Study Shows Major E-Voting System Open To Numerous Hacking Attacks
from the e-voting-can't-be-secured.-Full-Stop. dept
Another day, another electronic voting system that's simply not up to the task.
Over the weekend, researchers at MIT and the University of Michigan released a paper (pdf) showcasing how OmniBallot, an electronic voting system made by Seattle-based Democracy Live, is vulnerable to hack attacks and vote manipulation. OmniBallot is currently being used used in Colorado, Delaware, Florida, Ohio, Oregon, Washington, and West Virginia. Courtesy of the pandemic, these and several additional states are considering their expanded use of the platform. But the study makes it abundantly clear that may not be a particularly good idea:
"We find that OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare. In addition, Democracy Live, which appears to have no privacy policy, receives sensitive personally identifiable information—including the voter’s identity, ballot selections, and browser fingerprint— that could be used to target political ads or disinformation campaigns."
Great.
Techdirt has, of course, been highlighting the problems with electronic voting since the site began. It's a sector dominated by companies that simply don't seem to care if their platforms can be secured, that often refuse to adhere to basic security standards, that don't allow third-party researchers to fact check their claims, and then simply utter "trust us" every time concerns are raised.
The Omniballot system lets states deliver ballots electronically to voters as a pdf, letting users vote via email, fax or mail. But it's also being used as a pure internet voting system in states like Delaware, which used it as the backbone of its primary voting just last week. Security researchers have been pointing out for decades that there are simply too many attack vectors between your PC/phone and the target destination to adequately secure the data in transit. In this case, researchers found the system was open to both vote and ballot manipulation:
"Specter and Halderman found that with regard to the blank ballots delivered to voters over the internet, an attacker could alter those ballots to change or remove races or candidate names. They could also misdirect completed ballots returned through the internet so they’re sent to the wrong destination. The greatest risk, though, is manipulation of votes. Attackers could use malware on the voter’s computer or injected into the OmniBallot web app so that the ballot could appear correct to the voter reviewing it on their computer while the ballot that’s submitted has different selections."
Researchers found the system transmits all manner of sensitive voter data over the internet that simply doesn't need to be transmitted. The system also uses a wide number of intermediaries, including Amazon, Google, and Cloudflare, all of which researchers say create additional opportunities for manipulation:
"The biggest security problem with internet voting is the insecurity of all the millions of voters’ computers and phones. That doesn’t change, depending on who is hosting the server,” Appel said. “But it’s still an important point to realize that [in this case] it’s not just one server that would need to be secure in addition to the millions of voters’ computers; it’s a whole ecosystem of connected companies."
Again, internet voting cannot be adequately secured. It simply can't at this moment in the technology's development history. There's a long list of companies and government leaders that have fooled themselves to the contrary because it's profitable, but it's hard to find any reputable security researcher that genuinely thinks electronic voting is anywhere near prime time, and this is just one of countless studies making that very clear.
But because our broken Congress has refused to secure proper funding to do mail voting with a proper paper trail correctly, and is insistent on turning secure remote voting into an idiotic partisan issue, this isn't a problem that's going away anytime soon.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: e-voting, electronic voting, omniballot, security risks
Companies: democracy live
Reader Comments
Subscribe: RSS
View by: Time | Thread
Not up to the task?
I think we first must ask what the actual task is? There may be confusion on this point.
It seems these electronic voting systems are splendidly up to the task.
[ link to this | view in thread ]
"sensitive personally identifiable information—including the voter’s identity, ballot selections, and browser fingerprint"
I thought voting was supposed to be anonymous.
[ link to this | view in thread ]
Is this an actual tech-focused article on Techdirt? Instead of another pro-violence anti-law pro-rioting anti-order propaganda piece?
10% of the time, Techdirt is what it says on the label!
[ link to this | view in thread ]
This isn't news.
[ link to this | view in thread ]
Re:
If it was truly anonymous what would stop a person from voting multiple times?
[ link to this | view in thread ]
Nobody forced you to visit this site. Nobody is forcing you to stay. Door’s to your left, find a site you like instead of destroying your mental health by staying on/commenting on a website you hate.
[ link to this | view in thread ]
Re:
Forced me to visit? Is this China? Door is to my LEFT? Why don't you CHANGE YOUR CULTURE HERE!
