Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
United States Wireless Networking Government Security

Ban on Wireless Modems In Voting Machines Should be Optional, Suggests US Election Agency (apnews.com) 147

The U.S. agency overseeing elections has "quietly weakened a key element of proposed security standards..." reports the Associated Press, "raising concern among voting-integrity experts that many such systems will remain vulnerable to hacking." The Election Assistance Commission (EAC) is poised to approve its first new security standards in 15 years after an arduous process involving multiple technical and elections community bodies and open hearings. But ahead of a scheduled February 10 ratification vote by commissioners, the EAC leadership tweaked the draft standards to remove language that stakeholders interpreted as banning wireless modems and chips from voting machines as a condition for federal certification. The mere presence of such wireless hardware poses unnecessary risks for tampering that could alter data or programs on election systems, say computer security specialists and activists, some of whom have long complained than the EAC bends too easily to industry pressure.

Agency leaders argue that overall, the revised guidelines represent a major security improvement. They stress that the rules require manufacturers to disable wireless functions present in any machines, although the wireless hardware can remain.

In a February 3 letter to the agency, computer scientists and voting integrity activists say the change "profoundly weakens voting system security and will introduce very real opportunities to remotely attack election systems." They demand the wireless hardware ban be restored...

The ban on wireless hardware in voting machines would force vendors who currently build systems with off-the-shelf components to rely on more expensive custom-built hardware, said EAC Chair Benjamin Hovland, which could hurt competition in an industry already dominated by a trio of companies. He also argued that the guidelines are voluntary, although many state laws are predicated on them... Hovland stressed that the amended guidelines say all wireless capability must be disabled in voting equipment. But computer experts say that if the hardware is present, the software that activates it can be introduced. And the threat is not just from malign actors but also from the vendors and their clients, who could enable the wireless capability for maintenance purposes then forget to turn it off, leaving machines vulnerable...

Experts are pushing for universal use of hand-marked paper ballots and better audits to bolster confidence in election results.

This discussion has been archived. No new comments can be posted.

Ban on Wireless Modems In Voting Machines Should be Optional, Suggests US Election Agency

Comments Filter:
  • Aircraft safety is important. That's why we let political activists and airlines make FAA rules, shout down anyone who suggests they're not completely and absolutely safe already, denigrate anyone investing an alleged "accident" as a conspiracy theorist, and delete paper trails. Thank God we take elections just as seriously. Why think of the harm that could befall our nation if cabals of the wealthy managed to strongly influence our electoral process.
    • You know, I just wish this social mind cancer that has befallen US society, where everybody is on some "side" against each other, and talks like you in your comment, would die.

      I'm specifically not saying you are "worse" than others. It's more that that is the standard of how we treat each other now. And that is fucked up.

      (Call me off-topic, but this matters.)

      There is no "left". There is no "right".
      There are only people. With needs.
      If they all get what they need, the beef gets buried.

      So, can I make a proposa

  • by _xeno_ ( 155264 ) on Saturday February 06, 2021 @01:53PM (#61034630) Homepage Journal

    I mean, sure, it sounds bad, but are they banned from connecting to the Internet at all? The headline used "wireless modems" but I'm unclear if that means like cellular Internet or just WiFi. If the machines are networked together, even if in a local non-Internet connected wired network, that network already offers a possible intrusion point since by definition you have to allow outsiders physical access to the machines and the area voting is happening in.

    The exact architecture varies by state, by my understanding is that for most voting machines, the current process is that the voting machines tabulate results onto removable media, that media is then loaded onto Internet-connected computers, which then uploads the final results to a server. Over the Internet.

    So they're already effectively Internet-connected anyway.

    Really we should just be using paper ballots, but for some reason, we've been sold on the idea that marking paper is "too complicated" and confusing for people to do.

