Ars Technica's Guide to Vote Hacking

[sharrukin]

So dead people don't vote using paper ballots? What are you saying, that the system has flaws? Oh Noes!

"the ability of an individual or a very small group to steal an entire election by making subtle changes in the right places."

"an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus."

The problem is that stuffing ballots takes a lot of people to swing an election in a local setting and is not really feasible on a national scale. It leaves behind evidence that it happened as well. That evidence can be used to invalidate a crooked election. Electronic manipulation doesn't leave behind obvious evidence of what took place, only (sometimes) evidence that 'something' took place. Voting irregularities take place all the time, and finding the electronic footprint in that, and knowing it for what it is, would be very difficult. An election could be stolen and we would never know!

[Vladimir]

The problem is that stuffing ballots takes a lot of people to swing an election in a local setting and is not really feasible on a national scale. It leaves behind evidence that it happened as well. That evidence can be used to invalidate a crooked election. Electronic manipulation doesn't leave behind obvious evidence of what took place, only (sometimes) evidence that 'something' took place. Voting irregularities take place all the time, and finding the electronic footprint in that, and knowing it for what it is, would be very difficult. An election could be stolen and we would never know!

I don't know what level of experience you have with computers but your analysis is flawed. You can just look at what privacy groups say in regards to data collection on purchases, phone calls, ATM transactions, etc. It is SO easy to track someone electronically.

Everything you do on a computer is tracked. The problem with tracking systems and computers is not with them but with the human responsible for them. I don't want to call the anti e-vote people Luddites but I think that they're primarily reacting out of ignorance (which breeds fear).

Proper security procedures and competent, trustworthy people are all you need to ensure the reliability of ANY voting process.

[Lemur]

Everything you do on a computer is tracked.

Untrue. I'm not even sure what article to link to on this point, since saying "everything is tracked" demonstrates a substantial misunderstanding of how networks and computers function.

I don't want to call the anti e-vote people Luddites but I think that they're primarily reacting out of ignorance (which breeds fear).

Ars Technica is not exactly a bastion of anti-technological fearmongering. If anything, the apathy on this issue has largely been from non-technical people. Most geeks have formed an opinion on e-voting, either pro or con.

[sharrukin]

I don't know what level of experience you have with computers but your analysis is flawed. You can just look at what privacy groups say in regards to data collection on purchases, phone calls, ATM transactions, etc. It is SO easy to track someone electronically.

Everything you do on a computer is tracked. The problem with tracking systems and computers is not with them but with the human responsible for them. I don't want to call the anti e-vote people Luddites but I think that they're primarily reacting out of ignorance (which breeds fear).

Proper security procedures and competent, trustworthy people are all you need to ensure the reliability of ANY voting process.

Do you know what a hacker is? Are you aware that there have been numerous hacker attacks in past years that have gone undetected?

http://lists.jammed.com/IWAR/1998/06/0003.html

"At Stanford's main campus, hackers have broken into the computer
system before using ``sniffers'' -- or networked computers with
special software -- and gone undetected for months."

These are not professionals, just young adult morons.

http://www.awprofessional.com/articl...&seqNum=6&rl=1

"It is possible to design a virus or worm program that spreads via software exploits that are not detected by intrusion-detection systems (for instance, zero-day exploits [18] ). Such a worm could spread very slowly and be very difficult to detect. It may have been tested in a well-stocked lab environment with a model of the target environment. It may include an "area-of-effect" restriction to keep it from spreading outside of a controlled boundary. And, finally, it may have a "land-mine timer" that causes it to be disabled after a certain amount of time—ensuring that it doesn't cause problems after the mission is over."

Point
http://www.rollingstone.com/news/sto...lection_stolen

Counterpoint
http://www.cleveland.com/readers/ind...900.xml&coll=2

My personal opinion tends towards not believing that it was stolen. But then, if it had been, how exactly would we know amidst all of this nonsense and sensationalism? A few percentage points is all it takes and if done electronically, it could easily be lost in the shuffle.

[Vladimir]

A few percentage points can also be done using paper ballots. And it takes a less than computer savy person to do that.

Yes I know what hacking is, and to quote you:

"an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus."

We were talking about physical access, not some kid using his parents PC.

[sharrukin]

A few percentage points can also be done using paper ballots. And it takes a less than computer savy person to do that.

Yes I know what hacking is, and to quote you:

Quote:
"an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus."

We were talking about physical access, not some kid using his parents PC.

The physical access method was only one of multiple attack vector mentioned!

And no, it takes a lot of non-computer savy individuals to steal an election on a medium scale, and the evidence is obvious, and traceable.

[Lemur]

I really don't understand why this discussion has broken down partisan lines. One would think that the pursuit of fair, accurate and representative elections would not be parsed as (yet another) left-right issue.

[BDC]

I really don't understand why this discussion has broken down partisan lines. One would think that the pursuit of fair, accurate and representative elections would not be parsed as (yet another) left-right issue.

It's America. Everything is partisan.

[sharrukin]

I really don't understand why this discussion has broken down partisan lines. One would think that the pursuit of fair, accurate and representative elections would not be parsed as (yet another) left-right issue.

Well, I am a right wing conservative. I am a Canadian as well, so I am not sure if that counts. Why would Democrats care more than Republicans in any case? Is this a legacy of that 'hanging chad' thing in Florida?

[Xiahou]

And no, it takes a lot of non-computer savy individuals to steal an election on a medium scale, and the evidence is obvious, and traceable.

And you're saying that it would only 1 person and be untraceable on e-voting machines? I think not.

And again, before someone decides to put words in my mouth- I think we should make voting machines as secure as possible, there's no reason not to. However, you have to recognize that you'll never have perfection... you sure didn't have it under the "old" systems. Sure, take whatever reasonable steps you can for security, but Im no more concerned (and in some ways less concerned) about my vote counting via an e-vote than traditional methods.

Untrue. I'm not even sure what article to link to on this point, since saying "everything is tracked" demonstrates a substantial misunderstanding of how networks and computers function.

You can log everything- the question is more about doing it and doing it accurately.

[Lemur]

In case anyone is unclear, Xiahou is a geek who has decided that he is unreservedly for touchscreen voting.

[drone]

We were talking about physical access, not some kid using his parents PC.

Not sure if you read the article, but when they say "physical access", they include the act of voting. The Diebold machines are not physically secure either, it's the combination that has some people worried. A hacker gets to the voting booth early, pretends to vote, but instead compromises the machine in such a way as to affect the voting on either that machine, or any machine that networks with the compromised machine. Since voting occurs in November, people will be wearing bulky coats in some places, plenty of ways to hide what you are doing while standing at the booth.

The fact that some people are so adamantly against a paper trail backup to e-voting machines makes me suspicious. Why not?