NationStates Jolt Archive


Electronic voting.

Dragontide
20-10-2008, 01:23
I don't like it. No paper trail. A paper trail should be the law.

Thoughts?
Articoa
20-10-2008, 01:25
Electronic may be easier, at least if they get the technology down. But it could be erased, like how you said there should be a paper trail.
Gauthier
20-10-2008, 01:27
When the owner of one of the largest suppliers of electronic voting machines has been flagrantly partisan and has even been cited as guaranteeing a crucial state over to his favorite party, you should regard electronic voting with distrust at the very least.
The Cat-Tribe
20-10-2008, 01:27
I'm no expert on electronic voting and I know it is a (un)popular bogeyman on the interwebs, but when electronic voting has been offered locally: (1) it was far, far simpler than paper ballots (and especially optical scan ballots) and (2) did result in a printed ballot at the end.
UpwardThrust
20-10-2008, 01:39
Electronic may be easier, at least if they get the technology down. But it could be erased, like how you said there should be a paper trail.

Paper can be burned or discarded, there are plenty of measures if hard standards were placed that would make it considerably harder to falsify or remove votes
Articoa
20-10-2008, 01:40
Paper can be burned or discarded, there are plenty of measures if hard standards were placed that would make it considerably harder to falsify or remove votes

Then it all comes down to trusting those who are in charge of it all, doesn't it?
UpwardThrust
20-10-2008, 01:43
Then it all comes down to trusting those who are in charge of it all, doesn't it?

How is that any different? there are considerable checks and balances they could put in place. Everything from a verified voting "CRC" to a hash on their ballot that would make a unique identifier that if anything was changed with any options it would no longer match

I dont inherently trust a "paper" trail more then an electronic one, but there do have to be changes made before I trust our CURRENT system of electronic voting
Forensatha
20-10-2008, 01:45
Considering the problems they had last election, where machines accidentally displayed a certain number of votes in favor of Bush before voting even began...

I would personally rather grow a set of balls, wrap them in thermite, and then ignite it than vote electronically.
JuNii
20-10-2008, 01:49
there's a printout of some form. so there is a paper trail.

Electronic may be easier, at least if they get the technology down. But it could be erased, like how you said there should be a paper trail.
may I remind you of the 'dimpled chads' decible? "We should count that because it shows who the voter inteded to vote for."

no system is perfect.
Dragontide
20-10-2008, 01:54
there's a printout of some form. so there is a paper trail.

But no way to verify if the printout is a true count.

Has anyone ever owned an Atari, Nintindo, Sega, Playstation or PC that has worked perfectly with never a glitch?

And what about lightning that could possibly damage a system on election day?
The Cat-Tribe
20-10-2008, 01:55
there's a printout of some form. so there is a paper trail.


may I remind you of the 'dimpled chads' decible? "We should count that because it shows who the voter inteded to vote for."

no system is perfect.

Exactly.

Here in San Diego we had a mayoral candidate, Donna Frye, in 2004 that arguably got the most votes as a write-in, but had thousands of votes not count because the little bubble on the optical scan ballot next to the write-in line where the voter wrote-in her name wasn't fully filled in or because the voter misspelled her name ("Fry" instead of "Frye").
The Cat-Tribe
20-10-2008, 01:56
But no way to verify if the printout is a true count.

Has anyone ever owned an Atari, Nintindo, Sega, Playstation or PC that has worked perfectly with never a glitch?

And what about lightning that could possibly damage a system on election day?

Are you suggesting other methods of voting and counting votes work perfectly with never a glitch?

What rock have you been living under?

EDIT: And how is a print-out of how I voted less of a paper trail than other ballots?
Forensatha
20-10-2008, 01:58
Has anyone ever owned an Atari, Nintindo, Sega, Playstation or PC that has worked perfectly with never a glitch?

I own a Game Boy Advance that's worked for years with no glitches.

In fact, I can't think of a single portable system from Nintendo that I've owned which ever had a glitch. Some of the games did due to bad translations, but the devices themselves worked perfectly.
Gauthier
20-10-2008, 01:59
Are you suggesting other methods of voting and counting votes work perfectly with never a glitch?

What rock have you been living under?

EDIT: And how is a print-out of how I voted less of a paper trail than other ballots?

On the other hand, you do have to admit electronics make vote rigging a little more effortless and systematic than having to manually forge and stuff ballots with less of a trail to show for it.
Cannot think of a name
20-10-2008, 02:00
I'm no expert on electronic voting and I know it is a (un)popular bogeyman on the interwebs, but when electronic voting has been offered locally: (1) it was far, far simpler than paper ballots (and especially optical scan ballots) and (2) did result in a printed ballot at the end.
I don't have a problem with electronic voting as long as it has a paper trail to audit it with.
Dragontide
20-10-2008, 02:00
Are you suggesting other methods of voting and counting votes work perfectly with never a glitch?

What rock have you been living under?

EDIT: And how is a print-out of how I voted less of a paper trail than other ballots?

At least with a paper trail, the mistake would be made by the voter. If they need better glasses or whatever that that's their problem.
JuNii
20-10-2008, 02:03
But no way to verify if the printout is a true count.

Has anyone ever owned an Atari, Nintindo, Sega, Playstation or PC that has worked perfectly with never a glitch?

And what about lightning that could possibly damage a system on election day? yes there is. more of a secure one than boxes of paper ballots being moved through a crowded room and sometimes FORGOTTEN and uncounted in some corner.

*raises hand*
I still play on my NES
Sega Genesis WITH CD
Playstation (the large gray one) without any glitches.

of course, my computer has Microsoft Windows on it. so that is a glitch in and of itself. :tongue:

with the proper surge protectors and electronic safeguards, lighting will just be a pretty light show.
The Cat-Tribe
20-10-2008, 02:08
At least with a paper trail, the mistake would be made by the voter. If they need better glasses or whatever that that's their problem.

Or the counter. Or the machine.

But, regardless, do you still object to electronic voting if there IS a printed paper trail?
Dragontide
20-10-2008, 02:12
yes there is. more of a secure one than boxes of paper ballots being moved through a crowded room and sometimes FORGOTTEN and uncounted in some corner.

*raises hand*
I still play on my NES
Sega Genesis WITH CD
Playstation (the large gray one) without any glitches.

of course, my computer has Microsoft Windows on it. so that is a glitch in and of itself. :tongue:

with the proper surge protectors and electronic safeguards, lighting will just be a pretty light show.

That missing box of ballots can be found. And they don't get lost. Plenty of paperwork to prove they exist...somewhere. While I'm looking for a box of ballots, what progress are you going to be making that the true count is 1,000,000 to 999,999? You push a button and will get the same readout.

And thank you for pointing out windfalls....err Windows! :D
Ashmoria
20-10-2008, 02:28
my state (county?) has both. its an electronically registered paper ballot.

quite necessary since new mexico has a history of "finding" extra boxes of ballots when needed.
JuNii
20-10-2008, 02:31
That missing box of ballots can be found. And they don't get lost. Plenty of paperwork to prove they exist...somewhere. While I'm looking for a box of ballots, what progress are you going to be making that the true count is 1,000,000 to 999,999? You push a button and will get the same readout. that easy. push a button... can you back that up?

oh and that lost box of ballots sure would help when it's found days after the election was done.

again, I call to mind the Chad family. with Hanging, his wife Pregnant and their darling Daughter Dimpled.
The Brevious
20-10-2008, 02:35
You kids and your silly conspiracy theories ... :p
Dragontide
20-10-2008, 02:53
that easy. push a button... can you back that up?

oh and that lost box of ballots sure would help when it's found days after the election was done.

again, I call to mind the Chad family. with Hanging, his wife Pregnant and their darling Daughter Dimpled.

Well what else would/could you do but push a button?

