American elections are too easy to hack. We must take action now

["Dave Farber" <farber () gmail com>]

Distinguished Professor Keio University Japan
Co-Director Cyber Civilization Research Center at Keio University  Tokyo Japan

Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: April 19, 2018 at 5:26:32 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] American elections are too easy to hack. We must take action now
> Reply-To: dewayne-net () warpspeed com
>
> American elections are too easy to hack. We must take action now
> The computers we use in the voting process are vulnerable at every level. We need a system resilient to threats – and 
> in many cases, that means paper
> By Bruce Schneier
> Apr 18 2018
> <https://www.theguardian.com/commentisfree/2018/apr/18/american-elections-hack-bruce-scheier>
>
> Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is 
> equally important: to convince the loser. To the extent that an election system is not transparently and auditably 
> accurate, it fails in that second purpose. Our election systems are failing, and we need to fix them.
>
> Today, we conduct our elections on computers. Our registration lists are in computer databases. We vote on 
> computerized voting machines. And our tabulation and reporting is done on computers. We do this for a lot of good 
> reasons, but a side effect is that elections now have all the insecurities inherent in computers. The only way to 
> reliably protect elections from both malice and accident is to use something that is not hackable or unreliable at 
> scale; the best way to do that is to back up as much of the system as possible with paper.
>
> Recently, there have been two graphic demonstrations of how bad our computerized voting system is. In 2007, the 
> states of California and Ohio conducted audits of their electronic voting machines. Expert review teams found 
> exploitable vulnerabilities in almost every component they examined. The researchers were able to undetectably alter 
> vote tallies, erase audit logs, and load malware on to the systems. Some of their attacks could be implemented by a 
> single individual with no greater access than a normal poll worker; others could be done remotely.
>
> Last year, the Defcon hackers’ conference sponsored a Voting Village. Organizers collected 25 pieces of voting 
> equipment, including voting machines and electronic poll books. By the end of the weekend, conference attendees had 
> found ways to compromise every piece of test equipment: to load malicious software, compromise vote tallies and audit 
> logs, or cause equipment to fail. 
>
> It’s important to understand that these were not well-funded nation-state attackers. These were not even academics 
> who had been studying the problem for weeks. These were bored hackers, with no experience with voting machines, 
> playing around between parties one weekend.
>
> It shouldn’t be any surprise that voting equipment, including voting machines, voter registration databases, and vote 
> tabulation systems, are that hackable. They’re computers – often ancient computers running operating systems no 
> longer supported by the manufacturers – and they don’t have any magical security technology that the rest of the 
> industry isn’t privy to. If anything, they’re less secure than the computers we generally use, because their 
> manufacturers hide any flaws behind the proprietary nature of their equipment.
>
> We’re not just worried about altering the vote. Sometimes causing widespread failures, or even just sowing mistrust 
> in the system, is enough. And an election whose results are not trusted or believed is a failed election.
>
> Voting systems have another requirement that makes security even harder to achieve: the requirement for a secret 
> ballot. Because we have to securely separate the election-roll system that determines who can vote from the system 
> that collects and tabulates the votes, we can’t use the security systems available to banking and other high-value 
> applications. 
>
> We can securely bank online, but can’t securely vote online. If we could do away with anonymity – if everyone could 
> check that their vote was counted correctly – then it would be easy to secure the vote. But that would lead to other 
> problems. Before the US had the secret ballot, voter coercion and vote-buying were widespread.
>
> We can’t, so we need to accept that our voting systems are insecure. We need an election system that is resilient to 
> the threats. And for many parts of the system, that means paper.
>
> Let’s start with the voter rolls. We know they’ve already been targeted. In 2016, someone changed the party 
> affiliation of hundreds of voters before the Republican primary. That’s just one possibility. A well-executed attack 
> that deletes, for example, one in five voters at random – or changes their addresses – would cause chaos on election 
> day.
>
> [snip]
>
> Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
> Twitter: https://twitter.com/wa8dzp



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-4ac2c253
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20180419071924:81B1FD7E-43C3-11E8-9F19-9A299384DA3A
Powered by Listbox: http://www.listbox.com