cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Community Champion

Vote by (smart?) phone ...

Electronic voting systems are weak on security.  That is known.

 

Electronic ballots cast over the phone, or over the Internet, have been considered dangerously weak for some time.  (A long, long time.)

 

And, we all know that portable devices have all kinds of security weaknesses.

 

So, in this climate, what do you think the smart thing is to do?

 

Of course.  Build a smartphone app for voting.  And have it used in West Virginia.  (Remember, these are the guys who just impeached their entire Supreme Court.)

 

How do you register?  Take a picture of your government ID, and a selfie style video of yourself.  Face recognition will do the rest.  (There's no weaknesses in face recognition, right?)

 

And it's protected by blockchain!  So nobody has to worry about anything, right?  (And nobody can extract data from a blockchain to find out how you voted, right?)


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
18 Replies
Advocate I

Re: Vote by (smart?) phone ...

https://giphy.com/explore/facepalm

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
Community Champion

Re: Vote by (smart?) phone ...

Walk in voting is weak on security! When I voted in last year's presidential election, I was able to ask the volunteer if my mother-in-law was registered to vote. She paged through the voter roles right in front of me and I could clearly see who had voted and who hadn't (they removed a sticker and put it on another sheet when you came in to vote, so no sticker meant you had voted already.) She looked her up and couldn't find her but said well she can come in and fill out a provisional ballot.

 

My point being, there was no voter id required. I could easily game the system by asking about my "sick" neighbor (who I knew to be out of town or I knew never participated in voting) and see if they were on there. If so I just show up later in disguise and vote in their place. And what is to stop the "volunteers" from stuffing the ballot box at the end of the night? They just peel off a sticker, slap it on the other form and then fill out a ballot. Lather, Rinse, Repeat until you get 100% voter turnout for an area. Add into that provisional ballots and you have greater than a 100% turnout.

 

The election system needs a serious overhaul and voter id should be right up there. P.S. I have seen this at every voting system across 3 states. Not that I vote in multiple states in an election, I have just been voting long enough and moved around enough that I have voted in 3 states in my lifetime.

Community Champion

Re: Vote by (smart?) phone ...

I for one hold that voter turnout greater than 100% is wonderful evidence of the electorates overwhelming commitment to democracy!

 

If anyone has read any books in Alaistair Reynolds Revolution Space* Series he posits a political system called ‘Demarchy’, I assume a portmanteau of ‘Democratic Anarchy’. 

 

Basically everyone in the Demarchy has to vote and you do it electronically and it realtime on much greater granularity than our current state of the art allows(Switzerland - IMHO it kind of works but is weird), and you get asked a lot of questions and are profiled(if it turns out you make good decisions then your vote gets added weight) - of course this needs to be electronic, and as such you’d assume that authentication would be secure, and profiling the individual over a the long term would provide better security that just walking into a polling booth or downloading and app.

 

Ultimately to have really secure elections our systems need multiple points of contact over time, and accountability and oversight are going to be as important as technology.

 

*It’s relatively hard SF, if compared to pop culture, though non of it as written before he current hype around Blockchain and AI. Data was also stored on ‘turbines’ which spun very quickly and failed spectacularly.

Community Champion

Re: Vote by (smart?) phone ...

If we weighted people's votes based off of their social media activity I can see some people going into the negative weighting.

Community Champion

Re: Vote by (smart?) phone ...

Pay me to not vote for you... or else!Smiley Wink

Community Champion

Re: Vote by (smart?) phone ...


@CISOScott wrote:

I could easily game the system by ...[voting for]... my "sick" neighbor.

Small risk in small-town America, where everyone knows everyone else.  Bigger risk in big cities.  Less detectable would be to steal absentee ballots from mailboxes, at the risk of violating 18 U.S. Code § 1708.  Even less detectable would be to implement systems that don't require physical presence (either at the precinct or at your mailbox).

 


And what is to stop the "volunteers" from stuffing the ballot box at the end of the night? 

Most (if not all) states require ballots boxes to remain in the presence of at least one Republican and at least one Democrat.  Stuffing therefore requires cross-party collusion/conspiracy.  I also believe that the two to three people you see at the check-in table must not be of a single party.  So, for example, a Republican checks your name off the roster and a Democrat hands you your ballot.

 


 The election system needs a serious overhaul and voter id should be right up there. 


Most states have already implemented at least some form of Voter-ID. To prevent disenfranchisement (the opposite of voter fraud), Voter-ID needs to be coupled with a movement to "help people get IDs".  Such a movement ought to be equally strong as "register to vote".

Community Champion

Re: Vote by (smart?) phone ...

> CISOScott (Contributor III) posted a new reply in Industry News on 08-09-2018

> Walk in voting is weak on security!

Doesn't have to be. I used to work as a Deputy Returning Officer or Poll Clerk in
elections. We got training. We use paper ballots and got the results in within an
hour of polls closing. (Less if we were using a counting machine. Which still had
a paper ballot trail.)

> When I voted in last year's presidential
> election, I was able to ask the volunteer if my mother-in-law was registered to
> vote. She paged through the voter roles right in front of me and I could clearly
> see who had voted and who hadn't (they removed a sticker and put it on another
> sheet when you came in to vote, so no sticker meant you had voted already.) She
> looked her up and couldn't find her but said well she can come in and fill out a
> provisional ballot.

One point being, that we didn't tell voters about other voters.

(We didn't have stickers. We drew a line through the entry when they'd voted.)

(Of course, back then, maybe stickers hadn't been invented yet ...)

>   My point being, there was no voter id required. I could
> easily game the system by asking about my "sick" neighbor (who I knew to be out
> of town or I knew never participated in voting) and see if they were on there.
> If so I just show up later in disguise and vote in their place.

We also ask for ID. And check that the address matches the list.

> And what is to
> stop the "volunteers" from stuffing the ballot box at the end of the night? They
> just peel off a sticker, slap it on the other form and then fill out a ballot.
> Lather, Rinse, Repeat until you get 100% voter turnout for an area.

Ummmm, people called "scrutineers." I really hated the scrutineers, since they
weren't subject to the same restrictions as we were all day, but they do serve a valid
audit purpose.

> Add into
> that provisional ballots and you have greater than a 100% turnout.   The
> election system needs a serious overhaul

Is your election system *really* that bad? (OK, yes, I've read the reports: yes, it
is.)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
You are not my router! You are a Snort! - after P. D. Eastman
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Community Champion

Re: Vote by (smart?) phone ...

> Early_Adopter (Contributor III) posted a new reply in Industry News on

> and
> you get asked a lot of questions and are profiled(if it turns out you make good
> decisions then your vote gets added weight)

Kudos!

(Badges?)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
I summon the vast power of CERTIFICATION! ... Well, this is
embarrassing; that's all I remember from the classes.
- Scott Adams, Dilbert
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Community Champion

Re: Vote by (smart?) phone ...

voting_software.png


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468