Slashdot Mirror

They can already tell too much just by watching which elections you vote in and extrapolating your likelihood of voting in other elections based on past preferences.

By seeing me vote for local and European elections, they can extrapolate that I'll probably do that again in 4 years? I don't see what the problem with that is. My presence near the polling station would probably already give them the suspicion that I was trying to vote, and might try to do it again in the future :-).

BTW I'll share here again the cartoon that the people from www.wijvertrouwenstemcomputersniet.nl have made, read it, it's very easy to understand (I see they've translated it this year) and totally convincing:
cartoon

I feel it is my civic duty to post the URL of the (Dutch) cartoon of www.wijvertrouwenstemcomputersniet.nl here, because apparently it has slipped the collective Slashdot consciousness that there are very simple and clear reasons why voting should be done with pen & paper to minimize fraud:

Practice your dutch on this:
http://wijvertrouwenstemcomputersniet.nl/other/strip/index.html
N.B. it's 4 pages, click on the "verder" red pencil at the bottom right

The average citizen *must* understand how it works, be able to vote in secret, be able to view all of the procedure except for the secret vote, and must be able to trust that his/her vote has been counted properly.
If you can take over a country without a war just by manipulating a few engineers who make voting computers, that's a lot cheaper than manipulating thousands of volunteers of differing political parties, some of which might talk afterwards.

Practice your Dutch and try to see the voting process from the point of view of Joe Public by reading this Dutch political cartoon (click on the red pencil "verder" for next page) and see if you still like the electronic ballot afterwards:

http://wijvertrouwenstemcomputersniet.nl/other/strip/index.html

See http://wijvertrouwenstemcomputersniet.nl/blog/ for the Dutch story on voring machines. Yes, we were earlier to abondon the computers. We vote with a pencil.

Exactly those machines (and others) were outlawed a few years ago by the dutch government, after years of protesting from the http://wijvertrouwenstemcomputersniet.nl/ action group (translated: 'we don't trust voting machines'). In this action group were a couple of notable hackers and ICT experts - people with some authority when it comes to ICT, who argued that such a black box can not be trusted by the voter in any case.

Options like printing voting tickets - to get both of best worlds (fast counting and verifyable counting) were considered, but quickly dismissed as there was no ready available hardware.

So - luckily - we are now back to voting with paper and pencil. Not everyone is happy with that (because it's slightly more inconvenient - a rubbish statement if you ask me for something you'd do on average once every two years, and especially when you compare it to all other paperwork bureaucracy forces us too). Among the groups against are the more uneducated people (sorry for that statement), and an incidental parlementarian.

I'm glad to see brittain saw the flaws of electronic voting too. I can only hope other countries that still use electronic voting will see it too. If i'm not mistaken, USA has got it's scandals too when it comes to voting machines.

And in practice, voting on paper works out just fine. May take a day longer for the final count, but the newspapers won't complain because now they can bring the news again, instead of the television.

...made by Nedap
We returned to paper ballots in The Netherlands about a year and a half ago. As the computers are exactly the same, it's a logical (albeit late) decision.

...big grain of salt needed.
While TNO has been in the far past a research *company* with a respected name, nowadays they are more and more on the hand of whoever it is that pays them to do a study.
When I saw this headline in Dutch papers, it clearly was that "more and more people are downloading without paying". Maybe somewhere in the appendix, it read that they would buy songs when downloading.

TNO was the same agency that approved our voting computers multiple times in a row - the same ones that are forbidden right now.
TNO also researched the chip used for the public transport system in The Netherlands, and approved its security multiple times.

please check this site for the reason behind my post. Mind that this is the very site that started the movement to get voting computers officially *outlawed* in The Netherlands. They explicitly are against using any form of computer, being open or otherwise, because of the intrinsic risks involved in them.

When I am assisting voters, I make sure to highlight that the paper vote that displays is the "paper trail" they have heard about, and that to ensure their vote's integrity, they should be careful to seriously check the vote and verify it matches http://www.wijvertrouwenstemcomputersniet.nl/English

``We nearly ended up using the same kit here in Ireland.''

In fact, the rejection of the machines in Ireland seems to have sparked the (grass-roots, kudos go to wijvertrouwenstemcomputersniet.nl) investigation in the Netherlands. Finally, they seemed to have stirred up enough commotion that the government took some measures (although, I must say, they fell short of what would have been desirable).

