We keep hearing about it: Russians are manipulating the election! They’re leaking this and that, and hacking this and that, and it’s going to change everything.
I wish.
Elections have always been manipulated. To this ageing anarchist, elections are nothing but manipulation: they’re trying to convince you that you actually have some say in the political process, which is absurd since your opinion or vote is diluted to a near-homeopathic degree.
Let’s see if I’ve got this right: a political system in which the influence of money in campaigns is a topic of constant conversation, to the point where the campaigns brag about how much money they are bringing in – is complaining about “manipulation.” Is the issue that the Koch brothers aren’t Russian, or something? Oh, wait, I got that backwards – is the issue that the Russians don’t have a PAC? A political system with voter suppression, gerrymandering, lobbying, selective information leaking, doxxing, and revolving doors at every level of government is actually complaining that the Russians are attempting a little bit of “regime change”? Maybe we should just be thankful they’re not using high explosive, like the US does when it wants to influence an electoral outcome.
Even when we don’t resort to high explosive, is the government that’s complaining about possible hacking attacks on voting machines the same government that encouraged Twitter to maintain service so that protestors could help organize following the elections in Iran, or to disable their service to help suppress riots (aka: “voter unrest”) in London? The government that is complaining about the Russians possibly interfering with the vote is the same government that is captured by a two-party system that utterly dominates the vote, disenfranchising at least 15% of a population of 318 million. The Russians fondest dream would be to be able to have a fraction of the impact on the US election that its own internal corruption has. Let me give you Russians a hint, in case you’ve not been watching the news: BRING MONEY. If you want to influence the US election, you need Koch Brothers capital, not hackers. You need to be like the US, parachuting people into Texas with suitcases of greenbacks, like CIA did in Afghanistan, Libya, Iraq, and Syria.
Russia cannot possibly make a mockery of the US election to the degree to which Donald Trump has; the only way I would believe that Russia was interfering with the vote would be if Obama doxxes Trump’s birth certificate and reveals that Trump was born in Leningrad and has been a KGB prank all along.
My old colleague Avi Rubin has been hammering at the security of voting machines for over a decade. And, it turns out, that they suck. Are you shocked? Some of them are made by big-name companies that make automatic teller machines. But, because the flow of money in voting machines is taxpayer->government->voting machine company, rather than bank->robber, the systems are built to less exacting standards.
Cheer up! It could be worse: the voting machines could be made by the companies that made the F-35.
Rubin writes, in 2004:
With significant U.S. federal funds now available to replace outdated punch-card and mechanical voting systems, municipalities and states throughout the U.S. are adopting paperless electronic voting systems from a number of different vendors. We present a security analysis of the source code to one such machine used in a significant share of the market. Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts.
In other words, this is not a new problem. And various state governments are just now getting excited because Russian hackers are going to jigger the votes, instead of racist politicians gerrymandering them. Here’s what’s really going on: they’ve realized that they bought crap, and that to un-crapify their systems they’ll need to spend money, and if they complain loudly enough about Russian hackers, maybe they can get the money. Because it’s easier to say “Russian hackers coming after our voting machines!” than “We spent your money foolishly and thoughtlessly! Fire us!”
Besides, there are certain ways that voting machines can easily be made more secure: don’t connect them to a badly-managed network. Or connect them to a purpose-built network, or (least optimal) set them up on Virtual Private Network (VPN) tunnels to some well-secured operations center. This is all stuff that anyone with basic computer security experience can understand, design, and implement. The Cisco RV110W wireless access point/router/VPN firewall costs a whopping $49 on amazon.com, although whoever stirred the operating system release that runs in the voting machine ought to have turned IPSEC on as a mandatory only-option, then designed some trivial enrollment and configuration management atop that. I’m not saying those are super simple problems to overcome; they’d take a mediocre systems programmer a couple weeks.*
I’m not exaggerating in the slightest. Corporate networks field secure embedded devices all the time. “Point of sale terminals” are basically “vote with your dollar” machines. I think I just heard the Koch brothers ears prick up with excitement when I said “vote with your dollar.”
The Help America Vote Act created the Election Assistance Commission with a charter to spend congressional largesse in order to build a cargo cult voting system following the ridiculous 2000 electoral deadlock. Following the creation of the commission, in 2002, it was without a commissioner until 2011 in spite of $3.5 billion in congressional appropriations to, uh, do something. Maybe they had a bonfire with the money, or something. Articles about the EAC soft-pedal, i.e.: “there was some criticism that EAC was slow and ineffective.” Instead of, “What, are you fucking kidding me?!”
