Biggest Voting Machine Maker Admits -- Ooops -- That It Installed Remote Access Software After First Denying It

from the you-guys-are-soooooooo-bad-at-this dept

We've been covering the mess that is electronic voting machines for nearly two decades on Techdirt, and the one thing that still flummoxes me is how are they so bad at this after all these years? And I don't mean "bad at security" -- though, that's part of it -- but I really mean "bad at understanding how insecure their machines really are." For a while everyone focused on Diebold, but Election Systems and Software (ES&S) has long been a bigger player in the space, and had just as many issues. It just got less attention. There was even a brief period of time where ES&S bought what remained of Diebold's flailing e-voting business before having to sell off the assets to deal with an antitrust lawsuit by the DOJ.

What's incredible, though, is that every credible computer security person has said that it is literally impossible to build a secure fully electronic voting system -- and if you must have one at all, it must have a printed paper audit trail and not be accessible from the internet. Now, as Kim Zetter at Motherboard has reported, ES&S -- under questioning from Senator Ron Wyden -- has now admitted that it installed remote access software on its voting machines, something the company had vehemently denied to the same reporter just a few months ago. That was then:

In a statement, ES&S said, ‘‘None of the employees who reviewed this response, including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software.’’

This is now:

In a letter sent to Sen. Ron Wyden in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

This should be a massive scandal considering the potential impact on our democracy, but considering all the other scandals going on right now with the potential to impact our democracy, expect this one to not get nearly enough attention. Wyden's own comment on this is noteworthy:

Wyden told Motherboard that installing remote-access software and modems on election equipment “is the worst decision for security short of leaving ballot boxes on a Moscow street corner.”

As for the pcAnywhere software ES&S had installed on those voting machines, well...

In 2006, the same period when ES&S says it was still installing pcAnywhere on election systems, hackers stole the source code for the pcAnyhere software, though the public didn’t learn of this until years later in 2012 when a hacker posted some of the source code online, forcing Symantec, the distributor of pcAnywhere, to admit that it had been stolen years earlier. Source code is invaluable to hackers because it allows them to examine the code to find security flaws they can exploit. When Symantec admitted to the theft in 2012, it took the unprecedented step of warning users to disable or uninstall the software until it could make sure that any security flaws in the software had been patched.

Around this same time, security researchers discovered a critical vulnerability in pcAnywhere that would allow an attacker to seize control of a system that had the software installed on it, without needing to authenticate themselves to the system with a password.

So... that's disturbing.

Anyway, elections are a very tricky problem to do securely. It is a nearly impossible task. But there are lots of things that you clearly should not do, and for some reason, the e-voting manufacturers seem to want to do all of them, and don't seem particularly apologetic about any of it. And, while in the past the idea of hacking an election may have seemed far fetched and conspiracy-minded, these days... not so much. This is a key issue concerning our democracy, and the most incredible thing is how flippant many people are about all of this. Computer security professor Matt Blaze, who knows more about any of this than anyone reading this points out that "in the more than quarter century I've been doing computer security, I've never encountered a problem space nearly as difficult or complex as civil elections."

And yet, we're letting people who don't understand even the slightest bit of the problems and challenges run the show. What a mess.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: e-voting, electronic voting, pcanywhere, remote access, remote access software, ron wyden, security, voting
Companies: diebold, es&s


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 18 Jul 2018 @ 10:50am

    Hey Mike - how soon can we expect your "The big bad EU is picking on poor little Google again" corporate apologist article about the latest Google fine?

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 18 Jul 2018 @ 11:09am

    Don't worry, the antivirus software will protect us!

    link to this | view in thread ]

  3. identicon
    Glen, 18 Jul 2018 @ 11:21am

    Re:

    I know it's hard but can you focus on the current topic?

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 18 Jul 2018 @ 11:24am

    Re:

    How soon can we expect a comment relevant to the actual article?