If the election is challenged, days are not a factor. If need be you have investigators question everybody that went near the box. (of ballots)

Chads was a horrible idea. Here in Alabama you complete an arrow with a marker. (the middle of the arrow is missing next to all selections.... the arrow points directly at the selection)
Forsakia
20-10-2008, 03:00
Paper voting has its own complications. Over here as a protest someone walked into a booth, set fire to their ballot paper and shoved it in the box. By the time they got it open (and by law they had to contact the officer in charge before doing so) it'd burnt the whole box of ballots.

They now have boxes designed to prevent it, but it shows one of the potential worries. That and manual counting almost always gets it wrong first time round. I've been to several counts (many local ones where every vote counts) and calling for recounts often switches the result.
Dragontide
20-10-2008, 03:19
Paper voting has its own complications. Over here as a protest someone walked into a booth, set fire to their ballot paper and shoved it in the box. By the time they got it open (and by law they had to contact the officer in charge before doing so) it'd burnt the whole box of ballots.

They now have boxes designed to prevent it, but it shows one of the potential worries. That and manual counting almost always gets it wrong first time round. I've been to several counts (many local ones where every vote counts) and calling for recounts often switches the result.

Well with any form of voting, you could have someone destroy whatever your using. Paper would be easier to destroy that say a hard drive, but if you compare how many attacks there are on voting precincts vs the number of possible computer glitches, I think you'd find a big difference.
The Cat-Tribe
20-10-2008, 03:25
On the other hand, you do have to admit electronics make vote rigging a little more effortless and systematic than having to manually forge and stuff ballots with less of a trail to show for it.

I'm not sure I have to admit that, but, assuming it is true, it is a trade-off for making accurate voting and counting easier.

Why shouldn't we trust electronic voting any less than we trust ATM machines?
The Cat-Tribe
20-10-2008, 03:26
But, regardless, do you still object to electronic voting if there IS a printed paper trail?

Would the witness please answer the question? :wink:
Terratha
20-10-2008, 03:30
Would the witness please answer the question? :wink:

The witness would like a five minute recess to change his pants. You're scary.
Pirated Corsairs
20-10-2008, 03:31
I'm not sure I have to admit that, but, assuming it is true, it is a trade-off for making accurate voting and counting easier.

Why shouldn't we trust electronic voting any less than we trust ATM machines?

I suppose the argument could be made that it's much easier to get away with tampering with voting machines than ATMs-- after all, if you deposit money, and then it's not there the next day, you'll probably know that something is up, but if a voting machine counts your vote for the wrong candidate, you're unlikely to ever know.

Which, of course, is why I think there should probably be a paper trail.
The Cat-Tribe
20-10-2008, 03:34
I suppose the argument could be made that it's much easier to get away with tampering with voting machines than ATMs-- after all, if you deposit money, and then it's not there the next day, you'll probably know that something is up, but if a voting machine counts your vote for the wrong candidate, you're unlikely to ever know.

Which, of course, is why I think there should probably be a paper trail.

Good point.

Of course, the ability of the individual voter to know if his/her vote has been counted correctly is just as bad (or worse) with other systems of voting.
The Cat-Tribe
20-10-2008, 03:56
The witness would like a five minute recess to change his pants. You're scary.

Ahhh, you say the sweetest things. :fluffle:
Gravlen
20-10-2008, 21:50
Electronic voting and a paper ballot that's printed out and placed in a ballot box (and possibly a receipt for the voter) so there can be random spot checks to see if the machine counts are in line with the paper ballots are OK. If not, I would prefer paper ballots only.
Forensatha
20-10-2008, 21:52
Electronic voting and a paper ballot that's printed out and placed in a ballot box (and possibly a receipt for the voter) so there can be random spot checks to see if the machine counts are in line with the paper ballots are OK. If not, I would prefer paper ballots only.

Except you have no way to check to see if the paper is correct without presenting all of it to the voter and directly asking them.
New Limacon
20-10-2008, 21:56
I'm not an expert with computers, but I know enough that it is easy for a computer to print out the candidate you voted for and then internally add a tally to the other guy. I suppose a paper printout could be a safety measure; you could present it to the poll to show who you really voted for. But unless the results are dramatically one-sided, I really doubt the board of elections anywhere is going to ask all of the voters to show their printout.
Sumamba Buwhan
20-10-2008, 22:06
Here in Vegas we have a slip that prints for you to review and approve before your vote is submitted, but you don't get to keep it.

I love having early voting btw. First day here was the 18th and it was very busy.
New Limacon
20-10-2008, 22:09
Here in Vegas we have a slip that prints for you to review and approve before your vote is submitted, but you don't get to keep it.

I love having early voting btw. First day here was the 18th and it was very busy.
Vegas voting? Tell me, does your city council consist of three cherries?
Sumamba Buwhan
20-10-2008, 23:43
Vegas voting? Tell me, does your city council consist of three cherries?

You know, I thought something funny was going on when I had to put in a fiver in to begin the voting process...
Grave_n_idle
21-10-2008, 00:01
On the other hand, you do have to admit electronics make vote rigging a little more effortless and systematic than having to manually forge and stuff ballots with less of a trail to show for it.

It's easier to tamper an election by losing votes than gaining them. And all that takes is putting them in the wrong place. All accidental, like.

So long as there is also a 'receipt' copy, electronic voting is no less safe than 'paper' voting - and is actually safer, because there are two data records - one digital and one that printed out.
JuNii
21-10-2008, 00:05
Well what else would/could you do but push a button? hmm... well, off hand...
a sealed system that one would need a specialized key/tool to access any i/o port
specialized connections to attach to those i/o ports
the encryption key to access the inner workings. which is changed every 15 minutes.
the proper command phrases and syntax to order the computer to do what you wanted.
the location of the logs to remove any trace of tampering (assuming it's possible to erase such logs)
the ability to disable any and all error checking devices attached to the booths.

and this is just going by some of the security items in place at our hospital.

If the election is challenged, days are not a factor. If need be you have investigators question everybody that went near the box. (of ballots) which takes up manpower, and time, and space, and still isn't foolproof since ballots can be 'found' after someone puts a box of ballots in a corner.
Dragontide
21-10-2008, 01:22
hmm... well, off hand...
a sealed system that one would need a specialized key/tool to access any i/o port
specialized connections to attach to those i/o ports
the encryption key to access the inner workings. which is changed every 15 minutes.
the proper command phrases and syntax to order the computer to do what you wanted.
the location of the logs to remove any trace of tampering (assuming it's possible to erase such logs)
the ability to disable any and all error checking devices attached to the booths.

and this is just going by some of the security items in place at our hospital.

which takes up manpower, and time, and space, and still isn't foolproof since ballots can be 'found' after someone puts a box of ballots in a corner.

Here is my problem with that. My hard drive recently fried. I had to have a new one instaled. They were not able to recover any data from the old one and transfer it to the new one. (go to any PC store and ask about how this happens) If for some unlikely reason it takes me a year to find that box of ballots, you still will have made no progress.

In other words, if you (or anyone) can explain in laymens terms how data can be retreived from a data pack/hard drive/whatever if it becomes overheated or something.
Grave_n_idle
21-10-2008, 01:25
Here is my problem with that. My hard drive recently fried. I had to have a new one instaled. They were not able to recover any data from the old one and transfer it to the new one. (go to any PC store and ask about how this happens) If for some unlikely reason it takes me a year to find that box of ballots, you still will have made no progress.

In other words, if you (or anyone) can explain in laymens terms how data can be retreived from a data pack/hard drive/whatever if it becomes overheated or something.

Do you happen to know what the data storage is?

Hard-drives are prone to some sorts of damage that other media aren't.