Meanwhile, cryptographer-of-practical-genius David Chaum holds patents on several key innovations for electronic voting. He’s actually thought about this stuff and has defined the way a voting system should behave (beyond: “swim in a barrel of pork”) that:
- The number of votes cast should equal the number of votes reported, no additions or losses
- The ballots should be reliable, without a mechanical reader that can get things wrong
- Any given voter should be able to verify that their vote is, in fact, in the counted votes and has not been altered
Researching Chaum’s patent portfolio is not something you want to undertake lightly; he’s a very busy person and has patents covering huge swaths of digital cash and secret-splitting, as well. That makes sense, because they’re all related problems. Chaum’s digital cash systems, and his voting systems, are typical of cryptographers: they don’t have the most attractive and simple user interface, but that’s a matter of overall system design: his cryptography is genial. I just sort of picked the illustrative patents at random, that one dating from 2009, but Chaum appears to have focused his attention on voting following the 2000 election, for some reason.
I’m quite sure that Chaum wants a great deal of money to license his patents. He wanted so much money for the digital cash patents that the online payments industry evolved into an ass-backwards mess of SSL, passwords, and credit cards – though the threat of anonymous digital cash, like bitcoin before bitcoin, may have terrified governments. But given the amount of taxpayers’ money that appears to have been thrown at voting machines in the US, it seems like it would have been a good idea to just offer Chaum the cost of one engine for an F-35, or something. Here is a radical idea: with $3.5 billion of the taxpayer’s money, the EAC should have decided that voting machines are a part of critical infrastructure that the government should develop, control the development and management of, and provide a baseline standard system that works, immediately centralizes the data (using reliable delivery and cross-counting) and so forth. They could have hired a bunch of engineers, had them build it, had the NSA validate the implementation, red-teamed the hell out of it, developed a standard deployment doctrine and certification, and …
Gosh, then we wouldn’t “need” gerrymander-able districts, or electors or representatives. The problem is that only the “right” people are allowed to tamper with the US vote. The problem is political hacks not Russian hackers.
Hey, America, stop trying to blame the Russians for your failures.
I grew up reading Asterix comic books, and the whole time I was writing this, I kept remembering the bit from “Asterix in Corsica” where they talk about voting: the candidate chieftans collect urns full of votes, then have a knife-fight to see who wins. At one point, two leaders are squaring off to fight and someone plaintively asks, “quelq’un a une urne pleine?” (Does anyone have a full ballot-box?) I tried to find an image of that scene to decorate this posting, but couldn’t. I wonder if that book of Asterix got suppressed – Asterix is basically one great big ethnic joke. (I didn’t realize that when I was 11!)
Asterix: “The ballot boxes (urns) are full before the elections?”
Corsican: “Yes, but we throw them in the sea without opening them, and afterwards it’s the strongest who wins. It’s the custom where I come from.”
NPR: Security Risk Seen in Electronic Voting Machines
Avi Rubin et al.: Analysis of an Electronic Voting System
List of patents by David Chaum
Overview of the Help America Vote Act
(* One problem: the the NSA farms Cisco exploits. So the Russians might not be able to get into the VPN, but the US intelligence community, could. Of course, the exploits leaked; thanks, NSA. I guess maybe it’s better to use dedicated links and trust the phone company, hahahahaha. )
John Morales says
Marcus, you make a good case against direct vote manipulation.
That said: indirect manipulation is subtler; not saying that it is, but that if it were, it would not be unlike that
(Globalisation FTW!)
John Morales says
[FFS]
… you make a good case against direct vote manipulation by external parties
Turi1337 . says
I do not trust any voting machine. Because that would mean i have to trust the company providing them, and why would i do that? And it would be even worse if the government itself was providing them.
Paper votes are not perfect, but they are so much better than electronic voting. When you do paper voting, you need to deal with every single vote. Quite often people tried to influence votes by hiding entire ballot boxes, but that can not even withstand a standard statistics test. And faking the amount of votes that could influence a major election is really hard. You would need a major conspiracy or an already existing openly undemocratic government to pull that of. The first is unlikely, the second would just love electric voting machines because it makes the job so much easier.
When you do electronic voting on the other hand, you have a single point of failure, the provider of such voting machines. Even if the machine itself is secure and correctly implemented (haha, of course …), this single point of failure is much to dangerous.
This video is a good explenation:
jrkrideau says
A message from the twitter feed Relevant Organs
Outraged to hear Yahoo shares user emails with the US government. We thought our agreement was exclusive. You’ll hear from our lawyers.
I see that ‘someone’ in the US gov’t suggests that Russia had something to do with the DNC hack. Are these the same intelligence people who said that Iraq has weapons of mass distruction?
Dunc says
I’ve never understood the US fascination with complex voting systems… Here in the UK, the voting equipment is a pencil on a string.
Marcus Ranum says
jrkrideau@#4:
I see that ‘someone’ in the US gov’t suggests that Russia had something to do with the DNC hack. Are these the same intelligence people who said that Iraq has weapons of mass distruction?