    Flagged.

    link to this | view in thread ]

  5. identicon
    Wilbert E. Clark III, 18 Jul 2018 @ 11:35am

    Re:

    I have no life.

    link to this | view in thread ]

  6. icon
    BentFranklin (profile), 18 Jul 2018 @ 11:41am

    Re:

    There is an xkcd for everything.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 18 Jul 2018 @ 11:46am

    With something as important as elections I genuinely don't get how some states can be so cheap on how they are done. They already have a bazillion volunteers man the offices for the votes. Why not just have them all on paper, scanned and electronically counted for immediate results. Then have the volunteers and a state election representative hand count the votes for confirmation? Yes it may mean we get a few days of delay in getting certified results, and definitely at least one hanging chad type clusterF____, but at least then there is a viable backup in case there is hacking.

    Maybe I am more patient than most, but I am cool with waiting until that Friday to know who will be responsible for funning the country for the next few years. Hell even if it costs a few million extra dollars to pay the volunteers for overtime, its worth it.

    Is this perfect? Hell no. It is still vulnerable to volunteers who have agendas* and early scanned results being manipulated. But its far better than the current system.

    *I once had an election volunteer who clearly had an issue with a specific demographic voting. I was in college in an area that was a mix of students and residents. This volunteer would clearly single out students for minor issues and put them on provisional ballots. For example, she complained my signature on their dumb electronic pad did not match my ID exactly. I mean it had to match exactly. Every single twirl or slash had to be identical. She made me redo it three times, eventually giving me a provisional ballot. Meanwhile, she barely looked at the ID of the elderly resident who registered after me. So yah no way is a hand count system perfect. But I'd still rather have "Ms I hate Liberals Voting" than Hacker Mc Hacky changing results. At least Ms. I Hate Liberals would face jail time if they found out she lied.

    link to this | view in thread ]

  8. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 18 Jul 2018 @ 11:53am

    Re: Re:

    Flagged? Thank goodness there's the comment police on patrol.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 18 Jul 2018 @ 11:55am

    In ES&S' defense I don't think I've ever dealt with a tech goods and services provider that kept any sort of records for longer than seven years. Odds are they legit didn't know if they had installed pcAnywhere when the question was first asked.

    Yes, that still means they're somewhat negligent and irresponsible. It also means though that anyone taken by surprise by this are in for a long bumpy ride in the world of tech.

    link to this | view in thread ]

  10. identicon
    pixelation, 18 Jul 2018 @ 12:35pm

    Of course they did

    How else are they going to sway the vote?

    link to this | view in thread ]

  11. identicon
    Thad, 18 Jul 2018 @ 12:46pm

    Re: Of course they did

    The same way everybody else does: lobbying and campaign contributions.

    I'm much more inclined to chalk security weaknesses in voting machines up to incompetence than malice -- just like security weaknesses in everything else. If an American company that already has contacts with local politicians wants to influence elections, there are easier, more effective, less risky ways to do it than tampering directly with the voting machines.

    That's not a defense, mind. There's no excuse for bad security practices, especially on voting equipment, and just because I don't see any reason to believe the manufacturers themselves are tampering with election data doesn't excuse leaving the door open for someone else to do so.

    We need better security audits of our voting machines, and there should be serious financial repercussions for companies that make voting machines with glaring security flaws.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 18 Jul 2018 @ 12:50pm

    Maybe say something relavent and you won’t get DMCA votes handed out to you like candy on Halloween.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 18 Jul 2018 @ 1:09pm

    Re:

    Is it negligent to use Windows for your voting machine OS?
    It is certainly questionable.

    link to this | view in thread ]

  14. icon
    Uriel-238 (profile), 18 Jul 2018 @ 1:13pm

    So we have a vector for a LOT of meddling.

    Can they trace if it's ever been used to tamper with an election?

    Can they fix the machines so they're not remotely accessible?

    Because if the answer is no this is going to crush confidence further regarding elections in the US.

    link to this | view in thread ]

  15. identicon
    David, 18 Jul 2018 @ 1:25pm

    Electronic voting machines just don't cut it.

    The ratio and constitution of the part of the populace able to verify their proper functioning throughout an election is too small to put the core tenet of democracy into their care.

    With paper ballots, the amount of votes a particular crook can manage to tamper with is rather limited. With electronic voting machines, not so much.

    I know of large industrial projects in a Western country proceeding without valid permissions because there were billions at stake and the people casting the decision were confident that money would find a way to bribe all the necessary neuralgic points.

