Virginia (Again) Dumps Electronic Voting Devices Over Concerns About Election Interference

from the deja-vu-for-President! dept

It seems Virginia can't catch a break when it comes to voting. Trusting vendors to provide secure electronic voting devices just isn't paying off. Two years ago, Virginia pulled a bunch of voting machines after it was discovered they were leaky, insecure devices masquerading as something American voters could trust.

The security wasn't just bad in the way many machines are -- frailties that can only be sussed out by security researchers and talented criminals. No, they were bad in the way your grandparents' Google Box is: "secured" with passwords like "abcde" or "admin," along with accessible DOS prompts and multiple open ports.

Time moves on but the electronic portion of Virginia's electoral system does not.

Virginia’s election supervisors on Friday directed counties to ditch touchscreen voting machines before November’s elections, saying the devices posed unacceptable digital risks.

[...]

The decision forces Virginia counties to swiftly replace any touchscreen devices with machines that produce a paper trail, ensuring the state can audit its closely watched gubernatorial race this November between Democrat Ralph Northam and Republican Ed Gillespie.

With possible interference in last year's presidential election not even in the rearview mirror yet, Virginia's government is moving up the date of its planned obsolescence. As Politico notes, there's already a law on the books in Virginia phasing out use of touchscreen voting devices by 2020. This just moves that date forward three years, just in time for this year's elections.

It's not that electronic voting devices are inherently bad. It's just that they appear to be inherently flawed. Report after report shows multiple vulnerabilities in voting machines and yet, year after year, there appears to be little forward motion on the security side. This is baffling, considering learning from mistakes is one of those things even lab rats can do -- but it often seems to be almost impossible for voting device vendors. The flaws generally aren't the result of meticulously-targeted exploits by criminals, but rather the sorts of things that shouldn't go overlooked when vetting machines for use in the public sector.

The paperless office may be on the threshold but the (secure) paperless vote is continually several years away.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dre, e-voting, elections, hacking, paper trail, virginia, voting machines


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    aerinai (profile), 12 Sep 2017 @ 11:25am

    What is so hard about this...

    I just am appalled at how slapdash these e-voting machines are. You hear about these Still running Windows XP or never having even the most basic of a security audit ran on them...

    It would seem this market would be ripe for someone to disrupt it with the use of a 'modern' OS *gasp*, security audits, and a paper backup that the voter can validate and be kept for a manual audit.

    However... because it is our government we are talking about, these systems aren't chosen on merit, but by who has donated the most money to a congress critter in the area... 'MERICA!

    link to this | view in chronology ]

    • icon
      ShadowNinja (profile), 12 Sep 2017 @ 12:15pm

      Re: What is so hard about this...

      However... because it is our government we are talking about, these systems aren't chosen on merit, but by who has donated the most money to a congress critter in the area... 'MERICA!

      They really need a law (or better yet a constitutional amendment) against this practice. Even if there's nothing illegal being done, it looks shady as hell to plenty of people.

      Just look back at 2004, there were plenty of people afterwards saying that Diebald rigged the election for Bush because of the generous donations their CEO made to his campaign.

      Diebald didn't help themselves either with their constant threats under intellectual property laws to sue anyone who dared even suggest that they might look around at their voting machines to verify it's accuracy & security (including threats to some college professors who were clearly well qualified to be impartial judges on something like this).

      The mere threat of lawsuits speaks volumes about how Diebald thinks their software would actually do if it were checked for accuracy and/or security. Especially threats against college professors, since what better endorsement could there be for your product than security experts independently verifying your voting machines accuracy and security?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Sep 2017 @ 1:35pm

        What is so hard

        "They really need a law..."


        ... Congress did that with "Help America Vote Act of 2002" (HAVA)

        HAVA was a complex mandate to states on election procedures reform -- forcing many to adopt "modern" voting equipment like touchscreen DRE.

        The combination of brilliant U.S. Congress members and even more brilliant state election bureaucrats... really improved American election procedures.
        If you want top notch vision and expertise on applied technology -- always put government politicians in charge of things.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Sep 2017 @ 2:51pm

      Re: What is so hard about this...

      Why not just have it print a ballot out (or two) after you vote that you can verify are what you voted?

      You leave one in the machine before you leave the stall you leave at least 1 behind.

      That way if someone suspects a problem with the automatic tally it can just be counted.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 13 Sep 2017 @ 4:08am

        Re: Re: What is so hard about this...

        I have long advocated doing this very thing.

        After you vote the machine would print a receipt, you review the receipt to make sure it's correct (and have some way to "redo" in case it is not) and then you drop off the receipt in the ballot box. Should there be a particularly close vote or any question about the vote in general, you simply pull out the receipts and count them by hand like we currently do with paper ballots.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Sep 2017 @ 12:31pm

    Voting machines will improve when the purchase contract improves

    In this instance, it's not even clear that Virginia is getting any compensation from the vendor as a result of this early retirement, so from the vendor's perspective, this is (in the short term) pure profit. With the machines retired, they won't need to provide any support for them, and they get to keep all the money from the original purchase.

