[CAVO] [VVSG-election] [VVSG-interoperability] Single Point of Failure - the Scan Head - RE: By November, Russian hackers could target voting machines

Brent Turner turnerbrentm at gmail.com
Thu Jul 28 15:38:35 UTC 2016 

Susan--

What is your alternative to open source code ?   Closed / disclosed ?  The
DOD / NASA / Air Force etc side with open source ...

I think the question regarding best approach open vs closed has been called
and is now long over--

Regarding audit capability.. the printed ballots themselves are the
countable record..

Best-  BT


On Thu, Jul 28, 2016 at 8:31 AM, Susan Eustis <susan at wintergreenresearch.com
> wrote:

>  I agree this is attractive, and should be done, but what about a usable
> audit trail?  GPL v3 open source with COTS hardware has enormous
> potential for buried hack handles in the code and the COTS has BIOS
> vulnerability.  I contend with that in my business all the time, the coders
> in foreign countries leave hooks in the open source code that is not
> detectable and that may not be activated for years.
> Susan
>
>
> On Thu, Jul 28, 2016 at 11:20 AM, Susan Eustis <
> susan at wintergreenresearch.com> wrote:
>
>> There is plenty of precedent in the court cases in Massachusetts where
>> that did happen.
>>
>> Susan
>>
>> On Thu, Jul 28, 2016 at 10:43 AM, Arthur Keller <ark at soe.ucsc.edu> wrote:
>>
>>> Thanks, John.
>>>
>>> Some people would worry that the delay in reporting would allow
>>> nefarious activities to occur.
>>>
>>> Best regards,
>>> Arthur
>>>
>>>
>>> On Jul 28, 2016, at 7:38 AM, Wack, John (Fed) <john.wack at nist.gov>
>>> wrote:
>>>
>>> I hesitate to jump in, but I do agree that it’s very very important to
>>> get the election night count accurate.  I tend to think that no matter
>>> what, it’s a human process, a logistical nightmare for some locales, and
>>> that this needs to be recognized in technical discussions and
>>> recommendations.  One of the best things to do, in my opinion, to make
>>> things more secure and more accurate, falls into the usability category for
>>> tabulation: perhaps election results shall not be released until such and
>>> such a time on the next day, say noon.  Pressure to get everything correct
>>> in a very short amount of time after a long day works against security and
>>> accuracy.  No matter what technology we use or how secure or whatever, it
>>> can’t erase the fact that the overall process is a very demanding
>>> management issue.
>>>
>>>
>>>
>>> The CDF work can help to make that easier, common identifiers for
>>> geopolitical geography and contests can help to make it easier, and there
>>> are probably a host of other items that could help to reduce the amount of
>>> time (and software required) to get all the equipment to work together
>>> smoothly.  So as I’m reading the posts, I’m thinking about future VVSG
>>> requirements to make all the equipment work together so that the overall
>>> tabulation process is more usable to the election people conducting it.  Of
>>> course, giving them more time to do would help significantly.
>>>
>>>
>>>
>>> Cheers, John
>>>
>>>
>>>
>>> *From:* vvsg-interoperability-bounces at nist.gov [
>>> mailto:vvsg-interoperability-bounces at nist.gov
>>> <vvsg-interoperability-bounces at nist.gov>] *On Behalf Of *Arthur Keller
>>> *Sent:* Thursday, July 28, 2016 10:20 AM
>>> *To:* Stephen Berger <stephen.berger at suddenlink.net>
>>> *Cc:* vvsg-election <vvsg-election at nist.gov>; vvsg-pre-election <
>>> vvsg-pre-election at nist.gov>; vvsg-post-election <
>>> vvsg-post-election at nist.gov>; vvsg-interoperability <
>>> vvsg-interoperability at nist.gov>
>>> *Subject:* Re: [VVSG-interoperability] Single Point of Failure - the
>>> Scan Head - RE: By November, Russian hackers could target voting machines
>>>
>>>
>>>
>>> Thanks, Stephen. I think you mean scanner software is NEVER examined.
