1. 31
  1.  

  2. 14

    The CCC did an awesome job here. If you read German, I highly recommend reading their full report.

    The vendors developing this software have been exposed as highly incompetent.

    Arbitrary server filesystem access via broken PHP scripts, incredibly stupid username/password combinations in production (“guest:test”, “test01:test01”, “test02:test02”), plaintext FTP being used to transfer sensitive voting data, a shared account on this FTP server allowing any user to modify vote results across the entire country, unsigned software updates, silly custom symmetric “crypto” where a PKI is needed… the works.

    Fortunately, since 2009, recounts based on paper ballots are mandated if there’s any doubt.

    1. 2

      I wept tears of joy reading the full report although I’m fully aware this is a serious mater.

      [Page 8]: “After encrypting with the provided tool SmartEditor.exe these are the login credentials […]”

      So they “encrypt” their config files containing passwords and then provide they tool to decrypt it when publishing the config files.

    2. 9

      In my opinion electronic voting systems don’t make much sense because they’re opaque to an ordinary citizen (hence non-auditable) and optimize a tiny fraction of government spending. It’s a case of modernititis where it’s assumed that modern is by necessity better.

      1. 2

        I think computer literacy will grow fast enough that we can have more efficient systems that are also secure. Maybe not just yet though.

        1. 1

          Secure and auditable voting systems are aIready (technically, but not politically) possible. I don’t really see computer literacy among the voting public as the limiting factor here. Public elections have a lot of big stakeholders, and they’re not all nice people. Some of them are not even especially visible.

          Barbara Simons’ work is a good starting place if you’re interested in learning more about the issue.

          1. 1

            I don’t really see computer literacy among the voting public as the limiting factor here.

            They have to trust the system. Many won’t. These range from tech-savy folks who know computers can be hacked/subverted to rural folks who won’t trust a black box no matter what. The options like Scantegrity that balance these concerns have had usability issues. About the only one they understand without much potential for hacking is optical scan with diverse suppliers of scanners. There’s a question, there’s multiple choices with a letter, they fill it out, and it gets counted with paper-based recounts. Gotta design for lowest, common denominator in a society with conflicting beliefs about what’s trustworthy. That one works pretty well.

            1. 2

              Even if we suppose that the actual voting public (rather than the decision-making officials acting in their name, let’s assume in good faith) must trust the system, that doesn’t imply that their trusted system is “trustworthy” by security-expert standards. There are lots of ways to influence public opinion.

              So, we’d want a system that honest, well-intentioned experts can trust (for their expert reasons) and that the voting public will trust (for whatever their reasons). Tall order! Care to comment on Travis County’s STAR-Vote system?

              1. 1

                I know many areas would reject such “gibberish” like El Gamal and hash chains immediately when paper stuff is more understandable. Let’s say they’ll accept a computer solution if they can at least get a paper copy they can understand. From that view, I love what I see in the slides of STAR-vote. The combo of a touchscreen, standardizing as much as possible, thermal printers, removing extraneous info on receipts, QR codes, and public ledgers are all good ideas. The INFOSEC needs improvements on subversion side to deal with attacks where people there want to manipulate the election and will be the ones deciding which ballots to look at. Already seen that happen.

                I can’t say much more about the protocols since that takes a lot of time and effort to review. I do appreciate you telling me about it, though, since it’s work worth building on.

        2. 1

          optimize a tiny fraction of government spending

          Is this actually an optimization? I’m pretty sure serious money was spent “designing” and creating these systems (looking at total cost). Not sure how many elections are needed to break even on those costs, compared to simple paper in voting office and letters for remote voting, especially if there is still a paper trail anyway…

          In e.g. Netherlands they “optimized” this further by having no paper trail, so I guess some trees were saved there [/s].

        3. 2

          The 90es called, they want their bugs back… To be honest, I wasn’t really surprised of the outcome. Having worked at a German University (which is somehow comparable to Government institutions) for some years I know how software and habits can survive for long periods of time.: “It must be good because we always did it that way”

          1. 0

            Don’t worry about the voting software. In the end, the government will show the public whatever numbers it wants them to see.

            Of course, before any election happens, the public will first be propagandized to think what the government wants them to think, and to fight over what the govt wants them to fight over. Business as usual there.

            Then, leading up to the (s)election, the public is primed to accept the desired “result”. “The polls are showing X in a slight lead!”

            1. 6

              Never attribute to malice that which is adequately explained by stupidity

              1. 8

                In my field (high-strength attackers), that’s exactly what we want you to think. Most subversions are disguised as simple mistakes in configuration or code. The next type are tiny ones that might go unnoticed. Then you have full-on rootkits and stuff. Since we can’t tell stupidity vs malice, the field of high-assurance security just went straight to making rigorous development and review processes that should catch most of the subversions. It involves really constrained development with every assumption, interface, and so on described in detail, analyzed, tested, and pentested. Even that doesn’t always work.