    • by larwe ( 858929 ) on Saturday February 06, 2021 @02:32PM (#61034778)
      Check out the Bluetooth vulns that get announced regularly. It doesn't have to be Internet connected to be vulnerable. Lest we forget, in order for voting machines to make any sense at all, it is necessary to grant "physical access" to them to a great many strangers. If there's a BT hack that can be escalated into some kind of app-level data corruption or other shenanigans, it would be easy for ${THREAT_ACTOR} to have all its supporters download its app, which oh by the way just so happens to scan for vulnerable BT devices and hack them. That's more traceable than a pocket-sized hardware wireless hack-o-tron of course, but anyway it illustrates that enabling networking is inherently dangerous when you can't observe/stop people from "plugging into" that network. There are only so many BT and WiFi stack vendors and all it takes is some eBay stalking to find out what exact version ${VOTING_MACHINE} happens to use.

      The last sentence of the OP makes all the sense: Paper ballots that can be physically audited. Electronic tallying methods work invisibly and can never be above suspicion; they will be an endless source of conflict. Hanging chads are nothing compared to the ephemeral and untrustworthy nature of electronic vote recording. (Yes, blockchain. Never mind that).

      • by c-A-d ( 77980 )

        printing out a receipt after voting should be mandatory. That receipt is then placed in a sealed box so that the vote can be audited at a later date.

        • by larwe ( 858929 )
          That only works if the user is required to verify the printout (e.g. under a glass window) *after* the paper is marked, but *before* the vote is recorded/approved. Otherwise the same hack can pretend to show truth onscreen, but silently change all transmitted and tabulated votes to "Vermin Supreme".
        • Then what vale is the voting machine beyond printing paper ballots?

          • by larwe ( 858929 )
            *EXACTLY*. Voting machines cease to be safe, or useful, the moment they stop being pure "box of paper that you can mark, indelibly, with a pen or punch". The point is that the only way a human voter can be sure that his or her vote is getting tallied the way he or she wanted to cast it, is if the entry process and the recording process (and hence the audit trail) are one and the same thing. The handoffs that happen inside a voting machine (screen to flash memory/hard disk, to printer) are not visible to the
            • by clovis ( 4684 )

              I'm in Georgia. It's done like that, but the paper ballots are scanned on the spot (by different machines) so that the paper ballot and Dominion machines counts can be verified before the results are reported.

              This is how the in-person voting (and early voting) goes in Georgia. We used Dominion voting machines in 2020
              First, outside the polling place you show your ID into and fill out a paper sheet with your name, address, date and signature. It has some pre-printed location information. This is a paper reco

              • by larwe ( 858929 )
                Interesting (and no I am not being snarky when I say that). What I'm not perceiving in this set of steps is: What did you gain by having the Dominion touchscreen machines at all? Unless I didn't follow, effectively what you have there is: Electronic vote entered into Dominion and tallied and sent to the central countinghouse, but also prints out a piece of paper the voter gets to hold, read and carry over to a second machine that scans the paper and stores the paper. Scanned result sent to central countingh
                • by clovis ( 4684 )

                  The percentage of rejected/spoiled hand-marked ballots is sometimes greater than the margin of victory in close races. This guarantees accusations of fraud.
                  It's a huge problem with absentee ballots. Hand marked ballots places election officials in the postition of guessing the voter's intent, which is a bad thing if you don't trust the local officials.

                  Having the machine print the ballot eliminates spoiled ballots for such things as over-voting where the voter checks both Trump and Biden. That is more common

                  • by larwe ( 858929 )
                    Hmm. But re: "thrown in the trash" - the voter doesn't get to keep a paper record in any of these systems (which is good). The FL system has electronic records in the scanned machine, and saves the paper copy. How is this riskier than the two-machines system you describe? In both cases, either the machine-of-record is networked, and sending its data realtime to the central counting office, or it is not networked - in which case, either someone throws away all the digital and paper ballots, or someone throws
                    • Absentee ballots are on paper by definition, no? And so they essentially follow the FL model - scanned mark-sense cards, and the cards are stored for eyeballing later in case of dispute. Unless you create a system that lets people print their vote (sort of like a fillable PDF) the legibility issues are going to be unavoidable for absentee ballots.

                      Yes, but pretty much everyone in the U.S. has gotten pretty good at filling in little circles, ovals, or boxes to mark their selections. There are always a few edge cases that either have too light a marking or multiple markings. Those can always be diverted for manual review as you stated.

