Unisyn voting machine manual instructs election officials to use and recycle weak passwords

No one knows who wrote this Unisyn optical vote-counting machine manual that has appeared in multiple sites served by the California-based vendor, but only because Unisyn won't comment on whether they wrote it. Read the rest

Ebay is full of used voting machines full of real electoral data and riddled with security defects

Back in 2012, Symantec researcher Bryan Varner bought some used US voting machines on Ebay and found them to be incredibly insecure and full of real, sensitive election data; in 2016, he did it again and things were even worse. Read the rest

Undetectably bypass voting machines' anti-tamper mechanism with a bit of a soda-can

When security researchers report on the ghastly defects in voting machines, the officials who bought these machines say dismiss their concerns by saying that the tamper-evident seals they put around the machines prevent bad guys from gaining access to their internals. Read the rest

Defcon Voting Village report shows that hacking voting machines takes less time than voting

Every year, security researchers gather at Defcon's Voting Village to probe voting machines and report on the longstanding, systematic security problems with them, in order to give secure voting advocates the ammunition they need to convince Congress and local officials to take action into improve America's voting security. Read the rest

US voting machine vendors and officials insist that it's OK to build wireless networking into election systems

I've been fighting with voting machine vendors since Bush v Gore, when companies like Diebold brazenly sought to subvert the Supreme Court's order to standardize a secure design for US voting machines, going so far as to send out thousands of fraudulent copyright notices in a failed attempt to silence whistleblowers who'd reported defects in their systems. Read the rest

LA County will switch to all open source vote-counting machines

California voting officials have certified an open source vote-counting package for use in the upcoming LA elections, in the first of a series of planned improvements to the County's voting system (other plans include improved absentee voting ballots). Read the rest

State of Georgia goes to court to defend voting machines that recorded 243% voter turnouts

A federal lawsuit brought by voting security activists against the State of Georgia has revealed breathtaking defects in the state's notoriously terrible voting machines -- and, coincidentally, the machines in question were wiped and repeatedly degaussed by the state before they could be forensically examined as evidence of their unsuitability for continued use. Read the rest

Here's everything that's wrong with America's insecure electronic voting machines, and what to do about it

The University of Pennsylvania's Matt Blaze (previously) is a legendary figure in cryptography and security circles; most recently he convened Defcon's Vote Hacking Village where security experts with no particular knowledge of voting machines repeatedly, fatally hacked surplus voting machines of the sort routinely used in US elections. Read the rest

Someone wiped a key server in Georgia right after voters filed a lawsuit over insecure voting-machines

Georgia's voting machines are among the worst, most hackable in the nation, and that's why a "diverse group of election reform advocates" including the Coalition for Good Governance sued the state to purge its hoard of 27,000 AccuVote voting machines, whose defects were not patched though the state was warned of them six months prior to the election. Accuvote machines do not keep any kind of paper audit-tape that can be used to compare the electronic total to a hardcopy. Read the rest

The 2016 elections taught us to watch for attacks that undermine the legitimacy of elections

Princeton computer scientist and former White House Deputy CTO Ed Felten (previously) writes about the security lessons of the 2016 election: first, that other nation-states are more aggressive than generally supposed, and second, that you don't need to hack the vote-totals to effect devastation on an adversary -- it's sufficient to undermine the election's legitimacy by messing with voter rolls, "so there is uncertainty about whether the correct people were allowed to vote." Read the rest

What's worse than shitty, hacked voting machines? Unauditable, shitty voting machines

The news of attempts by Russian hackers to compromise US voting systems will forever throw into question the results of close US elections -- but that's not just because voting machines are security tire-fires, it's because they're security tire-fires whose vote-counts cannot be audited. Read the rest

Electronic voting machines suck, the comprehensive 2016 election edition

It's been thirteen years since we started writing here about the shenanigans of the electronic voting machine industry, who were given a gift when, after the contested 2000 elections, Congress and the Supreme Court signaled that elections officials had to go and buy new machines. Read the rest

If the 2016 election is hacked, it's because no one listened to these people

Ever since the Supreme Court ordered the nation's voting authorities to get their act together in 2002 in the wake of Bush v Gore, tech companies have been flogging touchscreen voting machines to willing buyers across the country, while a cadre computer scientists trained in Ed Felten's labs at Princeton have shown again and again and again and again that these machines are absolutely unfit for purpose, are trivial to hack, and endanger the US election system. Read the rest

Why Internet voting is a terrible idea, explained in small words anyone can understand

In this 20 minute video, Princeton computer science prof Andrew Appel lays out the problems with Internet-based voting in crisp, nontechnical language that anyone can understand. Read the rest

Ohio GOP Secretary of State orders secret, last minute, unaudited software updates to voting machines

Republican Ohio Secretary of State Jon Husted has asked voting machine giant ES&S to install last-minute, unverified, custom firmware updates on the state's voting machines. This is highly irregular, and the details of it are shrouded in secrecy and silence -- the few, terse statements from Husted's office on the matter have been self-contradictory and unhelpful. On Salon, Brad Friedman tries to untangle the mess, and concludes that it's impossible to say what the new software in Ohio's voting machines actually does, nor why unaudited, unapproved software should be added to voting machines in a critical swing-state at the last minute, but that it's highly suspicious and possibly illegal.

I’d like to have been able to learn much more before running anything on this at all, frankly. But the lack of time between now and Tuesday’s election — in which Ohio’s results are universally believed to be key to determining the next president of the United States — preclude that.

So, based on the information I’ve been able to glean so far, allow me to try to explain, in as simple terms as I can, what we currently know and what we don’t, and what the serious concerns are all about.

And, just to pre-respond to those supposed journalists who have shown a proclivity for reading comprehension issues, let me be clear: No, this does not mean I am charging that there is a conspiracy to rig or steal the Ohio election. While there certainly could be, if there is, I don’t know about it, nor am I charging there is any such conspiracy at this time.

Read the rest