                The time I spent studying this stuff makes me recommend paper ballots with optical scan for improving performance. It requires a lot more work to subvert on a large scale.

                1. 2

                  paper ballots with optical scan for improving performance. It requires a lot more work to subvert on a large scale.

                  You’re way too well-informed and smart to believe in (s)elections anymore.

                  1. 4

                    I don’t believe in them or respresentational democracy anymore. Good guess lol. Applies double in a country like America with corrupt media indoctrinating voters to reinforce the status quo or create a new, horrible one.

                    1. 0

                      Yeah, so don’t recommend ideas that would only serve to make the scam more credible?

                      1. 2

                        When you say “believe in X”, do you mean belief that X exists, or holding X as an ideal? That is, are you talking about facts or values? For example, the existence of various forms of dishonesty doesn’t keep most of us from genuinely subscribing to honesty as a virtue or guiding principle.

                        So, if we’re talking about representational democracy, I think we can admit that in practice, the systems which implement it are flawed, though we may disagree as to how badly or how fundamentally or why. But if you are saying that representational democracy is not a valid ideal for smart and well-informed people to hold… well, that’s a much more provocative statement. If that’s the case, do you hold some other ideal about how society should be structured? Or are you a mere cynic?

                        I don’t want to sound confrontational: I’m genuinely curious. In my life, it’s hard to find any smart, well-informed people who can talk about this kind of stuff in a serious, civil way. Feel free to PM me if you think this is too controversial or off-topic or whatever. (Open invitation to lobsters, not just rama_dan.)

                        1. 0

                          But if you are saying that representational democracy is not a valid ideal for smart and well-informed people to hold… well, that’s a much more provocative statement. If that’s the case, do you hold some other ideal about how society should be structured? Or are you a mere cynic?

                          Society shouldn’t be “structured” at all, because the idea implies a “structure” being forcefully imposed on the masses.

                          https://www.youtube.com/watch?v=ngpsJKQR_ZE&t=8

                          1. 1

                            It was entertaining with the connection between robbery and taxation. The author goes off the rails repeatedly talking about how a piece of paper, ink, and so on justified taxation. Occasionally mentions people were involved. I cut it off after certain amount of repetition of these. The author misrepresents what happened as some people in a room wrote something down and a whole government has been blindly enforcing their will ever since.

                            The actual thing that happened was a group responded to problems a large number of people were having. These are people who wanted a government and accepted the notion of some kind of taxation given English heritage. They were griping about taxation without representation more than taxation itself. The people created a new government on paper, the locals agreed to it, and the process went from there. Problems were solved by changes in law, regulations, and/or Amendments to the Constitution. Most people in America still agree with the need for taxation but argue on the details. It’s those people that support our system that give power to that ink. It’s also not robbery if people voluntarily line up to give their money in exchange for beneficial services. Instead, it’s more like a payment for services than robbery.

                            Now, you could argue that those who didn’t want to participate in the system with neither benefits nor the cost are involved in some kind of slavery, robbery, or coercion. The majority definitely support enforcing the laws. That means they support coercion of compliance, including taxation. That could be robbery. If they were born and raised here, though, that means those people might have already benefited from the property rights, military defense of that property, the country’s natural resources, the educational system, the economy w/ its public investments, public transit, the Internet, and the U.S. dollar as a standard of exchange. Then, that person suddenly says they want to contribute zero in taxes to the country that gave them all that development and opportunity. Most also want to use the government’s benefits or resources… its currency at the least… to benefit themselves. They say doing so with some kind of tax is the government robbing them whereas with the above it looks like they’re robbing the government and everyone that helped them. Freeloading off collective work at the least.

                            So, I reject his argument that it’s robbery or just from a piece of paper. Also, I note that many who might be considered robbed by taxes benefited from taxpayer funds. Many also intend to continue benefiting. So, they seem hypocritical if they want to take from but not give to a system.

                            1. 0

                              Let’s just say I don’t believe you’re being sincere.

                              1. 2

                                So elections are a scam that tricks people into believing they are real, but you don’t think people who believe in them are being sincere? I’m struggling to follow.

                                1. 0

                                  Oh fuck you.

                                  1. 1

                                    Or are you suggesting that nick specifically is smart and should know better? I guess that’d be a more sensible reading; still genuinely can’t tell what you’re trying to say past the invective.

                            2. 1

                              That was a less thoughtful reply than I was hoping for. Where did you get the idea that social structure must always be forcefully imposed, anyway? Seems kind of self-defeating for someone in the freedom-loving camp you seem to be identifying with. https://en.wikipedia.org/wiki/Social_contract

                              Let me try again: what principles should those of us who value any (even minimal) social order (or, if you prefer, “liberty”) voluntarily adopt so as to increase our chances of actually having some? How do you suppose contracts between individuals will be enforced? Who’s going to suppress violence initiated by the strong against the weak, or judge between disputing claims about who initiated violence?

