Virginia (Again) Dumps Electronic Voting Devices Over Concerns About Election Interference
from the deja-vu-for-President! dept
It seems Virginia can't catch a break when it comes to voting. Trusting vendors to provide secure electronic voting devices just isn't paying off. Two years ago, Virginia pulled a bunch of voting machines after it was discovered they were leaky, insecure devices masquerading as something American voters could trust.
The security wasn't just bad in the way many machines are -- frailties that can only be sussed out by security researchers and talented criminals. No, they were bad in the way your grandparents' Google Box is: "secured" with passwords like "abcde" or "admin," along with accessible DOS prompts and multiple open ports.
Time moves on but the electronic portion of Virginia's electoral system does not.
Virginia’s election supervisors on Friday directed counties to ditch touchscreen voting machines before November’s elections, saying the devices posed unacceptable digital risks.
[...]
The decision forces Virginia counties to swiftly replace any touchscreen devices with machines that produce a paper trail, ensuring the state can audit its closely watched gubernatorial race this November between Democrat Ralph Northam and Republican Ed Gillespie.
With possible interference in last year's presidential election not even in the rearview mirror yet, Virginia's government is moving up the date of its planned obsolescence. As Politico notes, there's already a law on the books in Virginia phasing out use of touchscreen voting devices by 2020. This just moves that date forward three years, just in time for this year's elections.
It's not that electronic voting devices are inherently bad. It's just that they appear to be inherently flawed. Report after report shows multiple vulnerabilities in voting machines and yet, year after year, there appears to be little forward motion on the security side. This is baffling, considering learning from mistakes is one of those things even lab rats can do -- but it often seems to be almost impossible for voting device vendors. The flaws generally aren't the result of meticulously-targeted exploits by criminals, but rather the sorts of things that shouldn't go overlooked when vetting machines for use in the public sector.
The paperless office may be on the threshold but the (secure) paperless vote is continually several years away.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dre, e-voting, elections, hacking, paper trail, virginia, voting machines
Reader Comments
Subscribe: RSS
View by: Time | Thread
What is so hard about this...
It would seem this market would be ripe for someone to disrupt it with the use of a 'modern' OS *gasp*, security audits, and a paper backup that the voter can validate and be kept for a manual audit.
However... because it is our government we are talking about, these systems aren't chosen on merit, but by who has donated the most money to a congress critter in the area... 'MERICA!
[ link to this | view in chronology ]
Re: What is so hard about this...
They really need a law (or better yet a constitutional amendment) against this practice. Even if there's nothing illegal being done, it looks shady as hell to plenty of people.
Just look back at 2004, there were plenty of people afterwards saying that Diebald rigged the election for Bush because of the generous donations their CEO made to his campaign.
Diebald didn't help themselves either with their constant threats under intellectual property laws to sue anyone who dared even suggest that they might look around at their voting machines to verify it's accuracy & security (including threats to some college professors who were clearly well qualified to be impartial judges on something like this).
The mere threat of lawsuits speaks volumes about how Diebald thinks their software would actually do if it were checked for accuracy and/or security. Especially threats against college professors, since what better endorsement could there be for your product than security experts independently verifying your voting machines accuracy and security?
[ link to this | view in chronology ]
What is so hard
... Congress did that with "Help America Vote Act of 2002" (HAVA)
HAVA was a complex mandate to states on election procedures reform -- forcing many to adopt "modern" voting equipment like touchscreen DRE.
The combination of brilliant U.S. Congress members and even more brilliant state election bureaucrats... really improved American election procedures.
If you want top notch vision and expertise on applied technology -- always put government politicians in charge of things.
[ link to this | view in chronology ]
Re: What is so hard about this...
You leave one in the machine before you leave the stall you leave at least 1 behind.
That way if someone suspects a problem with the automatic tally it can just be counted.
[ link to this | view in chronology ]
Re: Re: What is so hard about this...
After you vote the machine would print a receipt, you review the receipt to make sure it's correct (and have some way to "redo" in case it is not) and then you drop off the receipt in the ballot box. Should there be a particularly close vote or any question about the vote in general, you simply pull out the receipts and count them by hand like we currently do with paper ballots.
[ link to this | view in chronology ]
Voting machines will improve when the purchase contract improves
In this instance, it's not even clear that Virginia is getting any compensation from the vendor as a result of this early retirement, so from the vendor's perspective, this is (in the short term) pure profit. With the machines retired, they won't need to provide any support for them, and they get to keep all the money from the original purchase.
If the government's purchase contract outlined specific measurable security requirements for the machines, and provided generous penalties for failure to meet those requirements (at minimum, all devices subject to return (with full refund, including shipping and handling) at vendor's expense, and vendor is responsible for the costs incurred discovering the weakness, but preferably also some sort of bonus penalty (e.g. on top of the refund, vendor owes x% of original contract), the vendor would be motivated to sell something secure. Until then, why spend the effort securing it when they can keep selling the insecure version?
