General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsDARPA Is Building a $10 Million, Open Source, Secure Voting System
For years security professionals and election integrity activists have been pushing voting machine vendors to build more secure and verifiable election systems, so voters and candidates can be assured election outcomes havent been manipulated.
Now they might finally get this thanks to a new $10 million contract the Defense Departments Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.
The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems. The system will use fully open source voting software, instead of the closed, proprietary software currently used in the vast majority of voting machines, which no one outside of voting machine testing labs can examine. More importantly, it will be built on secure open source hardware, made from secure designs and techniques developed over the last year as part of a special program at DARPA. The voting system will also be designed to create fully verifiable and transparent results so that voters dont have to blindly trust that the machines and election officials delivered correct results.
But DARPA and Galois wont be asking people to blindly trust that their voting systems are secureas voting machine vendors currently do. Instead theyll be publishing source code for the software online and bring prototypes of the systems to the Def Con Voting Village this summer and next, so that hackers and researchers will be able to freely examine the systems themselves and conduct penetration tests to gauge their security. Theyll also be working with a number of university teams over the next year to have them examine the systems in formal test environments.
Snip
https://www.vice.com/en_us/article/yw84q7/darpa-is-building-a-dollar10-million-open-source-secure-voting-system
mr_lebowski
(33,643 posts)Like the open-source aspect, both in code and hardware ... question is, if it's built, will they come? Feds likely can't force states to use it I wouldn't think.
And $10M ain't a lotta money for something like this.
One question I have though is ... who's brain-child was this project?
dweller
(23,628 posts)🤔
✌🏼
real Cannabis calm
(1,124 posts)Your statement is also troubling:
"Feds likely can't force states to use it I wouldn't think."
msongs
(67,395 posts)rurallib
(62,406 posts)We've had enough shenanigans with voting machines.
mitch96
(13,891 posts)brush
(53,764 posts)Blue_true
(31,261 posts)Maybe his new lackey Director of National Intelligence will put the kaboosh on it, sounds like something Trump and Moscow Mitch will want killed.
hunter
(38,310 posts)An ordinary human can understand paper ballots and all the ways to cheat with paper ballots. Every person in the chain can be a watchdog.
An ordinary human can't see what's going on inside a computer, and most people don't understand what makes a computer "secure" or not.
There is in fact no way for an ordinary voter to verify the security of an electronic voting system.
House of Roberts
(5,168 posts)It'd be nice if everybody who cast those paper ballots had their votes counted instead of being classed as 'provisional', and wound up in the trashcan.
alittlelark
(18,890 posts)MUCH cheaper, but involve people and time.
The USA deserves that time - the time of its citizens to ensure our election integrity.
Blue_true
(31,261 posts)Maybe instead of totally reinventing the wheel, DARPA could have started with optical scanners and figured out a way to completely secure the reporting process. Optical scanners read and count a paper ballot. Florida implemented them and in counties that don't have really F'ed up ballots (looking at you Hillsborough County), they work exceptionally well. If needed, the scanned ballots can be handcounted.
TreasonousBastard
(43,049 posts)a problem, the printed ballots are secured for recounts. We even have a ballot printing machine for the extremely handicapped which prints out a scannable ballot.
The scanner prints out a tape with the results, and also saves those results on a chip. The chip is transported to town hall and read into the big machine. (Yes, we know there is the possibility of hacking the connection between Town Hall and the County machine, but there is plenty of redundancy and if you're that paranoid-- don't ever buy anything online or use an ATM.)
Hand counting is completely ridiculous. Each ballot will have up to 20 or so offices with maybe a dozen party lines and a monstrous mashup of candidates across those lines. The scanner automatically kicks the ballot back for overvotes (examples-- someone votes for Joe Blow for Mayor on two lines, or when the instructions say "vote for three judges" out of five, and someone votes for four...) The voter then has a chance to correct his ballot. Try that with hand counting after the polls close.
It also kicks back other mismarked ballots-- like a dot in the middle of the oval that may not be a real vote.
As far as counting them goes-- does anyone really believe hand counting is more accurate than scanning? Or more honest? At 9PM the polls close and the four or 6 people working the ED would have to dig out the ballots and count every single vote, putting hundreds of them on some sort of spreadsheet, then adding up the totals. Anyone who has cashed out a restaurant or retail store knows how often one stupid error screws things up for at least an hour until you find it. Imagine such a scenario with no double entry error checking mechanism to tell you even made a mistake.
