For current political commentary, see the daily political notes.
RMS' Bio | The GNU Project
Matt Plaze's testimony in Congress, 29 Nov 2017, urging that the US eliminate unauditable computerized voting machines.
Hackers at Defcon went to work on four different models of US voting machines, and cracked all of them within hours of seeing them for the first time.
Even if some model were totally secure against crackers, it can't be secure against the company that develops its proprietary software.
If, however, the software is free, and the local election authority can change it, then the machine can't be secure against the local election authority. There is always someone that can change the software, and we can't trust that someone.
For secure elections, we must vote on paper.
Even carefully implemented digital voting systems are dangerous, but real ones are often so sloppy you wouldn't believe it.
Some accuse Russian interference. Perhaps it was that, but other suspects are possible, too. We may never know the real cause of this, but we know a way to avoid it: use paper for these records.
Voting machines used in Virginia and Pennsylvania allowed election-rigging via wifi, for anyone that could crack the machine's WEP password.
To make it even easier, they used the password "ABCDE". But that is the icing on the cake. There are programs that reliably guess WEP passwords. No matter what password they had chosen, the machine would still have been vulnerable to anyone with some expertise.
Today's voting computers might have a little better security, but that doesn't mean they can be trusted. Even if the security is enough to thwart random passers-by, that does not mean it will stop people from the company that made the machine, or people from the election authority, from rigging the election indetectably.
Virginia has decertified this machine, but is the replacement good enough for your elections? The proper criteria are more than a little more strict.
Even if the computer's security isn't so weak that outsiders can crack it, that doesn't mean you can trust it. The manufacturer might rig the election; the election authority might rig the election.
It's a shame that the article uses "hackers" to mean "security breakers" — please use the term "crackers" when that's what you mean.
All non-auditable digital voting systems should be banned, as a blanket rule, because they make it easy to rig elections indetectably.
They had the good fortune of knowing there was a security flaw. If a state tries internet voting and does not find a security flaw, that doesn't mean there isn't one. It means there is one and it has not been found.
Australia is using an insecure internet voting system.
In addition to the software vulnerabilities, remote voting opens the door for voters to be coerced by their bosses, by abusive spouses, etc. It is a foolish risk to permit remote voting except in special cases such as when people are travelling or in the hospital.
If young people are not voting, it's because they see the candidates that might win are working for plutocrats. Making it less work to vote is no solution.
Copyright (c) 2015 Richard Stallman Verbatim copying and redistribution of this entire page are permitted provided this notice is preserved.