[jpgvm]

The amount of votes submitted via a given method hasn't changed that methods vulnerability. Given how much money is invested into elections to propel a candidate to victory you can be almost guaranteed that any weakness that could have been exploited has likely already been identified, exploited and patched or is sufficiently difficult prove (i.e it's not ballot based) as to be continue to be used.

i.e the ballot counting system is like iOS and a reliable way of getting fraudualent ballots counted is an iOS sandbox 0day. It's so insanely valuable that everyone is hunting for it and huge resources are deployed to protect it.

On the other hand other attacks like voter suppression, propaganda, social media manipulation are sufficiently hard to prove or patch they continue to be used.

[0x00000000]

The vendors do not inspire confidence. Some machines in Michigan crashed due to a bad update on Election Day. Why do we allow secretive, proprietary machines where untested and unaudited updates can be pushed at any time? To be clear, I don’t think there was any foul play, but it just reeks of incompetence and we are putting all the trust on them.

https://www.politico.com/news/2020/11/04/georgia-election-ma...

[charliemil4]

Interesting frame -- I see your point.

Very quickly, I'm not speaking to the Ballot Counting System - I'm speaking to the Ballot Request System. The Request requires information that could be obtained from an individual and rerouted to a centralized operation to fill in the ballot for the person.

It is akin to what happens in some states where some folks are bussed to the polls and given a ballot pre-filled by a trusted member in their community and told to follow the ballot template and we will all go get dinner afterward.

However, in the case of the mail in ballot, the physical voter is no longer required, leveraging the efforts of one person beyond the previous systems limitations: i.e. bus size, trip time, etc.

^ Real life example of the previous exploit -- that is legal if done correctly.

Back to the point: the BRS had an implicit control in place previously... as in, if we see a ton of mail in requests in one location, we should probably check that out. Now that control is invalidated because of the pandemic... thus removing an implicit control without recreating a control to achieve parity (the recreated control for me is the queries I laid out above).

[jpgvm]

I am not seeing how the request system is vulnerable. As I understand it there is a register of absentee voters, ballots are generated (sometimes with privacy sleeves/envelopes etc) and printed with barcodes that tie ballots back to a specific voter ID up until the point that information is separated for counting.

Given knowledge of how that system works and controls put around it I doubt any such vulnerabilities could exist that could be found by statistical analysis that isn't already being done...

I also think you missed the point of my last sentence which is that you could consider the actual ballot system a lot like AES or any other cryto system you might be familiar with.

Cracking the crypto system is stupidly hard because a ton of time was invested making that so. Instead attacking the stuff -around- the crypto system is likely to prove much more fruitful. i.e social engineering, side channel attacks

In the same way the attacks I listed above elicit the desired effect (a certain candidate having an unfair advantage) but without attacking the actual ballot system itself (which is likely far too difficult).

Essentially it's a case of lower hanging fruit, you don't need voter fraud to "steal" an election.

[charliemil4]

Thanks for having such a great conversation on this --

> I am not seeing how the request system is vulnerable.

Here's the scenario: I obtain your SSN, Name and Address to request your ballot to my address (either in the bussing example through your explicit permission or through the nefarious example like using Equifax 2017-2018 Data), then I fill it in at my address, and then mailed it in.

(Edit: to be clear, you have only provided the information to start the ballot process, or I obtained it nefariously, and submitted a ballot without your presence and pen to paper)

That's not a vulnerability? I guess I have a weird definition... I'm saying that's not what I expect when I hear someone 'voted.'

[TheDong]

That's a vulnerability, but there's no evidence it happens in any scale.

If it did happen in any scale, people would notice because the victim of fraud, when they tried to vote, would be notified that their ballot was duplicated or already mailed in. Also, note that the address ballots go to is the voter's registered address, and many ballots going to the same address would be noticed.

Anyway. This sort of vulnerability really does exist all over real human systems, and in reality it mostly doesn't matter. People usually don't do this sort of fraud en masse.

Online vulnerabilities can be exploited at scale easily by a single malicious actor, but human vulnerabilities, like dine-and-dash, or package theft, etc, are much more rare. They're illegal, which discourages most people, and to do any of them at scale, you need a lot of people... and one of those people is likely to report it. The human factor makes scaling it up much harder.

Intercepting a lot of voter ballots either requires them all to go to the same address (which will get noticed), or for you to steal them from many addresses (which won't scale easily per above and will be noticed). Either of those schemes will be noticed when a voter attempts to actually vote.