FORGET ABOUT RUSSIAN ELECTION HACKING, THERE’S VOTER DATA FOR ...August 10, 2017
Ok, I confess, I'm just not all that excited about the allegations of Russia hacking American elections. I'm one of those neanderthals - as I pointed out yesterday in the completely different context of high frequency algorithmic trading - who likes the old-fashioned, humanly connected activity of paper: paper books, not amendable ebooks, paper stock certificates or bonds or other securities, and, yea, paper ballots. My disgust with the election system began, not with allegations of the always-byzantine-never-to-be-trusted-Russians in cahoots with the always-flambouyant-never-to-be-taken-seriously-Mr. Trump, but with a scandal with voting machines itself, first brought to Americans' attentions in a book by the Collier brothers back in the early 1990s, called Votescam, all about using election machines to rig elections, right here at home, no Russians needed. Of course, since the Russian hacking meme broke, there have also been contests reported to see who can hack into a voting machine system the fastest. Surprise surprise, it only took mere minutes. As far as I'm concerned, I am as much worried about the indications of election fraud committed by both political parties in this country, as about anything the Russians may have allegedly been up to.
With that said, Mr. T.M. found yet another curious article this week concerning voter fraud, or rather, sale of data from voting machines:
What caught my eye was the fact that Kevin Collier, one of the two brothers who originally wrote Votescam, is the author of this article, and he zeros in on that contest:
When 650 thousand Tennesseans voted in the Memphis area, they probably didn’t expect their personal information would eventually be picked apart at a hacker conference at Caesars Palace Las Vegas.
And that isn't the end of it:
Election Systems and Software (ES&S), which makes the ExpressPoll-5000, is one of the most popular e-poll book manufacturers in the country, said Barbara Simons, who sits on the board of Verified Voting, a nonpartisan research group that advocates for voting-machine security. There’s no formal auditing process for how many of the machines are properly wiped, and thus no way to estimate how many machines have been sold that inadvertently contain voter records.
But the fact that only a handful of such machines were made available at DEF CON and one of them had personal records that were so easily available doesn’t inspire confidence, said Matt Blaze, a renowned security researcher who has authored several studies on voting machine security and who helped organize the village.
“How many other of these machines that also have data left on them have been sold to who knows who? There’s no way of knowing,” Blaze told Gizmodo.
After being sold at government auction, many machines are later resold, often for a few hundred dollars. Harri Hursti, a voting machine expert who famously found a critical flaw in Diebold voting systems, helped coordinate the machines’ purchase for the conference by scouring eBay. The one seller he visited in person before buying had filled an entire warehouse with voting machines bought at auction, he said.
Anyone with access to such a device—whether on Election Day or while playing with an ExpressPoll-5000 at home—would need only moderate computer skills to check for those records. (Emphasis added)
Stop and let that one sink in for a moment: there is "no formal auditing process for how many of the machines are properly wiped, and thus no way to estimate how many machines have been sold that inadvertently contain voter records." That said, in today's climate (note, I said climate, not culture, for the political class has none of the latter) of rampant corruption, and the "double standard" that laws made by legislators are for everyone but themselves, one can bet one's bottom dollar that voter records have been illicitly sold.
Not only that, argues Collier, but there are much greater opportunities for fraud than meets the eye:
The privacy breach, however, isn’t the full extent of problems with the ExpressPoll-5000. Even though the device doesn’t tally actual vote results, and instead simply registers voters at a polling place, a compromised machine’s lack of security could be used to disenfranchise tens or hundreds of thousands of voters on voting day.
Electronic poll books are often simply given to election officials for safekeeping. There’s no comprehensive look at how effectively those officials keep their machines, but some store them at home, and it’s clear that they’re not always kept secure. In April, before the runoff vote in Georgia’s special congressional election, a thief stole four e-poll books from the pickup truck of a poll manager while he shopped for groceries.If someone were to covertly access the memory card before the election, they could mark some or all users as having already voted absentee, preventing them from casting their actual vote. “I could write a script to do that in seconds,” Palmer said.