digg

Facebook Connect Join Digg About

Scientists Prove that Voting Machines are being Hacked

article.wn.com Computer scientists from California universities have hacked into three electronic voting systems used in California and elsewhere in the nation and found several ways in which vote totals could potentially be altered.

Who dugg this? Made popular Nov 27, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

Warning: The Content in this Article May be Inaccurate

Readers have reported that this story contains information that may not be accurate.

233 Comments

show profanity settings
expand all
  • bratpack8, on 11/27/2007, -8/+282no paper trail, no evidence. unbelievable that these machines are moving forward.
  • janeuner, on 11/27/2007, -25/+254"Scientists Prove that Voting Machines are being Hacked" should actually read "Scientists Prove that Voting Machines can be Hacked"
    Buried for being inaccurate and sensationalist. Resubmit with a proper headline.
  • inactive, on 11/27/2007, -25/+147we don't need these machines. if anything, some open source Linux PCs could do the trick. with some simple (and I do mean simple...like one page of code) software to simply tabulate numbers and print reciepts, and send updates to a main server. easy and cheap and effective and open.

    the fact that they started using closed machines should suggest that things are pretty corrupt, or people are just amazingly trusting, naive and/or stupid.

    i could set up a polling location in a week, and it would be easy to duplicate nation wide in time for the elections. and i'm just one programmer.
  • KMye, on 11/27/2007, -10/+124I'm completely opposed to any electronic voting without a paper trail verified by the voter before they leave the booth. That said, this submission needs to be buried for A) a completely misleading and inaccurate title, B) being blogspam linking to Infowars blogspam of a NYTimes article (here's the original if you want to read it : http://www.nytimes.com/2007/07/28/us/28vote.html ) and C), not as important, but this is from July.
  • inactive, on 11/27/2007, -17/+91This is America. We don't believe in science.
  • martinjd, on 11/27/2007, -16/+79This is where it becomes clear that you are not a programmer. Would you care to show me *one* page of code that does the following?
    - Insures that one person can never vote more than once
    - Connects to a remote database and increments the proper values
    - Filters out insertion hack attempts and invalid entries
    - Doesn't allow any means for the current voter to see the previous vote(s) on the machine
    - Makes all transactions through a secure connection (which is harder to implement in a non-browser client)
    - Has a user interface that conforms to proper accessibility guidelines

    That would at least get you started. Oh ya, and that's all just for the client. You of course need your central server - probably clustered due to all the traffic . The bandwidth is probably reasonable, but there would be an obscene about of server hits with the whole country voting. And then you need someone who really knows what they're doing in setting up the firewall. You also need to make sure that the clients have the IP of the server hard coded in - you don't want a malicious DNS server routing your vote to the wrong server...

    The bottom line is that when you have high security and high volume use mixed together - it's never quick and easy.
  • NaziHatinChimp, on 11/27/2007, -4/+51No *****. This guy deliberately ***** the headline.
  • Dipsomaniac, on 11/27/2007, -6/+51Moron, that's also the best way to make sure there aren't any holes. OSS is more secure than proprietary.
  • RabidAngel, on 11/27/2007, -2/+46As someone with a very accomplished IT career, I can agree that this would not be extraordinarily difficult to implement. It wouldn't take a week, but it could realistically be done (designed, built, tested) within a few months or a year. Something is very wrong and it reminds me of the claim that someone "accidentally" deleted millions of emails.
  • alpinecow, on 11/27/2007, -6/+37Buried for massively misleading title...while I agree hackability is worrisome, no scientist has proven that "machines are being hacked."
  • objectcode, on 11/27/2007, -2/+33anyone who is good at reverse engineering software is going to find holes in proprietary software.
  • jmpeagle, on 11/27/2007, -5/+31wow, way to contradict your headline in your description
  • inactive, on 11/27/2007, -0/+26Thanks for playing.
    Try again when you get a clue on how security or programming or open source works.
  • inactive, on 11/27/2007, -5/+25This has been know for at least four years; there are more than a few discrepancies between the electronic and paper ballots.

