Voting with Technology

Self | 11/28/2023 | EQAndyBuzz

[EQAndyBuzz]

Why can't we use modern technology to vote?

[EQAndyBuzz]

Been thinking about this for a while now. What is one thing every US Citizen has, which separates us from non-US citizens? A Social Security Number. There may be other things, but our entire working lives are based on our SSN.

So my suggestion for voting is simple. Your SSN is your ID to vote. You can either vote by an app on your mobile device, vote from your computer, show up to vote, whatever. One you vote, your SSN is matched up to a voting database, where once you submit your vote, it is crossed off the list and cannot be used again.

Any duplicates are kicked out and further investigated for possible fraud. This does a couple of things. It takes the potential fraud at the local level out of the equation. It takes moving cartons of ballots out of the equation. And most of all, it becomes the securest way to vote as it's matching a valid SSN to a database, preventing duplicate voting.

There is no excuse for not doing this. Most people who are dropping off ballots at drop boxes already have cell phones. Most senior facilities have computers on site. Most military personnel have access to some form of technology at a given point in time.

But most of all, doing this ensures that only citizens of the United States, with valid SSN's can actually vote. And the part about this I love the most is the database already exists, the SSN already exists, which means all that would need to be created is a database for voting and a link to the SSN database for validation. After the election is over, the voting database is cleared.

Thoughts?

[Tell It Right]

As a programmer I hate electric voting. There should be a paper trail.

[JSM_Liberty]

“What is one thing every US Citizen has, which separates us from non-US citizens? A Social Security Number.”

Not true, legal immigrants who have work authorization but have not yet become citizens DO have a social security number and are eligible for social security payments when they get to the eligible age.

[Bloody Sam Roberts]

I’m not putting my SSN into any sort of device that has access to the internet.

[lepton]

One of the issues is that the anonymity makes the process opaque. Either they can track you to your vote, or you can’t confirm it went anywhere or was not invisibly changed.

A SSN is used so broadly that it is simple to compromise, so you would need additional security factors.

[Boogieman]

“Any duplicates are kicked out and further investigated for possible fraud.”

Except nobody’s going to investigate. Anyone can imagine a “fraud proof” voting system using technology, or even by using the older methods of paper ballots and poll books. But you still need people to actually enforce that system, people with integrity, and that is what we are missing in our society today. Every system you dream up is going to have the same flaw: if half the population can’t be trusted, every system relying on people is going to be badly compromised.

[rlmorel]

The thing is, we could do it. There are ways to do it. The problem is, there are people who have a vested interest in designing, implementing, or using systems in ways that intentionally compromise the security and functionality.

Case in point is the LINK: Allied Security Operations Group-Antrim Michigan Forensics Report

They found the following:

SERVER OVERVIEW AND SUMMARY

1. Our initial audit on the computer running the Democracy Suite Software showed that standard computer security best practices were not applied. These minimum-security standards are outlined the 2002 HAVA, and FEC Voting System Standards – it did not even meet the minimum standards required of a government desktop computer.

2. The election data software package USB drives (November 2020 election, and November 2020 election updated) are secured with bitlocker encryption software, but they were not stored securely on-site. At the time of our forensic examination, the election data package files were already moved to an unsecure desktop computer and were residing on an unencrypted hard drive. This demonstrated a significant and fatal error in security and election integrity. Key Findings on Desktop and Server Configuration: - There were multiple Microsoft security updates as well as Microsoft SQL Server updates which should have been deployed, however there is no evidence that these security patches were ever installed. As described below, many of the software packages were out of date and vulnerable to various methods of attack.
   1. Computer initial configuration on 10/03/2018 13:08:11:911
   2. Computer final configuration of server software on 4/10/2019
   3. Hard Drive not Encrypted at Rest
   4. Microsoft SQL Server Database not protected with password.
   5. Democracy Suite Admin Passwords are reused and share passwords.
   6. Antivirus is 4.5 years outdated
   7. Windows updates are 3.86 years out of date.
   8. When computer was last configured on 04/10/2019 the windows updates were 2.11 years out of date.
   9. User of computer uses a Super User Account.