>>>
>>>
>>>
>>> Best regards,
>>>
>>> Arthur
>>>
>>>
>>> On Jul 28, 2016, at 7:02 AM, Stephen Berger <
>>> stephen.berger at suddenlink.net> wrote:
>>>
>>> Susan,
>>>
>>>
>>>
>>> Good points.
>>>
>>>
>>>
>>> Let add to the landscape that currently we have a single point of
>>> failure that I think deserves some attention.  That point is when the
>>> ballot is scanned.  Typically the scan mechanism is not specified and the
>>> initial processing software is not specified.  Almost all, actually to my
>>> knowledge all of the scanners first throw away a lot of information.
>>> Modern scanner electronics is able to get excellent resolution and color
>>> differentiation.  There is a lot that can be done with high quality can
>>> images.  However, the scanner software immediately throws away most of that
>>> information and make everything black or white.  This is done because it
>>> makes mark recognition easier and it saves on machine memory.  However,
>>> what is a vote is determined not off the image of the ballot but the
>>> processed image.  To make matters worse, neither the VVSG or any election
>>> official, decides when a pixel should be determined to be black or white or
>>> how many pixels make a valid mark.  This is left to each company and even
>>> each design team at each company.  Even worse, it is often decided by the
>>> scanner engine manufacturer and that software is very examined in any of
>>> our processes.
>>>
>>>
>>>
>>> It would seem worth paying some attention to what happens between the
>>> ballot being feed to the scanner and a decision being made about what votes
>>> are on that paper.  It also seems reasonable that election officials should
>>> be the ones deciding how big a mark is a valid mark and how various kinds
>>> of uncertain marks should be dealt with.
>>>
>>>
>>>
>>> Best Regards,
>>>
>>>
>>>
>>> Stephen Berger
>>>
>>> *TEM Consulting, LP*
>>>
>>> Web Site - *www.temconsulting.com <http://www.temconsulting.com>*
>>> E-MAIL - stephen.berger at ieee.org
>>> Phone - (512) 864-3365
>>> Mobile - (512) 466-0833
>>> FAX - (512) 869-8709
>>>
>>>
>>>
>>> *From:* vvsg-interoperability-bounces at nist.gov [
>>> mailto:vvsg-interoperability-bounces at nist.gov
>>> <vvsg-interoperability-bounces at nist.gov>] *On Behalf Of *Susan Eustis
>>> *Sent:* Thursday, July 28, 2016 8:31 AM
>>> *To:* Arthur Keller <ark at soe.ucsc.edu>
>>> *Cc:* vvsg-election <vvsg-election at nist.gov>; vvsg-pre-election <
>>> vvsg-pre-election at nist.gov>; vvsg-post-election <
>>> vvsg-post-election at nist.gov>; vvsg-interoperability <
>>> vvsg-interoperability at nist.gov>
>>> *Subject:* Re: [VVSG-interoperability] By November, Russian hackers
>>> could target voting machines
>>>
>>>
>>>
>>> Arthur, I agree, I concur.   My new book lays this scenario out in
>>> detail and provides suggestions for preventing the hacks, ways to protect
>>> the integrity of the election results, there needs to be safe guards and
>>> automatic recounts the very next day with observers representing all
>>> candidates, no matter whether the election was close or not.  There needs
>>> to be an audit trail and a way to protect the integrity of the balloting
>>> that occurs before election day.  There needs to be a way for the observers
>>> to make a duplicate of the original ballots as the recount goes on and to
>>> run those through their own counting scanner to determine the validity of
>>> the election.  There needs to be a way to interrupt the recount at any time
>>> if someone has to go to the bathroom or falls asleep so that the recount
>>> process has continuity and integrity.  Things like this.
>>>
>>> Susan
>>>
>>>
>>>
>>> On Thu, Jul 28, 2016 at 9:22 AM, Arthur Keller <ark at soe.ucsc.edu> wrote:
>>>
>>> But vote tabulation and especially roll up is often connected to the
>>> Internet. And with the lack of effective audits in more jurisdictions,