    If the government's purchase contract outlined specific measurable security requirements for the machines, and provided generous penalties for failure to meet those requirements (at minimum, all devices subject to return (with full refund, including shipping and handling) at vendor's expense, and vendor is responsible for the costs incurred discovering the weakness, but preferably also some sort of bonus penalty (e.g. on top of the refund, vendor owes x% of original contract), the vendor would be motivated to sell something secure. Until then, why spend the effort securing it when they can keep selling the insecure version?

    link to this | view in chronology ]

    • icon
      Discuss It (profile), 12 Sep 2017 @ 3:38pm

      Re: Voting machines will improve when the purchase contract improves

      With the machines retired, they won't need to provide any support for them

      Very likely the support costs are a year over year cost. It isn't like buying a computer where you'd get a fixed number of months of support, it's a cost built in to next years budget.

      Now, if there's an early termination clause to the support contract, then yeah, there's pure profit there.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Sep 2017 @ 12:32pm

    Lets all just vote with facebook! /s

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Sep 2017 @ 12:34pm

    Join those of us in the "Vote By Mail" crowd!

    Easy recounts! Nostalgia for all those Scantron tests as a kid!

    And you can vote naked, in the comfort of your own home.

    link to this | view in chronology ]

    • icon
      Grey (profile), 12 Sep 2017 @ 12:38pm

      Re:

      Bah, got signed out on that post.

      Seriously tho, vote by mail is the best.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Sep 2017 @ 1:07pm

        Re: Re:

        Except if you're in Missouri, in which case you have to go find a notary to sign your ballot.

        link to this | view in chronology ]

      • icon
        Hugo S Cunningham (profile), 12 Sep 2017 @ 1:47pm

        Re: Re: voting by mail

        The problem with voting by mail is that your boss, your church, your landlord, or your nursing home can demand to see your ballot. There have not been many complaints in Oregon, a State with a high degree of public trust, but States with sharp-elbowed machine cultures would have no end of opportunities for mischief.

        link to this | view in chronology ]

        • identicon
          Thad, 12 Sep 2017 @ 2:27pm

          Re: Re: Re: voting by mail

          There's really no modern evidence to suggest that this kind of interference is a legitimate problem. Meanwhile, states like Arizona have used the specter of ballot interference to restrict voting methods disproportionately employed by minorities (eg churches collecting and submitting absentee ballots).

          If there is evidence of third parties interfering with election integrity, then it should absolutely be addressed, and the responsible parties should be punished. But restricting people's convenient access to the ballot box doesn't protect election integrity, it harms it.

          link to this | view in chronology ]

          • icon
            orbitalinsertion (profile), 12 Sep 2017 @ 2:41pm

            Re: Re: Re: Re: voting by mail

            Usually that third party is comprised of currently elected officials and other interested parties with money and power, so yeah.

            link to this | view in chronology ]

            • identicon
              Thad, 12 Sep 2017 @ 3:24pm

              Re: Re: Re: Re: Re: voting by mail

              Except that those are the very parties that are fighting to restrict voter turnout, through unsupported claims of voter fraud.

              link to this | view in chronology ]

  • icon
    BJC (profile), 12 Sep 2017 @ 1:16pm

    What's Wrong With Scan Ballots?

    In my Virginia municipality, you mark in dark ink on an electronically-scanned paper ballot, then feed it into the machine. The convenience of electronic counting with the security of paper ballots. What's not to like?

    link to this | view in chronology ]

    • icon
      Hugo S Cunningham (profile), 12 Sep 2017 @ 1:40pm

      Re: What's Wrong With Scan Ballots?

      I share your enthusiasm for hand-recountable OCR cards; we also use them in Massachusetts.

      Congress should require them nationwide, setting standards, eg--

      uniform protocols for securing and storing the ballots after the polls close, until it is determined no recount is needed.

      Recounts at randomly selected precincts for audit purposes even when no general recount is requested.

      Uniform protocols for recounting, to maximize transparency. Example: no recounting officials should use ink the same color as that used by voters. If a machine rejects a vote that a recounted awards to a candidate, the ballot should be kept in a hand-counted pile rather than altered to go through the machine.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Sep 2017 @ 2:11pm

      Re: What's Wrong With Scan Ballots?

      The convenience of electronic counting with the security of paper ballots. What's not to like?

      There's really no difference between this, and a purely electronic machine which prints out a copy of your receipt, except that in the first case it's possible to fill the paper ballot out in an unclear manner, whereas that can't happen in a digital entry.

      So the real question is why all the electronic voting machines fail at something every convenience store does hundreds/thousands of times a day.

      link to this | view in chronology ]

      • icon
        Hugo S Cunningham (profile), 12 Sep 2017 @ 2:18pm

        Re: Re: What's Wrong With Scan Ballots?

        Am I correct in assuming that, after the voter views and approves his receipt, he immediately gives it back to the voting official? Otherwise, one would make vote-buying easy and enforceable.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 13 Sep 2017 @ 8:12am

        Re: Re: What's Wrong With Scan Ballots?