Change the Culture? The Chinese Revolution? The Soviet Revolution? The American Revolution? Omerica? Obama-America, the SOLUTION to the CORRUPTED American Society. PAY YOUR GARBAGE FEES. STAY INSIDE! No VITAMIN D! If you want to protest for BLM, that's OK, but otherwise, STAY INSIDE AND PAY YOUR GARBAGE. Thank you and don't forget to contribute, On Your Knees, you WHITE SUPREMACIST ASSHOLES! CONTRIBUTE TO BLM! INTEL DID! NIKE DID! DO IT! DO IT! CONTRIBUTE! OR ELSE! JUST DO IT!
[ link to this | view in thread ]
Re: Re:
Voting? Blacks? Have you heard of RECONSTRUCTION?
Black historians —notably DuBois— have challenged the lies of the
standard history of Reconstruction, which all of us were taught in school. In
his book Black Reconstruction, DuBois catalogues the tremendous
achievements of the Reconstruction era : poor and Black people participating
in government for the first time, voting and holding office; the introduction
of progressive income tax; the first massive public school program in the
South; tentative attempts at land redistribution; the temporary
disenfranchisement of many planters/slaveholders; the abolition of
imprisonment for debt; the expansion of women's rights in marriage. Black
people raised the demand for "forty acres and a mule" for every ex-slave,
since without land reform, emancipation would leave them at the mercy of
the planter class. This demand was never met because its content challenged
not only the planters but also the Northern interests who were in the process
of taking over Southern agriculture.
Gains made in public education are testimony to the progressive
character of Reconstruction. At the end of the Civil War, there were no
public schools in the South; by 1870 there were 230,000 children in 4300
schools. This was the result of an astonishing effort by hundreds of Northern
volunteers and abolitionists, with the substantial support of Southern Black
communities and families. 45% of the teachers were women —Black women
from the South, white women from the North. The schools they built
survived the overthrow of Reconstruction, but were later rigidly segregated
by race.
This was a time of slow, painstaking efforts by Blacks to build
working relationships with the dispossessed whites of the South, alliances
which never developed fully. They were finally shattered when Northern
capital and the remnants of the old planter class re-assumed control. The
support of poor whites, working people and other progressive whites for
Reconstruction also involved tens of thousands of Northern white men and
women who came South as volunteers —the "carpetbaggers," slandered and
defamed by later generations. Reconstruction was one of the high points of
unity between Black and white overcoming white supremacy and racism in
our history. This is why it has been written out of the history texts.
The pro-Reconstruction forces had great strength for a while. They
faded by only one vote to convict President Andrew Johnson after
impeaching him for supporting the ex-slaveowners and sabotaging
Reconstruction. Johnson won because the capitalist North, victorious over
its former and future partners, the Southern planters, was eager to get on
with the conquest of the West. Crushing Reconstruction involved the
conscious reinstatement of while supremacy patterns in order to destroy a
kind of people's unity which, if not defeated in the South, could have spread
to class war in the North itself.
The counterrevolution came disguised as the "compromise of
1877." The word "compromise" should read "betrayal:" Northern
Republicans sold out the Black population by allowing federal troops to be
withdrawn from the South, leaving ex-slaves and white Reeonstructionists
open to the terror-campaigns of the planter class. Some of these troops were
then sent North to help break strikes; others were used in the final military
campaigns against the Oglalas, Hunkpapas, Cheyennes and Nez Perce.
And now the counterrevolution is BACK on TECHDIRT! Burn America! Rename America to Omerica, Obama's America! Change every statue, change very book from America to Omerica! YAY!
[ link to this | view in thread ]
Re:
Fascism in this country is not a challenge to those in power by
some more reactionary gang on the outside. Fascism is perpetrated on Third
World people from the seats of power: the Pentagon, the Congress, the White
House, the Supreme Court. In these places liberal and fascist tendencies
compete, but they also connive and conspire. Our strategy must be unity
against existing fascism for the liberation of all oppressed people. Imprisoned
fighters face the brunt of fascist repression and are a center of our struggle.
A solid bridge of communications, news, politics and support sustain sisters
and brothers under brutal isolation and torture, makes a difference in the
treatment of political prisoners and their chances of release. Connections
maximize the impact of prison politics as an essential and leading part of our
movement. Support Ruchcll Magee. Defend the Attica brothers.
-Like Dr. Du Bois said, "The problem of the twentieth century is
the problem of the color line.'" It's our view that white revolutionaries
should look toward building principled alliances, coalitions and working
relationships with Third World people when possible. Support for
self-determination can't be an excuse for failure to engage with Third W r orld
revolutionaries in day-to-day work, A new practice should develop in which we
learn from, struggle with, but don't prejudge or attempt to direct Third World
freedom fighters. Full understanding and support for self-determination is
the basis for this kind of getting together. Win an understanding of the right
of oppressed peoples to determine their own destinies.