>>> hacking the Internet-connected vote tabulation systems would do the trick.
>>>
>>>
>>>
>>> In particular, if the vote tabulation system is connected to the web
>>> reporting system, then that's an avenue for attack.
>>>
>>>
>>>
>>> There's a difference between auditable and actually audited. If the
>>> results are sufficiently skewed on election night, post election audits may
>>> not matter anyway. They didn't even matter in Florida in 2000 where the
>>> election was close.
>>>
>>>
>>>
>>> Could the programming of electronic voting machines be hacked in a
>>> Stuxnet type attack while they are loaded with the election data file?
>>>
>>>
>>>
>>> If China can hack Google, do we really believe there's no way Russia
>>> can't hack enough counties or states to change the outcome of the
>>> presidential election?
>>>
>>>
>>>
>>> Best regards,
>>>
>>> Arthur
>>>
>>>
>>> On Jul 28, 2016, at 6:07 AM, Deutsch, Herb <hdeutsch at essvote.com> wrote:
>>>
>>> Voting machines are not attached to the internet.  You can’t hack them
>>> without physical control and that is auditable.
>>>
>>>
>>>
>>> *From:* vvsg-interoperability-bounces at nist.gov [
>>> mailto:vvsg-interoperability-bounces at nist.gov
>>> <vvsg-interoperability-bounces at nist.gov>] *On Behalf Of *Arthur Keller
>>> *Sent:* Thursday, July 28, 2016 12:30 AM
>>> *To:* John Wack
>>> *Cc:* vvsg-election; vvsg-pre-election; vvsg-post-election;
>>> vvsg-interoperability
>>> *Subject:* [VVSG-interoperability] By November, Russian hackers could
>>> target voting machines
>>>
>>>
>>>
>>> What should the election community do about this threat?
>>>
>>>
>>>
>>> Best regards,
>>>
>>> Arthur
>>>
>>>
>>>
>>>
>>> https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/
>>>
>>>
>>> By November, Russian hackers could target voting machines
>>> If Russia really is responsible, there's no reason political
>>> interference would end with the DNC emails.
>>>
>>> <image001.jpg>
>>>
>>> By Bruce Schneier July 27 at 3:10 PM
>>>
>>> Bruce Schneier <https://www.schneier.com> is a security technologist
>>> and a lecturer at the Kennedy School of Government at Harvard University.
>>> His latest book is *Data and Goliath: The Hidden Battles to Collect
>>> Your Data and Control Your World*
>>> <https://www.schneier.com/book-dg.html>.
>>>
>>> Russia was behind the hacks into the Democratic National Committee’s
>>> computer network that led to the release of thousands of internal emails
>>> just before the party’s convention began, U.S. intelligence agencies have
>>> reportedly
>>> <http://www.nytimes.com/2016/07/27/world/europe/russia-dnc-hack-emails.html>
>>> concluded.
>>>
>>> The FBI is investigating. WikiLeaks promises
>>> <http://www.cnn.com/2016/07/26/politics/julian-assange-dnc-email-leak-hack/> there
>>> is more data to come. The political nature
>>> <http://www.defenseone.com/technology/2016/07/how-putin-weaponized-wikileaks-influence-election-american-president/130163/>
>>> of this cyberattack means that Democrats and Republicans are trying to spin
>>> this as much as possible. Even so, we have to accept that someone is
>>> attacking our nation’s computer systems in an apparent attempt to influence
>>> a presidential election. This kind of cyberattack targets the very core of
>>> our democratic process. And it points to the possibility of an even worse
>>> problem in November — that our election systems and our voting machines
>>> could be vulnerable to a similar attack.
>>>
>>> If the intelligence community has indeed ascertained that Russia is to
>>> blame, our government needs to decide what to do in response. This is
>>> difficult because the attacks are politically partisan, but it is
>>> <http://arstechnica.com/security/2016/06/guest-editorial-the-dnc-hack-and-dump-is-what-cyberwar-looks-like/>
>>>  essential
