Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government Democrats Security United States

Senators Demand To Know Why Election Vendors Still Sell Voting Machines With 'Known Vulnerabilities' (techcrunch.com) 169

An anonymous reader quotes a report from TechCrunch: Four senior senators have called on the largest U.S. voting machine makers to explain why they continue to sell devices with "known vulnerabilities," ahead of upcoming critical elections. The letter, sent Wednesday, calls on election equipment makers ES&S, Dominion Voting and Hart InterCivic to explain why they continue to sell decades-old machines, which the senators say contain security flaws that could undermine the results of elections if exploited. "The integrity of our elections is directly tied to the machines we vote on," said the letter sent by Sens. Amy Klobuchar (D-MN), Mark Warner (D-VA), Jack Reed (D-RI) and Gary Peters (D-MI), the most senior Democrats on the Rules, Intelligence, Armed Services and Homeland Security committees, respectively. "Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price," the letter adds.

Their primary concern is that the three companies have more than 90 percent of the U.S. election equipment market share but their voting machines lack paper ballots or auditability, making it impossible to know if a vote was accurately counted in the event of a bug. Yet, these are the same devices tens of millions of voters will use in the upcoming 2020 presidential election. ES&S spokesperson Katina Granger said it will respond to the letter it received. The ranking Democrats say paper ballots are "basic necessities" for a reliable voting system, but the companies still produce machines that don't produce paper results.

This discussion has been archived. No new comments can be posted.

Senators Demand To Know Why Election Vendors Still Sell Voting Machines With 'Known Vulnerabilities'

Comments Filter:
  • by aitikin ( 909209 ) on Wednesday March 27, 2019 @04:34PM (#58343946)
    People keep buying the machines. Just like people keep buying the new versions of Skyrim.
    • by Anonymous Coward

      Seriously dude, don't drag Skyrim into this. What did it ever do to you?

      • I bet it involves an arrow and his knee.

        • by aitikin ( 909209 )
          If I had mod points and the ability to mod, this would be high on my funny list. That being said, I've honestly never played any of the Elder Scrolls games. I've heard it's well worth my time, but I also don't have the time to commit to any of them (and I hate not starting at the beginning of a series)...
      • by aitikin ( 909209 )
        Nothing. But the head of Bethesda literally said that [ign.com] about why they keep remaking Skyrim on different ports.
    • this is about fixing serious vulnerabilities in the existing machines. The 4 Senators would settle for a new "version" without the obvious, glaring vulnerabilities that make it child's play to game elections.
      • by lgw ( 121541 )

        Do you believe that the people in actual power in the US want actual democracy? Do you think their pet senators see these vulnerabilities as a bug, or as a feature?

    • by bob4u2c ( 73467 )
      I was going to post: because the machines keep making them money. Why stop selling something that makes you money because of some sill vulnerability thing?
      • by rtb61 ( 674572 )

        I would have gone with because the vulnerabilities are a feature not a bug and without them those locations that buy them would not and would go back to pencil and failure. Being able to mass change votes, A FEATURE and not a bug.

    • Just like people keep buying the new versions of Skyrim.

      Guilty.

  • by rsilvergun ( 571051 ) on Wednesday March 27, 2019 @04:34PM (#58343950)
    how they're all Democrats. Ok, it's not that funny [google.com]. In fact, it's not funny at all [washingtonpost.com]. It's more than a little messed up [cnn.com] actually.
    • by rsborg ( 111459 )

      how they're all Democrats. Ok, it's not that funny [google.com]. In fact, it's not funny at all [washingtonpost.com]. It's more than a little messed up [cnn.com] actually.

      GOP must just love the idea of rigging elections. I mean, why do none of them speak out against these situations?

      • " GOP must just love the idea of rigging elections. I mean, why do none of them speak out against these situations? "

        If the GOP needs any tutoring / coaching in the area of rigging anything, they should ask Team Blue for tips on how they rigged the DNC. :|

        • changed their rules after they got caught (though the right wingers in the party managed to hang onto some of their power sadly). Check the links above. The GOP keeps getting caught again and again and again. No changes whatsoever. They keep doing it because they keep getting away with it.
          • by Z80a ( 971949 )

            Come on, it's fair because both sides do it!
            Except for the other sides that can't, but no one care about those because only two parties is perfect and all.