But, whichever kind - transmitting the information to a remote location (preferably, to duplicate locations) and backing-up are both pretty good ways of ensuring the continued quality of your data.
Uhuglue
21-10-2008, 01:28
Well, the system has been made for human convinience. Its a lot easier when computers do things for you. But at the same time, that sort of system is very vulnerable to stuff ups. I mistake could wipe out hundreds of thousands of votes. If I were asked to ever chose between the two I would chose paper...XD
Terratha
21-10-2008, 01:28
hmm... well, off hand...
a sealed system that one would need a specialized key/tool to access any i/o port

You can buy those off-the-shelf.

specialized connections to attach to those i/o ports

Easy enough to steal or buy from a catelog.

the encryption key to access the inner workings. which is changed every 15 minutes.

Decoding tool. Two minutes and you're in.

the proper command phrases and syntax to order the computer to do what you wanted.

Any script kiddy can tell you why that's not really that effective.

the location of the logs to remove any trace of tampering (assuming it's possible to erase such logs)

See above.

the ability to disable any and all error checking devices attached to the booths.

Depending on the device, this may only take 7 minutes of work.

If my objective were just to make the votes vanish instead of changing them, all I need is a large magnet and a shotgun.
Ostroeuropa
21-10-2008, 01:29
Ideally there would be electronic voting for a count followed by an actual ballot.
That way if there was a dispute, they could count the paper ballots.

Ofcourse, this would lead to people trying to fuck with the system and doing two different ones.
Perhaps if it printed off your ballot after you voted
JuNii
21-10-2008, 01:36
You can buy those off-the-shelf. wrong. you don't even know what tools you need. and not all tools are sold off-the-shelf.

Easy enough to steal or buy from a catelog. again, without knowing you'll just be randomly ordering. I've seen keys baised off of magnetics.

Decoding tool. Two minutes and you're in. right... keep dreaming.

Any script kiddy can tell you why that's not really that effective. ok, break into our hospital VPN Administrator system.

See above. see same challange.

Depending on the device, this may only take 7 minutes of work. keep dreaming. depending on the device, it can take anywhere between 7 minutes or 7 months of work.

If my objective were just to make the votes vanish instead of changing them, all I need is a large magnet and a shotgun. a few myths.
1) you'll be hard pressed to find a system that can be affected by large Magnets one can 'smuggle into a voting booth' or the counting system.
2) a shotgun will leave evidence of tampering. evidence that is more obvious than any tampering with paper ballots.

and the point remains. it's not just a 'push of a button'. all your 'tricks around the system' requires at least knowledge that has to be obtained by an inside person. and an inside person can tamper with paper ballots alot easier than electronic voting.
UpwardThrust
21-10-2008, 01:42
Here is my problem with that. My hard drive recently fried. I had to have a new one instaled. They were not able to recover any data from the old one and transfer it to the new one. (go to any PC store and ask about how this happens) If for some unlikely reason it takes me a year to find that box of ballots, you still will have made no progress.

In other words, if you (or anyone) can explain in laymens terms how data can be retreived from a data pack/hard drive/whatever if it becomes overheated or something.

1) local storage is not the ideal situation for this, idealy it would be hashed and transmitted to another location for verification

2) if local storage were to be used there are many types of technologies including RAID technologies that would provide an acceptable redundancy (single drive failure would be an easy recovery process)

3) recovery by experts (such as DTI or many other vendors) can recover data from just about anything. I had read a Linux Journal article on them recovering 100 percent data from a drive they put in a camp fire for an hour and then beat with a sledge hammer

It cost them 6 grand to do it but 100 percent data recovery

Which would never be needed in situation 1 or 2 or if flash based memory were employed
Dragontide
21-10-2008, 01:47
1) local storage is not the ideal situation for this, idealy it would be hashed and transmitted to another location for verification


Where a hacker could get involved? Absolutly no transmitting at all. We don't even want to think about going there do we?
Terratha
21-10-2008, 01:48
wrong. you don't even know what tools you need. and not all tools are sold off-the-shelf.

That depends what store you're shopping in. However, the term itself basically means "you can buy what you need from someone with ease."

again, without knowing you'll just be randomly ordering. I've seen keys baised off of magnetics.

That's why you scout out the item you're going after.

right... keep dreaming.

No dream about it. Why do you think some systems require biometrics in addition to those codes?

ok, break into our hospital VPN Administrator system.

see same challange.

Breaking into hospital systems is old news. And, frankly, not worth the effort for me to get the necessary items when the information won't be of any use to me. Besides, I'm just pointing out how it can be done.

keep dreaming. depending on the device, it can take anywhere between 7 minutes or 7 months of work.

Which does not contradict what I said in any way.

a few myths.
1) you'll be hard pressed to find a system that can be affected by large Magnets one can 'smuggle into a voting booth' or the counting system.
2) a shotgun will leave evidence of tampering. evidence that is more obvious than any tampering with paper ballots.

If you're really going to tamper with the system, you're not going to do it when anyone's around anyway. Taking too long while voting does tend to draw curious people, esoecially since you're holding up the process for others. And, to be honest, the moment they check the drive under that system, they're going to know it was tampered with anyway. Which, ultimately, doesn't matter that much in this scenario.

and the point remains. it's not just a 'push of a button'. all your 'tricks around the system' requires at least knowledge that has to be obtained by an inside person. and an inside person can tamper with paper ballots alot easier than electronic voting.

The inside person, in this case, can easily be the company the makes the voting machines. A simple case of late-night "maintenance" and you've changed a lot of votes to go with how your company wants them to go. Which is the primary objection to these machines to begin with.
UpwardThrust
21-10-2008, 01:54
Where a hacker could get involved? Absolutly no transmitting at all. We don't even want to think about going there do we?

Depends the quantity of data being transmitted would be low enough that there would be no problems with private dial in or p2p connection would be easily feasible so it would not transverse anything but a private network

Combine that with an easy to verify hash kept locally and verified against the transmitted value it would be simple to determine any loss or change over the wire

All and all easily secure.
Dumb Ideologies
21-10-2008, 01:55
I don't think this is a good idea. Aside from the risk of human fraud, what if the computers decide to overthrow the human race and change all the votes to write ins for HAL?
Dragontide
21-10-2008, 02:01
Depends the quantity of data being transmitted would be low enough that there would be no problems with private dial in or p2p connection would be easily feasible so it would not transverse anything but a private network

Combine that with an easy to verify hash kept locally and verified against the transmitted value it would be simple to determine any loss or change over the wire

All and all easily secure.

In the beginning, I agree. Through the years? Not so sure. Teenagers have hacked the Pentagon. During the Gulf War of the 90s, someone made all the soldiers beepers go off all at the same time. Banks have been hacked by teenagers. Seems like the more something is pronounced unbreechable, it gets breeched.
UpwardThrust
21-10-2008, 02:07
You can buy those off-the-shelf.


Not if they are single purpose custom ... who said they were using off the shelf hardware

Easy enough to steal or buy from a catelog.


Again if they are single purpose non public interfaces they would not be available to the public at large

Decoding tool. Two minutes and you're in.

How? you are sufficiently vague but you do not take into account any factors such as key length, algorithm or key transmittal

For example using a one time pad and a securely transmitted key it could literally take years not minuets to crack


Any script kiddy can tell you why that's not really that effective.

While I agree with this a "script kiddy" would not be the ideal subject to explain why complex syntax is not a security measure. By definition they tend to be using rather then understanding the tools

See above.



Depending on the device, this may only take 7 minutes of work.

If my objective were just to make the votes vanish instead of changing them, all I need is a large magnet and a shotgun.
As for the rest I have no idea what you are basing your timetables on the parameters are extremely vague and the proposed times seem extreemly on the low side

Based off of simple procedures like rainbow table lookups for NTLM/LM hashes the times are significantly higher then 7 minutes even with short passwords and that is for known algorithms where the heavy computation is done BEFORE the crack, which you likely will not have the pleasure of doing for something that uses a non standard one.


