The Defense Advanced Research Projects Agency (DARPA) headed out to the Def Con 27 hacking conference to sell attendees on the idea that it can build a truly secure hardware platform, Wired reported, starting with a totally custom voting system that's cost $10 million to develop.
Researchers seem increasingly willing to claim their devices are "unhackable." EyeDisk raised tens of thousands of dollars on Indiegogo and Kickstarter earlier this year for a purportedly unhackable thumb drive. The University of Michigan announced the Morpheus processor architecture, which encrypts and reshuffles its code every 50 milliseconds to confound attackers, with similar claims about its supposedly unbreachable security mechanisms
However, the unbreachable claim is one that's hard to swallow. And that's even before remembering that EyeDisk was revealed to have numerous vulnerabilities after it was successfully crowdfunded.
Yet, a team at DARPA believes that building a bespoke hardware platform that doesn't rely on any traditional products--Wired specifically noted the lack of proprietary components from Intel or AMD--will let it create devices that can't even be undermined by vulnerabilities in their software.
DARPA's currently focused on building an open source voting platform that can safeguard the U.S. election process. Those defenses will become increasingly crucial in future elections--the Senate Intelligence Committee said in July that Russia targeted voting systems in all 50 states during the 2016 presidential election. Others have warned that Russia and other countries have already started to undermine future U.S. elections.
Those reports are even more worrisome in light of repeated warnings from security researchers that current voting systems are vulnerable to many security attacks.
Luckily the security experts who attend Def Con are hot on election security. The hacking conference has an entire Voting Village set up for hackers to examine; that's where DARPA set up its platform. Wired reported that the project is still in its early stages, though, so the voting system the agency brought to the conference is currently running on virtualized reproductions of its hardware.
DARPA reportedly hopes to bring a closer-to-completion version of its platform to the Voting Village at Def Con 28 in 2020. It would almost certainly be too late for the platform to be implemented for the 2020 presidential election at that point, but if the project is still ongoing, it would show that DARPA isn't going to give up on election security too easily. Let's just hope that it manages to be even half as secure as it's meant to be.
That being said, you can't run the process without people, and it only takes 1 person to fudge everything up.
we phone in the results at the end of the night after everything has been counted and verified. the results will be on the news within 10 minutes after we phone them in. it really does not need to be any faster than that and can't be tampered with.
we've seen attempts to tamper out of some states last few elections and the paper trail made it rather easy to identify the attempts and who did it. putting things online, makes it more vulnerable, easier to hide and much harder to figure out what happened later on.
somehow, the political BS being spread as a losing candidate pretends it was somehow voter fraud, has worked its way into the real world and for whatever reason, some people are actually trying to "secure" something that is already secure. not sure what the end game is, but it almost seems like the idea is to actually make it less secure so lots of doubt and conspiracy theories can be thrown around easier.
won't fix that problem messing with the voting booth.
This isn't some crazy conspiracy theory. E.g. the bipartisan Senate intelligence committee report states "Russian cyberactors were in a position to delete or change voter data" in an Illinois voter database. They didn't find any evidence that they did so, but the fact they were able to achieve that sort of access is obviously troubling.
If you want some examples of vulnerabilities in current voting machines, they talk about it in the report starting at page 40.
So, what can you do with a voter registration database? You can scrape data, to be used in targeted advertising (either convince swing voter to vote for your candidate or convince likely dedicated opposition voters to stay home - Cambridge Analytica's psychometric profiling also helps with this). You can kick someone off the roles, if they have an opposing party affiliation, or perhaps fiddle with their address so their normal voting precinct turns them away.
We have documented evidence, from multiple states, of attempted and possibly successful tampering with the voting system. It must be taken seriously. You don't wait until your PC gets infected with a virus to install an anti-virus program and you don't wait until your country gets invaded to establish a military. How much proof do you need of foreign (or domestic) hacking, before you're willing to accept that election security needs to be improved?
Paper voting systems require more work to hack, but they're not as inherently secure as you suggest. Ballots can be forged, ballot boxes can be stuffed, and paper ballots can be prematurely destroyed (didn't this just happen in a House election that had to be re-run?). Machines doing the counts can also be tampered with. Even if they're offline, they're probably not invulnerable to a stuxnet-type hack.
Wouldn't you agree that a voting system which relies on cryptographic techniques to ensure that any tampering with a registration database is detectable and ensures the authenticity of each ballot (while respecting privacy) is a good thing? Your voting system might be good, but it could probably be better. It's surely not immune from malevolent administrators or workers, even if attacks by such individuals aren't trivial feats. The stronger the system, the more faith we can have in it. Isn't that what we all want?
Just like crypto-currencies don't depend on faith in the counter-parties of your transactions, we should use robust voting systems that are resilient to attacks and mistakes by both external entities and insiders.
Is it advisable to trust a system made by somebody else?
Not at all!
I trust hardware a lot more than I trust voting "officials" in todays partisan environment where votes disappear, don't get counted, or are declared invalid after someone stuffs them in their car trunk...I'm looking at you Florida