[ link to this | view in chronology ]
Re: Voting machines will improve when the purchase contract improves
With the machines retired, they won't need to provide any support for them
Very likely the support costs are a year over year cost. It isn't like buying a computer where you'd get a fixed number of months of support, it's a cost built in to next years budget.
Now, if there's an early termination clause to the support contract, then yeah, there's pure profit there.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Easy recounts! Nostalgia for all those Scantron tests as a kid!
And you can vote naked, in the comfort of your own home.
[ link to this | view in chronology ]
Re:
Seriously tho, vote by mail is the best.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: voting by mail
[ link to this | view in chronology ]
Re: Re: Re: voting by mail
If there is evidence of third parties interfering with election integrity, then it should absolutely be addressed, and the responsible parties should be punished. But restricting people's convenient access to the ballot box doesn't protect election integrity, it harms it.
[ link to this | view in chronology ]
Re: Re: Re: Re: voting by mail
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: voting by mail
Except that those are the very parties that are fighting to restrict voter turnout, through unsupported claims of voter fraud.
[ link to this | view in chronology ]
What's Wrong With Scan Ballots?
[ link to this | view in chronology ]
Re: What's Wrong With Scan Ballots?
Congress should require them nationwide, setting standards, eg--
uniform protocols for securing and storing the ballots after the polls close, until it is determined no recount is needed.
Recounts at randomly selected precincts for audit purposes even when no general recount is requested.
Uniform protocols for recounting, to maximize transparency. Example: no recounting officials should use ink the same color as that used by voters. If a machine rejects a vote that a recounted awards to a candidate, the ballot should be kept in a hand-counted pile rather than altered to go through the machine.
[ link to this | view in chronology ]
Re: What's Wrong With Scan Ballots?
The convenience of electronic counting with the security of paper ballots. What's not to like?
There's really no difference between this, and a purely electronic machine which prints out a copy of your receipt, except that in the first case it's possible to fill the paper ballot out in an unclear manner, whereas that can't happen in a digital entry.
So the real question is why all the electronic voting machines fail at something every convenience store does hundreds/thousands of times a day.
[ link to this | view in chronology ]
Re: Re: What's Wrong With Scan Ballots?
[ link to this | view in chronology ]
Re: Re: What's Wrong With Scan Ballots?
It isn't the UI or the report that is the hard part. It is validation that is difficult.
The way I would do it, is have each machine arranged in a horseshoe, and run a constant recording of a string cortet in the middle of all the voting machines. Each vote gets superimposed over a video frame, and then block chained. Validation is by watching the video. If there was tampering, the blockchain wouldn't validate, and the video wouldn't play back properly. Running the bare video next to the vote superimposed video would reveal any hanky panky.
In this way, you could post the videos on a website, and everyone could verify by timestamp, their own votes indefinately after the fact. And if so inclined vote counting could be done by anyone who chose to take on the task.
But there are probably other ways. Really there should be an X-prize for this or something. The state will never build a workable solution, or permit one to be built on contract. It is a group psychology thing. It can be done, but it can't be done by committee.
So yet again the world will be saved by FOSS. Hold the cape and gold stars, and just bring beer and virtuous maidens.
[ link to this | view in chronology ]
Re: What's Wrong With Scan Ballots?
And then of course in the next election - or the next one I remember noticing for, at least - they had replaced those with electronic voting machines. (From Diebold, IIRC.)
[ link to this | view in chronology ]
That was a joke. The VA Legislature is mostly white and Republican, they will not do anything that makes it easier for non white folks to vote.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Uncounted paper ballots
While not inconceivable, suspicious boxes of uncounted paper ballots can be countered by having mutually untrusting observers monitor the creation of all countable boxes. Any extra boxes that show up without an audit trail must be dismissed as uncountable on the mere suspicion that they might be non-legitimate. Parties that want to ensure every vote is counted are thus motivated to ensure every box has an appropriate audit trail, lest the disqualified box be one they later regret.
As for rigging elections, it's much easier to rig the election when the machine's output is the sole determiner. Whoever controls that output controls the election, regardless of what inputs it is given.
[ link to this | view in chronology ]
I see what you did there.
From infections? Sharp edges?
[ link to this | view in chronology ]
Re: I see what you did there.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Tim, you suck
[ link to this | view in chronology ]
The new is not always better than the old
And for what? Making it a little faster to count votes. Not worth it.
[ link to this | view in chronology ]
"your grandparents'"
[ link to this | view in chronology ]
Google Box?
[ link to this | view in chronology ]