As for magnetics with the amount of data we have here the simple (and probably already implemented) measure of using solid state/flash memory defeats that practicality does it not?
Forsakia
21-10-2008, 02:09
In the beginning, I agree. Through the years? Not so sure. Teenagers have hacked the Pentagon. During the Gulf War of the 90s, someone made all the soldiers beepers go off all at the same time. Banks have been hacked by teenagers. Seems like the more something is pronounced unbreechable, it gets breeched.

Then don't do it by internet. Get an external hard drive and walk the stuff over. Get one as main, one as backup.

Terratha, if you're going to that much trouble you could do it with paper ballots almost as easily.

If you're interested you do much better than the UK, where we basically operate on a gentleman's agreement between the parties that no-one will try and fiddle a shockingly weak system. (And I really do mean shockingly weak, banana republic as one report put it doesn't even come close to describing how much potential for dodgyness there is in the UK system).
UpwardThrust
21-10-2008, 02:09
In the beginning, I agree. Through the years? Not so sure. Teenagers have hacked the Pentagon. During the Gulf War of the 90s, someone made all the soldiers beepers go off all at the same time. Banks have been hacked by teenagers. Seems like the more something is pronounced unbreechable, it gets breeched.

There is the possibility yes and restricting the remote connection on the surface sounds like a good idea, the problem is by protecting against one threat (which can be reduced to a manageable amount) we increase the worry that problems with the machines themselves may go un noticed

But either direction enough planning and a good procedure could ensure that data is not LOST because of a failure
Terratha
21-10-2008, 02:28
Not if they are single purpose custom ... who said they were using off the shelf hardware

The mass-scale of production itself. The place would have to be making the parts, the machines, and the programming. Considering the fact that this is a lot lower priority than nuclear missile launch codes (you can always have the people revote) and the fact that their buyers are state or local governments who are simply going to go with the cheapest option, there's no real reason not to. And if someone really wants to tamper with the votes, you're going to need some very expensive security features to stop them.

In fact, cost alone is why my local area isn't using them. It's simply cheaper to rely on paper ballots, and paper ballots typically only come with scandals of counting.

Again if they are single purpose non public interfaces they would not be available to the public at large

See above.

How? you are sufficiently vague but you do not take into account any factors such as key length, algorithm or key transmittal

For example using a one time pad and a securely transmitted key it could literally take years not minuets to crack

Of course I'm vague. To say more, I'd actually have to try to hack one of them. I simply go with what would be easiest for a tech to get into and run a few checks. Considering the sheer number of them, maintenance itself would have to be cone fast if anything went wrong during voting. Otherwise, you could end up with hundreds or thousands of voters unable to vote simply because of the time it takes a tech to get each machine back up and running.

One of the problems I'm finding with this is that all of the proposed security features are nice if you're running a system that's primarily local or is intended to be used by only a few people. Voting systems are neither. You can make the machines local (in fact, it's best if you did), but a tech has to be able to get into them fast, diagnose problems, replace faulty parts, and get the machine up and running just in case it breaks down during voting. In addition, they have to do it cheaply just to get the usefulness of the machines put out for use. Finally, these machines will spend most of their time not used, but simply sitting around in storage, which means every dollar you spend on excess security is wasted. That means off the shelf parts and light security features.

Could I be wrong on this? Easily. But, I'll stand behind my analysis of it based on what I find to be the most realistic scenario.

While I agree with this a "script kiddy" would not be the ideal subject to explain why complex syntax is not a security measure. By definition they tend to be using rather then understanding the tools

They don't need to be ^^

As for the rest I have no idea what you are basing your timetables on the parameters are extremely vague and the proposed times seem extreemly on the low side

True, they are.

Based off of simple procedures like rainbow table lookups for NTLM/LM hashes the times are significantly higher then 7 minutes even with short passwords and that is for known algorithms where the heavy computation is done BEFORE the crack, which you likely will not have the pleasure of doing for something that uses a non standard one.

See above for my reasoning as to why it would most likely be a standard one.

As for magnetics with the amount of data we have here the simple (and probably already implemented) measure of using solid state/flash memory defeats that practicality does it not?

Not really. You stick the magnet against it for a few minutes, then blast the living hell out of it with the shotgun. Even if the magnet doesn't work, the data's still probably lost anyway.
UpwardThrust
21-10-2008, 02:28
Snip


No dream about it. Why do you think some systems require biometrics in addition to those codes?

The something you "have" and the something you "know" doctrine is always a good one (smart cards are making a surge in the "have" right now but biometrics are also acceptable)

But in the end a quick changing seed/key or a complex one can move the timescale up into the realm that someone could not tamper within a reasonable time frame to be around the machine when it is in the possession of the data)

Breaking into hospital systems is old news. And, frankly, not worth the effort for me to get the necessary items when the information won't be of any use to me. Besides, I'm just pointing out how it can be done.

From what I have heard so far I rather doubt that you necessarily posses the skills to do such but that does not mean that some of your points are not valid

Which does not contradict what I said in any way.



If you're really going to tamper with the system, you're not going to do it when anyone's around anyway. Taking too long while voting does tend to draw curious people, esoecially since you're holding up the process for others. And, to be honest, the moment they check the drive under that system, they're going to know it was tampered with anyway. Which, ultimately, doesn't matter that much in this scenario.



The inside person, in this case, can easily be the company the makes the voting machines. A simple case of late-night "maintenance" and you've changed a lot of votes to go with how your company wants them to go. Which is the primary objection to these machines to begin with.
Require verification? assuming an networked series of machines that dynamically upload their voting tallys the voter could be required to verify the accuracy of their individual vote at a work station that accesses the central data store via a completely separate network and system so there is no possibility of the voting machines themselfs reporting incorrectly to the central authority
UpwardThrust
21-10-2008, 02:32
The mass-scale of production itself. The place would have to be making the parts, the machines, and the programming. Considering the fact that this is a lot lower priority than nuclear missile launch codes (you can always have the people revote) and the fact that their buyers are state or local governments who are simply going to go with the cheapest option, there's no real reason not to. And if someone really wants to tamper with the votes, you're going to need some very expensive security features to stop them.

In fact, cost alone is why my local area isn't using them. It's simply cheaper to rely on paper ballots, and paper ballots typically only come with scandals of counting.



See above.



Of course I'm vague. To say more, I'd actually have to try to hack one of them. I simply go with what would be easiest for a tech to get into and run a few checks. Considering the sheer number of them, maintenance itself would have to be cone fast if anything went wrong during voting. Otherwise, you could end up with hundreds or thousands of voters unable to vote simply because of the time it takes a tech to get each machine back up and running.

One of the problems I'm finding with this is that all of the proposed security features are nice if you're running a system that's primarily local or is intended to be used by only a few people. Voting systems are neither. You can make the machines local (in fact, it's best if you did), but a tech has to be able to get into them fast, diagnose problems, replace faulty parts, and get the machine up and running just in case it breaks down during voting. In addition, they have to do it cheaply just to get the usefulness of the machines put out for use. Finally, these machines will spend most of their time not used, but simply sitting around in storage, which means every dollar you spend on excess security is wasted. That means off the shelf parts and light security features.

Could I be wrong on this? Easily. But, I'll stand behind my analysis of it based on what I find to be the most realistic scenario.



They don't need to be ^^



True, they are.



See above for my reasoning as to why it would most likely be a standard one.



Not really. You stick the magnet against it for a few minutes, then blast the living hell out of it with the shotgun. Even if the magnet doesn't work, the data's still probably lost anyway.
Again like most of the time I argue this thread it does come down to money rather then the feasibility of the technology in of itself. I for one think you are being a bit pessimistic mostly because rather then a strait private sector industry these things are designed for the federal government which can artificially raise the amount amount higher for the security features then you would find otherwise
JuNii
21-10-2008, 02:37
That depends what store you're shopping in. However, the term itself basically means "you can buy what you need from someone with ease." store? what store sells the voting machines?

