Judge orders the State of Georgia to be prepared for pen-and-paper balloting by March 2020

Few states have voting machines that are simultaneously more obviously defective and more ardently defended by the state government than Georgia, where 16-year-old touchscreen systems are prone to reporting ballots cast by 243% of the eligible voters and where gross irregularities in election administration sends voters to the wrong polling places or sends co-habitating husbands and wives to polls in different cities to cast their votes. Read the rest

US election security: still a dumpster fire

Securing Our Cyber Future, Stanford Cyber Policy Center's new report on election security, depicts a US electoral system whose glaring vulnerabilities are still in place, three years after the chaos of the 2016 elections. Read the rest

Florida Governor says the FBI told him how the Russians hacked Florida voting machines, but swore him to secrecy

Florida Governor Ron DeSantis says that after the Mueller Report was published, the FBI came to him to explain its conclusion that at least two Florida county's voting machines were hacked by Russians during the 2016 election, but that they swore him to secrecy so he can't reveal which counties and which machines were hacked. Read the rest

A critical flaw in Switzerland's e-voting system is a microcosm of everything wrong with e-voting, security practice, and auditing firms

Switzerland is about to have a national election with electronic voting, overseen by Swiss Post; e-voting is a terrible idea and the general consensus among security experts who don't work for e-voting vendors is that it shouldn't be attempted, but if you put out an RFP for magic beans, someone will always show up to sell you magic beans, whether or not magic beans exist. Read the rest

Unisyn voting machine manual instructs election officials to use and recycle weak passwords

No one knows who wrote this Unisyn optical vote-counting machine manual that has appeared in multiple sites served by the California-based vendor, but only because Unisyn won't comment on whether they wrote it. Read the rest

Ebay is full of used voting machines full of real electoral data and riddled with security defects

Back in 2012, Symantec researcher Bryan Varner bought some used US voting machines on Ebay and found them to be incredibly insecure and full of real, sensitive election data; in 2016, he did it again and things were even worse. Read the rest

Undetectably bypass voting machines' anti-tamper mechanism with a bit of a soda-can

When security researchers report on the ghastly defects in voting machines, the officials who bought these machines say dismiss their concerns by saying that the tamper-evident seals they put around the machines prevent bad guys from gaining access to their internals. Read the rest

Defcon Voting Village report shows that hacking voting machines takes less time than voting

Every year, security researchers gather at Defcon's Voting Village to probe voting machines and report on the longstanding, systematic security problems with them, in order to give secure voting advocates the ammunition they need to convince Congress and local officials to take action into improve America's voting security. Read the rest

US voting machine vendors and officials insist that it's OK to build wireless networking into election systems

I've been fighting with voting machine vendors since Bush v Gore, when companies like Diebold brazenly sought to subvert the Supreme Court's order to standardize a secure design for US voting machines, going so far as to send out thousands of fraudulent copyright notices in a failed attempt to silence whistleblowers who'd reported defects in their systems. Read the rest

LA County will switch to all open source vote-counting machines

California voting officials have certified an open source vote-counting package for use in the upcoming LA elections, in the first of a series of planned improvements to the County's voting system (other plans include improved absentee voting ballots). Read the rest

State of Georgia goes to court to defend voting machines that recorded 243% voter turnouts

A federal lawsuit brought by voting security activists against the State of Georgia has revealed breathtaking defects in the state's notoriously terrible voting machines -- and, coincidentally, the machines in question were wiped and repeatedly degaussed by the state before they could be forensically examined as evidence of their unsuitability for continued use. Read the rest

Here's everything that's wrong with America's insecure electronic voting machines, and what to do about it

The University of Pennsylvania's Matt Blaze (previously) is a legendary figure in cryptography and security circles; most recently he convened Defcon's Vote Hacking Village where security experts with no particular knowledge of voting machines repeatedly, fatally hacked surplus voting machines of the sort routinely used in US elections. Read the rest

Someone wiped a key server in Georgia right after voters filed a lawsuit over insecure voting-machines

Georgia's voting machines are among the worst, most hackable in the nation, and that's why a "diverse group of election reform advocates" including the Coalition for Good Governance sued the state to purge its hoard of 27,000 AccuVote voting machines, whose defects were not patched though the state was warned of them six months prior to the election. Accuvote machines do not keep any kind of paper audit-tape that can be used to compare the electronic total to a hardcopy. Read the rest

The 2016 elections taught us to watch for attacks that undermine the legitimacy of elections

Princeton computer scientist and former White House Deputy CTO Ed Felten (previously) writes about the security lessons of the 2016 election: first, that other nation-states are more aggressive than generally supposed, and second, that you don't need to hack the vote-totals to effect devastation on an adversary -- it's sufficient to undermine the election's legitimacy by messing with voter rolls, "so there is uncertainty about whether the correct people were allowed to vote." Read the rest

What's worse than shitty, hacked voting machines? Unauditable, shitty voting machines

The news of attempts by Russian hackers to compromise US voting systems will forever throw into question the results of close US elections -- but that's not just because voting machines are security tire-fires, it's because they're security tire-fires whose vote-counts cannot be audited. Read the rest

Electronic voting machines suck, the comprehensive 2016 election edition

It's been thirteen years since we started writing here about the shenanigans of the electronic voting machine industry, who were given a gift when, after the contested 2000 elections, Congress and the Supreme Court signaled that elections officials had to go and buy new machines. Read the rest

If the 2016 election is hacked, it's because no one listened to these people

Ever since the Supreme Court ordered the nation's voting authorities to get their act together in 2002 in the wake of Bush v Gore, tech companies have been flogging touchscreen voting machines to willing buyers across the country, while a cadre computer scientists trained in Ed Felten's labs at Princeton have shown again and again and again and again that these machines are absolutely unfit for purpose, are trivial to hack, and endanger the US election system. Read the rest

More posts