    And it did.

    The results of an elections are worth more, and the number of people to bribe quite fewer.

    Bribing your way through paper ballots, in return, is much harder. Essentially you have to bribe the majority of voters (which is what campaign promises are all about) and, well, then it's the voters' fault and/or profit and that's what democracy is about: people at least deserve what they are getting then. But it's also a comparatively expensive manner of tilting the tables.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 18 Jul 2018 @ 1:32pm

    Re: So we have a vector for a LOT of meddling.

    I think you may be underestimating the general public's level of apathy regarding almost anything of importance.

    Maybe I'm a cynic, but I think it likely that a ridiculously small minority of our countrymen will hear about this, let alone utter a single word to anyone else regarding the matter.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 18 Jul 2018 @ 1:34pm

    I find it amusing ANYONE trusts s***antec or M***ee.

    Their software "hoovers up" anything in the documents folder, actively searches for Excel and Word documents, parses them looking for "interesting" words and then sends documents wholesale back to the central server for "processing"
    (i.e. information stealing).

    Also doesn't help that Norton is the equivalent of locking your door at night then blowing a hole in the wall with a grenade.

    Norton will happily run stuff if it even THINKS it came from symantec's website (.exe and .msi files etc) and it's so easy to spoof it's unbelievable anyone would use their software anywhere!

    link to this | view in thread ]

  18. icon
    ECA (profile), 18 Jul 2018 @ 2:03pm

    NO SYSTEM is perfect..

    "every credible computer security person has said that it is literally impossible to build a secure fully electronic voting system"

    There are problems with this..IF you can get your hands on the device, and play with it, you can take time to DO ANYTHING..

    Part and parcel of the problem is a bunch of companies that Cant program CRAP, and use the Standards and programming CURRENTLY available..

    There are ALLOT of tricks and hacks that can be done to make it HARD AS HELL to do anything with the hardware..
    you have to get thru the hardware FIRST..
    Then the Software has to PROTECT itself.

    How in hell cant a Programmer and hardware person design something that is FAIRLY protected from instant ONSITE changes??
    Im sorry, but I think a GOOD system could be build, and SHOULD be at least 90% effective.

    NOW if you want to compare a paper system that we use MOSTLY, with what can be done to corrupt that system... You would need a small amount of history and understand of HOW the system WORKED in the past.
    ANd how many persons in this nation have been disuaded from voting..

    link to this | view in thread ]

  19. identicon
    Waldo, 18 Jul 2018 @ 2:13pm

    What's the.....

    Vote for Waldo! Because what's the friggin point!

    link to this | view in thread ]

  20. icon
    takitus (profile), 18 Jul 2018 @ 2:28pm

    Invaluable to the rest of us

    Quoth Zetter:

    Source code is invaluable to hackers because it allows them to examine the code to find security flaws they can exploit.

    It’s unqualified claims like this that allow voting machine designers to avoid open-sourcing their products. I’d like to think he’s using “hacker” in the old sense of the word, but probably not. Either way, this statement is both too specific and misleading. Source code is also invaluable to those who want to understand/audit this crucial software, and making source code publicly available is, of course, good for security.

    The idea that, for the public’s safety, voting source code should only be available to some NDA-bound developer priesthood needs to be killed dead.

    link to this | view in thread ]

  21. icon
    Uriel-238 (profile), 18 Jul 2018 @ 2:31pm

    The advantage of electronic voting machines...

    ...is that they count the votes better than humans do.

    Unless we count them much the way we did in the 2000 Florida recount in which a small committee examines each ballot and deliberates over whether hanging chads nullify a vote.

    The problem is not the electronic voting machine, but the security problems presented by them, and if we solve that we might even be able to enable internet voting.

    Open sourcing software would make it difficult to cheat.

