Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dutch Blackbox Voting Pwned

Posted by ryuzaki0 on from the playing-chess-at-the-polls dept.

An anonymous reader writes, "In a just-published report (PDF, in English, cached here), the Dutch we-don't-trust-voting-computers foundation (Dutch and English) details how it converted a Nedap voting machine, of a type used in Holland and France, to steal a pre-determined percentage of votes and reassign them to another party. The paper describes in great detail how 'anyone, when given brief access to the devices at any time before the election, can gain complete and virtually undetectable control over the election results.' As a funny bonus, responding to an earlier challenge by the manufacturer, the researchers reflashed a voting machine to play chess. The news was on national television (Dutch) last night and is growing into a major scandal. 90% of the votes in the Netherlands are cast on these machines and national elections will be held in a month." Please create mirrors for the 8.1-MB PDF and post their URLs. You might also try John Graham-Cumming's l8r.org service to tell you when the slashdot effect subsides from any of the mirrors.

11 of 353 comments (clear)

  1. Mirror by PktLoss · · Score: 3, Informative

    here's a mirror, good luck fair server
    http://www.preinheimer.com/dump/Es3b-en.pdf

    --
    paul reinheimer
  2. MirrorDot of the PDF by eldavojohn · · Score: 3, Informative

    And the mirrordot server here.

    --
    My work here is dung.
  3. Re:on that note by Anonymous Coward · · Score: 1, Informative

    Mirror: http://130.89.162.142/Es3b-en.pdf

  4. mirror by leonmergen · · Score: 2, Informative

    http://www.solatis.com/iliketobeslashdotted.pdf

    --
    - Leon Mergen
    http://www.solatis.com
  5. Well, I went to the resellers site... by guruevi · · Score: 1, Informative

    I was going to check out what they had to say about it. They also released a press statement about the dust being kicked up:

    Kan de Nedap stemmachine gemanipuleerd worden?
    Alles is te manipuleren.

    Can the Nedap voting machine be manipulated?
    Everything can be manipulated

    Is de Nedap stemmachine beveiligd tegen moedwillige manipulatie?
    Ja. Tegen iedere nieuwe bedreiging worden maatregelen genomen.

    Is the Nedap voting machine secured against manipulation
    Yes. Against every new threat measures are taken

    Kan de uitslag van de Nedap stemmachine gemanipuleerd worden?
    Veel moeilijker dan bij "papieren" verkiezingen

    Can the results of the Nedap voting machine be manipulated?
    Much more difficult than with "paper" elections

    Well, at least they're honest unlike Diebold over here that says they're system is the best and totally secure. Elections can and will always be manipulated as long as there are humans involved. If you make 1000's of people vote for a person by putting a gun against their head, you have succesfully manipulated the election.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  6. Re:Comments on the PDF by hcdejong · · Score: 2, Informative

    I am more so amazed that someone was kind enough to take the time to translate it to English.

    a minor point: The report was written in English; not written in Dutch and then translated. Some of the writers don't speak Dutch.

  7. Also used in Ireland by Ryano · · Score: 2, Informative

    As well as being used in Holland and France, thousands of these NEDAP machines were bought by the Irish government with a view to replacing our paper election system with electronic voting. They had been used in a few pilot constituencies, and were due to be rolled out nationwide for the 2004 local and European elections. Luckily, determined lobbying by computer professionals (Irish Citizens for Trustworthy E-Voting) and others forced the Government to set up an independent Commission on Electronic Voting, who decided that they couldn't stand over the use of the machines without further testing.

    Interestingly enough, these Dutch hackers used the First Report of the Commission on Electronic Voting to glean a lot of the technical details about the machines.

    The most recent report of the Commission (July 2006) concluded that the machines needed some modification but were basically okay, but that the software used to manage an election was basically a joke and should be scrapped. The Government tried to use this as vindication of their actions in procuring the system, even though they had been perfectly willing to let a nationwide election go ahead with dodgy software.

