the alarm that it's ridiculous to use such electronic voting machines, and it would be a damn good idea to fix things. Would have been nice if someone listened.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: e-voting, evoting, paper trail, vote rigging, vulnerability
Companies: sequoia


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 7 Nov 2016 @ 9:37am

    That said, this remains ridiculous. Even the appearance of potential vote hacking is a problem in actually getting the public to trust the results of an election.

    There is a candidate who won't believe the result if he loses, and this will just be more ammunition in his attempts to overturn such a result.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 7 Nov 2016 @ 9:45am

    It's not a bug, it's a feature!

    link to this | view in thread ]

  3. icon
    Roger Strong (profile), 7 Nov 2016 @ 9:51am

    Hacking voting machines: not that difficult. Hiding a secret deviation in votes from after-the-fact statistical analysis: nearly impossible.

    That's not very comforting, knowing that those deviations have been found in at least three recent elections. After-the-fact statistical analysis only produces trivia if the results are ignored.

    link to this | view in thread ]

  4. identicon
    TripMN, 7 Nov 2016 @ 10:19am

    I'm having a hard time finding any of the articles on it because of the noise that is the internet (especially with the last year of politics being what it has been), but wasn't their cries of alarm during the Democratic primaries because of post-vote statistical analysis saying their was something screwy happening in the primaries?

    If that was so quickly swept under the rug and forgotten, what's to say that cries of the same after the main election will be any different?

    I am losing trust that our democracy is in any way democratic... and that any ones cares.

    link to this | view in thread ]

  5. icon
    TheResidentSkeptic (profile), 7 Nov 2016 @ 10:33am

    No Hacking Here!

    The machines are correct - and they show that the projection of our candidate being 11% ahead in the polls was also accurate. The losing candidate only got 48% of the vote, while our winning candidate got 59% - exactly 11% more. The machines were not tampered with by any external parties. Trust us.

    link to this | view in thread ]

  6. identicon
    Thad, 7 Nov 2016 @ 10:56am

    Re:

    Are we talking about exit polls, or something else?

    Because there's a pretty good explanation for why exit polls disproportionately favored Sanders ( http://www.nytimes.com/2016/06/28/upshot/exit-polls-and-why-the-primary-was-not-stolen-from-bernie-s anders.html ); tl;dr younger voters are likelier to participate in them than younger ones.

    link to this | view in thread ]

  7. icon
    art guerrilla (profile), 7 Nov 2016 @ 11:08am

    Re:

    don't be daft, punk: NEITHER of the two hydra heads of the one and only Korporate Money Party want to 'fix' the electoral college and the broken election systems we suffer under... (it is already fixed to their liking)
    the absolute proof : IF they really were interested in election integrity, WHAT/WHO has been stopping them lo these countless decades ? ? ?
    no, the ONLY rational conclusion is that The They WANT a broken systrm they control behind the curtains...

    link to this | view in thread ]

  8. identicon
    Jim, 7 Nov 2016 @ 11:26am

    But:

    Snowden forgot the data in the count. Not everyone votes on each issue. Some skip to what is important on that ballot, to them. Issues on the ballot, local taxes, that initive, etc. So there may be a o in any spot. There may be many interested parties to hack the system or create a false trail. That's why a verify able has to be created. It's not just the bad person who wants your missed vote.

    link to this | view in thread ]

  9. icon
    Jeffrey Nonken (profile), 7 Nov 2016 @ 11:27am

    Years ago I wrote a blog post suggesting end-to-end verification. I got one Nirvana Fallacy reply, otherwise crickets.

    I dunno. Sounds good in my head, but I don't know if it could really be done.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 7 Nov 2016 @ 12:16pm

    Re: Re:

    >younger voters are likelier to participate in them than younger ones.

    What about the older ones then?

    link to this | view in thread ]

  11. icon
    crade (profile), 7 Nov 2016 @ 12:44pm

    Re:

    Many people in the public probably care.. Of course, to be able to do anything about it, they would either need a functioning democracy or to be able to overpower the gov't.. Good luck with either of those options.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 7 Nov 2016 @ 1:29pm

    Rotten Tomatoes

    It is a stupid idea to use machines that can't do a recount. Well, I guess they actually can. You press the recount button, and it displays the same numbers you already have.

    link to this | view in thread ]

  13. icon
    Oninoshiko (profile), 7 Nov 2016 @ 1:35pm

    Re:

    The major issue with end-to-end verification is doing in such a way that the voter is still not individually identifiable. We've all seen "anonymized" data become identifiable.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 7 Nov 2016 @ 1:40pm

    Re: Re:

    I do not subscribe to this.

    If you are nor prepared to stand up for your vote, maybe you should not have one?

    I think it would be just as easy to prove that someone is trying to harass you over your vote.