That's why you scout out the item you're going after. and that's why the voting machines are usually kept under lock and key. taken out only to be updated the months before the election.

No dream about it. Why do you think some systems require biometrics in addition to those codes? which is still yet another security measure.

Breaking into hospital systems is old news. And, frankly, not worth the effort for me to get the necessary items when the information won't be of any use to me. Besides, I'm just pointing out how it can be done. Translation: I can't, but I'll never admit it.

Which does not contradict what I said in any way. execpt the machines are on line for how long?
so it does contradict your statement about it being 'easy'.

If you're really going to tamper with the system, you're not going to do it when anyone's around anyway. Taking too long while voting does tend to draw curious people, esoecially since you're holding up the process for others. And, to be honest, the moment they check the drive under that system, they're going to know it was tampered with anyway. Which, ultimately, doesn't matter that much in this scenario. which has you proving how and why tampering with the machine is 1) not easy and 2) almost impossible.

The inside person, in this case, can easily be the company the makes the voting machines. A simple case of late-night "maintenance" and you've changed a lot of votes to go with how your company wants them to go. Which is the primary objection to these machines to begin with. and the inside person(s) for the paper ballots can be alot of volunteers used to count the ballots.

Easier since the company contracted to make and maintain the voting machines will also have a list of people who worked on the machines since they would be employees. the same measures are NOT taken with volunteers.
Terratha
21-10-2008, 02:38
The something you "have" and the something you "know" doctrine is always a good one (smart cards are making a surge in the "have" right now but biometrics are also acceptable)

But in the end a quick changing seed/key or a complex one can move the timescale up into the realm that someone could not tamper within a reasonable time frame to be around the machine when it is in the possession of the data)

Hmm... can't argue there.

From what I have heard so far I rather doubt that you necessarily posses the skills to do such but that does not mean that some of your points are not valid

I thought it was rather obvious that I didn't possess the skills. I know a lot of how the theory behind it works. Honestly, if I were going to do any hacking, I'd be a script kiddy. No skills required, and all I need is someone to give me a quick instruction on the mechanical side of it.

Require verification? assuming an networked series of machines that dynamically upload their voting tallys the voter could be required to verify the accuracy of their individual vote at a work station that accesses the central data store via a completely separate network and system so there is no possibility of the voting machines themselfs reporting incorrectly to the central authority

In which case the company just changes the data at the place it uploads to. Wait for the voters to verify before changing it (which is easy enough, since it's your own system) and set the machines themselves to not store any data. It gives the illusion of security and accuracy, despite the fact no one can actually verify that the results themselves are correct without going out and talking to the voters themselves. The verification process itself, even if you have paper copies printed out, would take at least three times as long, since you have to have the voters verify that the paper is correct before tallying up their votes and comparing it to the machine's result.

In short, it's a system that's perfect for exploitation.
Terratha
21-10-2008, 02:41
Again like most of the time I argue this thread it does come down to money rather then the feasibility of the technology in of itself. I for one think you are being a bit pessimistic mostly because rather then a strait private sector industry these things are designed for the federal government which can artificially raise the amount amount higher for the security features then you would find otherwise

Except that the actual voting is handled primarily on the local scale. That's part of why each state varies in how its voting systems are set up.

If you ever want an example, take a look in Missouri sometime. We use paper ballots, but they're counted by computer, with the ballots themselves having a number on them that is also put by the name of the voter. Its through that number that they register the voter as having voted.
JuNii
21-10-2008, 02:50
The mass-scale of production itself. The place would have to be making the parts, the machines, and the programming. Considering the fact that this is a lot lower priority than nuclear missile launch codes (you can always have the people revote) and the fact that their buyers are state or local governments who are simply going to go with the cheapest option, there's no real reason not to. And if someone really wants to tamper with the votes, you're going to need some very expensive security features to stop them. the mass scale production does not mean that they will use off the shelf tools nor items that can be used by any off the shelf tools.

In fact, cost alone is why my local area isn't using them. It's simply cheaper to rely on paper ballots, and paper ballots typically only come with scandals of counting. which has what to do with the ease to break into the machines?

Of course I'm vague. To say more, I'd actually have to try to hack one of them. I simply go with what would be easiest for a tech to get into and run a few checks. Considering the sheer number of them, maintenance itself would have to be cone fast if anything went wrong during voting. Otherwise, you could end up with hundreds or thousands of voters unable to vote simply because of the time it takes a tech to get each machine back up and running. which means you are only guessing the ease to break into these machines would be in your mind. as TECH SUPPORT we have the means to fix them fast... even high security models.

One of the problems I'm finding with this is that all of the proposed security features are nice if you're running a system that's primarily local or is intended to be used by only a few people. Voting systems are neither. You can make the machines local (in fact, it's best if you did), but a tech has to be able to get into them fast, diagnose problems, replace faulty parts, and get the machine up and running just in case it breaks down during voting. In addition, they have to do it cheaply just to get the usefulness of the machines put out for use. Finally, these machines will spend most of their time not used, but simply sitting around in storage, which means every dollar you spend on excess security is wasted. That means off the shelf parts and light security features. assumption on your part. I work with data security as well as securing the computers themselves.

Could I be wrong on this? Easily. But, I'll stand behind my analysis of it based on what I find to be the most realistic scenario. realistic if we were living in the 1970's.

They don't need to be ^^ wrong again

True, they are. and you have yet to prove your 'theories' can be done in that short a time.

See above for my reasoning as to why it would most likely be a standard one. which is unlikely due to the factors you are assuming.

Not really. You stick the magnet against it for a few minutes, then blast the living hell out of it with the shotgun. Even if the magnet doesn't work, the data's still probably lost anyway.
wrong yet again. sticking a magnet next to it does NOTHING. newsflash, sticking a magnet on your creditcard does NOTHING.

to affect the hard drive or storage with a magnet you need to take apart the drive/storage media then (in the case of the harddrive) put the platter itself (the nice shiney disk INSIDE your HDD) on the magnet. using a shotgun would be rather noticeable and stupid. easier to have a counter 'miscount' the paper ballots to favor their candidate.
Grave_n_idle
21-10-2008, 02:55
The mass-scale of production itself. The place would have to be making the parts, the machines, and the programming.


Let's look at Diebold, for example. What else do they do? They make security devices and electronics. They don't have to buy 'off the shelf' parts - their operation is geared towards custom.


...you're going to need some very expensive security features to stop them.


Not at all.

Look at burglary - you can spend tens of thousands of dollars buying a state-of-the-art anti-burglar system, but there will ALWAYS be some way to break the security. So what is the most common alternative - get a dog, or put up a visible burglar-alarm or motion-sensor. Hell, neither the alarm nor sensor have to actually do anything.

And that's what you do with electronic tech - you make it look more trouble than it's worth. You slow the process down.

Especially on something like this, where the window for abuse is short, you only have to slow an attack down for a finite period of time, before attacking the data become fruitless.


Voting systems are neither. You can make the machines local (in fact, it's best if you did), but a tech has to be able to get into them fast, diagnose problems, replace faulty parts, and get the machine up and running just in case it breaks down during voting.


You make it sound like that's a big deal. A voting machine doesn't have to be any more complex, in real terms, than something like a laser printer or a fax machine. Anyone trained to fix copiers is probably overqualified to fix voting machines.


Could I be wrong on this? Easily. But, I'll stand behind my analysis of it based on what I find to be the most realistic scenario.


Could you be wrong on this? You almost certainly are.

Partisanship of the electronic voting SUPPLIER is a much bigger risk than external infiltration.


Not really. You stick the magnet against it for a few minutes, then blast the living hell out of it with the shotgun. Even if the magnet doesn't work, the data's still probably lost anyway.

