[Durham INC] Election Security
Pat Carstensen
pats1717 at hotmail.com
Tue Nov 15 07:17:25 EST 2016
This may not be the best time to share an article on hacking the polls, but this makes a good case for dealing with the issue now. From Bruce Schneier, an expert on trust and and security.
** *** ***** ******* *********** *************
Election Security
It's over. The voting went smoothly. As of the time of writing, there
are no serious fraud allegations, nor credible evidence that anyone
tampered with voting rolls or voting machines. And most important, the
results are not in doubt.
While we may breathe a collective sigh of relief about that, we can't
ignore the issue until the next election. The risks remain.
As computer security experts have been saying for years, our newly
computerized voting systems are vulnerable to attack by both individual
hackers and government-sponsored cyberwarriors. It is only a matter of
time before such an attack happens.
Electronic voting machines can be hacked, and those machines that do not
include a paper ballot that can verify each voter's choice can be hacked
undetectably. Voting rolls are also vulnerable; they are all
computerized databases whose entries can be deleted or changed to sow
chaos on Election Day.
The largely ad hoc system in states for collecting and tabulating
individual voting results is vulnerable as well. While the difference
between theoretical if demonstrable vulnerabilities and an actual attack
on Election Day is considerable, we got lucky this year. Not just
presidential elections are at risk, but state and local elections, too.
To be very clear, this is not about voter fraud. The risks of ineligible
people voting, or people voting twice, have been repeatedly shown to be
virtually nonexistent, and "solutions" to this problem are largely
voter-suppression measures. Election fraud, however, is both far more
feasible and much more worrisome.
Here's my worry. On the day after an election, someone claims that a
result was hacked. Maybe one of the candidates points to a wide
discrepancy between the most recent polls and the actual results. Maybe
an anonymous person announces that he hacked a particular brand of
voting machine, describing in detail how. Or maybe it's a system failure
during Election Day: voting machines recording significantly fewer votes
than there were voters, or zero votes for one candidate or another.
(These are not theoretical occurrences; they have both happened in the
United States before, though because of error, not malice.)
We have no procedures for how to proceed if any of these things happen.
There's no manual, no national panel of experts, no regulatory body to
steer us through this crisis. How do we figure out if someone hacked the
vote? Can we recover the true votes, or are they lost? What do we do
then?
First, we need to do more to secure our elections system. We should
declare our voting systems to be critical national infrastructure. This
is largely symbolic, but it demonstrates a commitment to secure
elections and makes funding and other resources available to states.
We need national security standards for voting machines, and funding for
states to procure machines that comply with those standards.
Voting-security experts can deal with the technical details, but such
machines must include a paper ballot that provides a record verifiable
by voters. The simplest and most reliable way to do that is already
practiced in 37 states: optical-scan paper ballots, marked by the
voters, counted by computer but recountable by hand. And we need a
system of pre-election and postelection security audits to increase
confidence in the system.
Second, election tampering, either by a foreign power or by a domestic
actor, is inevitable, so we need detailed procedures to follow -- both
technical procedures to figure out what happened, and legal procedures
to figure out what to do -- that will efficiently get us to a fair and
equitable election resolution. There should be a board of independent
computer-security experts to unravel what happened, and a board of
independent election officials, either at the Federal Election
Commission or elsewhere, empowered to determine and put in place an
appropriate response.
In the absence of such impartial measures, people rush to defend their
candidate and their party. Florida in 2000 was a perfect example. What
could have been a purely technical issue of determining the intent of
every voter became a battle for who would win the presidency. The
debates about hanging chads and spoiled ballots and how broad the
recount should be were contested by people angling for a particular
outcome. In the same way, after a hacked election, partisan politics
will place tremendous pressure on officials to make decisions that
override fairness and accuracy.
That is why we need to agree on policies to deal with future election
fraud. We need procedures to evaluate claims of voting-machine hacking.
We need a fair and robust vote-auditing process. And we need all of this
in place before an election is hacked and battle lines are drawn.
In response to Florida, the Help America Vote Act of 2002 required each
state to publish its own guidelines on what constitutes a vote. Some
states -- Indiana, in particular -- set up a "war room" of public and
private cybersecurity experts ready to help if anything did occur. While
the Department of Homeland Security is assisting some states with
election security, and the F.B.I. and the Justice Department made some
preparations this year, the approach is too piecemeal.