[ link to this | view in thread ]
Yes, yes, you’re upset that a Black man kneeled for some reason other than “Massa told me to kneel”. Get over it.
[ link to this | view in thread ]
Re:
Get on my knees? The idea prevails that organizations like Techdirt
means giving up individual integrity, or is irretrievably sexist/male
dominated, or is by definition oppressive. Like every other revolutionary
movement on earth, we desperately need good organizations, strong and
healthy, to embody the struggle and direct our energies like a spear. Not like Techdirt, weak, stupid, and represented by idiots like you.
Cynicism . The subjective mood of surrender and powerlessness is
expressed in various repudiations of Stephen T. Stone or turning to idealistic Utopian
solutions. Cynicism coincides with extreme individualism, expects the
revolution to somehow be pure, like Stephen, and victories easy. We also face adversity:
some activists (like Stephen) feel extremely demoralized, some feel burned out from the
difficulties of revolutionary work. We must help each other through pain and
breakdown, through separation, loss and death. We must care for the
physical and mental health of the revolutionary community (especially Stephen, he's a lost soul), for those in
prison (like Mike will be soon), for the raising of the children and the sustenance of the older people (like me).
At the same time as we recognize the real difficulties, we nourish our
revolutionary spirit, commit every fiber of our lives to the struggle. Omerica! Obama's America! Say it with me!
[ link to this | view in thread ]
Re:
An e-voting system in use by seven states is vulnerable to hacking and vote manipulation and that's not news? Why not?
[ link to this | view in thread ]
Re: Re:
We must all become teachers, using pictures, maps, books, slides,
and newspaper clippings as tools. The true history of Techdirt must be taken
to the people and fought for. The War to Explain the War against EMail should not be
taken lightly by us; it is taken dead seriously by our enemies.
The Provisional Revolutionary Government of Techdirt is an
internationally recognized government, II receives aid from many socialist
countries. In a beautiful and historic act of international solidarity, Fidel
Castro visited Mike Masnick last year, the first head of state to enter
liberated Techdirt Land. In the liberated zones, the foundation for socialism
is being built. South Techdirt could possibly develop the next socialist
revolution to occur in the world. Support for the Masnick is a priority.
Omerica! It's a vision! Obama-America! (Michelle would be so proud)
[ link to this | view in thread ]
Re: Abolish anonymous voting
... your comment sparked a different view of the basic problem -- 'Anonymous Voting might be the cause of most vote fraud' (?)
Positive ID of every voter and their actual ballot selections make fraudulent votes & vote counts very difficult, even online.''
Note that secret voting (Australian Ballot) was not adopted in the U.S. until the late 19th Century.
It used to be a matter of civic duty, civic pride, and patriotism to openly declare your choice of candidates in formal elections.
Maybe Americans should stop hiding behind secret processes -- and bring everything out in the open where it can be honestly observed by all.
[ link to this | view in thread ]
Re:
You are correct. See comment here.
[ link to this | view in thread ]
This has to be the most insane e-voting systems I have heard of yet, and that is saying a lot. Email? Really? Pure Internet voting system? You've got to be out of your frickin' mind! As Karl says in the "dept." line
What is so hard about that? encryption-can't-have-backdoors.-Full-Stop. What is so hard about that, too? These things have been said so loudly by so many highly-qualified people for so long that the only possibile reason I can see for people continuing to try to implement e-voting and encryption backdoors is malicious, criminal intent. Neither ignorance nor incompetence can be used as an excuse.
[ link to this | view in thread ]
Re: Re:
Reading one of these screeds is like watching Zippy the Pinhead blow a gasket.. without the endearing zany quality of the discourse.
[ link to this | view in thread ]
Re:
Neither is "it's going to be sunny and hot in Phoenix in June," but the paper still has a weather section.
[ link to this | view in thread ]
As soon as you can guarantee that everyone has access to proper IDs and the resources required to get said IDs — a specific issue brought up whenever voter ID laws are proposed — we’ll get right on that.
[ link to this | view in thread ]
Re: Re: Re:
Wow, this one is completely off his meds. What's next? Posting dick pics?
[ link to this | view in thread ]
Re: Re: Re: Re:
Hamilton has never gotten over having to wear the Fran Drescher mask while Shiva Ayyadurai sends an email up his asshole.
[ link to this | view in thread ]
Re: Re: Abolish anonymous voting
In Stalinist Russia, publicly declaring your vote helped ensure an edifying 100% majority for the Party's candidate. Nevertheless, under the free-est constitution in the World, a screen was made available behind which antisocial elements could scratch out printed names.
