2017/01/07

Paper ballots are critical election security infrastructure

Why voter-verified paper audit trail is so important. (https://en.wikipedia.org/wiki/Voter-verified_paper_audit_trail)

From the 1/6/16 intelligence assessment: "Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards. DHS assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying."

So either (a) the Kremlin tried to compromise vote tallying systems but didn't succeed or (b) they were after something else having to do with "state or local electoral boards", and maybe succeeded.

Both of these possibilities are terrible and we should block this kind of election fraud.

The security of most electronic voting systems without paper trails can plausibly be compromised by state level actors. (This is the consensus view of the software engineering professionals.) The best practice to defend against this is a paper trail and automatic recounts.

See https://medium.com/@jhalderm/want-to-know-if-the-election-was-hacked-look-at-the-ballots-c61a6113b0ba#.b25sz36l6, especially the following about how an attacker might accomplish this:

"First, the attackers would probe election offices well in advance in order to find ways to break into their computers. Closer to the election, when it was clear from polling data which states would have close electoral margins, the attackers might spread malware into voting machines in some of these states, rigging the machines to shift a few percent of the vote to favor their desired candidate."

It's very hard to say from the intelligence report whether this was the first part of an attempt or not. But it's very concerning, which is why every state that cares about the integrity of its election results should implement paper trail and automatic recounts.

(The other possibility is perhaps just as disturbing -- that the Kremlin was not targeting vote tallying but something else having to do with electoral boards not directly tied to vote tallying. Blackmail material?)

Back to the intelligence report, the next paragraph:

"We assess Moscow will apply lessons learned from its Putin-ordered campaign aimed at the US presidential election to future influence efforts worldwide, including against US allies and their
election processes."

[Originally published Jan 7, 2017 at https://plus.google.com/115608553892438743738/posts/NprmqKdEzY5.  Subsequently, I have seen many problems with the machine-generated "audit trails" sold by vendors and believe that we should minimize the use of machine printed ballots and maximize the use of hand marked ballots in order to have meaningful audits and defend against this kind of election fraud.]

No comments:

Post a Comment

COVID-19: Evaluating School Closures

I'm getting increasingly concerned that many Santa Clara County public schools are continuing normal operations when -- based on availab...