    Hail to the thief!
  • yuravian, on 11/27/2007, -1/+21That's one reason I always vote absentee. It is in itself a paper trail, not to mention I don't have to deal with the crap at the polls.
  • inactive, on 11/27/2007, -3/+23Well duh, the man who hacked them testified before a United States justice that he hacked them and was asked to do so by a governmental official.

    Here's the video of that testimony: http://www.youtube.com/watch?v=JEzY2tnwExs

    Of course, they buried it immediately and "forgot" all about it.
  • localzuk, on 11/27/2007, -3/+22You wouldn't have a single central server - you'd have a server at county level, state level, regional level (ie, a group of states) etc... Each counts up the numbers from the ones below.

    And yes, the code would be pretty simple - not a single page, but not huge.
  • falseleftright, on 11/27/2007, -2/+19Very believable, given the nature of our government in recent years. Hacking Democracy showed some of this a few years ago.

    http://www.hbo.com/docs/programs/hackingdemocracy/
  • Scottamus, on 11/27/2007, -0/+16what about my idiots?
  • giveer, on 11/27/2007, -6/+21*ahem*.. sorry, but: YOU'RE idiots.
    sigh...
  • benplaut, on 11/27/2007, -1/+16Let's do it in a single line. In Perl.

    (That's a joke)
  • TheSwashbuckler, on 11/27/2007, -0/+13The basic code would be simple. Add real security with detection for hacking (you know, like a REAL system) and it would become quite large.

    Think security's easy? I invite you to look at all the CVEs for the various components of the LAMP stack.
  • ewarner, on 11/27/2007, -2/+15My first thought exactly. I hate it when people read an article then make up a scarier headline that exaggerates the actual point of the article.
  • bolognium, on 11/27/2007, -0/+13wow, one of the best things about open source flew right over xGrill's head..
  • spawnfree, on 11/27/2007, -1/+13No, they are in fact, his idiots
  • AshamedAmerican, on 11/27/2007, -5/+17Come on digg, time to get this "No *****" section up and running!
  • inactive, on 11/27/2007, -1/+12But you are even LESS able to determine if your vote was counted. You have a "paper trail", but you can't follow it.
  • paganmonkeyboy, on 11/27/2007, -4/+14yeah - way to mislead and blow your cause out of the water by not being honest and accurate - and i even think they were hacked...credibility ZERO
  • Otto, on 11/27/2007, -3/+13Just about everything you describe could be put together from open source, known to be solid and secure, parts in under a month, by one or perhaps two programmers. The hardware design would take slightly longer. The user interface would probably have to be left up to a committee.

    But the point is that no closed system can be *known* to be secure. Security does not rise out of obscurity. Security only comes about when everybody has the opportunity to look over every single piece of the system and find possible flaws and see how they have been accounted for.

