was completely panned by the National Association of Secretaries of State.
But according to the organizers, this part of the voting hacks was so simple, they left it to the kids to do.
Security of the voting process has been an issue for as long as there have been elections. The credo in Chicago used to be, “Vote early, vote often.” In this Defcon case, in addition to the SQL hacks, they also discovered a number security issues such as default passwords, storage of passwords in unencrypted “clear text” and a few other issues such as the ability to corrupt voter lists.
New technology antidotes to election security issues also did not do so well at Defcon. They also took a close look at Voatz, a start-up designed to strengthen voter participation by having smartphone voting with voting records stored in a blockchain. This system did get positive notes for being opt-in and for having a real-time paper ballot. However, it was criticized for their application of AWS credentials. As perfectly stated in TechCrunch, “The inefficiency of paper ballots and their handling and collation and tabulation is a feature, not a bug.”.
It may seem horribly low tech, but one vice principal at my high school had a novel way to count ballots. He simply had the cast ballots sorted, then he weighed them on some scales from the chemistry department. “I never have had an election that was so close where the ballots had to be counted,” said Mr. Fitzgerald. One could say that he had a dual technology option – physically weighing the ballots and then the counting option
The problem is that the computerization of the voting process – from registration to casting ballots, to the final tallying – makes it as vulnerable as every other computerized process on your device. That means that the process needs protection from both accidents and from deliberately malicious attacks. As cryptography expert and author Bruce Schneier wrote in his blog, the best defense is to back up as much of the system as possible with paper. Yes, low-tech paper is beautiful.
The DEFCON exercise was focused on the particular infrastructure and processes in the US election process. In fact, they conclude that “Americans need the reassurance that their democracy is safe, starting at the ballot box.”