>>> <https://www.balloon-juice.com/2016/07/26/we-are-at-cyber-war-so-what-exactly-do-we-do-about-it/>. If
>>> foreign governments learn that they can influence our elections with
>>> impunity, this opens the door for future manipulations
>>> <http://www.huffingtonpost.com/michael-gregg/top-six-ways-hackers-coul_b_7832730.html>,
>>> both document thefts and dumps like this one that we see and more subtle
>>> manipulations that we don’t see.
>>>
>>> Retaliation is politically fraught and could have serious consequences,
>>> but this is an attack against our democracy. We need to confront Russian
>>> President Vladimir Putin in some way — politically, economically or in
>>> cyberspace — and make it clear that we will not tolerate this kind of
>>> interference by any government. Regardless of your political leanings this
>>> time, there’s no guarantee the next country that tries to manipulate our
>>> elections will share your preferred candidates.
>>>
>>> Even more important, we need to secure our election systems before
>>> autumn. If Putin’s government has already used a cyberattack to attempt to help Trump
>>> win
>>> <http://talkingpointsmemo.com/edblog/trump-putin-yes-it-s-really-a-thing>,
>>> there’s no reason to believe he won’t do it again — especially now that Trump
>>> is inviting the “help.”
>>> <https://www.washingtonpost.com/politics/democratic-national-convention-obama-biden-kaine-set-to-tout-clinton-as-commander-in-chief/2016/07/27/afc57884-53e8-11e6-bbf5-957ad17b4385_story.html?hpid=hp_hp-top-table-main_trump-1230pm%3Ahomepage%2Fstory>
>>>
>>> Over the years, more and more states have moved to electronic voting
>>> machines and have flirted with Internet voting. These systems are
>>> <http://arstechnica.com/tech-policy/2015/04/meet-the-e-voting-machine-so-easy-to-hack-it-will-take-your-breath-away/>
>>>  insecure
>>> <https://www.statslife.org.uk/significance/politics/2288-how-trustworthy-are-electronic-voting-systems-in-the-us>
>>>  and <https://www.salon.com/2011/09/27/votinghack/> vulnerable
>>> <https://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security>
>>>  to
>>> <http://whowhatwhy.org/2015/08/31/foreigners-could-hack-us-elections-experts-say/>
>>>  attack
>>> <http://www.popsci.com/gadgets/article/2012-11/how-i-hacked-electronic-voting-machine>
>>> .
>>>
>>> *[Your iPhone just got less secure. Blame the FBI.
>>> <https://www.washingtonpost.com/posteverything/wp/2016/03/29/your-iphone-just-got-a-lot-less-secure-and-the-fbi-is-to-blame/>]
>>> *
>>>
>>> But while computer security experts like me
>>> <https://www.schneier.com/blog/archives/2004/11/the_problem_wit.html>
>>>  have sounded
>>> <https://www.giac.org/paper/gsec/3687/inherent-problems-electronic-voting-systems/105962>
>>>  the <http://homepage.cs.uiowa.edu/%7Ejones/voting/congress.html> alarm
>>> <https://cs.stanford.edu/people/eroberts/cs181/projects/2006-07/electronic-voting/index_files/page0004.html>
>>>  for <https://citp.princeton.edu/research/voting/> many years, states
>>> have largely ignored the threat, and the machine manufacturers have thrown
>>> up enough obfuscating babble that election officials are largely mollified.
>>>
>>> We no longer
>>> <https://scontent.xx.fbcdn.net/hphotos-xlp1/v/t1.0-9/12115815_699872940152206_2266030088084252627_n.png?oh=2a4e5e944a5feadb7e133dd8c57be376&oe=57AD8C92>
>>>  have time <https://xkcd.com/463/> for that. We must ignore the machine
>>> manufacturers’ spurious claims
>>> <https://www.salon.com/2006/09/13/diebold_3/> of security, create tiger
>>> teams to test the machines’ and systems’ resistance to attack, drastically
>>> increase their cyber-defenses and take them offline if we can’t guarantee
>>> their security online.
>>>
>>> Longer term, we need to return to election systems that are secure from
>>> manipulation. This means voting machines with voter-verified paper
>>> audit trails