                      There are multiple states that use mail-in ballots for ALL elections - Hawai'i, Washington, Oregon, Utah, Colorado. They have already created methods for voter registration, change of address, in-person voting for mi

                    • by larwe ( 858929 )
                      "Yes, but pretty much everyone in the U.S. has gotten pretty good at filling in little circles, ovals, or boxes to mark their selections. There are always a few edge cases that either have too light a marking or multiple markings. Those can always be diverted for manual review as you stated."

                      Yes, I should have said validity checking, or something of the kind. An earlier poster was mentioning "what happens if someone bubbles in a mark for every candidate" or the like.

          • by Aczlan ( 636310 )

            Then what vale is the voting machine beyond printing paper ballots?

            Eliminating "hanging chads" and making it so that they do not have to print a separate ballot for each town in the state (which is what NY does around me, each polling place gets a different ballot (as it has town, county, state and national races on it)).

            Aaron Z

  • Same as the old boss.

    Plus ca change, plus c'est la meme chose.

  • And then print out a paper ballot that the voter drops the ballot in the bin. Doesn't leave a lot of room for malicious hackers.

    The only downside is the flakiness of printers, but a voting machine without a paper trail is kinda useless.

  • The ban on wireless hardware in voting machines would force vendors who currently build systems with off-the-shelf components to rely on more expensive custom-built hardware

    Surely there are off the shelf computers and motherboards that don't have Wifi, Blutetooth, or cellular modems (or that have them, but are socketed and can be removed). For wifi and cellular, the antenna connectors could be required to be grounded or attenuated.

    To me the requirement should be that wireless networking must be not present or physically disabled so that a software change (hack) can't turn it back on.

    This of course assumes that voting machines that do anything beyond helping a voter produce a

    • by Nkwe ( 604125 )
      Ack "expesive". Any reason why the title box doesn't have spelling check in the browser but the comment box does? Other than the answer: "slashdot"?
    • We have hundreds of thousands of voting machines in the US, at that qty you order custom motherboards with exactly what you need and nothing else - drop WiFi, no Bluetooth, no pci express slots, etc.

  • by Chas ( 5144 ) on Saturday February 06, 2021 @02:09PM (#61034700) Homepage Journal

    https://time.com/5936036/secre... [time.com]

    It's about time to tell these people "Fuck No" and make it stick.

    • Re: (Score:2, Insightful)

      by Stormwatch ( 703920 )

      > There was no fraud, don't be paranoid.
      > There was no fraud in significant numbers.
      > There was no widespread fraud.
      > There was fraud but that's a good thing. [ WE ARE HERE ]

  • by quonset ( 4839537 ) on Saturday February 06, 2021 @02:10PM (#61034708)

    My township finally converted to marked paper ballots prior to the past election. I was pleasantly surprised when I showed up and was given a walk through of marking the bubbles and how to scan the completed ballot.

    I had been arguing for a verifiable paper trail for years, and most especially after the 2016 election. With all the shenanigans that go on in certain states (*cough*Georgia [cbsnews.com]*cough*), having a verifiable paper trail which can be cross-referenced against what the machine recorded is the only true way to be sure votes are correctly being counted

    To have any ability to manipulate a machine without someone being physically present is insane. There shouldn't even be a discussion on this matter.

    • How the hell are paper sheets secure?

      I can throw them in the thrash, I can print a few of my own, it's incredibly trivial to hack.

      • How the hell are paper sheets secure?

        I can throw them in the thrash, I can print a few of my own, it's incredibly trivial to hack.

        Since each sheet has its own bar code and number at the bottom, if they are thrown out and a recount is done, there won't be any matching. You'll know immediately if someone tampered with the ballots.

  • If your main system only communicates to the modem with a very simple protocol with no DMA or anything, and the main system always end-to-end encrypts everything with a VPN tunnell for the target system, before sending it to the modem for transmision, and there is a way to make sure no input can ever get lost (e.g. via a local storage and a protocol to verify correct transmission), then I don't see how the medium the modem uses matters. It could be punched hole tape via pigeon, for all I know.