            • but the difference is that when the Dems were called on it they made changes. When the GOP is called on it they deny, evade, lie, double down, and do it all over again.
        • There's also this small fact, right here.
          The DNC is a 527 organization (IRC s.527)
          It is free to do what it will within that organization. It's free to select the candidates it puts on its tickets however it sees fit.
          Is what they did hypocritical, since they seem to support universal suffrage? Yes.
          But it's not even the same ballpark is changing laws in ways that are proven to disenfranchise legal voters.
    • Just links to democrat mouthpieces, the same sources that peddled the Trump collusion narrative. So insightful.

      You know what would happen to anyone making a counter argument, but linking to Fox or Breitbart instead. Biased moderation isn't convincing anyone, it just damages any hope for a balanced discussion.

  • Normally, I would disagree with the following quote:

    The ranking Democrats say paper ballots are "basic necessities" for a reliable voting system, but the companies still produce machines that don't produce paper results.

    But if these vendors can't even patch their systems, I don't trust them to implement an auditable system that guarantees privacy based on a solid understanding of modern crypto.

    So, sadly, paper ballots seem necessary in 2019.

    • It's not like paper ballots are really any better. There's no shortage of stories about them going missing. You can get a whole list of Google auto-complete suggestions for "box of ballots found" to help you narrow it down. If you want to ensure that an election isn't getting tampered with in some way, you need to make sure that as many opposed parties can participate in the process. Even if they're all independently crooked, they'll keep each other honest.
      • There are admittedly currently some big problems with how we handle things - but we could require things to be handled better with minimal difficulty.

        For example, as paper ballots are collected put them in a box until it's full. Then seal the box and slap a label on it that gives it a unique identifier, along with listing the IDs of the immediately previous and next boxes from that polling place, or "does not exist" for the first and last boxes from a particular election and polling place. For further secu

        • by dryeo ( 100693 )

          Why not just count them at the polling place with members of all parties and any interested members of the public watching?
          Then do your labeling in case a recount is ordered.

          • We could, though you you need to manage far more (but far smaller) countings. And either do it immediately after the polls close, or arrange for the ballots at each polling place to be guarded by a cross-party group overnight.

            Heck, make the "boxes" small enough, and you could even "volunteer" voters for counting duty throughout the day. Show up to vote, and have a 10% chance of being pulled aside to the counting room to tally a couple packets of maybe 50 ballots each, instead of waiting in line. That le

      • It's not like paper ballots are really any better. There's no shortage of stories about them going missing. You can get a whole list of Google auto-complete suggestions for "box of ballots found" to help you narrow it down. If you want to ensure that an election isn't getting tampered with in some way, you need to make sure that as many opposed parties can participate in the process. Even if they're all independently crooked, they'll keep each other honest.

        There are two advantages to paper ballots:
        1. They are marked directly by the voter and are documentary proof of the voter's intention.
        2. They are at any time, hand countable

        Voting machines are unreliable, expensive and unverifiable. There is no records of individual votes, except the data in the memory of that machine, which may or may not be accurate. Voter-marked paper ballots, automatically counted is the only reasonable way forward. Voting machines are only a win for the companies that sell them.

    • Normally, I would disagree with the following quote:

      The ranking Democrats say paper ballots are "basic necessities" for a reliable voting system, but the companies still produce machines that don't produce paper results.

      But if these vendors can't even patch their systems, I don't trust them to implement an auditable system that guarantees privacy based on a solid understanding of modern crypto.

      So, sadly, paper ballots seem necessary in 2019.

      Yup, that is true. As things stand people can ... oopsie daisy, wipe the database containing the key voting data whenever it is convenient: https://eu.usatoday.com/story/... [usatoday.com] Kemp's explanations sound hard enough to believe as it is. If there were paper copies he'd really have to stretch to explain why the paper copies accidentally caught fire and burned to ashes in an old old oil drum in the yard behind his office the very same day the database was wiped.

      • There's also a very good argument that computerized voting is just inherently untrustworthy. You have to trust the developers both to make it work properly in the first place, and to make it unhackable. You need to make sure the code is audited, and that the software actually running is identical to the audited code. You need to make sure that nothing has been tampered with-- not the hardware or software of the machines themselves, nor any systems where the information is gathered or stored. And as you

    • > I don't trust them to implement an auditable system that guarantees privacy based on a solid understanding of modern crypto.