                              If you can articulate a better idea than representative democracy, or link to someone who can, I’d love to hear about it. Seriously!

                              1. 0

                                I didn’t put much time into the response because it’s just really difficult to see this as anything other than trolling with plausible deniability (so far).

                                But if you somehow happen to be sincere, this might be relevant to your interests: https://www.youtube.com/watch?v=gphKVhnwREc

                          2. 2

                            I’m not sure what your goal is with that statement. There’s what I think makes sense and what’s happening in the world I live in. I try to address both with practical solutions that improve benefits or reduce costs/risk. Especially risk reduction since security is my focus. So, I push people to not vote for scumbags during the primaries. They do it anyway. I push for them to take action in whatever way to improve things. They usually don’t. Then, they’ll take initiatives that have major impact which also have major problems. I try to help with that since it will affect me and lots of really, good people.

                            That’s my MO. The lack of participation or abundance of negative participation made me pretty much stop doing activist work in the U.S. in most categories. Not worth the sacrifice if a few are putting out city fires with most of the city dumping more gasoline. However, there are some things that can still be done that are showing value. I still contribute to them. Further, the best model seems to be just building better stuff to market, make money, and use that money to solve problems. Ignore anything and everything else unless affects me personally. I’ve got a decent idea or two for that which I’ll probably try to set in motion in a few months if circumstances don’t shift too much to knock out likelihood of success.

                            1. 1

                              That wasn’t meant as a personal attack or anything. Sometimes you say something genuinely educational in terms of politics too :)

                              But when you recommend using “paper ballots with optical scan”, it implies that you believe elections could be “fixed”/improved so that they’d “work” better for us little peons.

                              But you don’t actually believe that, right? You know elections are a sham meant to make us think we have a say in how we’re enslaved. Maybe you wouldn’t put it in those exact terms, but you’ve probably got roughly the same idea.

                              That was my problem here. Elections are working as intended. They’re just not intended to benefit us, and so they can’t be fixed or improved (from our perspective).

                              So, I push people to not vote for scumbags during the primaries. They do it anyway.

                              So you tell them not to vote for anyone, considering every single candidate is a scumbag?

                              The lack of participation or abundance of negative participation made me pretty much stop doing activist work in the U.S. in most categories. Not worth the sacrifice if a few are putting out city fires with most of the city dumping more gasoline.

                              I can relate. I’ve mostly stopped doing my own little “activist work” on the Internet, because there’s always a bunch of useful idiots everywhere, working hard to prevent the truth from spreading.

                              Anyhow, I didn’t meant to attack or discourage you. Keep on keepin’ on :p

                              1. 0

                                You’re getting really into idealist and all-or-nothing territory. Most things in life don’t work that way. There’s often necessary evils or compromises built-in. So, let’s go through some examples.

                                re election process. Yeah, I think they’re a joke with the major parties rigged for elites’ benefit. The process can still be used to get good folks in. Occasionally, there’s politicians that do exactly what they said they’d do for their constituents or on key issues. Protecting the integrity of the process at various levels creates those opportunities. A shift in public opinion pushing more people like that can get enough in to create a critical mass.

                                re scumbags. There’s politicians that will do most of what they’re asked in exchange for money and fame. Most will work for their sponsors which can be citizens, companies or both. From there, some will work almost exclusively for companies at their voters expense. Some will do tons of damage here and abroad. Another chunk is involved in conspiracies against the globe in partnership with the most powerful elites and the defense sector. The closer the votes are to the start of this list, the better the politician will be for the people. All might be scumbags but some are helpful scumbags.

                                “ because there’s always a bunch of useful idiots everywhere, working hard to prevent the truth from spreading.”

                                And paid idiots like we’ve gotten on Schneier’s blog recently. A combined American and Russian attack with the Russians being more effective. So, free trolls, paid trolls, and piles of gullible people. Well, at least Zuckerberg counts it as a positive: he says he loves public opinion so long as it’s shared in one place. That one can make a fortune off of it. ;)

                                1. 0

                                  You’re getting really into idealist and all-or-nothing territory

                                  Well, enslavement being bad is a fairly clear-cut thing.

                                  And surely you know that if some politician by some miracle had genuinely good intentions in running for office, the powers that be wouldn’t let him in. Ron Paul seems like a good example of this.

                                  Or he’d be assassinated sooner or later. Why would the scumbags running the show tolerate a pesky troublemaker when they don’t actually have to?

                                  That’s why the political process doesn’t matter at all. And again, the political process is just icing on the enslavement cake.