And this counting is done by people who got to the polling place at 5:30 that morning.
All that is with honest people at the polls. Imagine an agent who manages to do something to invalidate one out of every five ballots for the "wrong" candidate. It's been done, many times. That's why we have voting machiines.
RichardRay
(2,611 posts)Add a unique key encoded on each ballot, and spit out a receipt that contains the ballot details in a dense encrypted format, and a key that can be used to access all the races voted on, who won each race, and who my ballot says I voted for. I can dispute the record of my vote using the encrypted data on my receipt
Of course, trying to get stat to adopt it would be a long, uphill, and probably hopeless, battle.
customerserviceguy
(25,183 posts)is that it can be turned in to another party willing to pay for "correct" votes.
RichardRay
(2,611 posts)perhaps in an encrypted 2D barcode, perhaps a public/private scheme. It would be unreadable without the right scanner + decryption.
customerserviceguy
(25,183 posts)could hack that receipt. Besides, how would a voter know if votes for the candidate they wanted were the ones on the receipt? And most people would toss them away, or leave them in a pocket that gets washed, so what use would they be in validating a contested election anyway?
RichardRay
(2,611 posts)And its not a panacea, judt another piece of effort. Id find it helpful, so I advocate for it. YMMV
Blue_true
(31,261 posts)In Florida in 2016 more that 9 million people voted in the race for President. Imagine hand counting 9+ million votes.
People that pine for paper ballots counted by hand look at countries where the total number of REGISTERED VOTERS will be a fraction of the 9 million that VOTED in Florida in 2016.
In New York City there is more that 3 million registered voters.
The poll workers that I have always seen are old people from both major parties pulled in to work Election Day. My small population Florida county appears to have paid staffers, younger people, but only maybe five total at the main voting location and 2-3 at smaller stations. We have around 10 stations total for the county, so at most there are 50 people countywide. We have around 210,000 registered voters.
To have retired people who are only doing a one day civic duty, or totally understaffed paid people counting hundreds of thousands or million of paper ballots by hand if freaking lunacy.
People talk about mailin ballots that are paper and hand marked. How are those ballots counted, by hand or by a machine? My guess is by machine for most large population counties.
People need to get off the handcounted paper ballot idea, that method went out soon after the horse drawn carriage and is nothing but romantic foolishness. What we should instead push for is hand marked ballots that are read by a secure machine and insure those machines are secure and notify a voter that he or she has registered an accepted and counted ballot.
ecstatic
(32,681 posts)since I assume russia would be reviewing the code as well?
TreasonousBastard
(43,049 posts)I developed a cash register system in QuickBasic. The basic program was a couple of pages of code that added up items and prices. That's what computers do-- add and subtract things. That's really all they do. No matter how complex the problem they are dealing with, it's all about adding and subtracting those 1s and 0s.
Didn't even need database software for it.
So, what is the big deal with counting ballots that these other developers have to use Windows or a proprietary OS and secret codes besides owning the copyright for the software and overcharging for it?
TheBlackAdder
(28,183 posts).
Everyone keeps perpetuating the myth that people are reviewing open-source software and making it more secure.
The truth is that the only people reviewing open-source are college academia, hackers and nation state actors. The development communities are infiltrated by hackers who inject code to weaken the code and install access points. Many of the vulnerabilities are kept quashed to allow intrusion. One of the least secure offerings is Spring, which most banks rely on to develop code. Open-source presents the source, instead of trying to disassemble code, which most private ISVs use their own compiler variants to make decryption more difficult. Folks using open-source, often use standard compilers which makes hacking easy for the rest of their code.
Organizations continue to face challenges with managing open source risk, according to a new report published today by published today by Synopsys Cybersecurity Research Center (CyRC).
The annual Open Source Security and Risk Analysis (OSSRA) Report, analyzed the anonymized data of over 1,200 commercial codebases from 2018 and found that 96% contained open source components, with an average of 298 open source components per codebase. The results reflect an increase from the number of codebases in 2017, which was only 257.
In addition, 2018 yielded more open source vulnerabilities disclosed than in years past, with a notable list of more than 16,500 vulnerabilities reported on the National Vulnerability Database (NVD).