Neither of those would work on data that is being transmitted periodically. (Especially if your receiver software filters out glitched results before updating files).
Terratha
21-10-2008, 02:57
store? what store sells the voting machines?

You're misinterpreting what I said. Read it again.

and that's why the voting machines are usually kept under lock and key. taken out only to be updated the months before the election.

You scout it while you're at the booth actually voting. Basic thievery 101.

which is still yet another security measure.

And this doesn't contradict what I said.

Translation: I can't, but I'll never admit it.

Can't? Just need to talk to the right people, buy the right program, get the right equipment, and scout out the hospital. There's no reason why I can't except my own willingness to break the law.

Incidentally, if I were you, I wouldn't go any further along the conversation line about challenging me to break into a hospital's security. Note that this isn't a threat, but my attempt to save you from understanding perfectly exactly why I'm making the suggestion. And, no, I'm not trying to imply I'm with any authorities, either.

execpt the machines are on line for how long?
so it does contradict your statement about it being 'easy'.

That you find out by scouting.

I'm also not going to say anymore on this particular point of it, as I'm edging particularly close to a line and one unpleasant conversation a year is enough.

which has you proving how and why tampering with the machine is 1) not easy and 2) almost impossible.

Nice claim. Now, prove it.

and the inside person(s) for the paper ballots can be alot of volunteers used to count the ballots.

Easier since the company contracted to make and maintain the voting machines will also have a list of people who worked on the machines since they would be employees. the same measures are NOT taken with volunteers.

...

You really, really have not read the point you're trying to refute. Go back and read it again. No, I don't mean to the post you were immediately trying to deal with, but the one previous to it. Read it carefully.
Grave_n_idle
21-10-2008, 02:58
In short, it's a system that's perfect for exploitation.

No more so than paper ballots. Indeed, at least electronic voting would REQUIRE some extra skills to tackle infiltrating it. Paper ballots? Any idiot can lose a box.
UpwardThrust
21-10-2008, 03:03
Hmm... can't argue there.



I thought it was rather obvious that I didn't possess the skills. I know a lot of how the theory behind it works. Honestly, if I were going to do any hacking, I'd be a script kiddy. No skills required, and all I need is someone to give me a quick instruction on the mechanical side of it.



In which case the company just changes the data at the place it uploads to. Wait for the voters to verify before changing it (which is easy enough, since it's your own system) and set the machines themselves to not store any data. It gives the illusion of security and accuracy, despite the fact no one can actually verify that the results themselves are correct without going out and talking to the voters themselves. The verification process itself, even if you have paper copies printed out, would take at least three times as long, since you have to have the voters verify that the paper is correct before tallying up their votes and comparing it to the machine's result.

In short, it's a system that's perfect for exploitation.

No the idea of the verification that the storage system would be controlled by a body other then the company (and ideally not under direct control of the government either) the machines once transmitting the data would no longer

The verification would be done on the spot electronically though a non similar system

For example voting machine takes a users vote sends them to a server run by an independent oversight committee (not familair with current vote counting organizations but assume something along thoes lines on a federal scale)

The voter would then verify from a seperate system not created by the same company (for example a standard PC with a secure connection to be able to read the published data)

This could be done without the central server model on a more local scale where both the voting machine and the alternative machine keep the verified tally for submital, this would provide a nice check and balance to the machines themselfs
Terratha
21-10-2008, 03:06
the mass scale production does not mean that they will use off the shelf tools nor items that can be used by any off the shelf tools.

It increases the likelihood of it.

which has what to do with the ease to break into the machines?

It's related to the discussion of why the machines themselves would likely be made very cheaply.

which means you are only guessing the ease to break into these machines would be in your mind. as TECH SUPPORT we have the means to fix them fast... even high security models.

Go back and read the security features I was replying to yet again.

assumption on your part. I work with data security as well as securing the computers themselves.

And I've met plenty of people who work in that field and still don't know anything about dealing with computers outside of their particular area of experience. I work in the field of taxes, but that doesn't mean I'm an expert in all tax laws. Try actually proving it.

realistic if we were living in the 1970's.

Prove it.

wrong again

Prove it.

and you have yet to prove your 'theories' can be done in that short a time.

Prove it.

which is unlikely due to the factors you are assuming.

Prove it.


wrong yet again. sticking a magnet next to it does NOTHING. newsflash, sticking a magnet on your creditcard does NOTHING.

to affect the hard drive or storage with a magnet you need to take apart the drive/storage media then (in the case of the harddrive) put the platter itself (the nice shiney disk INSIDE your HDD) on the magnet. using a shotgun would be rather noticeable and stupid. easier to have a counter 'miscount' the paper ballots to favor their candidate.

This is you demonstrating that you don't know what line of conversation you're replying to.

Magnetically wiping the drive itself would be rather noticeable and stupid as well. In fact, considering that the stated objective for that particular item is to wipe the votes out completely and not create a case where they're being miscounted, any action you take is going to be very noticeable when people show up and notice the votes have vanished. Which was my stated purpose for using the two items to begin with.
Terratha
21-10-2008, 03:14
Let's look at Diebold, for example. What else do they do? They make security devices and electronics. They don't have to buy 'off the shelf' parts - their operation is geared towards custom.

Diebold is one of the companies in particular that's questionable for their particular reasoning behind making the machines, IIRC. Assuming my memory is not faulty, using them as an example is really not a good idea.

Not at all.

Look at burglary - you can spend tens of thousands of dollars buying a state-of-the-art anti-burglar system, but there will ALWAYS be some way to break the security. So what is the most common alternative - get a dog, or put up a visible burglar-alarm or motion-sensor. Hell, neither the alarm nor sensor have to actually do anything.

And that's what you do with electronic tech - you make it look more trouble than it's worth. You slow the process down.

Especially on something like this, where the window for abuse is short, you only have to slow an attack down for a finite period of time, before attacking the data become fruitless.

No argument from me on that.

You make it sound like that's a big deal. A voting machine doesn't have to be any more complex, in real terms, than something like a laser printer or a fax machine. Anyone trained to fix copiers is probably overqualified to fix voting machines.

Which is kinda my argument about them being cheap to begin with.

Could you be wrong on this? You almost certainly are.

Partisanship of the electronic voting SUPPLIER is a much bigger risk than external infiltration.

Please excuse me for this, but after dealing with JuNii's posts, could you please provide proof for this one?

I'm not disagreeing, actually. In fact, I outright stated my agreement, indirectly, in another post. Just that right now, I'm getting tired of allegations like this with no real argument to back them.

Neither of those would work on data that is being transmitted periodically. (Especially if your receiver software filters out glitched results before updating files).

True. I'll admit that one easily counters it.
JuNii
21-10-2008, 03:15
You're misinterpreting what I said. Read it again. wrong, you are trying to go off topic about the supposed problems with voting machines.

THEY MAKE the machines. thus they can talior the tools needed to open them. nothing off-the-shelf.

You scout it while you're at the booth actually voting. Basic thievery 101. *facepalm* and continuing with basic thievery 101... after scouting the booth oh wise one... how much time does that leave you to break into the machine when all the information you have is gotten by scouting the machine's outer case! you have no idea the connections you'll need, you have no idea where the transmitting device is located, you don't even know where the hard drive is. and that certainly doesn't give you any clue to the encryption nor parameters for the algorithm used.

And this doesn't contradict what I said. considering your whole argument is how easy it is to break in. yes it does.

Can't? Just need to talk to the right people, buy the right program, get the right equipment, and scout out the hospital. There's no reason why I can't except my own willingness to break the law. yep, all I have to do is talk to the right people, get the right equiptment, scout the right area, and poof. I'll be President. but because I don't want the Presidency, doesn't mean it can't be done :rolleyes:

Incidentally, if I were you, I wouldn't go any further along the conversation line about challenging me to break into a hospital's security. Note that this isn't a threat, but my attempt to save you from understanding perfectly exactly why I'm making the suggestion. And, no, I'm not trying to imply I'm with any authorities, either. because you can't. not saying it can't be done, but so far, you are giving methods to bypass security technology 20 years old.