    Most people are registered to a party and if you talk to them more than a couple hours a day you can likely find out how they vote.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 7 Nov 2016 @ 2:20pm

    Re:

    It is a basic fact of statistics that false positives and false negatives will always occur. While it is hard to hide true negatives, the occurance of false negatives will require more than statistical evidence to confirm fraud.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 7 Nov 2016 @ 2:34pm

    Re: Re: Re:

    Well, that is possible, but having a presidential candidate making veiled threats about using weapons and having a history of going legal on people that critizise him, it is not impossible.

    But a much more likely way to use such information is the mexican way where people get payed for voting a certain way. While money talks and bullshit walks, I don't see the balance between the parties remaining forever in those circumstances as the economic support relies on picking the winner and getting the advantages it brings...

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 7 Nov 2016 @ 2:35pm

    What's the problem with paper ballot?

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 7 Nov 2016 @ 2:46pm

    Re:

    He's not wrong, though. I mean if the Democrats had a hue and cry about Bush and the "hanging chads" in 2000, Trump voters have every right to challenge the results of easily one of the most contentious elections in modern history -- and one where the opponent has a history of corruption going all the way back to, of all things, Watergate.

    Not to mention good ol' Palpatine Soros has his crooked fingers in the company that owns a significant number of these machines. Dominion is its name, I believe. If you thought Bush having a stake in Diebold was bad, well, considering the depths of pure, unencumbered, psychopathic evil that Soros and his puppet whøre are capable of, you might as well call this round *Diebold with a Vengeance.*

    My vote at this point goes to Kim Jong Un 2016: Make America Glow Again.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 7 Nov 2016 @ 2:58pm

    This is the best our two party system has to offer, how sad.
    Pee Wee Herman 2016.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 7 Nov 2016 @ 3:01pm

    Re:

    Harder to rig elections with paper ballots.

    link to this | view in thread ]

  21. icon
    TRX (profile), 7 Nov 2016 @ 3:20pm

    As a former security wonk, I'm all for the fat laundry marker and cardboard ballot system.

    My local electors, alas, have gone the Diebold terminal route. Because it's important that national news services get their figures as soon as the polls close, as opposed to a couple of hours for the blue-haired old ladies to count the paper ballots in the open, on cafeteria tables.

    link to this | view in thread ]

  22. icon
    Hugo S Cunningham (profile), 7 Nov 2016 @ 4:35pm

    Massachusetts-- OCR cards instantly tabulated, hand-recountable

    One complaint, though minor compared to other instant systems:

    Sometimes officials are tempted to alter OCR cards so that the machine can read what it looks like the voter intended. It would be safer if such cards were left unchanged, for tabulation only in the official hand recount. Any markings made on them by officials should be in a different-colored ink from the voter's.

    link to this | view in thread ]

  23. icon
    Roger Strong (profile), 7 Nov 2016 @ 4:42pm

    Re: Re:

    Still not comforting. Instead of deviations being ignored, you've merely declared them to be easily dismissed. Any REAL deviation - as these appear to be - can be responded to with "That proves nothing. False positives and false negatives will always occur."

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 7 Nov 2016 @ 5:31pm

    Re:

    Hillary Clinton likes this.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 7 Nov 2016 @ 5:59pm

    Re:

    Considering his opponent rigged the Democratic primary against Bernie and rigged the debates by being fed questions from the moderators, I would say he would be just in his doubt about the election results.

    link to this | view in thread ]

  26. icon
    R.H. (profile), 7 Nov 2016 @ 10:02pm

    Re: Re:

    I'd been somewhat worried about the same outcome (although not to the extent that it had caused me to believe that end-to-end verification was a bad thing). However, I've seen a bit of information about using homomorphic encryption to allow a person to verify their vote without it also being specifically verifiable to a third party.

    The specifics of the system are quite interesting in that any member of the public is able to verify the identities of the people who voted and encrypted versions of their votes, as well as the total vote tallies but, there isn't any way to figure out who voted for whom once a voter completes the process and leaves the voting booth with their encrypted ballot copy. That is a part of the system that the video explains better than the paper does.

    link to this | view in thread ]

  27. icon
    Ehud Gavron (profile), 8 Nov 2016 @ 1:39am

    Re: Re:

    Hillary's only connection to Watergate is she was on the team investigating it. She wasn't fired from it and there was no unethical behavior. The only people saying otherwise are Rush Limbaugh and Donald Trump. See https://www.reference.com/history/hillary-clinton-s-connection-watergate-bd95ec761bddda24

    Your vote goes to Kim Jung Un because you didn't bother to familiarize yourself with the US Constitution, Article II, Section 1 which clearly states one has to be born in the United States to qualify.

    You sir, epitomize this:
    https://www.youtube.com/watch?v=LQCU36pkH7c

    E

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.