3. The hard drive was not encrypted at rest – which means that if hard drives are removed or initially booted off an external USB drive the files are susceptible to manipulation directly. An attacker is able to mount the hard drive because it is unencrypted, allowing for the manipulation and replacement of any file on the system.
4. The Microsoft SQL Server database files were not properly secured to allow modifications of the database files.
5. The Democracy Suite Software user account logins and passwords are stored in the unsecured database tables and the multiple Election System Administrator accounts share the same password, which means that there are no audit trails for vote changes, deletions, blank ballot voting, or batch vote alterations or adjudication.
6. Antivirus definition is 1666 days old on 12/11/2020. Antrim County updates its system with USB drives. USB drives are the most common vectors for injecting malware into computer systems. The failure to properly update the antivirus definition drastically increases the harm cause by malware from other machines being transmitted to the voting system.
7. Windows Server Update Services (WSUS) Offline Update is used to enable updates the computer – which is a package of files normally downloaded from the internet but compiled into a program to put on a USB drive to manually update server systems.
8. Failure to properly update the voting system demonstrates a significant and fatal error in security and election integrity.
9. There are 15 additional updates that should have been installed on the server to adhere to Microsoft Standards to fix known vulnerabilities. For the 4/10/2019 install, the most updated version of the update files would have been 03/13/2019 which is 11.6.1 which is 15 updates newer than 10.9.1 This means the updates installed were 2 years, 1 month, 13 days behind the most current update at the time. This includes security updates and fixes. This demonstrated a significant and fatal error in security and election integrity.
   1. Wed 04/10/2019 10:34:33.14 - Info: Starting WSUS Offline Update (v. 10.9.1)
   2. Wed 04/10/2019 10:34:33.14 - Info: Used path "D:\WSUSOFFLINE1091_2012R2_W10\cmd\" on EMSSERVER (user: EMSADMIN)
   3. Wed 04/10/2019 10:34:35.55 - Info: Medium build date: 03/10/2019 16
   4. Found on c:\Windows\wsusofflineupdate.txt
   5. *WSUS Offline Update (v.10.9.1) was created on 01/29/2017 *WSUS information found here https://download.wsusoffline.net/

10. Super User Administrator account is the primary account used to operate the Dominion Election Management System which is a major security risk. The user logged in has the ability to make major changes to the system and install software which means that there is no oversight to ensure appropriate management controls – i.e. anyone who has access to the shared administrator user names and passwords can make significant changes to the entire voting system. The shared usernames and passwords mean that these changes can be made in an anonymous fashion with no tracking or attribution.

I work in IT, and this is reprehensible. I would lose my job in a heartbeat if I configured and maintained a system in this fashion. I don't care who you are. This was not an accident. This level of incompetence is fully intentional.

And as long as this is possible, run at the county level, with no safeguards or security standards, these should not be used.

[inkdude]

I am a vote in person advocate. There are plenty of technologies that can be implemented to make it secure. Ballots printed by the voting machine using marked paper and specialty toner. End ballots being printed in bulk. Have the voting machine and scanner both tabulate results and still have a hard copy for recounts.

Too bad there is not someone out there looking to build a better voting machine, I’d love to be on that project.

[sten]

i’ve tried to push a bio-metric based, public block chain voting system that would only allow living registered voters to vote once from their registered districts over the internet and able to be monitored in real-time.

it would literally allow for secure real-time voting from anywhere in the world... but they don’t want anything to do with it.

this was state level REPUBLICANS and i couldn’t get it rolling.

it would take the tech star power of someone like Elon Musk to make it happen and even then, it’d be done in other countries long before the US would think about using it.

we’re so hosed.

[sten]

paper ballots mean nothing when they can ignore them, shred them, run them repeatedly, or accept multiple ballots from the same person.

think harder.

[logi_cal869]

No offense, but you are completely naive about the vulnerability of digital data and their gaslighting has had a demonstrable effect upon you.

Time for an intervention; maybe this thread will suffice...

[sten]

you can have the anonymity of bitcoin if we used block-chain based voting with ballots issued to ‘ballot wallets’ which can only be accessed and used by the owner of the wallet... which would mean voter-id, password, and biometric (finger print, palm print, retina, etc)

and the vote would register with the chain with various meta data

[arthurus]

Technology in voting, no matter how secure it is claimed to be is eminently hackable and the output may or may not have any real relation to the input. Cheating can and does occur with paper ballots but it is much more tedious and requires far more people to accomplish as it has to be done precinct by precinct. Electronic voting can be controlled from central locations and whole systems are vulnerable.

[Tell It Right]

paper ballots mean nothing when they can ignore them, shred them, run them repeatedly, or accept multiple ballots from the same person. think harder.

There are laws against shredding/disposing of paper ballots (at least without image archives). We should punish the people who violate the laws, not abandon the law altogether and just trust the Dominions.

[sten]

voting in person means nothing when they can literally shred the ballot you submit or repeatedly count the ‘good’ ballots thereby watering down your own

[sten]

there are laws against rigging elections... doesn’t stop them.

[cymbeline]

“I am a vote in person advocate. “

I am too, with voters showing and ID at the polling place.

A requirement not mentioned in earlier posts here (unless I missed it) is voting secretly. There’s no substitute for walking into a voting booth where no one sees how you vote.

Any remote voting is not secret voting.

[sten]

just because you filled in a ballot behind a curtain and put it in a box doesn’t mean they can’t check it and accept/reject it

unless your ballot is scanned and submitted to a public-blockchain with all the digital signatures to keep it from being tampered with, then you’d get what we have today... a system that scans the ballots and immediately tosses the ballot images.

[Real Cynic No More]

Any duplicates are kicked out and further investigated for possible fraud.

So, vote thieves use your SSN to vote 'before' you; you then show up to vote, and your ballot is thrown into the "questionable" hopper. Then your vote languishes because the invalid vote is already in the system. Who your SSN originally voted for is in limbo and can't be eliminated because of voter anonymity.

[mewzilla]

Q: Why do states that don’t use RCV have RCV-enabled electronic voting machines...?