    Nobody sane would trust an encryption system that was not open for all to see. Why should be trust closed voting systems?
  • falseleftright, on 11/27/2007, -0/+9Wouldn't it be nice if I could wall into a polling station, enter a booth, vote, and receive a tamper proof receipt. I would then take this tamper proof receipt and present it to a manual counter. The manual counter would copy my tamper proof recipt and its unique id number. This way, you would have two vote counts going at the same time. If there were discrepencies between the manual counter machine and the voter machine (I'd like the tallys checked every half hour), then we would know if there was malfeasance going on. We need to be able to monitor our voting real time, not days/weeks/months after. Clearly, after the fact vote discrepencies don't matter with our supreme court (unless of course, an anti-establshment guy got in).
  • MWeather, on 11/27/2007, -0/+9Then voters would actually need to know what the candidates look like. Outside of the presidential election, that's not likely. People need the R and D to know who to vote for.
  • m0tbaillie, on 11/27/2007, -1/+9While I don't think the code, if written correctly, would be entirely complex, I *do* think that PHP would be the absolute *worst* language to write such a system in. It is notoriously one of the more exploit-afflicted languages. Python or Perl would be far better choices.
  • Baku, on 11/27/2007, -3/+11Of course voting machines are hackable... all the scientists had to say was "George Bush is President... who in their right mind would vote for him?"
  • objectcode, on 11/27/2007, -2/+10not all of us chose this electronic voting system
  • enri, on 11/27/2007, -0/+8Yet it was done in Australia.
    http://www.wired.com/news/ebiz/0,1272,61045,00.htm ...
    Summary:
    * System is running Linux.
    * Developed by a private company but all code is open source (license details unknown).
    * Several bugs were reported by the public and subsequently patched.
    * From concept to production in six months.
  • nalf38, on 11/27/2007, -0/+8In Oregon, we get a confirmation via snail mail that our absentee ballot was counted...and if it wasn't counted, the reason why. Absentee ballots are more secure than voting machines, if you do it right.
  • Mothrog, on 11/27/2007, -7/+15Our citizens are too ***** stupid to use paper. See 2000 Presidental Election in Florida. I'm surprised that they haven't gone to the McDonalds cash register style of voting machine where everything's pictures.
  • halohunter, on 11/27/2007, -14/+21Are Americans this lazy? Just use normal paper voting like we do in Australia, I'm sure many people will appreciate having a job and the security of human based counting. You don't even have preferences!
  • darkcooger, on 11/27/2007, -0/+7You are describing what is known as "security through obscurity," and it is a fallacy. Besides that, as citizens, we have a right to know how our votes are to be counted, and that includes inspecting the source code of the voting machine that does the counting.
  • jcaino, on 11/27/2007, -11/+18While i won't comment on the length of code required, it would be pretty easy. Why wouldn't you be able to use a browser for the client? Hell - you could probably do all this with a LAMP server and code everything in PHP.
  • MacEnvy, on 11/27/2007, -1/+8You're making the assumption that at least half of the country is in their right minds. I'm not so sure about that.
  • inactive, on 11/27/2007, -1/+8No, it is not enough when the title says the machines ARE being hacked.

    I can prove you can kill someone, should we charge you with murder?
  • chuckbergeron, on 11/27/2007, -1/+8That's fine, with voter apathy at all time highs nationwide I don't think it's a big deal.
    /end sarcasm
  • profOblivion, on 11/27/2007, -0/+7Look to the north if you want to know how to run an election. Federal/provincial elections have paper ballots + two people at each polling station + multiple polling stations per location + a representative of each political party present during vote counting. The municipal elections are tallied electronically, but it's done from a Scantron type ballot so there's still a paper trail. As far as the population argument goes with respect to the cost of such an election, yes the total cost would be greater in the US but you can't tell me that the per-capita cost would be prohibitively high, and certainly not too expensive for holding on to democracy!

    Point being, the paper ballot system was never broken. Why the hell did anyone decide to try and fix it? (Heh, "fix"...)
  • darkcooger, on 11/27/2007, -0/+7See, in Mississippi, in both the 2000 and 2004 elections (the only two Presidential elections I've been eligible to vote in), we used optical scan vote counting machines. So our ol' buddy #2 pencil and a piece of paper, and you fill in the bubble next to your guy's name. Easy to do, easy to count, easy to verify. When I heard about punching holes in the cards a la Florida, I wondered how people could complicate something so simple as voting...
  • lintmonkey, on 11/27/2007, -0/+6He didn't specify font size.
  • skubiszm, on 11/27/2007, -4/+10How else do you make sure the right candidate wins?
  • 4degrees, on 11/27/2007, -1/+7we only believe the science "buddy jesus" tells us about.
  • HippyInASuit, on 11/27/2007, -0/+6You do not understand what you're talking about.
  • obliviousfool, on 11/27/2007, -3/+9You are right. The headline should read "Computer scientists prove voting machines can be hacked; mathematicians prove that votes are not being counted; lawsuits with missing evidence prove that boxes of ballots have been thrown away; existing laws prove that the Supreme Court has no jurisdiction over how states count their votes and that Congress has the final say over contested electoral college votes; e-mails sent to the wrong address prove that caging was going on; and people forced to wait in the rain prove that you can disenfranchise voters!" Of course, that's a lot for a headline.
  • Fetching more discussions...
    Show 51 - 100 of 232 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.