    In Europe there's been some looks into using blockchain tech to affirm that votes are registered and counted correctly without interference.

    link to this | view in thread ]

  22. icon
    Uriel-238 (profile), 18 Jul 2018 @ 2:34pm

    That runs contrary to Linus' law

    link to this | view in thread ]

  23. icon
    takitus (profile), 18 Jul 2018 @ 2:40pm

    Re: Invaluable to the rest of us

    Correction: It was Symantec’s pcAnywhere source code that was posted, not voting machine software. But of course the point is the same.

    link to this | view in thread ]

  24. icon
    discordian_eris (profile), 18 Jul 2018 @ 2:52pm

    link to this | view in thread ]

  25. icon
    Anonymous Anonymous Coward (profile), 18 Jul 2018 @ 3:03pm

    Re: Re:

    Then maybe they should create an OS that is election system specific. Open Sourced of course, but starting with the premise of security, and minimizing the ability to access it without net access, and say two or three factor authentication and outputs to multiple devices that must be locally installed (a usable device and a backup device). Physically moving one of those outputs to another device for uploading to a compilation machine.

    Security is hard, which makes the ability to access the system harder should be the norm. Paper ballots might be the way to go, though as pointed out elsewhere they have issues as well, the question is, can a system be established that is good enough.

    With an open source hardware/software/firmware/OS project, could we create something that is as good, or better that what we have now? While the experts say no, I am thinking they are responding to existing systems. What if they helped to create a new system (maybe blockchains, also mentioned elsewhere, could help) with many eyes looking at it (also mentioned elsewhere). Perfect security might be a panacea, but what about better security?

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 18 Jul 2018 @ 3:12pm

    Re: Re: Re:

    If you want security in your operating system there is OpenBSD where:

    As of July 2018, only two remote vulnerabilities have ever been found in the default install, in a period of almost 22 years

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 18 Jul 2018 @ 3:16pm

    Re: Re: Invaluable to the rest of us

    Yes, they do not want their shitty coding practices exposed.

    link to this | view in thread ]

  28. icon
    Anonymous Anonymous Coward (profile), 18 Jul 2018 @ 3:29pm

    Re: Re: Re: Re:

    That is an idea, but desktop operating systems, I think, have a tendency to have multiple ways of access (API's) and output (the variety of ports on the machine). I am suggesting an OS that doesn't have any of those. Only one focus. Minimal ways to access, with very strong restrictions. Minimal ways to output, with very strong restrictions. Automatic ways to backup inputs. It might be that it is merely a scanner of that paper ballot, but that does not deprecate the necessity of security, or backup or control of access.

    link to this | view in thread ]

  29. identicon
    Thad, 18 Jul 2018 @ 3:40pm

    Re: Invaluable to the rest of us

    Source code is also invaluable to those who want to understand/audit this crucial software, and making source code publicly available is, of course, good for security.

    Indeed, what we got here was the worst-case for a security-through-obscurity regime: the source code wasn't publicly available, but it was acquired by a malicious third party. That way, the only people (outside of the developers) who were auditing the source code were malicious actors. If the source code had been released for everybody, then white hats could have searched for vulnerabilities in order to disclose and fix them.

    link to this | view in thread ]

  30. identicon
    David, 18 Jul 2018 @ 3:43pm

    Re: The advantage of electronic voting machines...

    Open sourcing software would make it difficult to cheat.

    Nonsense. State-level actors have created awfully involved malware that kept hidden for years. Intel has created processor-level malware (with its "Management engine") that is near impossible to disable. The Spectre and Meltdown vulnerabilities are for us to stay.

    Open Source cannot help against all that, and additionally it does not help against compile chain bootstrap maladies which don't need to remain in the source code after the malware has been bootstrapped.

    A device that cannot be verified and monitored at the time of its operation by nominated non-specialist officials has no place in a crucial point of voting.

    link to this | view in thread ]

  31. identicon
    Thad, 18 Jul 2018 @ 3:44pm

    Re: The advantage of electronic voting machines...

    ...is that they count the votes better than humans do.

    But it's possible to use a machine to count votes without using a machine to cast them.

    I'm still inclined to believe that, in most cases, casting a vote with pen and paper is the best option. If a machine is then required to count the votes, use an optical scanning machine.

    Of course, that still means the optical scanning machine is a failure point and a security risk.

    link to this | view in thread ]

  32. identicon
    David, 18 Jul 2018 @ 3:47pm

    Re: Re: The advantage of electronic voting machines...