While more than 40% of codebases contained at least one high-risk open source vulnerability, the report noted that the use of open source software is not a problem in and of itself. Rather, failing to identify and manage the security and license risk associated with the open source components your organization uses can lead to significant negative business impacts and damage to your brand.
https://www.infosecurity-magazine.com/news/not-managing-open-source-opens-1/
Download the Synopsis report for more information.
=====================
"You probably have unpatched open source vulnerabilities in your code
But youre not alone. Of the applications audited in 2018, 60% had vulnerabilitiesand while thats concerning, its a marked improvement from 78% in 2017."
"A substantial amount of open source is being used illegally
As shown in the report, the 20 most popular licenses cover about 98% of the open source in use. What about the 2,480+ other licenses? Plus, even if open source components have no identifiable license terms, youre not off the potential litigation hook. Black Duck Audits found that 75% of companies had codebases with unknown licenses. In general, the absence of a license means no one can use, modify, or share the software without the explicit permission of its creators. This is because creative work (which includes code) is under exclusive copyright by default."
https://www.synopsys.com/software-integrity/resources/analyst-reports/2019-open-source-security-risk-analysis.html?utm_term=blog
Last year's report:
https://www.synopsys.com/content/dam/synopsys/sig-assets/reports/2018-ossra.pdf
====
Here's Sonatype's Analysis from 2018, it will scare the shit out of you! The report requires registering.
Managed software supply chains are 2X more efficient and 2X more secure
Automated OSS security practices reduce the presence of vulnerabilities by 50%
DevOps teams are 90% more likely to comply with open source governance when security policies are automated
The window to respond to vulnerabilities is shrinking rapidly
Over the past decade, the meantime to exploit security vulnerabilities in the wild has compressed 400%, going from an average of 45 days to just 3
Hackers are beginning to assault software supply chains
Over the last 18 months, a series of no less than 11 events triangulate a serious escalation of attacks on software supply chains
These assaults, which include hackers injecting vulnerabilities directly into open source releases, represent a new front in the battle to secure software applications
Industry lacks meaningful open source controls
1.3 million vulnerabilities in OSS components do not have a corresponding CVE advisory in the public NVD database
62% of organizations admitted to not having meaningful controls over what OSS components are used in their applications
https://www.marketwatch.com/press-release/sonatypes-2018-state-of-the-software-supply-chain-report-reveals-use-of-vulnerable-open-source-increased-120-despite-equifax-breach-2018-09-25
https://www.theregister.co.uk/2018/09/25/open_source_security/
Just search: SONATYPE OPEN SOURCE SECURITY
.
Blue_true
(31,261 posts)Open source code does not sound like a good idea, as you pointed out. DARPA could try to build a encrypted and secure shell within which voting takes place, but if they are counting on the shell transmitting information back and forth with the open source software then that is where hackers will likely attack and either modify information at that point, or figure out a way to hack into the secure shell, either way they can do major damage.
DARPA seems to be trying to build a national voting platform. I am really surprised that Trump is allowing them to do such a thing since that could ultimately make voter suppression harder. I can see part of a national platform being open source, but that would only be for states to announce their results, which can be a one way deal. Each state would need to have a secure shell that can't be hacked into, that is a large order.
TheBlackAdder
(28,183 posts).
The only secure environment is one that is disconnected from a network and had external ports disabled.
Only during a file transfer to a jump drive, by an authorized user, can information leave the device, as Read Only.
The jump drives need to be paired to the voting device and those jump drives need to be WORM Only.
.
Blue_true
(31,261 posts)can be hacked into.
Your points about information transfer are dead on, the only sure way to insure no invasion into a system is to have it disconnected and pull information from it only with a secure storage/transfer device that never send information back into the secured system, and the transfer device should constantly be checked for viruses and trojans.
Secure voting can be made to happen, but with the Republican Party working hard to force voting to be for conservative Whites only (as opposed to other Whites and POC), I don't think there is going to be a national effort to get fair, secure voting - the exception will be if we all vote in all elections and electorally eliminate the Republican Party.
DFW
(54,341 posts)In 2002, he said, give me a laptop and a cell phone, and Ill make any of those voting machines give you any result you want.
So they have known from the beginning how vulnerable the current machines are. Since no one else seemed to be both interested AND able to do something about it, they are.