Also, I am not a fear-monger or believer in some of the conspiracy theories floating around out there.
However, this 'fugedaboutit' attitude smacks of intellectual laziness. Our elections are badly run now, the vote counts are not demonstrably reliable, and people ARE being disenfranchised - if only because they simply cannot afford (in the simplest definition - they need to go to work to earn food money) to stand in line for two to eight hours to cast a ballot.
Our elections system has extraordinary, very concerning things wrong with it. To dismiss this is not only naive, but irresponsible. It's too bad you've got this soapbox to broadcast poorly-researched opinions.
Having just voted this morning I was disturbed (more than normal) at the following:
- No ID required to validate your identity when voting. The requirement is to say your street address and name and that is it; I could change my personal look and vote a few more times;
- the AccuVote system depicted in Hacking Democracy is in use; http://www.hackingdemocracy.com/
- Preparations for voting irregularities has been announced as a risk through 'for pay' services as of 10/28 seen as a valid threat including warning of civil unrest in certain cities;
I don't believe this to be FUD after Ohio and Florida in 2000 and 2004, and the -16K votes from Volusia County. The issues still stand and have not been addressed.
These are fact based and both accurate and true.
The cocktail has been mixed since 2000 and it has nothing to do with Halloween.
Disenfranchised because they can't afford to stand in line, James?? One will stand in line to buy a pack of cigarettes, ride a roller coaster, obtain a drivers license, etc. If one doesn't want to stand in line to vote, they don't care enough about freedom and might as well stay home and watch the boogeyman hype designed to sell newspapers and TV commercials - then go out and riot because their candidate didn't win because "someone hacked the voting machine". Gimme' a break.
1) Yes, I am one of those people who believe a paper trail is essential. This is NOT a place to save paper - that is just an excuse, and a poor one at that, to leave the door open for mischief. Only paper ballots can be reliably recounted.
2) In reply to Jeff's comment about changing appearance and voting several times. If it was that easy it wouldn't even be necessary to change appearance with early voting, just go to a bunch of different early polling places. BUT in every election I have ever observed, including this one, the voter's name is checked off against a list of registered voters. Once you vote that is noted on the list or database and you will not be permitted to use that name to vote again in the same election. This applies whether ID is required or not. Here in Florida this year for the first time I have seen the requirement for official ID to confirm one's identity at the polling place (for early voting at least). To me that doesn't seem too onerous a requirement. It just isn't all that hard to get a state issued ID card if you are a legal resident, and besides for my whole life it has been required to show ID when intitially registering to vote. The main issue with ID this time was that newer registration procedures permit people to register initially without showing any ID at all, so those people at least must obviously be required to identify themselves at least once before being permitted to vote or all sorts of mischief would be possible. Early voting outside the regular precincts also required ID because the list of registered voters now includes not only those at that precinct, but in ou case every registered voter in the county who may choose to vote in any one of a number of different locations.
3) Like someone said, elections have been tampeered with since the first one. That is no excuse not to try to have the most secure and reliable system in place while simultaneously encouraging every eligible person to vote and have their vote properly counted.
I used to work on vote counting software and on actual elections, and on the basis of actual experience, I can assert that things happen, whether intentional or not. I can't imagine telling people that fears about E-voting are misplaced, myself. But I guess this article did grab my eyes, so right or wrong it must sell advertising. But I certainly don't agree with the premise that fear-mongering is the salient aspect of concerns about what in many cases is an inherently defective system, to be blunt.
In Ohio in 2004, elderly and poor citizens stood in line for up to 10 hours in a cold rain to cast ballots at polling places in the largest cities in the state.
I don't know very many young people of means who would or COULD lose a day of work for that. Yes, in fact, that is disenfranchisement of the worst kind: negligent at BEST, malicious at worst.
I also didn't address the author's inaccurate conclusions about the frauds that are occurring against the system (regardless of party) through fake phone calls and postal mail giving voters inaccurate information about polling locations, the day they should vote, and other information that may well keep some people away from the polls. In some places, people have received official-looking notices telling them that if they vote, they will be arrested.
These threats are real. The author dismisses them because they did not obviously come from either of the major political parties. The point of origin is irrelevant in consideration of this risk, as the damage done to the democratic process is nonetheless the same.
This article misses the point about the real risks of electronic voting,
First, On Electronic Voting Machines:
Since it is impossible to tell if vote counts have been modified the vote counts are unreliable. This is completely different from paper ballots because in order to modify paper ballots an attacker would need to physically visit the ballots. With electronic voting machines an attacker might modify source code (perhaps some weeks or months prior to the election) so that the vote counts for the electronic machines are already determined, thereby modifying many thousands of votes from a single location. The difference between modifying paper ballots vs. electronic ballots is similar to the difference between stealing identities from papers in people house vs. stealing identities electronically. This is a very serious risk, and as a country we are hurting ourselves by ignoring it.