>>> <http://votingmachines.procon.org/view.answers.php?questionID=000291>,
>>> and no
>>> <http://engineering.jhu.edu/magazine/2016/06/internet-voting-nonstarter/>
>>>  Internet
>>> <https://www.verifiedvoting.org/resources/internet-voting/vote-online/>
>>> voting
>>> <http://www.scientificamerican.com/article.cfm?id=2012-presidential-election-electronic-voting>. I
>>> know it’s slower and less convenient to stick to the old-fashioned way, but
>>> the security risks are simply too great.
>>>
>>> There are other ways to attack our election system on the Internet
>>> besides hacking voting machines or changing vote tallies: deleting voter
>>> records
>>> <http://thehill.com/policy/cybersecurity/278231-election-fraud-feared-as-hackers-target-voter-records>,
>>> hijacking candidate or party websites, targeting and intimidating campaign
>>> workers or donors. There have already been multiple instances of
>>> political doxing
>>> <https://www.schneier.com/blog/archives/2015/11/the_rise_of_pol.html> —
>>> publishing personal information and documents about a person or
>>> organization — and we could easily see more of it in this election cycle.
>>> We need to take these risks much more seriously than before.
>>>
>>> Government interference with foreign elections isn’t new, and in fact,
>>> that’s something the United States itself has repeatedly done
>>> <https://www.lawfareblog.com/what-old-and-new-and-scary-russias-probable-dnc-hack> in
>>> recent history. Using cyberattacks to influence elections is newer but has
>>> been done before, too — most notably in Latin America
>>> <http://www.bloomberg.com/features/2016-how-to-hack-an-election/>.
>>> Hacking of voting machines isn’t new, either. But what is new is a foreign
>>> government interfering with a U.S. national election on a large scale. Our
>>> democracy cannot tolerate it, and we as citizens cannot accept it.
>>>
>>> *[Why would Russia try to hack the U.S. election? Because it might work.
>>> <https://www.washingtonpost.com/posteverything/wp/2016/07/26/why-would-russia-interfere-in-the-u-s-election-because-it-usually-works/>]
>>> *
>>>
>>> Last April, the Obama administration issued
>>> <https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know>
>>>  an
>>> <https://www.whitehouse.gov/blog/2015/04/01/expanding-our-ability-combat-cyber-threats>
>>>  executive
>>> <https://medium.com/the-white-house/a-new-tool-against-cyber-threats-1a30c188bc4#.jgbalohyi>
>>>  order
>>> <https://www.whitehouse.gov/the-press-office/2015/04/01/executive-order-blocking-property-certain-persons-engaging-significant-m> outlining
>>> how we as a nation respond to cyberattacks against our critical
>>> infrastructure. While our election technology was not explicitly mentioned,
>>> our political process is certainly critical. And while they’re a hodgepodge
>>> of separate state-run systems, together their security affects every one of
>>> us. After everyone has voted, it is essential that both sides believe the
>>> election was fair and the results accurate. Otherwise, the election has no
>>> legitimacy.
>>>
>>> Election security is now a national security issue; federal officials
>>> need to take the lead, and they need to do it quickly.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> --
>>>
>>> Susan Eustis
>>> President
>>> WinterGreen Research
>>> 6 Raymond Street
>>> Lexington, Massachusetts
>>> phone 781 863 5078
>>> cell     617 852 7876
>>>
>>>
>>
>>
>> --
>> --
>>
>> Susan Eustis
>> President
>> WinterGreen Research
>> 6 Raymond Street
>> Lexington, Massachusetts
>> phone 781 863 5078
>> cell     617 852 7876
>>
>
>
>
> --
> --
>
> Susan Eustis
> President
> WinterGreen Research
> 6 Raymond Street
> Lexington, Massachusetts
> phone 781 863 5078
> cell     617 852 7876
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20160728/3d683f5e/attachment.html>

More information about the CAVO mailing list