    Well, you still have the ballots and can recount. You don't need to trust the scanning machine.

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 18 Jul 2018 @ 3:57pm

    Re: Re: Re: Re: Re:

    A base OpenBSD installation is a command line environment, as its main target audience is servers. Also the BSDs, like Linux, make a windowing system an optional extra.

    They can also be set up so that one terminal presents the ballot, and a separate terminal has to be plugged in to do anything else on the system, and that can be made so that the case has to be opened to do so for extra security.

    link to this | view in thread ]

  34. identicon
    Steve, 18 Jul 2018 @ 4:12pm

    A little mistake

    No need to publish this. There's a malformed link at the end of the second paragraph: "hrev" instread of "href"

    link to this | view in thread ]

  35. icon
    Anonymous Anonymous Coward (profile), 18 Jul 2018 @ 4:28pm

    Re: Re: Re: Re: Re: Re:

    I use Linux, though have no experience with BSD. However I don't think a command line interface would be much of a deterrent to hackers. My thoughts are more along the line of the OS's ability to allow access or more importantly disallow, and control outputs, or more importantly disallow except to specific instances. Being built from the ground up, with those thoughts in mind seems like a better way to go. And much less code to review.

    link to this | view in thread ]

  36. identicon
    Thad, 18 Jul 2018 @ 4:33pm

    Re: tl;dr

    Right. And the likeliest scenarios for vote tampering to make a difference are the ones where the vote is close enough that neither outcome will seem suspicious -- which are also the votes that might trigger a hand recount.

    link to this | view in thread ]

  37. icon
    That One Guy (profile), 18 Jul 2018 @ 5:19pm

    Re: Re: Invaluable to the rest of us

    If the source code had been released for everybody, then white hats could have searched for vulnerabilities in order to disclose and fix them.

    Followed by being sued and/or threatened with lawsuits for their actions, because as any good pointy-haired manager knows those flaws weren't there until the blasted hackers told people about them!

    link to this | view in thread ]

  38. icon
    Ryunosuke (profile), 18 Jul 2018 @ 5:25pm

    is this the same one owned by russian investors?

    link to this | view in thread ]

  39. icon
    ECA (profile), 18 Jul 2018 @ 9:44pm

    Re: What's the.....

    Where is he..?

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 19 Jul 2018 @ 2:56am

    Re: Invaluable to the rest of us

    The hardest part of secure voting to pull off is convincing senior management of the company and governments that the voting machines should not be connected to the Internet, but should combine physical and software security measures so that at least two people need to be present to unlock physical access, and gain software access to do anything other than vote. That is at least one person with a physical key, and another who know the passwords.

    link to this | view in thread ]

  41. identicon
    Yet Another Anonymous Coward, 19 Jul 2018 @ 3:53am

    What if the machine had a self-programming FPGA? Some can take advantage of unique manufacturing flaws in hardware, preventing the resultant software from working on another machine.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 19 Jul 2018 @ 4:54am

    Re:

    "russian"

    That didn't take long, did it?

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 19 Jul 2018 @ 8:35am

    Re: Re: So we have a vector for a LOT of meddling.

    "the general public's level of apathy regarding almost anything of importance."

    It seems the general public's list of what is important begins with putting food on the table and having shelter. I guess that is not important.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 19 Jul 2018 @ 9:15am

    Re: Re: Re: Invaluable to the rest of us

    Is there a good place to post security findings anonymously? Lists like full-disclosure require an email address, and a lot of the free email providers insist on getting phone numbers or other personal data.

    link to this | view in thread ]

  45. icon
    techflaws (profile), 19 Jul 2018 @ 10:05am

    Re: Re: Re: Re:

    "As of July 2018, only two remote vulnerabilities have ever been found in the default install, in a period of almost 22 years"

    'have ever been found' being the key phrase here.

    link to this | view in thread ]

  46. icon
    Uriel-238 (profile), 19 Jul 2018 @ 10:27am

    To the contrary, let's connect them.

    As soon as it is feasible to make voting machines robustly secure without the air gap, let us do so. I think that is ultimately what the future of voting holds.