It is amazing that voting systems like the ones we had in the Netherlands (and the Nedap machines we shipped to Ireland weren't the worst of them) were allowed in the first place. Perhaps we can now finally put an end to this debacle. I don't care what the voting machine manufacturers or the government have to offer. I understand they want to deny the problem and cover their asses. But we _need_ a voting procedure that we can trust. As far as I am concerned, we can straigh out ban most of the authority figures who have been involved in the process so far from ever having any influence on the process again. This is important, and they tried to mislead us into thinking everything was alright when it wasn't, and they should have known it wasn't (after all, this was after the findings from the irish and wijvertrouwenstemcomputersniet).

There are ways to get vote counting right. Many people have thought about the issue, and some have come up with good solutions (for example, David Chaum's Punchscan, and Ron Rivest's ThreeBallot). However, the simple solution that works for most people, can be understood by pretty much everybody, and provides a decent level of trust, is simply voting on paper and counting by hand. Sure, it's labor intensive. But this is about who gets to rule us. Surely that's worth some trouble.

This whole issue wouldn't have existed without thorough research and lots of persistence of the group at "We Don't Trust Voting Computers". These men and women have dived into the voting computers used for decades in the Netherlands, found numerous serious flaws and made them public. They forced our government to install this commission, which has lead to the best possible outcome: no more electronic voting.

Thanks guys, you rock.

The machines in question had a wossname, programmable chip (EPROM and EEPROM).

The people of wijvertrouwenstemcomputersniet.nl (=wedonottrustvotingmachines.nl) showed how (http://www.wijvertrouwenstemcomputersniet.nl/images/9/91/Es3b-en.pdf/) you can reprogram the Nedap/Groenendaal ES3B voting toy in such a way that it is really hard to detect (physical checks were amateurous anyway).

First by having a test whether the test is genuine. For instance, lasting at least 8 hours with a certain randomness in the voting pattern.

Only then it would start the 'fraud routine', also with several precautions against discovery.

The only way to know a chip actually does what it is supposed to do is opening it and looking at it under a really good microscope. if the voting process happens in a black box you cannot know what happens inside . No matter how many scientists are working on it you never will have a secure enough system. even if the hardware isn't programmable you can not trust it: chips can be resoldered, and if it is all put in a big blob of glue you can not validate the hardware any more. this is a security analysis of a voting machine in the netherlands that was abused to play chess http://www.wijvertrouwenstemcomputersniet.nl/image s/9/91/Es3b-en.pdf and here is a podcast in german about that hack: http://chaosradio.ccc.de/cre039.html

They can randomly display the list of candidates, eliminating the 'first ballot position' advantage.

As someone who's done some academic research on voting technology, I'd like to respond. [snip]I know slashdotters usually have a boner for technology, but learn a little about running elections before you bring that bullshit to the polling place.

They can randomly display the list of candidates, eliminating the 'first ballot position' advantage.

As someone who's done some academic research on voting technology, I'd like to respond. [snip]I know slashdotters usually have a boner for technology, but learn a little about running elections before you bring that bullshit to the polling place.

Nedap is. They had to change their machines in the Netherlands after the group Wij vertrouwen stemcomputers niet demonstrated flaws, especially with the LCD screen - it was possible to detect the selected vote remotely using a Tempest-like effect, if I understand correctly).

Anyways, I voted on such a machine, and saw how old people had trouble using it. It is also the first time I had to wait to vote (15 minutes instead of less than one), because their was only one machine and many people had to be told how to use it.

Two of the main parties called for their removal; I hope this is going to happen.

There has been very similar discussion in the Netherlands.
Here, too, the manufacturer said it was not a computer. An investigative group said "give us one, we will convert it to a chess-playing computer". Impossible, said the manufacturer, but denied them a demo machine. Then, they borrowed one from a municipality, and converted into a chess-playing computer. This, of course, lowered some jaws.

Furthermore, they wrote new firmware for it that manipulated the election results, and showed various different techniques for making sure this was not easily detected.
The device widely used in the Netherlands has no precautions at all against manipulation of the firmware by unauthorized parties. The operating lock is a standard C&K lock for which almost all keys are the same. I remembered having such a lock in the junkbox and indeed, its key number is the same as on the voting machines.

But the flaw most easily exploited turned out to be around vote secrecy. The electronics are so badly shielded that someone with a radio receiver within a few tens of meters can detect what vote is being made.

After the usual initial denial, it has been taken up somewhat seriously by authorities. Operational procedures for guarding the firmware have been added (like sealing of the access lid to the electronics).
Furthermore, a certain range of one type of machine and the entire series of another brand were declared unfit for use, because the emission problem could not be controlled by the manufacturer.

http://www.wijvertrouwenstemcomputersniet.nl/Engli sh

Those NEDAP computer are the same in use and contested in the Nederlands http://www.wijvertrouwenstemcomputersniet.nl/Engli shWe Don't Trust Voting Computer.