Elections serve two purposes. First, and most obvious, they are how we
choose a winner. But second, and equally important, they convince the
loser -- and all the supporters -- that he or she lost. To achieve the
first purpose, the voting system must be fair and accurate. To achieve
the second one, it must be *shown* to be fair and accurate.
We need to have these conversations before something happens, when
everyone can be calm and rational about the issues. The integrity of our
elections is at stake, which means our democracy is at stake.
This essay previously appeared in the New York Times.
http://www.nytimes.com/2016/11/09/opinion/american-elections-will-be-hacked.html
[https://static01.nyt.com/images/2016/11/09/opinion/09schneierWeb/09schneierWeb-facebookJumbo.jpg]<http://www.nytimes.com/2016/11/09/opinion/american-elections-will-be-hacked.html>
American Elections Will Be Hacked<http://www.nytimes.com/2016/11/09/opinion/american-elections-will-be-hacked.html>
www.nytimes.com
Our voting systems are vulnerable to cyberattack. This year, we got lucky. Next time, maybe we won’t. Here’s what we need to do.
Election-machine vulnerabilities:
https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/
[https://img.washingtonpost.com/wp-apps/imrs.php?src=https%3A%2F%2Fs3.amazonaws.com%2Fposttv-thumbnails-prod%2Fthumbnails%2F5798d49ee4b088c815e19bc9%2F2016-07-27T152033Z_1_OV4SGR4RJ_RTRMADC_0_USA-ELECTION-TRUMP-ROUGH-CUT.jpg&w=250]<https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/>
By November, Russian hackers could target voting machines ...<https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/>
www.washingtonpost.com
If Russia really is responsible, there's no reason political interference would end with the DNC emails.
Elections are hard to rig:
https://www.washingtonpost.com/news/the-fix/wp/2016/08/03/one-reason-to-doubt-the-presidential-election-will-be-rigged-its-a-lot-harder-than-it-seems/
[https://img.washingtonpost.com/rf/image_1484w/2010-2019/Wires/Images/2016-07-17/Reuters/2016-07-17T173918Z_01_TOR354_RTRIDSP_3_USA-ELECTION-VOTING-OBSERVERS.jpg]<https://www.washingtonpost.com/news/the-fix/wp/2016/08/03/one-reason-to-doubt-the-presidential-election-will-be-rigged-its-a-lot-harder-than-it-seems/>
Rigging an election is a lot harder than you might think ...<https://www.washingtonpost.com/news/the-fix/wp/2016/08/03/one-reason-to-doubt-the-presidential-election-will-be-rigged-its-a-lot-harder-than-it-seems/>
www.washingtonpost.com
Update: On Sunday, Donald Trump suggested on Twitter that the 2016 presidential election is being rigged "at many polling places" -- despite early voting being in ...
Voting systems as critical infrastructure:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2852461
Making Democracy Harder to Hack: Should Elections Be ...<https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2852461>
papers.ssrn.com
With the Russian government hack of the Democratic National Convention email servers, and further leaks expected over the coming months that could influence an ...
Voting machine security:
https://www.verifiedvoting.org/
Verified Voting<https://www.verifiedvoting.org/>
www.verifiedvoting.org
Verified Voting’s mission is safeguarding elections in the digital age. As a non-partisan organization working for accuracy, integrity and verifiability of ...
http://votingmachines.procon.org/view.answers.php?questionID=000291
- Voting Machines - ProCon.org<http://votingmachines.procon.org/view.answers.php?questionID=000291>
votingmachines.procon.org
Read pros, cons, and expert responses in the debate.
http://votingmachines.procon.org/view.answers.php?questionID=000291
Election-defense preparations for 2016:
http://www.usatoday.com/story/tech/news/2016/11/05/election-2016-cyber-hack-issues-homeland-security-indiana-pennsylvania-election-protection-verified-voter/93262960/
http://www.nbcnews.com/storyline/2016-election-day/all-hands-deck-protect-election-hack-say-officials-n679271
** *** ***** ******* *********** *************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.deltaforce.net/pipermail/inc-list/attachments/20161115/93e97aed/attachment.html>
More information about the INC-list
mailing list