That you find out by scouting. again, doesn't work like that. you can't tell what's inside if you can't get to the interior.

I'm also not going to say anymore on this particular point of it, as I'm edging particularly close to a line and one unpleasant conversation a year is enough. then stop trying to say that breaking into the voting machines are easy. they're not.

Nice claim. Now, prove it. prove what? you brought up biometrics and other security measures that are difficult to bypass? considering the machines are on line for less than 24 hours doesn't leave much time to break in and tamper with the data makes your claim of having time to scout the machines useless, without the information about the program itself your 'kiddy scripts' have a greater chance of failure. with redundant systems, even your Shotgun and Magnet solution does not guarentee success.

and you have yet to prove your methods you mentioned.


You really, really have not read the point you're trying to refute. Go back and read it again. No, I don't mean to the post you were immediately trying to deal with, but the one previous to it. Read it carefully.
I have. it's so far easier to tamper with paper ballots than with electronic ones. the chances of such tampering to be undetected is greater with paper ballots than with electronic ones and it's easier for those tampering with paper ballots to escape unnoticed than those that try to tamper with electronic ones.

so... where's your point that electronic vote tampering is easier.
Terratha
21-10-2008, 03:17
No the idea of the verification that the storage system would be controlled by a body other then the company (and ideally not under direct control of the government either) the machines once transmitting the data would no longer

The verification would be done on the spot electronically though a non similar system

For example voting machine takes a users vote sends them to a server run by an independent oversight committee (not familair with current vote counting organizations but assume something along thoes lines on a federal scale)

The voter would then verify from a seperate system not created by the same company (for example a standard PC with a secure connection to be able to read the published data)

This could be done without the central server model on a more local scale where both the voting machine and the alternative machine keep the verified tally for submital, this would provide a nice check and balance to the machines themselfs

It could, but it's also easily gotten around with programming. You program the machine itself to change the vote and what information the verification actually verified before transmitting, then not store and data on its end. You end up with the same problem as before. Only then, you have an oversight committee thinking they're actually doing oversight, which may make it even harder to prove that actual tampering was done.
JuNii
21-10-2008, 03:22
Please excuse me for this, but after dealing with JuNii's posts, could you please provide proof for this one?

I'm not disagreeing, actually. In fact, I outright stated my agreement, indirectly, in another post. Just that right now, I'm getting tired of allegations like this with no real argument to back them.
follow your own advice.

you popped in an argument that Dragontide is posing that Electronic Voting is easy to break into and tamper with, putting forth arguments that support his claim.

Prove that the machines can be broken into with off-the-shelf purchases.
Prove that a magnet will erase the data on those machines.
Prove that "kiddy scripts' can work on a system you only visually scouted.
prove that one can break into those machines in the few hours it's on line and operating.
JuNii
21-10-2008, 03:24
It could, but it's also easily gotten around with programming. You program the machine itself to change the vote and what information the verification actually verified before transmitting, then not store and data on its end.
and how would this program be inserted into the machine?
UpwardThrust
21-10-2008, 03:26
It could, but it's also easily gotten around with programming. You program the machine itself to change the vote and what information the verification actually verified before transmitting, then not store and data on its end. You end up with the same problem as before. Only then, you have an oversight committee thinking they're actually doing oversight, which may make it even harder to prove that actual tampering was done.
How can the client (the voting machine) change a submitted vote? its already lost control of the data at that point

It is being verified before being counted sure but not before but after transmission
Forsakia
21-10-2008, 03:27
It could, but it's also easily gotten around with programming. You program the machine itself to change the vote and what information the verification actually verified before transmitting, then not store and data on its end. You end up with the same problem as before. Only then, you have an oversight committee thinking they're actually doing oversight, which may make it even harder to prove that actual tampering was done.

Compare this and all your hypotheses etc. To seeing what type of box they use, what the polling slip looks like, and forging a whole load of those and switching one box for another. Or even just 'losing' a box from a particular area known to favour one candidate heavily. You seriously saying it's easier to do it electronically?
Grave_n_idle
21-10-2008, 03:38
Diebold is one of the companies in particular that's questionable for their particular reasoning behind making the machines, IIRC. Assuming my memory is not faulty, using them as an example is really not a good idea.


Yes, Diebold has been a problem before.... but it's exactly for those partisanship issues I was talking about, not for the ease-of-hacking. And they're a good example because I'm pretty sure they're widely used again this year.


Which is kinda my argument about them being cheap to begin with.


Cheap isn't bad.

If I have the choice of two machines - one of which has tripwires and minefields, and the other has a padlock, and they'll BOTH do the job I need, in the timeframe I need, and be equally secure WITHIN those parameters... I'm going for the (much cheaper) padlock.


Please excuse me for this, but after dealing with JuNii's posts, could you please provide proof for this one?


You mentioned it yourself. Diebold got into a lot of shit last time round for (allegedly) screwing the pooch, so to speak. Partisanship is the problem.


True. I'll admit that one easily counters it.

And, even if the data is stored onsite, a shotgun isn't a sure way of killing data... and a magnet is worse than useless. Hell, you could actually hit a harddrive with a direct shot that left it in pieces, and data can (usually) still be retreived.
Grave_n_idle
21-10-2008, 03:42
It could, but it's also easily gotten around with programming. You program the machine itself to change the vote and what information the verification actually verified before transmitting, then not store and data on its end. You end up with the same problem as before. Only then, you have an oversight committee thinking they're actually doing oversight, which may make it even harder to prove that actual tampering was done.

Who is supposed to be reprogramming these machines? And when... and when are they getting access and time to be doing all this stuff? One assumes you think they can do it without walking into voting booths with big piles of equipment?

Also - I have to point out - and I'm no tech whiz - you can run the voting program in a virtual machine, and have the voting machine effectively 'reprogram ITSELF' after every vote... if you wanted.

Or you could have a remote source validate and verify the update status of the programming.

Seriously - the stuff you're coming up with can be easily countered.
Terratha
21-10-2008, 03:46
wrong, you are trying to go off topic about the supposed problems with voting machines.

Prove it.

Also, this topic is about electronic voting machines, specifically any problems they may have. I can't go off-topic by discussing it, since it actually is the topic.

THEY MAKE the machines. thus they can talior the tools needed to open them. nothing off-the-shelf.

Which does nothing to say that they'll bother to make the tools.

*facepalm* and continuing with basic thievery 101... after scouting the booth oh wise one... how much time does that leave you to break into the machine when all the information you have is gotten by scouting the machine's outer case! you have no idea the connections you'll need, you have no idea where the transmitting device is located, you don't even know where the hard drive is. and that certainly doesn't give you any clue to the encryption nor parameters for the algorithm used.

You honestly think scouting is limited to just looking at the outer case of it?

Scouting for something like this involves quite a bit more. You're going to be asking questions while being discrete and trying not to raise awareness. That means talking to maintenance people, the people who run the polling booth, doing some digging in records to see if you can dig up the tech specs, and maybe even a bit more. For something like this, you'd start out probably right around now or even the beginning of this month to try to get the information. Maybe even a lot earlier in the year than that.

And that's not even a full discussion of it. There's a lot more than just walking up and looking at the case to scouting out something like this.

considering your whole argument is how easy it is to break in. yes it does.

Voting systems themselves don't use biometric security, though. At least, the last time I checked, they didn't. Biometric security is primarily for things a lot more secure.

yep, all I have to do is talk to the right people, get the right equiptment, scout the right area, and poof. I'll be President. but because I don't want the Presidency, doesn't mean it can't be done :rolleyes:

Translation: I can't refute this, so I'm going to try to make it look stupid in hopes no one will catch on to the fact that I can't refute it.

because you can't. not saying it can't be done, but so far, you are giving methods to bypass security technology 20 years old.