I need to do a post about that. :) [Edit: It’ll drop on monday]
But, the short answer is: they don’t know a thing. They heard it from a friend who heard it from a friend who heard it from a squirrel in a trench coat.
Marcus Ranum says
Dunc@#5:
Chaum’s system specifically works with pencil and paper. That’s part of the beauty of it: you can go back and verify your vote was recorded correctly for any particular item on the ballot.
I agree, this doesn’t need to be so complicated.
Facebook voting: coming soon
Marcus Ranum says
Turi1137@#3:
Because that would mean i have to trust the company providing them, and why would i do that? And it would be even worse if the government itself was providing them.
Well, if you don’t trust the government, you’re pretty much in line with my argument up top: the vote is window-dressing anyway, so who cares if the Russians diddle with it?
In fact, we observe that a candidate representing the 1% is the nominee of both parties. Rigged, forsooth.
sonofrojblake says
Sure, chuck ’em all in a river. As Dunc say, the UK manages to hold general elections in a country of 70 million people AND produce a result next day using pencil marks on pieces of paper counted by humans.
The machines seem, to this UK voter, specifically there to allow whoever’s really in charge to set the result as they want it. And 2000 did very little to change that impression.
My main worry about the coming election is that Trump may lose, narrowly, and make a case that “they” (Democrats, “the media”, Jews, pick your boogeyman) have stolen the election from him – and that that case will have at least a veneer of believability, enough to cause his supporters to rise up. And they, as I understand it, the ones with all the guns.
Marcus Ranum says
sonofrojblake@#9:
My main worry about the coming election is that Trump may lose, narrowly, and make a case that “they” (Democrats, “the media”, Jews, pick your boogeyman) have stolen the election from him
Yup! That’s a concern. I don’t think that we’ll get the level of violence we had during the civil war, though (which was also, basically, the losers getting violent after a contested election)
Arguing about stealing the US elections is bloody stupid, given that the Koch brothers and political parties have been doing nothing but stealing elections all along. We’re just arguing who stole the stolen stealings from which stealer.
Turi1337 . says
@8 Marcus
While i do not agree with most things it does, I do not distrusted my current (German) government. At least not that far. The problem with electric voting machines would be that i also have to trust every government in the future. And that is something I am not willing to do.
Of course here in Germany voting actually means something, because we have a multiple party government and federal campaign financing. (Ok, we still have the SPD which makes voting left nigh on impossible, but that is another problem in it self)
Marcus Ranum says
Turi1337@#11:
We all trust every government in the future.
I think that worrying about voting machines is down in the weeds when governments have militaries. Ask the Syrians.
Turi1337 . says
@12 Marcus: Could you explain what you mean by “We all trust every government in the future?”.
Marcus Ranum says
Turi1337@#13:
Could you explain what you mean by “We all trust every government in the future?”
By allowing them to exist, we trust that they won’t turn against us in some other way. In the simplest case, we are trusting them not to screw up the economy. More complex cases would be we’re trusting them not to evolve a two party system that controls the vote between the two of them.
I’m not saying we shouldn’t trust governments, but rather that, by their very nature they are an extreme act of trust which we extend every day we allow them to exist.
brucegee1962 says
I read once of a way to make computer voting 100% reliable.
When you vote on a computer, it prints out a twelve-digit number you can take home — a six-digit number that represents the machine, and another that is unique to you.
The day after the election, you can go to a website that lists every single voter’s number, and who each one voted for. It’s still a secret ballot, because you don’t know anyone else’s number but your own.
Of course, every precinct has observers from each party, as now, to make sure the number of voters on each machine match how many actual voters have used it.
If the machine is malicious and changes or deletes your vote, you will be able to look it up and know it happened.
If it adds votes, the precinct watchers will know because the numbers won’t match.
It seems pretty easy — why not do it?
Marcus Ranum says
brucegee1962@#15:
I believe some of Chaum’s patents cover that technique. It’s really quite clever, though. The ballot-ID is used as a seed for a hash, and then the entries in the ballot are hashed as well, then the resulting checksum gets posted along with the ballot-ID. A voter can enter their ballot-ID and go to an app that lets them re-enter their vote and it the checksum matches, they know their vote was recorded correctly.
Simply knowing the number is problematic because there are exhaustion searches that you can do – for example, ballots might cluster by number in geographical areas (social security numbers do that: if you know where your mark was born and when you can narrow their SSN down to a few thousand choices then brute-force them!) So one option would be to take a secret seed, and seed a 128-bit hash with it, then crank each ballot using successive hashes on the seed. When all the ballots were collected, you could tell how many were issued, how many were filled out, whether there were any duplicates (!!!) and how many were not filled out. I believe Chaum has patents that cover that, as well.
It seems pretty easy — why not do it?
Does anyone have a full urn?
The US has never been about democracy and the vote is all theater.
sonofrojblake says
Ha! I just read past 9 again. I was four years early.