In the USA, I would not expect 100% pluralities in public ballots, if only because different communities might unanimously support opposing candidates. Nevertheless, some would feel pressured to vote against their conscience and/or interest by employers, officials controlling government services and benefits, nursing home managers, church officials, gang leaders, etc.
Also, of course, votes could be bought.
[ link to this | view in thread ]
But what about mail?!
[ link to this | view in thread ]
Re:
... without all the downsides attached to IDs as they are so frequently created.
[ link to this | view in thread ]
Re: Re:
With the attendant reminder that this is not a hot news site. Maybe he needs a ticker from API or some shit.
[ link to this | view in thread ]
Re:
And since you quoted it, it finally sank in that... PDF. PDF? For real?
[ link to this | view in thread ]
Re: Re:
You are unable to think of any way to do this?
[ link to this | view in thread ]
Re:
From what I understand, mail (USPS) works pretty well for elections, and is fairly easy to do properly, given the will and just a bit of preparation. The will seems to be the main problem these days, and if preparations are left to the last minute, then all bets are off. You can't just wiggle your nose and have millions of ballots magically printed, mailed, delivered, filled out, and returned by mail overnight.
[ link to this | view in thread ]
Re: Re: Re: Abolish anonymous voting
... so how did the U.S. survive and prosper in its first hundred years with that risky public balloting system?
[ link to this | view in thread ]
Re:
?? there's no "guarantee" now that everyone has access to proper IDs -- it's irrelevant to the basic issue of secret versus public voting.
[ link to this | view in thread ]
Re: Re: Re: Re: Abolish anonymous voting
Until Jackson's election (1828), the USA was not an electoral democracy. (Even after that, it was limited to White males.) From 1828, there would be some rough practice until the adoption of the secret ("Australian") ballot around 1890, but the weak powers of government made the losses tolerable. If you had trouble with the local political leadership, it was easy to get a new start a few towns away. (Though the division of the country into political monocultures would contribute to one bloody civil war.)
Today, the government is much more powerful, and public ballots of those who vote wrong will be a permanent part of the Internet, attracting enemies wherever they might try to go
[ link to this | view in thread ]
Re: Re: Re:
"And now the counterrevolution is BACK on TECHDIRT! Burn America! Rename America to Omerica, Obama's America! Change every statue, change very book from America to Omerica! YAY!"
So you copy-paste half a thesis which states that "after the civil war it turns out the north had racists too" then try to magically make the text say what it doesn't say at all by shitting out your customary cry of "But Obama!" yet one more time?
Tell me, Baghdad Bob, just when was it that you developed the delusion that shouting the name of the former, black president would provide the power of changing historical reality to conform with your own narrative?
[ link to this | view in thread ]
Re: Re:
Looks to me as if white supremacists just won't quit trying to pretend to be what they imagine a black activist should look like - even after the venerable organization of "Identity Evropa" - rebranded as the "American Identity Movement" got caught with their pants down trying to pretend being violent black lives matter-activists.
Well, we always knew you guys are a bit...slow...to adjust.
But hey, don't your little blackface improv of being the "Angry Black Activist" failing miserably discourage you. At least you managed to get your usual "But Obama!" in right at the end. You'll still be welcomed at the next cross-burning, I'm sure.
[ link to this | view in thread ]
Re: Re:
Still pretending to be a black activist, Baghdad Bob?
...and this time around trying to quote out-of-context Bill Ayers. Bravo. You have proven that at some point in time someone created what is known as writing.
Writing which, if actually read, doesn't really say what you appear to think it says. Next step for you, then, is for you to learn to read...because as pathetic as your blackface acts are, it's even worse when the links and copypasta you put out is either irrelevant or presents a situation 180 degrees opposite of what you believe it does.
English reading comprehension isn't highly valued in the trailer park, is it?
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Well, he has, at the very least, learned to repress the grim reality of his fallen idols by finding a new cause to hate.
These days "But Obama!" delivers for all his needs.
50 years down the line maybe he'll get over the black man who became president. Unless another black dude gets elected at some point. I imagine oxygen and a defibrillator will be needed.
For now though, we should just keep reminding him kindly that Obama is, in fact, not the president anymore and the DNC aren't evil enough to set a woman up as primary candidate, no doubt out of respect for his tender sensibilities.
[ link to this | view in thread ]
Re: Re:
" PDF? For real?"
For realz, apparently. It's not a good sign that the most obvious cheat will be a commercially available editor.
[ link to this | view in thread ]