Hacking computers through backdoors, password guessing, or similar methods are also twenty years old. Yet, they're also still in use today.

What's actually new in modern security technology? Not much. Most of it is either improvements on technology that's existed for at least twenty years or is the realization of ideas that are twenty years old. A lot of the methods to get around that technology hasn't changed, but merely been improved.

again, doesn't work like that. you can't tell what's inside if you can't get to the interior.

Again, scout it out.

then stop trying to say that breaking into the voting machines are easy. they're not.

You know, I'm sitting back and laughing.

Prove that I said that breaking into them is easy. I want you to go back through all of what I've said and find where I said that actually breaking into them is easy. Not where I made it sound easy. Not where I was overly simplistic. But where I actually said it was easy.

prove what? you brought up biometrics and other security measures that are difficult to bypass? considering the machines are on line for less than 24 hours doesn't leave much time to break in and tamper with the data makes your claim of having time to scout the machines useless, without the information about the program itself your 'kiddy scripts' have a greater chance of failure. with redundant systems, even your Shotgun and Magnet solution does not guarentee success.

and you have yet to prove your methods you mentioned.

Sorry, but I have a simple rule: When I ask for proof and you don't give it, then ask for proof yourself, I'm not giving it. If you want proof, then you'll have to answer my challenges first. I've dealt with too many trolls who counter requests for proof by asking for proof themselves, then spend their entire time arguing when proof about the proof just to avoid giving proof of their own.

Secondly, look about with what I said about biometric security, and I've already shown that you have plenty of time to scout the machines.

I have. it's so far easier to tamper with paper ballots than with electronic ones. the chances of such tampering to be undetected is greater with paper ballots than with electronic ones and it's easier for those tampering with paper ballots to escape unnoticed than those that try to tamper with electronic ones.

so... where's your point that electronic vote tampering is easier.

Here, let me remind you of the line of conversation on that one:

The inside person, in this case, can easily be the company the makes the voting machines. A simple case of late-night "maintenance" and you've changed a lot of votes to go with how your company wants them to go. Which is the primary objection to these machines to begin with.

Try to read it again and realize where the actual problem is that I was talking about. It's much, much easier in this case due to the unique circumstances.
Terratha
21-10-2008, 03:56
follow your own advice.

you popped in an argument that Dragontide is posing that Electronic Voting is easy to break into and tamper with, putting forth arguments that support his claim.

Actually, I didn't put forth items to support his claim. Merely items to show that those security features are not as powerful as you were saying.

Prove that the machines can be broken into with off-the-shelf purchases.
Prove that a magnet will erase the data on those machines.
Prove that "kiddy scripts' can work on a system you only visually scouted.
prove that one can break into those machines in the few hours it's on line and operating.

See me immediately previous post for my issue on proof. Ball's in your court on whether any is provided.

and how would this program be inserted into the machine?

I'm going to assume you're mistaking my particular point in that case. Basically, it's inserted when the machine is first programmed for voting. Note that does not contradict my point in the part you replied to.

How can the client (the voting machine) change a submitted vote? its already lost control of the data at that point

It is being verified before being counted sure but not before but after transmission

I said change it before it's transmitted.

Compare this and all your hypotheses etc. To seeing what type of box they use, what the polling slip looks like, and forging a whole load of those and switching one box for another. Or even just 'losing' a box from a particular area known to favour one candidate heavily. You seriously saying it's easier to do it electronically?

A little secret: I've been arguing two stances this entire time. One where someone breaks in, and one where the company itself is guilty. I've tried to make it obvious which is which, but there's been muddlement. The former is just to show it can be done, while the latter is the one where I stand that it's very easy to be done by certain companies.

And, yes, I'm saying it's easier to do it electronically. With the paper ballots, you can verify a lot easier that those votes existed. Faking the ballots takes a massive amount of time. With a machine, the vote's changed before it's even submitted.
Terratha
21-10-2008, 04:03
Please excuse the triple post. But, honestly, I'm not currently ready to make an effort to consolidate them into one post.

Yes, Diebold has been a problem before.... but it's exactly for those partisanship issues I was talking about, not for the ease-of-hacking. And they're a good example because I'm pretty sure they're widely used again this year.

One of my stances (the one at the bottom of the post) is that it's very easy for the company themselves to do it. Diebold is a particularly bad example because of the partisanship issues.

Cheap isn't bad.

If I have the choice of two machines - one of which has tripwires and minefields, and the other has a padlock, and they'll BOTH do the job I need, in the timeframe I need, and be equally secure WITHIN those parameters... I'm going for the (much cheaper) padlock.

Within those parameters, no argument.

You mentioned it yourself. Diebold got into a lot of shit last time round for (allegedly) screwing the pooch, so to speak. Partisanship is the problem.

Agreed. Challenge withdrawn.

And, even if the data is stored onsite, a shotgun isn't a sure way of killing data... and a magnet is worse than useless. Hell, you could actually hit a harddrive with a direct shot that left it in pieces, and data can (usually) still be retreived.

The idea is to keep shooting. After the first blast, you've pretty much announced your presense, so you might as well make sure the pieces are small enough that attempting to retrieve the data is futile. The magnet is just in case it's not useless after all, but the shotgun is to make absolutely damn sure.

Who is supposed to be reprogramming these machines? And when... and when are they getting access and time to be doing all this stuff? One assumes you think they can do it without walking into voting booths with big piles of equipment?

Also - I have to point out - and I'm no tech whiz - you can run the voting program in a virtual machine, and have the voting machine effectively 'reprogram ITSELF' after every vote... if you wanted.

Or you could have a remote source validate and verify the update status of the programming.

Seriously - the stuff you're coming up with can be easily countered.

That part is part of the stance that it's the company itself doing it. I tried to make it obvious when I first brought it up (the maintenance comment). The split stance is a fun way of arguing, though in this case the different stances were accidentally muddled into each other.
Grave_n_idle
21-10-2008, 16:51
That part is part of the stance that it's the company itself doing it. I tried to make it obvious when I first brought it up (the maintenance comment). The split stance is a fun way of arguing, though in this case the different stances were accidentally muddled into each other.

The partisanship is an issue whether you use digital or paperbased. If you've got partisans with paper, it's at least as easy to 'lose' or niscount votes.

That's why a system that uses digital tallies AND a papertrail is superior... it requires two separate sets of tampering to affect significantly... and they would have to be pretty well coordinated quite closely to avoid the discrepancy between media exposing each other.
Forensatha
21-10-2008, 16:55
The partisanship is an issue whether you use digital or paperbased. If you've got partisans with paper, it's at least as easy to 'lose' or niscount votes.

That's why a system that uses digital tallies AND a papertrail is superior... it requires two separate sets of tampering to affect significantly... and they would have to be pretty well coordinated quite closely to avoid the discrepancy between media exposing each other.

No argument from me there.
Indri
22-10-2008, 08:20
I don't like it. No paper trail. A paper trail should be the law.

Thoughts?
Daddy, what were forests like?

Paper trails are environmentally destructive. If you want to waste paper on something as trivial and infrequent as your erection then you must be a war-mongering, Satan-worshipping, fuck-the-earth Republican.
Redwulf
22-10-2008, 08:49
Daddy, what were forests like?

Paper trails are environmentally destructive. If you want to waste paper on something as trivial and infrequent as your erection then you must be a war-mongering, Satan-worshipping, fuck-the-earth Republican.

Hey, now! There is nothing trivial or infrequent about my erections!

Now that I look at my key board the "typo" I'm mocking almost HAD to be deliberate. The "l" and the "r" are nowhere near each other . . .