Georgia's Voting Machines

[wunksta]

The Curious Case of Georgia's Voting Machines (or How I Learned to Stop Worrying and Love Paper Ballots)

During August 2016, private cybersecurity researcher Logan Lamb discovered 15-gigabytes worth of voter registration data and other sensitive information could be readily downloaded from the website of Kennesaw State University. [https://www.cnn.com/2018/08/14/polit...ta/index.html]

Following his discovery, Lamb emailed the executive director of KSU's election center, Merle King, to alert him about the vulnerability.

Internal emails show KSU's technology staff acknowledged the elections system had "40+ critical vulnerabilities" in October 2016.

Lamb and a colleague checked the website more than six months after his original discovery, he says, the vulnerabilities remained. Lamb's colleague notified a KSU faculty member, who then alerted the university's technology services office, which finally firewalled the website in March 2017, according to the lawsuit and a KSU report filed in court.

A KSU statement in March 2017 stated that, based on a briefing by the FBI, there was no indication of illegal activity and no personal information was misused. The university said university employees "immediately isolated the server and contacted the Office of the Secretary of State" when its officials were notified in March.

Kemp called the breach "deeply concerning," and although he announced plans to end the arrangement with the center, his office renewed the KSU contract to manage the election system one last time in July 2017.

A letter from the state attorney's office sent in October revealed KSU staffers had wiped the election system's hard drives, deleting potential evidence relevant to the lawsuit

Charles Amlaner, a former vice president for research at KSU who signed some of the university's contracts, said Kemp's office did not include data security specifications in its election-system contracts with KSU for years. He said he found that unusual because most other government contracts involving sensitive data he has reviewed have contained multiple pages outlining security requirements.

A review of two contracts by CNN found that only after the breach's exposure in 2017 was language inserted mandating that the center "implement data security policies that adhere to all current IT policies."

Kemp also blasted efforts by the Department of Homeland Security under the Obama administration to label states' voting systems "critical infrastructure" in 2016, which would enable the federal government to give states cybersecurity assistance. He has described the proposed designation as federal government overreach.

Richard DeMillo, a Georgia Tech professor who studies election security and computer science, said he is concerned by the absolute assurance with which Kemp talks about Georgia's election system's security because there's no evidence the state has conducted a forensic review of all its servers.

Worryingly, Georgia is one of 14 states that use electronic voting machines that do not leave a paper trail that can be audited after an election and is one of five states that exclusively use the machines. [https://www.npr.org/2018/09/12/64680...ting-machines]

Interestingly though, at a U.N. Security Council meeting in New York late August, Haley called on Congo to abandon its plan to use the machines for the first time in favor of paper ballots — what she called a “trusted, tested, transparent and easy-to-use voting method." And earlier this year, she said: “These elections must be held by paper ballots so there is no question by the Congolese people about the results. The U.S. has no appetite to support an electronic voting system.” [https://www.washingtonpost.com/news/...6b47ec9594d2/]

Six prominent information-security experts who took part in DEF CON's Voting Village in Las Vegas [in September] issued a report on vulnerabilities they had discovered in voting equipment and related computer systems. One vulnerability they discovered—in a high-speed vote-tabulating system used to count votes for entire counties in 23 states—could allow an attacker to remotely hijack the system over a network and alter the vote count, changing results for large blocks of voters. "Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election," the authors of the report warned.
[https://arstechnica.com/information-...oral-college/]

Georgia isn't the first state to have security problems with their election machines. The Advanced Voting Solutions WinVote machine used in Viriginia, dubbed "America's worst voting machine," came equipped with this simple password even as it was used in some of the country's most important elections. AVS went out of business in 2007, but Virginia used its insecure machines until 2015 before dropping them for scrap metal. That means this vulnerable hunk of technology was used in three presidential elections, starting with George W. Bush's re-election in 2004 to Barack Obama's in 2012. [https://www.cnet.com/g00/news/defcon...ing-machines/]

What are your thoughts? Should election systems be considered critical infrastructure as proposed by President Obama in 2017 or is this federal overreach as mentioned by Kemp? Should we change systems to use only paper ballots?

[Fugus]

Critical Infrastructure, among the most critical as it decides who runs the nation.

Honestly though, I am against electronic voting for the shear fact that it can be hacked and you won't know it with no guarantee you can verify it either. Even if you have the ballots the excuse "It is too hard to retrieve and read" has been used to deny people to even that.

I am a strong advocate of paper ballots ONLY with public counting of them. The extra wait is well worth the added security.

Have to remember the old saying, "He who casts his vote decides nothing, he who counts the votes decide everything". And when you can't verify what the counter says as being accurate, you are handing over the keys to the kingdom.

[Templar 331]

I early voted today and it was on an electronic device. I don't mind doing it electronically but it really needs to be handled at a federal level instead of in the hands of pin heads like Kemp.

[Fugus]

I early voted today and it was on an electronic device. I don't mind doing it electronically but it really needs to be handled at a federal level instead of in the hands of pin heads like Kemp.

Even with it being handled at the federal level, you risk leaving it to people like Trump or worse, we are using 3rd party machines that can be tampered with and we would never know. I remember one case where they even refused to certify that the machines were using the same source code the they let people look at and audit.

Electronic machines shouldn't be allowed because if they are hacked you won't know it without auditing it anyways and if they have no paper trail or that trail "Magically" gets destroyed afterward there will be no recount even if you catch them.

