21 votes

Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States

9 comments

  1. [8]
    Catt
    Link
    Definitely one of the reasons I can't be sold on electronic voting. It's extra scary that this wasn't checked or vetted to catch this before.

    Definitely one of the reasons I can't be sold on electronic voting. It's extra scary that this wasn't checked or vetted to catch this before.

    11 votes
    1. [7]
      Emerald_Knight
      Link Parent
      Electronic voting is fine as long as you don't do anything stupid like--oh, I don't know-- installing remote access software on them and connecting them to a network. Also, validated paper copies...

      Electronic voting is fine as long as you don't do anything stupid like--oh, I don't know-- installing remote access software on them and connecting them to a network. Also, validated paper copies to allow for auditing are helpful. I agree that it's good to distrust these systems until they're proven to be resilient, though.

      10 votes
      1. [6]
        Catt
        Link Parent
        Definitely. At least in the near future, I believe we must have at least this level of audit. I work in security and honestly, I have so little trust in people being able to correctly spec, build,...

        Also, validated paper copies to allow for auditing are helpful.

        Definitely. At least in the near future, I believe we must have at least this level of audit.

        I work in security and honestly, I have so little trust in people being able to correctly spec, build, setup, deploy, use, and audit something like this. And that's not getting into the more tin-foil hat issues.

        7 votes
        1. [5]
          Emerald_Knight
          Link Parent
          I fully agree. The biggest problem is that (frankly) unqualified people are doing the contracting and being contracted to handle this task and we really need to have security experts overseeing...

          I fully agree. The biggest problem is that (frankly) unqualified people are doing the contracting and being contracted to handle this task and we really need to have security experts overseeing and auditing these systems before, during, and after deployment. It's like they're handling this task only marginally better than the current state of IoT tech.

          7 votes
          1. [5]
            Comment deleted by author
            Link Parent
            1. [3]
              Chopincakes
              Link Parent
              I couldn't agree more with the both of you, but is there any possibility that open source here could end up giving the tools for people to do screwy shit with electronic voting devices?

              I couldn't agree more with the both of you, but is there any possibility that open source here could end up giving the tools for people to do screwy shit with electronic voting devices?

              5 votes
              1. [2]
                Emerald_Knight
                Link Parent
                I would argue that this is most certainly the case. Open source means that the public can report or even fix vulnerabilities (if added to a public repo), but it also means that they can discover...

                I would argue that this is most certainly the case. Open source means that the public can report or even fix vulnerabilities (if added to a public repo), but it also means that they can discover and exploit them. In the case of a public repo, someone who is particularly sneaky could potentially even introduce a vulnerability and get it through an audit (even without a public repo, social engineering could be used in e.g. recommending a malicious but subtle code snippet to patch an existing issue).

                There are always pros and cons to any solution you put in place.

                4 votes
                1. Chopincakes
                  Link Parent
                  Very well said; thanks for that! Definitely a lot to think about/consider.

                  Very well said; thanks for that! Definitely a lot to think about/consider.

                  1 vote
            2. MADAtron
              Link Parent
              Just to add my 2 cents on this part; It doesn't necessarily have to be open to everyone for review (since most people don't know anything about how to conduct free, fair and impartial elections),...

              Just to add my 2 cents on this part;

              If PUBLIC voting systems are not out in the open for EVERYONE to audit, something is fucky.

              It doesn't necessarily have to be open to everyone for review (since most people don't know anything about how to conduct free, fair and impartial elections), but it definitely DOES need to be able to be verified and audited by impartial independent parties.

  2. why
    Link
    If there was ever a practical use for blockchain, e-voting would be it.

    If there was ever a practical use for blockchain, e-voting would be it.

    2 votes