    Even that fig-leaf of respectibility has now been removed, and I expect that the Government will soon be moving the machines out of their costly storage facilities, and into the nearest recycling centre. As the Dutch hackers showed that they could be used to play chess, perhaps an amusement arcade will take them off their hands.

    Lots of info at the Irish Citizens for Trustworthy E-Voting site linked above, including a discussion list archive which has covered every imaginable angle on E-Voting.

  8. Nedaps reaction by mverwijs · · Score: 3, Informative
    Reactie op TV uitzending Een Vandaag
    In de uitzending "Een Vandaag" op 4 oktober werd uitgebreid aandacht besteed aan de Nedap stemmachine, en dan met name aan de werking van deze machine.
    Het viel ons op dat aangetoond werd dat de machine uitstekend werkt. De stemmachine doet precies wat opgedragen wordt. Dit werd overigens ook door alle betrokkenen verwacht en bevestigd.
    Op grond hiervan concluderen wij dat door de naam van de stichting "Wij vertrouwen stemcomputers niet" de machine onrecht wordt aangedaan.
    Beter zou het zijn geweest als de oprichters van de stichting de naam "Wij vertrouwen mensen niet" hadden gekozen.

    Translation:

    Reaction on the TV showing Een Vandaag
    In the show "Een Vandaag" on october 4th, there was a lot of focus on the Nedap votingmachine, and in particular how this machine works.
    What we noticed was that it showed this machine works excellent. The votingmachine does exactly what it is told. This was also expected and confirmed by all parties involved.
    On these grounds we conclude that the name of the foundation "We Don't Trust Votingmachines" does the machine injustice. It would have been better if the founders of the foundation had given it the name "We Don't Trust People".
  9. Re:Well at least.. by Ryano · · Score: 4, Informative

    "they can't open it with a minibar key.."

    Don't be so sure...

    From their report (the PDF linked above):

    The key system chosen by Nedap for both the locks on the voting computer is the "C&K YL Series 4 Tumbler Camlock". This lock always comes with the same key (marked "A126"), which probably explains why the same key is used on all 8000 ES3B machines throughout The Netherlands. Spare keys can be ordered separately online for roughly a Euro each by searching for the product number: 115140126. We ordered, payed for and were subsequently supplied with 100 of these keys without any problem. According to the product datasheet3, typical applications for this lock include "copy machines and office furniture". Even if spare keys were not so readily available: this is quite literally the type of lock we can open with a bent paperclip.

    The reader unit has, as stipulated by law, a lock with a different key for the slot marked 'programming' (it is marked "A154"), which is used to erase the ballot memory modules and to write new candidate lists to the modules. The key is of the same insecure type and the we expect it to also be the same all over the country.
  10. Re:Comments on the PDF by shadwstalkr · · Score: 2, Informative

    Whether this is because people still view scientists as nerds or outcasts of society, I cannot comment on.

    I can only speak to the situation in the United States; I hope it's different in other parts of the world. I think it's due to a growing feeling by the average person that scientists and academics are a condescending, intellectual elite. The situation is exacerbated by the crumbling foundations of science education, the general lack of emphasis on critical thinking in primary schools, and wholesale replacement of natural causes with superstition in the minds of a disturbing majority of people.

    When you think about it, it's entirely understandable. A person whose only understanding of "science" is germinating a bean in seventh grade, or that hard physics class they took in college, doesn't have a hope of understanding the subtleties of something like evolutionary biology or general relativity by reading a few popular science books. The misunderstandings and first-order conceptual explanations in almost every piece of science journalism, not to mention the "documentaries" on Discovery and ABC, don't make sense at all, but most people don't have the background to know why.

    Of course, when you try to explain this to someone, or to explain why "God did it" is not a valid theory, it sounds like you're telling them they're stupid. So the real question becomes, is there a good way to get people back on the track to at least basic scientific understanding without completely turning them off the message?

  11. Re:Here Please? by Anonymous Coward · · Score: 2, Informative

    You don't need a new media. You just need voters that will get off their ass and think.