Those are are the same computer aquired and never used due to public pressure by the Irish (see http://evoting.cs.may.ie/Irish Citizens for Trustworthy Evoting).

How about using an OCR machine to count paper votes? Wouldn't that work?

Any subsequent complaints about the fundamental issues with voting machines will be dismissed by the public as whining from a group who are just looking for any excuse to go on protesting.

Somebody could always start the New Wijvertrouwenstemcomputersniet and complain about something else. And given that there are always hacks to get around any security, I can't see them being sidelined for long.

BTW the site/reports in English.

A Dutch citizen group "Wij vertrouwen stemcomputers niet" ("We do not trust voting machines"), released a report performing a secuirty review of the the Nedap/Groenendaal ES3B voting systems. Chapter 6 (page 14) covers "Compromising emanations" (i.e. TEMPEST). The Nedap machines are DRE systems, but are not a traditional touchscreen. They use an electromechanical touch sensitive full-face ballot interface (similar to the Shouptronic). However, the TEMPEST issues were not related to the input features, but rather the small LCD screen used to verify votes. Similar to many optical scan voting system readers.

While the subject of compromising emanations is one that deserves attention, ultimately what allowed relevant information to be interpreted from the emissions was that a major political party's name contains an accents, an extended ASCII character (Christen Democratisch Appèl) resulting in an emissions variation, something less likely to be a serious concern in the United states.

"Radiation"
Do not think your standard definition for radiation. Think more like spurious emission. It doesn't mean the voting machine runs on Plutonium... These types of emissions are released at some level from all electronic devices. It only becomes a problem when the emissions escape the device housing.

Report
Check out the full report. It's a pretty interesting look in this one particular voting machine.

In fact, during the general assembly elections of november 2006 a lot of counties decided to revert to old-skool paper and pencil voting because of the same issues. Wijvertrouwenstemcomputersniet.nl has done some excellent work!

You are incorrect. You can make the phone connect when it is on hook, at least you could in the Netherlands (and I do not believe our phones are that different from the ones abroad). This was al over the news (xx years ago). It was Rob Gonggrijp that brought it into the media (including live demonstrations), the same guy that now is making all the fuzz about the Dutch voting machines.

And, on another note, he is also involved in the only really secure AND really open source mobile handset, the CryptoPhone.

They only banned SDU-machines and will now use those from nedap, which are also proven to be unsecure: http://www.wijvertrouwenstemcomputersniet.nl/Engli sh green light for nedap: http://www.heise.de/newsticker/meldung/80316/from/ atom10 (sorry, german only, babelfish it)

Here in the Netherlands there is a group under the name of (translated) "we do not trust voting computer" (http://www.wijvertrouwenstemcomputersniet.nl/ in Dutch) who is actively discussing the accuracy and validity of voting computers. They posted on YouTube (http://www.youtube.com/watch?v=B05wPomCjEY) a movie about how to scan the machines about what they registered as a vote. I think that software ruling democracy should be open source just as the entire democracy should be transparant.

They even posted a security analysis (in English) of the voting computer used in the netherlands http://www.wijvertrouwenstemcomputersniet.nl/other /es3b-en.pdf.

Here in the Netherlands there is a group under the name of (translated) "we do not trust voting computer" (http://www.wijvertrouwenstemcomputersniet.nl/ in Dutch) who is actively discussing the accuracy and validity of voting computers. They posted on YouTube (http://www.youtube.com/watch?v=B05wPomCjEY) a movie about how to scan the machines about what they registered as a vote. I think that software ruling democracy should be open source just as the entire democracy should be transparant.

They even posted a security analysis (in English) of the voting computer used in the netherlands http://www.wijvertrouwenstemcomputersniet.nl/other /es3b-en.pdf.

...TNO stands for "Netherlands Organisation for Applied Scientific Research", but one of the major concerns - also pointed forward by the wedontrustvotingcomputers organization - is that TNO refuses to publically state its findings on the NEDAP voting computers.

I know 'independent' is not quite the same as 'open', but for a thing like the public voting process, doesn't it make sense to make these findings public ?

Apparently, they found some errors in the past - as they have tested the voting machines for years ! - but did not reveal them.

So, if "independent" stands for "TNO", as a Dutch voter I'm afraid - very afraid - that those voting machines will not be checked thorougly.

I, for one, welcome our election-monitoring overlords. Where do I sign up to be one of them?

If you visit their site, you'll find information about what you can actually do. You are allowed to stay in the voting room, as long as you don't disturb the process of voting. More information can be found on their action page .