General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsSenators ask vote machine vendors about Russian access to source code
https://www.rawstory.com/2018/03/senators-ask-vote-machine-vendors-russian-access-source-code/(from Reuters)
Two Democratic senators on Wednesday asked major vendors of U.S. voting equipment whether they have allowed Russian entities to scrutinize their software, saying the practice could allow Moscow to hack into American elections infrastructure.
The letter from Senators Amy Klobuchar and Jeanne Shaheen followed a series of Reuters reports saying that several major global technology providers have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government.
The senators requested that the three largest election equipment vendors Election Systems & Software, Dominion Voting Systems and Hart Intercivic answer whether they have shared source code, or inner workings, or other sensitive data about their technology with any Russian entity.
They also asked whether any software on those companies products had been shared with Russia and for the vendors to explain what steps they have taken to improve the security of those products against cyber threats to the election.
The vendors could not immediately be reached for comment. It was not immediately clear whether any of the vendors had made sales in Russia, where votes are submitted via written ballots and usually counted by hand.
(end snip)
Now we are getting somewhere.
sunonmars
(8,656 posts)Fred Sanders
(23,946 posts)functional dictatorship works.
And WTF American election officials. American source code not good enough to be checked by Americans....you know, the whole "security" thing.
AtheistCrusader
(33,982 posts)I feel several election boards did competent code reviews (having read them), but you just can't beat open source for this sort of risk.
Wounded Bear
(58,647 posts)Will they finally look into this! Seems unlikely with Repubs in charge.
Damn do we need to flip the House and Senate.
FarCenter
(19,429 posts)Going open source is the only way to have sufficient review of the code to verify its security.
"Security by obscurity" does not work against well funded adversaries, like nation states. They can acquire a machine, read out the code, and analyse it anyway.
The only secrets should be cryptographic keys.
msongs
(67,395 posts)Wellstone ruled
(34,661 posts)this is something to watch. Did the Senators receive a tip? Or did someone from the Hacker Community or a Techie do a show and tell?
Defiantly need to follow this story.
hedda_foil
(16,372 posts)Wellstone ruled
(34,661 posts)And what Reuters eluded to is this,the questions about the Software Bundle ending up in companies with Russian ownership or purchased outright.
Remember,we are dealing with individuals who are looking for a quick buck.
byronius
(7,394 posts)There was an early story about ES&S using software patches written by a Ukrainian subcontractor -- just fried my fake bacon.
What. The. Fuck.
These people should have their citizenship revoked. Let them serve the Monster in Moscow.
Fuck.
AtheistCrusader
(33,982 posts)it's starting to look like I was the silly goose after all.
bluestarone
(16,906 posts)Questions are being asked and I LIKE THAT!!!!!!!!!
hedda_foil
(16,372 posts)LiberalLovinLug
(14,173 posts)have access to this code! Using National security as the reason. They use the "national security" excuse for everything they can that may embarrass an administration. (Even Democratic admins). Yet they cannot weld this as a reason to have oversight on the very tools that America uses to decide its democracy?
Rene
(1,183 posts)for distributed batch for applications at a bank. We build every applications with 2 server definitions...a primary and backup(for disaster recovery). 2 urls are defined to one 'virtual name' and can easily be switched by running a 'switch' script. The application script runs on
primary server 99% of the time....virtual switch script is run...and same named app script runs on the 2nd server. Application script on 2nd server would be rogue and flip votes, as happened in 1999, processing from ohio sos switched at 10pm and ran on a server in Chattanooga...switched back at 10:30pm with votes flipped...Bush was now in lead....and folks looking at screens wouldn't notice the change of servers. The primary url and secondary url can be thousands of miles apart. switch/running rogue code and switching back would be undetected...UNLESS SOMEONE EXAMINED THE PRIMARY SERVERS'LOGS.
triron
(21,999 posts)Don't put anything past hackers.
AtheistCrusader
(33,982 posts)Only a paper tape type write-once-read-many recording system would even suggest something was wrong, assuming it was even reviewed by a person actually interested in finding any malfeasance, and the records weren't destroyed at the conclusion of any appeal period for the election outcome.
FakeNoose
(32,633 posts)^^^^^^^^^^^^^^^
Looks like somebody is finally catching on.
Thanks Rene!
BlueJac
(7,838 posts)anything else is for fools!
AdamGG
(1,288 posts)Diebold and the voting machine manufacturers are an entrenched lobby and the ruthlessness with which the Thuglicans have implemented voter suppression/gerrymandering shouldn't leave much doubt that they will and have exercised any advantage they can get through manipulating the machines.
If the Dems ever manage fight through the rigging to get a supermajority again, national paper ballots should be the first thing on the agenda. That's just fighting for fairness, not a Democratic party edge, though the other side would go to ridiculous lengths to characterize it that way.
FakeNoose
(32,633 posts)We've already spent the money on those worthless electronic voting machines.
Now they're ours and we can quit using them if we want to. Diebold has nothing to say.
I say ban the use of those machines in every state until we can prove they're secure and untouched by hackers or bad code. However long it takes, those machines should be impounded until we've secured our elections.
ToxMarz
(2,166 posts)They are glorified adding machines. The technology required and security required are ubiquitous in IT now. The reason there are these 3 major vendors is because they are complicit in the required control and manipulation their "clients" want over the voting process, thus they can charge exorbitant prices for simple machines/software and maintain a virtual monopoly.
Hekate
(90,645 posts)mopinko
(70,078 posts)they would drive a lot of experienced, old election judges out of the biz.
there is no reason for them to be bigger than an ipad.
Hekate
(90,645 posts)lapfog_1
(29,199 posts)They run Windows and use the most modern anti-virus software from Kaspersky Labs!!!
SoCalMusicLover
(3,194 posts)Interested in a bridge?