    • What about DMA is any less secure or more complex than writing a loop in software to copy one block of memory to another ?
    • Indeed, we know that if the software only allows legitimate use of the built-in modem, there is no possible way a black hat could change that.

      No programmers ever leave any errors in their code that might be exploited to escalate privilege or anything, because that can't happen in the 21st century, because all software is secure.

      ;s

  • by SmaryJerry ( 2759091 ) on Saturday February 06, 2021 @02:14PM (#61034724)
    This is what happens when non technical people demand convenience. We have all had our boss who wants something a specific way which completely compromises security but they are the boss and so it gets set that way. They don’t realize the insane number of ways systems can be compromised, especially in systems that aren’t updates. Then there are accidents, someone doesn’t do something the right way purely by accident and removing that possibility is crucial to security. For example, say someone just forgets to turn off the WiFi component and now it is wide open to access, or they accidentally connect it to a random network at any time even when the machine isn’t in use and it gets compromised permanently without anyone knowing. The possibilities are endless for security breaches.
    • That's one thing I really like about working in the cybersecurity department; if I argue to the non-technical people that there's a security vulnerability in what they're doing, they have no choice but to listen, especially because I get to draft some of the policy documents that they're ultimately required to follow.

      • by evanh ( 627108 )

        You get listened to only if the bosses are likely to be held responsible themselves. Your experience will be indicative of this.

  • I say we also require SolarWinds products to be required to monitor network connections. We cannot be safe enough.
  • The comment about hurting competition is idiotic. That Hovland guy should be fired. Almost every computer available today is more than capable of managing the 1 every 5 minutes max transaction load of a voting machine.
    I bet most of the nerds here with computer experience think banning wireless access hardware is deeply sensible.
    There should be a physical record that the voter can confirm.
    There should be an efficient way of tallying physical votes at a voting station
    Each party should oversee a vote count a

  • Voting machines with mass market computers and operating systems connected via Wi-Fi to the Public Internet, holy shit - are you kidding me? Even if its done in a way that's secure, it doesn't engender trust in our election systems.

    Why not have air gapped voting machines with dual removable certified drives with signatures along with a hardcopy checked by the voter. When the polls close they are picked up by separate people and merged on a single device per municipality that sends its vote count to its pa
    • by PPH ( 736903 )

      Why not have air gapped voting machines with dual removable certified drives

      Because the voting machine vendors are motivated to use the cheapest commodity motherboards. With soldered in SSDs, memory, WiFi hardware, etc. Or risk losing the bid for thousands of machines to some other vendor who does.

      • The cheapest possible solution is a microcontroller that has limited resources with no room for a hack. I remember the early versions of Webstar on a mac. it was so primitive there was nothing to hack. There was a challenge to change a page and I don't think anybody ever collected. Using a windows motherboard is not only an expensive solution, its outrageously stupid.
        • by PPH ( 736903 )

          The cheapest possible solution is a microcontroller

          Yeah. But one mounted on a board with memory and peripherals. And produced by the millions to get a volume discount. Sure, you can commission a custom board with just the pieces you want. But it's going to cost a lot more than an RPi that comes with WiFi and BlueTooth.

  • I have no problem with this as long all the voting is done with paper ballots.
  • The U.S. agency overseeing elections has "quietly weakened a key element of proposed security standards..." reports the Associated Press, "raising concern among voting-integrity experts that many such systems will remain vulnerable to hacking."

    I'm certain they have very good reasons for allowing people to access voting machine remotely during an election.

    The Election Assistance Commission (EAC) is poised to approve its first new security standards in 15 years after an arduous process involving multiple technical and elections community bodies and open hearings.

    Because, you know, technology has hardly changed since 2006.

  • Mandatory Voting
    Election process managed federally so rules are the same everywhere.
    Paper ballots only
    Each voting place has a roll of voters where your name is marked off the roll (prevents double voting as rolls are scanned and cross referenced)
    In 30 years of voting I’ve never waited more than 5minutes.
    Votes must be counted in the presence of scrutinisers and are almost always counted same day as vote.
    Simple, fast, cost effective, hard to manipulate.

  • If something is banned, it is banned. If the ban is optional, then there is no ban.

  • When are they gonna let me vote by text?

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...