You need paper ballots that are hand counted in public view for the added security.

Would you really want to risk the security of your nation just to save a few hours of time counting and maybe a million dollars or two running it? Especially when you have had the companies running them's leaders promising to deliver an election to a particular candidate in the past who just so happened to win that election under less than trustworthy circumstances?

[Masark]

The extra wait is well worth the added security.

What extra wait?

[Fugus]

What extra wait?

Taking the extra few hours to count the votes.

It is well worth waiting a few hours or even days for the results for all the added security rather than giving it up just to get the results faster.

[Toppy]

There are so many problems with the US election system at its core that focusing on the machines is so many different levels of stupid that it hurts.

[Fugus]

There are so many problems with the US election system at its core that focusing on the machines is so many different levels of stupid that it hurts.

I agree that the entire system has issues from the ground up. But focusing on the machines aren't stupid when they are a bigger vulnerability than everything else in the entire broken system combined.

The entire thing should be overhauled, but electronic voting should be banned outright.

[Masark]

Taking the extra few hours to count the votes.

It is well worth waiting a few hours or even days for the results for all the added security rather than giving it up just to get the results faster.

It doesn't even take that long. We hand count our paper ballots, something I've done personally for both federal and provincial elections, and we still know who is forming government in time for the 11pm news.

[Fugus]

It doesn't even take that long. We hand count our paper ballots, something I've done personally for both federal and provincial elections, and we still know who is forming government in time for the 11pm news.

Exactly my point. The electronic voting requires you give up all that security with the only benefits being a slight decrease in time adding the totals.

The added security of having them hand counted is well worth what little time is added to the counting process. Even if it added days, it would still be superior. And it doesn't even take that long.

Electronic voting should be banned. It should be paper ballot and hand counted.

[Deleted]

Taking the extra few hours to count the votes.

It is well worth waiting a few hours or even days for the results for all the added security rather than giving it up just to get the results faster.

Admittedly the UK has a lower population and smaller constituencies but we normally get our counts done in significantly less than 12 hours, some constituencies do them in less than an hour.

[cubby]

The only legitimate solution to the United States' woeful election system is fully embracing mail-in ballots and having a national voting holiday. No more electronic ballots - for the host of reasons both listed above and ones we don't even know about.

[Fugus]

The only legitimate solution to the United States' woeful election system is fully embracing mail-in ballots and having a national voting holiday. No more electronic ballots - for the host of reasons both listed above and ones we don't even know about.

Will I would agree with a national voting holiday. I worry about mail-in ballots being a huge thing. While we don't have an issue with voter fraud right now, much of that has to do with how they have to walk in while knowing that the person they are impersonating is a registered voter, their information, and not voted yet or planning on voting.

If mail-in voting takes off, I can really see a bunch of people shotgunning mail-in ballots en mass trying to get them in. Even if a lot of the ballots get thrown out, a lot more might get through.


I could definitely agree with people running it going to the doors of those who can't physically go to the polls themselves, but the fear of some right wing nut job or corporation doing to an election what was done with the FCC commenting period on Net Neutrality I see as too great of a chance, especially since you will have issues tracking them down even if you catch it.

[downnola]

Critical Infrastructure, among the most critical as it decides who runs the nation.

Honestly though, I am against electronic voting for the shear fact that it can be hacked and you won't know it with no guarantee you can verify it either. Even if you have the ballots the excuse "It is too hard to retrieve and read" has been used to deny people to even that.

I am a strong advocate of paper ballots ONLY with public counting of them. The extra wait is well worth the added security.

Have to remember the old saying, "He who casts his vote decides nothing, he who counts the votes decide everything". And when you can't verify what the counter says as being accurate, you are handing over the keys to the kingdom.

Closed circuit electronic ballots are the way to go. It's not hard to verify the votes periodically and verify at the end of the day. That's what we do in Pennsylvania and it works well. They can be hacked if someone gets their hands on enough of them (a logistics nightmare), but anyone operating those machines worth a shit will realize the numbers are off two or three hours into the day.

Paper ballots are awful, and are just as susceptible to ballot stuffing and corruption as anything else.

[Fugus]

Closed circuit electronic ballots are the way to go. It's not hard to verify the votes periodically and verify at the end of the day. That's what we do in Pennsylvania and it works well. They can be hacked if someone gets their hands on enough of them (a logistics nightmare), but anyone operating those machines worth a shit will realize the numbers are off two or three hours into the day.

Paper ballots are awful, and are just as susceptible to ballot stuffing and corruption as anything else.

Electronic systems are susceptible to being hacked by anyone who has access to them and even worse so from those running it then even ballot stuffing.

Electronic systems you can hack them where you can't even verify them many times unless you have a paper trail to go off of which they have even tried to claim was too much of a hassle to retrieve in a past case where the results didn't seem right.

Paper ballots with hand counting is much more secure than electronic voting.

All it takes is a single person servicing the machines to hack them or just being left alone with them who had time to prepare. To do that with paper ballots requires a much more concerted group effort.

Heck, with the electronic systems you don't even have to hack the machines taking the votes as you can just go after the tabulation machines and get the entire thing from them thrown.

And you won't know they are wrong unless you audit them and they don't have to hack every district, just enough to throw the totals one way or another.