      Neither do I, which is why an auditable paper trail is so important. Until someone actually manages to make an independently tested, audited, open-source, electronic voting system with perfect security, the only way to ensure that elections aren't rigged is to be to have an unhackable paper trail.

      Well, that, and to *actually perform* random manual recounts on a frequent and wide-

      • by dryeo ( 100693 )

        Even an independently tested, audited, open-source, electronic voting system with perfect security isn't good enough unless the average, or better, most all, people can understand it. As long as it is a black box to the average voter, there won't be any trust.

        • Why would you say that? Most people don't even understand all the details of how the current election system works.

          All you really need is that the system be straightforward enough that most people know somebody they trust who is capable of understanding the system well enough to assure them that it's trustworthy.

          You can get into all sorts of counting complexities like condorcet voting, etc., but that's something completely independent from "can I trust the integrity of the system"

          • by dryeo ( 100693 )

            All you really need is that the system be straightforward enough that most people know somebody they trust who is capable of understanding the system well enough to assure them that it's trustworthy.

            Well, I don't know anyone that I'd trust to know the system is trustworthy and I probably know more techs then the average person.

            • A bold statement, considering wehaven't actually mentioned any particular system. A straightforward electronic counting of paper ballots, designed specifically to be as small and easily-understood as possible, should be pretty easy for any decent programmer to audit.

              It's worth mentioning that personally I think any electronic voting or tallying machine should be an embedded system with no operating system at all, and be as minimalist as possible for exactly that reason - every line of code on the machine

              • by dryeo ( 100693 )

                There seems to be a lot of people that can't be convinced that vaccines are a positive, the Earth is not flat and various other things, so even if the black box is very simple, a sizeable number of people will not understand it or won't believe it is actually what it says on the box.
                It's the advantage of paper, pencil and simple boxes, everyone can understand it.

                • There'll always be a fringe of idiots. Sometimes they'll even be a modest percentage. And you'll never convince them of anything they don't want to believe, so don't waste your time trying.

                  Meanwhile, we currently have elections, electronic and paper, that are often so badly managed that stealing an election would be relatively straightforward - and most people seem to believe we don't have a serious problem. So apparently the mediocre masses don't actually have a problem so long as they think they under

    • But if these vendors can't even patch their systems, I don't trust them to implement an auditable system that guarantees

      If it needs patches then it doesn't guarantee anything.

  • "Election Vendors" (Score:5, Insightful)

    by Anonymous Coward on Wednesday March 27, 2019 @04:35PM (#58343956)

    That's really *quite* fitting. And instantly makes the title answer the question.

    • by Anonymous Coward on Wednesday March 27, 2019 @05:17PM (#58344254)

      Wasn't it Diebold who got caught promising to "deliver you the election" to a bunch of Republicans a couple years back? The backlash then forced him to rename the company into "Premier Election Solutions", wasn't it?

      No, I don't care it was this party instead of that. What matters is that it was a political party at all. And, of course, that far too many places in the USoA still think that such voting machines are a good idea, or that throwing away the voting tally slips is okay, and so on, and so forth.

      • by _merlin ( 160982 ) on Thursday March 28, 2019 @12:36AM (#58345992) Homepage Journal

        Eugh, there was software I'd been involved in the development of running on those Diebold voting machines (I didn't work for Diebold, just a vendor they bought software from). It wasn't the kind of software I'd want running on a voting machine.

        • by Anonymous Coward

          Well, that explains a heck of a lot. Diebold, the people who you'd expect to be writing the software, are passing the buck down to third-party contractors. No wonder their machines aren't secure, they outsource their liability.

  • I haven't... Do the vendors offer any warranty/assertion of 'fitness for use'? Or do they follow most of the rest of the software industry with license terms that basically say "We will not warrant this software does what it's supposed to do, so you can't sue us for any problems."

  • by burtosis ( 1124179 ) on Wednesday March 27, 2019 @04:52PM (#58344054)
    How is even selling these legal? Any electronic voting machine that doesn't print out a human legible ballot for the user to read, verify, and turn in to be counted manually as the main tallying method should be illegal.
  • how else can incumbents win relection?