        "There's really no difference between this and a purely electronic machine which prints out a copy of your receipt"

        It isn't the UI or the report that is the hard part. It is validation that is difficult.

        The way I would do it, is have each machine arranged in a horseshoe, and run a constant recording of a string cortet in the middle of all the voting machines. Each vote gets superimposed over a video frame, and then block chained. Validation is by watching the video. If there was tampering, the blockchain wouldn't validate, and the video wouldn't play back properly. Running the bare video next to the vote superimposed video would reveal any hanky panky.

        In this way, you could post the videos on a website, and everyone could verify by timestamp, their own votes indefinately after the fact. And if so inclined vote counting could be done by anyone who chose to take on the task.

        But there are probably other ways. Really there should be an X-prize for this or something. The state will never build a workable solution, or permit one to be built on contract. It is a group psychology thing. It can be done, but it can't be done by committee.

        So yet again the world will be saved by FOSS. Hold the cape and gold stars, and just bring beer and virtuous maidens.

        link to this | view in chronology ]

    • icon
      The Wanderer (profile), 14 Sep 2017 @ 8:07pm

      Re: What's Wrong With Scan Ballots?

      Back when the 2000 elections happened, and "hanging chads" became a household word, I looked at the paper ballots in use where I live (Maryland) and thought that they were clearly superior, having none of the lack-of-clarity problems of the ballots described as being in use in Florida. (Arrowhead at one side of the page, arrow fletching at the other side, IIRC one such for each candidate; you use a Sharpie to draw the black line connecting the halves of the arrow corresponding to the candidate you want, then feed the paper into a machine that scans for that long, thick, dark line.)

      And then of course in the next election - or the next one I remember noticing for, at least - they had replaced those with electronic voting machines. (From Diebold, IIRC.)

      link to this | view in chronology ]

  • icon
    Chris ODonnell (profile), 12 Sep 2017 @ 1:37pm

    As a resident of VA I'm happy to see those touch screen devices go. Scantron is fine and maybe this will force the Legislature to give serious consideration to vote my mail.

    That was a joke. The VA Legislature is mostly white and Republican, they will not do anything that makes it easier for non white folks to vote.

    link to this | view in chronology ]

  • identicon
    Stosh, 12 Sep 2017 @ 1:45pm

    Without paper ballots you can never have poll workers finding boxes of "uncounted ballots" in the trunk of their cars in those close elections. How else is an election going to turn out the right way?!?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Sep 2017 @ 2:25pm

      Re: Uncounted paper ballots

      While not inconceivable, suspicious boxes of uncounted paper ballots can be countered by having mutually untrusting observers monitor the creation of all countable boxes. Any extra boxes that show up without an audit trail must be dismissed as uncountable on the mere suspicion that they might be non-legitimate. Parties that want to ensure every vote is counted are thus motivated to ensure every box has an appropriate audit trail, lest the disqualified box be one they later regret.

      As for rigging elections, it's much easier to rig the election when the machine's output is the sole determiner. Whoever controls that output controls the election, regardless of what inputs it is given.

      link to this | view in chronology ]

  • icon
    ThaumaTechnician (profile), 12 Sep 2017 @ 1:47pm

    I see what you did there.

    "touchscreen voting machines...posed unacceptable digital risks"

    From infections? Sharp edges?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Sep 2017 @ 2:42pm

    Why do we vote for people, I would much rather vote on the issues.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Sep 2017 @ 8:37pm

      Re:

      Because most people can't take time off work to go to the polls every week, and the government doesn't want to deal with the security issues of voting online.

      link to this | view in chronology ]

  • identicon
    Capt ICE Enforcer, 12 Sep 2017 @ 3:36pm

    Tim, you suck

    Tim. Why would you broadcast my Google Box password in your article. Now I need to find a way to change it. I hate you...

    link to this | view in chronology ]

  • identicon
    Anonymous Cowherd, 12 Sep 2017 @ 5:24pm

    The new is not always better than the old

    I would say that electronic voting machines are indeed inherently bad. They introduce very serious problems involving security, privacy and usability without any real advantages over traditional pen and paper ballots. That the devices themselves are built by the lowest bidder is a big part of the problem, but even the most competently built machine can't negate the flaws in the concept itself. Electronic voting is a black box, the operation of which is not directly observable or verifiable by involved parties or independent observers. Something people have no choice but to trust, can never be considered trustworthy.

    And for what? Making it a little faster to count votes. Not worth it.

    link to this | view in chronology ]

  • identicon
    Just a second, 12 Sep 2017 @ 7:08pm

    "your grandparents'"

    I am a grandparent and I'm still at the leading bleeding tech edge, while my kids are the ones who have little interest. And I'm probably not the only tech person feeling insulted (can I sue you?)

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2017 @ 10:25am

    Google Box?

    What's the aforementioned "Google Box"? Android phones and Chromebooks don't have a "DOS prompt", and grandparents aren't likely to have Google intranet search appliances.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.