Second, On Red Hat Hackers vs Blue Hat Hackers:
While this sounds cute, it is misleading from the point of view of analyzing and managing risks to the integrity of an election. Consider instead the purpose of an attack. What person, organization, corporation, or government would benefit from a particular outcome of the election? What is the value of that benefit weighed against the cost of an attack? What is their calculation for risk of exposure vs. reward of succeeding? What resources do they have available to dedicate to such a task? Just offhand, I would think that Political parties are too closely scrutinized, and individual hackers are probably not motivated enough for the risk. On the other hand, a large organization which might stand to gain or lose hundreds of millions of dollars might be motivated to take action, especially if they could maintain plausible deniability. Now, let's be clear here. I'm not talking about a conspiracy. I'm talking about a monetary calculation. No conspiracy is needed, just a motivated attacker with deep pockets.
As long as we continue to vote in such unsecured ways, we will continue to have elections that cannot be trusted, and we will continue to invite attackers to bend the outcomes for their own benefit.
Here's to your FUD, just one story out of the hundreds I've seen already, discussing real voters who could not vote because of inadequate resources - one voting machine at a location where 400 people were already in line when the polls opened.
And that's not to mention a man standing in line telling voters to vote elsewhere, and robocalls that tried to do the same thing.
You call it FUD? No. These are not even just "threats".
Yes, the BOE there delivered more machines later in the day. That's great! but it doesn't solve the matter of maliciously misdirected voters, and it doesn't solve the problem in all those places nationwide where more machines did not appear in time.
I don't agree with the headline of the story, but the facts as reported remain concerning.
On the matter of robocalls - records are available of every phone call made. Why haven't these records been subpoenaed so it can be figured out who is behind the calling, and prosecutions brought? You can't launch thousands of phone calls without a decent measure of infrastructure. The origins of those calls can always be determined with some effort.
FUD Watch | The Boogeyman in the E-Voting Machine
There's no mix quite like Halloween, politics and government. It's a cocktail that can be heavy on the fear-mongering. Here are some examples.
» View Article
I am astonished at your naivete.
Also, I am not a fear-monger or believer in some of the conspiracy theories floating around out there.
However, this 'fugedaboutit' attitude smacks of intellectual laziness. Our elections are badly run now, the vote counts are not demonstrably reliable, and people ARE being disenfranchised - if only because they simply cannot afford (in the simplest definition - they need to go to work to earn food money) to stand in line for two to eight hours to cast a ballot.
Our elections system has extraordinary, very concerning things wrong with it. To dismiss this is not only naive, but irresponsible. It's too bad you've got this soapbox to broadcast poorly-researched opinions.
Having just voted this morning I was disturbed (more than normal) at the following:
- No ID required to validate your identity when voting. The requirement is to say your street address and name and that is it; I could change my personal look and vote a few more times;
- the AccuVote system depicted in Hacking Democracy is in use; http://www.hackingdemocracy.com/
- Preparations for voting irregularities has been announced as a risk through 'for pay' services as of 10/28 seen as a valid threat including warning of civil unrest in certain cities;
I don't believe this to be FUD after Ohio and Florida in 2000 and 2004, and the -16K votes from Volusia County. The issues still stand and have not been addressed.
These are fact based and both accurate and true.
The cocktail has been mixed since 2000 and it has nothing to do with Halloween.
Disenfranchised because they can't afford to stand in line, James?? One will stand in line to buy a pack of cigarettes, ride a roller coaster, obtain a drivers license, etc. If one doesn't want to stand in line to vote, they don't care enough about freedom and might as well stay home and watch the boogeyman hype designed to sell newspapers and TV commercials - then go out and riot because their candidate didn't win because "someone hacked the voting machine". Gimme' a break.
1) Yes, I am one of those people who believe a paper trail is essential. This is NOT a place to save paper - that is just an excuse, and a poor one at that, to leave the door open for mischief. Only paper ballots can be reliably recounted.
