While you are correct that the cybersec practices on voting machines are embarrassingly bad, we don't actually rely on them for the integrity of our elections in most districts. They are a convenience more than anything else, and at the first sign of any possible tampering, we can audit against paper ballots that get printed off the voting machines (which if you start altering those, it only takes one person to notice somethings off and the jig is up)

Even with their shit security, an attack would be exceedingly difficult to pull off. The machines are airgapped and audited, so you need physical access without supervision which by itself is a tall order. Then, consider that you will need to compromise dozens of machines at minimum to swing even the lowest turnout national election for the most obscure position. Finding enough people willing to risk a federal pound-me-in-the-ass prison felony charge that are smart enough to do the job and not get caught is going to be a challenge too, because if one person gets caught, then once again, the jig is up.

What is far more realistically dangerous is convincing people that the election was compromised when it wasn't. This gets you way more bang for your buck because it's so much easier to do, and is the primary reason I think that nobody really bothers trying to compromise the voting machines.

[+] secproto@pawb.social 0 points 1 year ago (1 children)

[deleted]

[–] skulkingaround@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago) (1 children)

The main point I'm trying to make is that compromising voting machines is not the hard part of rigging an election. It would require a conspiracy so complicated, that I'm not convinced there's any group on earth that could successfully pull it off. Set aside cybersec arguments for a moment:

Let's assume the worst case for security, that there is one machine per state that you can easily compromise to alter election results. This alone is doing a lot of lifting for this example.
Now, you have to cross your fingers and hope that the election is close enough that you can fudge the overall result without raising suspicion
Prior to the election, you have to plan which states to compromise, and what districts you will target for altering votes. You can only really do this in swing states and swing districts. It is usually not clear until very close to the election which places will be optimal.
Because you are at the mercy of RNGesus as for where you can compromise, you have to compromise a lot of extra states ahead of time to eliminate risk that you didn't get enough swingable ones to pull of your plan. This increases head count and creates more liability.
If you swing any given district too far, you can raise suspicion and trigger a recount. If one district raises the alarm, the rest will follow. If you only compromised central machines and not the voting machines and ballots themselves, you fail.
If you can't find enough districts to subtly alter, you fail.
Let's assume you prepared for point 4 and compromised voting machines themselves. This requires massively more people involved, and if only one person gets caught, you fail.
To extend 6. every person involved in your conspiracy is a liability. A single double agent gets in your ranks? Fail. Somebody flakes? Fail. Somebody grows a conscious or gets busted and rats you out? Fail.

While yes, theoretically you could overcome all those obstacles, you'd have to get miraculously lucky and you'd need to not get busted for quite a long time after the election. Why even bother when you can just pay a few bucks to the right people and get news channels to convince the voters to put your guy in charge without committing any voter fraud at all?

Now all that said, I absolutely support improved election security. If nothing else, it will make it much harder to spread FUD about election integrity.