                                  Another chunk is involved in conspiracies against the globe in partnership with the most powerful elites and the defense sector.

                                  I suppose you mean “the globalists” pushing for a “new world order”. Those would probably be the most harmful scum, yes.

                                  In your “expert opinion” (wink wink), why do you think so many psychopaths actively suppress the truth where ever it’s found? There are so many like that, they can’t all be paid.. but if they’re not paid, what’s in it for them?

                                  1. 0

                                    “Well, enslavement being bad is a fairly clear-cut thing.”

                                    Enslavement has to be involuntary. Our government is voluntary for most people as I described in other comment. It comes with certain real and perceived benefits. Those of us favoring government also know anything democratic will have things we do and don’t like. Always a compromise. My only problem is corrupt politicians since most severe problems come from them. If it’s unbearable, the government does allow people to renounce their citizenship and go somewhere else if they choose. They don’t make it easy but a person on minimum wage could save up the money over time. In some states, it could be paid for with welfare.

                                    “Ron Paul seems like a good example of this.”

                                    He was main one I thought of as I wrote it. Like him or not, he does exactly what he says he’ll do with whatever money and power given. That he didn’t make it to Presidency is on the voters for focusing too much on what politicians say versus did. The others said nicer things. They win. ;)

                                    “Or he’d be assassinated sooner or later. Why would the scumbags running the show tolerate a pesky troublemaker when they don’t actually have to?”

                                    We’ve had times when people in power or just political movements made significant change. There were always assassination attempts. Most didn’t die although the biggest threats did. Change in such a system will require martyrs to at least bootstrap a better one. A few changes, esp on politicians’ funding or qualifications, might go a long way with other changes having more effects for the other side. It’s unknown. I’ll note that we have achieved a series of changes in leadership without bloody revolutions. Progress was certainly made via democracies over prior conflicts.

                                    “I suppose you mean “the globalists” pushing for a “new world order”. Those would probably be the most harmful scum, yes.”

                                    They do stuff domestically or with big effect, too. They used their schemes to convince people to accept or at least not fight over surveillance state, civil forfeiture (that’s robbery!), all freedoms suspended under Patriot Act, “defense” spending on bullshit instead of public benefit (eg healthcare or education), and foreign meddling that sends terrorists our way. The worst of the worst.

                                    “In your “expert opinion” (wink wink), why do you think so many psychopaths actively suppress the truth where ever it’s found? There are so many like that, they can’t all be paid.. but if they’re not paid, what’s in it for them?”

                                    That assumes one must be a psychopath to suppress the truth. People usually seem to do it for utility as bluffing seems to be an evolutionary advantage to get more from others. Society does it in many forms from institutions down to families. Even “good” folks lie to protect their families. The “bad” folks lie to increase their profits from customers they con. Lying is morally kind of neutral in my eyes where I consider it evil under my personal ethics when it causes unjustified harm to others. Yeah, another discussion in itself in two words haha.

                                    Far as why they do it, there’s a few reasons I saw studying companies here, fascist regimes there, and so on. Many do it for survival or to avoid conflict. They just go with the flow which sometimes spreads bullshit or hushes truth. Flip side of that is distorting truth can make some money, power, ego, or some other personal gain. The stated ones are the prime motivators for most of what I see among politicians and business execs. There’s another group, maybe single digit percentage of population, that just genuinely enjoys trolling others or doing random stuff just to see what happens. They just want to watch the world burn. I think of those as the psychopath types with the others quite normal with varying ethical systems or skill at achieving their goals.

                                    Unfortunately, hardwired or societally-reinforced thinking patterns in trust and risk/rewards favor the bad folks. Exploiting the flawed thinking of the doves is a rewarding activity for the hawks. So, they keep doing it. The only odd thing is the doves using government to protect the hawks feeding on them in name of Dove Defense. It’s really weird to me given all the movements I read about in U.S. history class. Getting the doves to recognize and avoid the hawks is the ultimate problem to solve that effortlessly solves many others.

                    2. 3

                      Never attribute to malice that which is adequately explained by stupidity

                      In reality, it’s the exact opposite almost every time.

                      1. 3

                        Ah, Hanlon’s Razor: cutting off uncomfortable lines of reasoning since 1774 or so.

                        I’m sympathetic to your viewpoint. But, rather than appealing to “reality”, which rarely furthers the discussion, I usually like to point out the false dichotomy: in even slightly complex situations involving multiple parties, malice and stupidity coexist quite well, and it can be hard to distinguish the boundary between them. Malice thrives on others’ stupidity, and encourages it to the extent it can: nickpsecurity’s point about plausible deniability is just one example of how that can work.

                        Anyway, to someone involved in defensive security work, assuming away the existence of an adversary is just plain irresponsible: we are paid to be paranoid.

                        1. 0

                          Well, I don’t need to tell you what the people running the world are like.