  • by Anonymous Coward

    ES&S provides paper ballots on all voting machines. They also produce tabulators that count paper ballots.

    Dominion Voting only produces tabulation products that count paper ballots.

    And Heart intercivic appears to provide similar products to ES&S.

    Please before you start slamming these companies do some research on their products and you will realize that this is a bunch of hog wash to get them votes.

    Paper ballots are the center of democracy but the real problem is the electoral college which is not

    • Paper ballots are the center of democracy but the real problem is the electoral college which is not democracy.

      If the vote count is so close that the electoral college makes a difference, then the problem isn't the electoral college.

      • By that logic, if the vote count is so close that the electoral college makes a difference, then the electoral college isn't the solution.

        Fundamental to your argument is that the electoral college can't stray far enough from the popular vote to make a meaningful difference. So if that's true, why bother having it?

  • You know, I agree with their complaint. Without an audit trail you can't even come close to being able to check for fraud, cheating, bugs, or anything else. But, unlike the Senators, I'm not in a position to do much about it.

    You want to know why they're still selling them? Because people are still buying them! You want them to stop? Pass some fucking laws regulating elections! There's nothing to investigate here, no answers to be demanded. Other than of our lawmakers who could put an end to this if th

    • Pass some fucking laws regulating elections!

      That would require Republicans to vote for those laws. And Republicans, despite all their "concerns" about election integrity when it comes to in-person impersonation voter fraud, just can't quite get concerned about all the various kinds of election fraud.

      Yes, elections are the domain of the States, not the Federal government.

      The Feds can still set minimum standards, such as requiring a paper trail.

      • The federal goverment's power in the federal election of states is very limited. Even the Voting Rights Act was a stretch, and only allowed because they were enforcing the enfranchisement of African Americans, which was allowed by the 15th amendment.

        Ultimately, a state doesn't have to have a federal presidential election at all. They are technically free to select its electors as it sees fit. By straw poll, if they like.
        • Ultimately, a state doesn't have to have a federal presidential election at all

          Because presidential elections are the only elections.

          Also, the way this works is the Feds offer money and one of the strings attached to the money is the state must agree to the minimum standards. States are free to refuse, but since there's cash on the line and the minimum standards make sense, they accept the money.

  • You mean they can be hacked by folks with physical access to the hardware or logical access to the software?

    Well, I'm SHOCKED! SHOCKED I say they'd sell something with KNOWN Vulnerabilities here..

    I'm curious, what kind of system that does something useful in the real world isn't vulnerable to some kind of exploit? There is always something...

  • by fahrbot-bot ( 874524 ) on Wednesday March 27, 2019 @06:09PM (#58344532)

    Their voting machines will only print a paper ballot if you ask for it [slashdot.org], otherwise they'll just provide ballots "only in electronic form." /future-irony

    • Their voting machines will only print a paper ballot if you ask for it [slashdot.org], otherwise they'll just provide ballots "only in electronic form." /future-irony

      I've been voting in California elections my whole life. Not once electronically. We use a stamp method in the area I vote in.

  • They could start with slot machines and modify those. Getting the information/percentages/security correct on those is of huge importance to manufacturers, regulators and casino operators considering it's directly tied to revenue and a high-value hacking target.

  • I worked designing ballot counting machines in the 80's. It was a lot of fun and we had an active R&D department where I worked. After the Federal Election Commission started requiring us to certify new machines through a very rigorous and expensive process, the company stopped all new development work and simply sold the last models that were certified.
  • How is it that only 3 companies are making such an easy and in-demand product? I could do a voting machine in a weekend including the hardware and a blockchain-based audit trail. So could a lot of us. I'm busy, someone do it.

  • Because the gawddamm things are simple to hack and alter votes.

    Shit, those senators might be biting the hand that feeds them. The voting machines are working just as they were designed to work.

  • At least I assume they don't. They are banning paper receipts after all.
  • Relevant XKCD about voting software: https://xkcd.com/2030/ [xkcd.com]

  • ...Americans still believe that they live in a democracy where their votes count. That's so cute... ...and naive of them.

    If there was ever an electoral system in need of a complete overhaul, it's the US'. It seems that between them, the DNC & GOP have been gaming the system for so long, it's next to impossible to get nominated, let alone elected, without billionaires' & corporations' support.

  • Why the fuck are they BUYING these???

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...