9 Comments

"There’s no evidence that Dominion machines were hacked."

Is there a report on how this conclusion came to be? Which machines were investigated and where?

Expand full comment

There's a potential vulnerability in all these paper-based systems that nobody ever talks about. Or maybe I'm stupid and this isn't real: evil precinct workers can print out a lot of ballots for their candidate and insert them into the pile, i.e. stuff the ballot box.

Is this not really a thing?

Expand full comment
Jun 18, 2023·edited Jun 18, 2023

That's the vulnerability in our elections that concerns me the most, but it's also irrelevant to issues with ballot marking devices, and any mitigations against it would need to be more wide reaching. Elections are complex systems with many components.

The ballot stuffing issues are related to voter registration, and the problem of how to verify that (a) all valid ballots were counted, (b) only valid ballots were counted, (c) every ballot is associated with a registered voter, and (d) no two ballots are associated with the same voter.

Most people focus on (a), (c), and (d), but in my mind the biggest risk is (b): ensuring that *only* valid ballots were counted. Especially since "privacy of the vote" is an important constraint of the system, meaning that mail-in ballots are not associated with a specific voter once they're separated from their envelopes, it's challenging to see how you mitigate an attacker stuffing a box of ballots that have been separated from their envelopes but not yet counted.

One attack could be removing some uncounted valid ballots and replacing them with the same number of fake ballots. Chain of custody procedures are meant to be a mitigation against this, but they only help so much when there is no prescribed process for when they're violated, and when it can so often look like an accident. The attacker just says "oh oops we lost sight of this bag for a while but we checked and the number of ballots in the box is the same number that we wrote down in the log when the box left the precinct [which could be true but has no bearing on whether it's the same set of ballots inside the box]... mistakes happen, we're human, are you an election denier?"

Expand full comment

I mention it mostly because so many researchers are willing to assume that what can go wrong with electronic systems will go wrong, but ignore the old fashioned obvious.

Expand full comment

Do you have an idea why they are so loathe to update the machines? Are there physically distributed over so many different places? Are regulations making the process more troublesome than it should be? Is Dominion behind the coverup, worried that if they admit to the vulnerability, they will suffer in some of their lawsuits or will have to patch everyone's machines?

Does MITRE NESL have a good reputation? Are they generally competent or are they yes-men-for-hire trading on the MITRE brand? It's hard for me to square the CVE database with a pre-Kerckhoff view of security.

Expand full comment
author

Yes -- regulation. Regulations/rules make it extraordinarily difficult and costly to update voting machine software, so they do so only rarely.

Expand full comment

I would have thought that the vendor would, as part of the service contract, insist that the customers update the machine for all but low-order vulnerabilities. I'd give them as much help as possible, but still.

Expand full comment

I successfully guessed the target of the QR code.

Expand full comment
author

You won't ever know for sure until you open in the browser.

Expand full comment