    I get that we're struggling to get there. I get that among the obstacles to a net-secure voting system is lack of concern by those officials who got themselves elected / appointed through outside meddling.

    But ultimately, being able to vote while connected is a step towards being able to vote by connecting, which will increase voter turn out.

    And yes, some people don't want that. Screw those guys.

    link to this | view in thread ]

  47. icon
    Uriel-238 (profile), 19 Jul 2018 @ 10:29am

    Posting security findings anonymously

    Even the super-temporary fake-email address services?

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 19 Jul 2018 @ 11:02am

    Re:

    Is 'funning' a mash up for running and fucking? It sure seems appropriate taken in context with your sentence.

    link to this | view in thread ]

  49. icon
    Uriel-238 (profile), 19 Jul 2018 @ 12:45pm

    Food and Shelter

    That seems to be the first order of business of every dystopian state: Keep the proles busy just sustaining themselves and they'll never have time to look up and see how awful everything is.

    Giving the US the benefit of the doubt, I think we attained that by accident, encouraging everyone to be competitive and to offer themselves as an low-cost, high-performance employee, especially once it became an employers' market.

    So now everyone is overworked and underpaid and has not even the energy to rear their children, let alone be mindful of civic affairs.

    Which is just the way our corrupt aristocracy wants it. Score!

    link to this | view in thread ]

  50. identicon
    Thad, 19 Jul 2018 @ 1:31pm

    Re: Re: Re: Re: Re:

    I disagree.

    "In the default install" is the key phrase. Because the default install is quite limited.

    link to this | view in thread ]

  51. identicon
    Thad, 19 Jul 2018 @ 2:25pm

    Re: To the contrary, let's connect them.

    I can't see the comment you're responding to, but it looks like you're advocating for online voting?

    I don't believe it's ever going to be feasible.

    The problem is this:

    There needs to be a mechanism whereby (1) I can verify that my vote has been recorded correctly, (2) nobody else can tell how I voted, and (3) I can't vote twice.

    I only know one way of doing that: my identity is verified and a record is made that I have voted; my vote is recorded on a piece of paper that does not identify me; I put that piece of paper in a box.

    (Technically this doesn't actually satisfy (1), because it still requires trust that the people responsible for counting my votes are honest and competent. But ultimately, that's inherent in any democratic system; if the people responsible for tabulating the votes cannot be trusted, then the whole system is compromised.)

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 19 Jul 2018 @ 3:49pm

    Re: Re: Re: Re: Re:

    As OpenBSD focuses on security, it is an attractive target for hackers looking to show their prowess. Also, its developers keep an eye on security flaws being found in other systems, and the looking over their code base for potential similar flaws in their own code base. That low rate of remote vulnerabilities being found is the result of hard work focusing on security.

    link to this | view in thread ]

  53. icon
    Uriel-238 (profile), 19 Jul 2018 @ 4:20pm

    Re: Re: To the contrary, let's connect them.

    I think it is possible, if not by using hash-codes, digital signing, asymmetric encryption and blockchaining then by using a technology related to them.

    Eventually there would be a public blockchain of any given election that anyone could access, and confirm that their own vote is still in there. They should also be able to run the tallying software and get a sum of all the votes for any given election.

    Granted it may require that individuals are responsible to keep and back-up their own access keys. If you lose your key, your own data is gone. But this is a degree of password hygiene we've wanted to encourage the public to sustain anyway.

    The problem human beings cannot be assured to be honest or competent. We've just long assumed they were because the darkness in which they worked was securely impenetrable.

    link to this | view in thread ]

  54. icon
    R2_v2.0 (profile), 19 Jul 2018 @ 11:16pm

    Survivor bias?

    Is this just survivor bias in action? The winning party and their voters have little interest in reforming the system. As far as they're concerned the outcome was 100% accurate.
    For the losers? Rigged election? Well, they would say that wouldn't they?

    link to this | view in thread ]

  55. identicon
    Thad, 20 Jul 2018 @ 9:45am

    Re: Re: Re: To the contrary, let's connect them.

    The problem human beings cannot be assured to be honest or competent. We've just long assumed they were because the darkness in which they worked was securely impenetrable.

    Well, that and election results are usually within the margin of error of polling data.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.