2) In reply to Jeff's comment about changing appearance and voting several times. If it was that easy it wouldn't even be necessary to change appearance with early voting, just go to a bunch of different early polling places. BUT in every election I have ever observed, including this one, the voter's name is checked off against a list of registered voters. Once you vote that is noted on the list or database and you will not be permitted to use that name to vote again in the same election. This applies whether ID is required or not. Here in Florida this year for the first time I have seen the requirement for official ID to confirm one's identity at the polling place (for early voting at least). To me that doesn't seem too onerous a requirement. It just isn't all that hard to get a state issued ID card if you are a legal resident, and besides for my whole life it has been required to show ID when intitially registering to vote. The main issue with ID this time was that newer registration procedures permit people to register initially without showing any ID at all, so those people at least must obviously be required to identify themselves at least once before being permitted to vote or all sorts of mischief would be possible. Early voting outside the regular precincts also required ID because the list of registered voters now includes not only those at that precinct, but in ou case every registered voter in the county who may choose to vote in any one of a number of different locations.
3) Like someone said, elections have been tampeered with since the first one. That is no excuse not to try to have the most secure and reliable system in place while simultaneously encouraging every eligible person to vote and have their vote properly counted.
I used to work on vote counting software and on actual elections, and on the basis of actual experience, I can assert that things happen, whether intentional or not. I can't imagine telling people that fears about E-voting are misplaced, myself. But I guess this article did grab my eyes, so right or wrong it must sell advertising. But I certainly don't agree with the premise that fear-mongering is the salient aspect of concerns about what in many cases is an inherently defective system, to be blunt.
Patriot:
In Ohio in 2004, elderly and poor citizens stood in line for up to 10 hours in a cold rain to cast ballots at polling places in the largest cities in the state.
I don't know very many young people of means who would or COULD lose a day of work for that. Yes, in fact, that is disenfranchisement of the worst kind: negligent at BEST, malicious at worst.
I also didn't address the author's inaccurate conclusions about the frauds that are occurring against the system (regardless of party) through fake phone calls and postal mail giving voters inaccurate information about polling locations, the day they should vote, and other information that may well keep some people away from the polls. In some places, people have received official-looking notices telling them that if they vote, they will be arrested.
These threats are real. The author dismisses them because they did not obviously come from either of the major political parties. The point of origin is irrelevant in consideration of this risk, as the damage done to the democratic process is nonetheless the same.
This article misses the point about the real risks of electronic voting,
First, On Electronic Voting Machines:
Since it is impossible to tell if vote counts have been modified the vote counts are unreliable. This is completely different from paper ballots because in order to modify paper ballots an attacker would need to physically visit the ballots. With electronic voting machines an attacker might modify source code (perhaps some weeks or months prior to the election) so that the vote counts for the electronic machines are already determined, thereby modifying many thousands of votes from a single location. The difference between modifying paper ballots vs. electronic ballots is similar to the difference between stealing identities from papers in people house vs. stealing identities electronically. This is a very serious risk, and as a country we are hurting ourselves by ignoring it.
Second, On Red Hat Hackers vs Blue Hat Hackers:
While this sounds cute, it is misleading from the point of view of analyzing and managing risks to the integrity of an election. Consider instead the purpose of an attack. What person, organization, corporation, or government would benefit from a particular outcome of the election? What is the value of that benefit weighed against the cost of an attack? What is their calculation for risk of exposure vs. reward of succeeding? What resources do they have available to dedicate to such a task? Just offhand, I would think that Political parties are too closely scrutinized, and individual hackers are probably not motivated enough for the risk. On the other hand, a large organization which might stand to gain or lose hundreds of millions of dollars might be motivated to take action, especially if they could maintain plausible deniability. Now, let's be clear here. I'm not talking about a conspiracy. I'm talking about a monetary calculation. No conspiracy is needed, just a motivated attacker with deep pockets.
As long as we continue to vote in such unsecured ways, we will continue to have elections that cannot be trusted, and we will continue to invite attackers to bend the outcomes for their own benefit.
Here's to your FUD, just one story out of the hundreds I've seen already, discussing real voters who could not vote because of inadequate resources - one voting machine at a location where 400 people were already in line when the polls opened.
And that's not to mention a man standing in line telling voters to vote elsewhere, and robocalls that tried to do the same thing.
You call it FUD? No. These are not even just "threats".
Yes, the BOE there delivered more machines later in the day. That's great! but it doesn't solve the matter of maliciously misdirected voters, and it doesn't solve the problem in all those places nationwide where more machines did not appear in time.
Attempted sabotage in Florida
I don't agree with the headline of the story, but the facts as reported remain concerning.
On the matter of robocalls - records are available of every phone call made. Why haven't these records been subpoenaed so it can be figured out who is behind the calling, and prosecutions brought? You can't launch thousands of phone calls without a decent measure of infrastructure. The origins of those calls can always be determined with some effort.
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK