Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dutch Blackbox Voting Pwned

Posted by ryuzaki0 on from the playing-chess-at-the-polls dept.

An anonymous reader writes, "In a just-published report (PDF, in English, cached here), the Dutch we-don't-trust-voting-computers foundation (Dutch and English) details how it converted a Nedap voting machine, of a type used in Holland and France, to steal a pre-determined percentage of votes and reassign them to another party. The paper describes in great detail how 'anyone, when given brief access to the devices at any time before the election, can gain complete and virtually undetectable control over the election results.' As a funny bonus, responding to an earlier challenge by the manufacturer, the researchers reflashed a voting machine to play chess. The news was on national television (Dutch) last night and is growing into a major scandal. 90% of the votes in the Netherlands are cast on these machines and national elections will be held in a month." Please create mirrors for the 8.1-MB PDF and post their URLs. You might also try John Graham-Cumming's l8r.org service to tell you when the slashdot effect subsides from any of the mirrors.

31 of 353 comments (clear)

  1. Comments on the PDF by eldavojohn · · Score: 5, Insightful
    We, the authors of this paper, are part of a growing group of computer experts that opposes the use of electronic voting technology that is built in such a way that the outcome of an election is not voter-verifiable. We believe public elections are pointless unless people have the right and the meaningful possibility to verify that that their votes are counted correctly. We further strongly believe that trade secrets, secret computer programs and secret test reports have absolutely no place in any democratic election.
    (emphasis mine)

    I would first like to say that I admire your diligence in this matter and gratefully appreciate the work and effort you have put forth to protect the votes of many people the world over including my own.

    Secondly, I would like to point out that, although you are a group of experts/scientists, I have witnessed concerns based on science go unheeded by politics--at least in the United States. I hope it is different in other countries, but I have seen a large organization of scientists from all walks of life oppose some of the current administration's actions here with little or no effect on the populace.

    Whether this is because people still view scientists as nerds or outcasts of society, I cannot comment on. I only want to make it known--at least on Slashdot--that I support what you're doing and am amazed at the work contained in this PDF. I am more so amazed that someone was kind enough to take the time to translate it to English.

    I hope your efforts are met with international recognition as being a champion of voting security--although I fear the reality is you may be criticized and possibly even sued.

    My favorite criticism listed in the PDF:
    By adding extra security measures against the over-emphasized threat posed by outsiders, one can actually increase the risk posed by insiders.
    After reading a bit of the PDF, I must say that the only thing I don't like is that there is no clear solution offered aside from allusions to opening up the process and technology on how all of this works so that it can be scrutinized. It is pointed out that Security by Obscurity is not the best route ... ever. This is good criticism but it's never explored whether or not we could dream up a scheme that would be protected.
    --
    My work here is dung.
    1. Re:Comments on the PDF by fruey · · Score: 2, Insightful

      I second your thoughts, a voting system should be open. Any secret ballot voting system is flawed. Manual voting (pregnant chads, anyone?) is also fraught with errors and open for abuse. Cases of dead people voting, multiple votes, and ballot stuffing have plagued democratic history. Computer voting may make things better, but only if an open system can be found where, like you so rightly quote : the right and the meaningful possibility to verify that that their votes are counted correctly.

      --
      Conversion Rate Optimisation French / English consultant
    2. Re:Comments on the PDF by AndersOSU · · Score: 2, Insightful

      When you say, "Any secret ballot voting system is flawed." Are you implying that making everyone's vote public, or having a vote receipt, would be a better solution. If so, I can't disagree more. Sure we wouldn't have the same problems, but we would have a whole host of at least equally serious different problems. Vote buying, intimidation, and ostracizing immediately spring to mind.

    3. Re:Comments on the PDF by mrogers · · Score: 2, Insightful

      On the contrary, the best time to persuade people to care about this issue is shortly before an election.

    4. Re:Comments on the PDF by cb0nd · · Score: 2, Insightful

      Yes, I couldn't agree more with you and the GP. I think a System should be open and there should be a printed ballot that you would check to see if it corresponds to your vote in the computer. Then it would be possible to count the votes manually (counting a sample would be enough in most cases).

      As a matter of fact, here in Brazil we have an eletronic voting system (since 1996, if I'm not mistaken) and we are investing on identification of voters through fingerprints, but I really think that a system to print the votes would be more useful at this time.

      While I think that stopping the votes of the dead and people voting in the place of others is important, I feel that greater credibility would be more useful at this time.

  2. "Pwned"?! by Rearden82 · · Score: 5, Insightful

    What the fuck is "Pwned"? I thought this was a news site, not an AOL chatroom.

    1. Re:"Pwned"?! by Arslan+ibn+Da'ud · · Score: 4, Insightful

      > What the fuck is "Pwned"? I thought this was a > news site, not an AOL chatroom.

      Corruption of 'owned'. Someone made a typo, and the typo became popular. (Guess this says something about AOL, or /., when typos become more popular than correct spellings.)

      BTW, your question garnered 8 smartass replies, not one of them containing this answer. Come on, people, if you need to be wiseacres, at least answer the original question!

      --

      Practice Kind Randomness and Beautiful Acts of Nonsense.

    2. Re:"Pwned"?! by joshorion · · Score: 2, Insightful

      "Pwned" is language devolving, not evolving; seeing it in a title on Slashdot is pretty cringe-worthy.


      http://www.saddam.com/

  3. Re:Here Please? by Tom · · Score: 5, Insightful

    Very similar exploits have been shown to be possible against Diebold machines.

    The difference isn't that nobody is doing this in the US. It's that nobody is listening in the US. In order to become a democratic country again, you don't need to elect a new president, you need to elect a new media.

    --
    Assorted stuff I do sometimes: Lemuria.org
  4. create mirrors? by Speare · · Score: 5, Insightful

    Hrm, funny, every time we complain that slashdot should go through the process of automating a simple mirror process to avoid hammering an unsuspecting server into rubble, all the "editors" go pointing at the FAQ as some sort of ironclad reasoning against doing so. But here we have an "editor" instructing the readership to do slashdot's work for them. This all just points to the fact that OSTG will pay the bandwidth bills if it means ad revenue, but doesn't want to actually foot the bill to use their server complex for disseminating information.

    --
    [ .sig file not found ]
  5. The Dutch get outraged but Americans don't? by BeeBeard · · Score: 4, Insightful

    I've been keeping tabs on the Diebold stories coming from U.S. news sources, and it's not like the Diebold problems have been kept secret. Nevertheless, many Americans have reacted to the information with a collective yawn.

    So here we have a similar set of circumstances--only the nation at risk has really changed--and the Dutch appear to be fighting mad over this. What gives?

    1. Re:The Dutch get outraged but Americans don't? by miro2 · · Score: 4, Insightful

      The problem is that the stories on this in America are generally technical and involve complicated recommendations for "open source" systems with "paper trails." Thats too difficult to keep anyone's attention. America pays attention when it gets Sensation and Scandal! We absolutely need someone in the United States to hack a Diebold machine into changing its votes and demonstrate how they can do that in a quick and easy way when they have access to the machine. If it can be turned into a 2-minute feature on a news station (with enlarged graphics showing the vote totals changing LIVE) it will become big news.

    2. Re:The Dutch get outraged but Americans don't? by k98sven · · Score: 4, Insightful
      So here we have a similar set of circumstances--only the nation at risk has really changed--and the Dutch appear to be fighting mad over this. What gives?


      Yup, same thing.. but the question? Good question.

      The obvious answer is that they're freedom-hating socialists. :)

      But seriously? It's the culture. The Netherlands and the Nordic countries are about the same like this. Big on democracy, accountability, transparency, highly intolerant of corruption, etc.

      In the end, it's basically a self-fulfilling thing, really. People trust the system --> therefore they have low tolerance for corruption --> get very pissed when it happens --> therefore they have low corruption --> therefore they trust the system.

      It's not just faith in the Government itself, but to all the institutions, and the parliament, etc. And there's a lot less political polarization. Of course part of the latter is due to the multi-party system. I used to be agnostic on which system was better, but now I'm pretty convinced that the many-party parliamentary system is superior to the US system.

      In particular the President has just too much power and it's emphasized too much as well. And too much negative power - the Veto is too strong, and the constitution is (IMHO) too hard to amend. I don't think the Founding Fathers would have done it the same way if they'd anticipated there'd be another 37 states. This is of course heresey - which is another problem; Not only is it hard to change, but there's a strong disinclination against doing so since it's been raised almost to the status of some kind of Holy Scripture. With the Founding Fathers as some kind of prophets. Every dang constitutional debate is always in terms of "What did the F.Fs intend?"*. There's just too little impetus.

      (*Damnit, I'll tell you what they wanted: They wanted a democracy based on ideas of critical reason. They sure as heck didn't want to be elevated to the status of unquestionable demigods.)
    3. Re:The Dutch get outraged but Americans don't? by roystgnr · · Score: 4, Insightful

      the constitution is (IMHO) too hard to amend.

      Have you seen any of the constitutional amendments they've been trying to pass lately? Have you seen how close some of the anti-freedom votes have been? I'd frankly feel safer if the amendment process required modern politicians to build a time machine and get John Hancock's signature first.

    4. Re:The Dutch get outraged but Americans don't? by rolfwind · · Score: 2, Insightful

      Sadly, that may not be a bad idea, there would be more public outrage if the diebold scandal was linked to fraudulent votes on American Idol, Dancing with the Stars, etcetera.

  6. voting does not need technophilia by circletimessquare · · Score: 5, Insightful

    what we need is simplicity when it comes to voting, not complexity. i believe we should never go to electronic voting, and even get rid of mechanical voting booths, which has a sordid history of tampering

    of course you can do fraud scams with simple paper ballots too: lose them for entire districts, stuff the boxes with fake votes, etc. but any more complexity in the voting system doesn't remove these scams, it just adds a new layer of possible scams

    fraud happens in all forms of voting mechanisms, and voting is just too much of an important and vulnerable part of our social cohesion and the source of so much faith in and integrity of our government. being so vital and vulnerable, the point in my mind would be to oversimplify the voting process on purpose. the more complex the system, the more points of failure and the more possibilities of fraud. so make the process very simple: paper ballots

    i mean seriously, why the technophilia? voting is a problem that is not solved better with more technology, just made more complex. paper ballots, period, end of story, for all time. the slashdots crowd of any crowd of people should know all about the various and sordid ways malfeasance can be achieved in electronic communication and electronic storage. voting is not a complex math problem. it's very simple. no computer need apply

    electronic voting can be a downright scary prospect. don't mess with it, simplify it, which means avoiding computers in the voting process like the plague. i'm not a luddite, i am simply saying that specifically in reference to the voting process, it must be simplified technologically to ensure faith and integrity in our government

    because people already doubt enough about how much their vote counts. why give them yet another paranoid schizophrenic reason for them to think their vote doesn't count/ doesn't matter ("it doesn't matter man, it's all in the computer, and they just change the votes to whatever they want them to be man")

    bottom line: faith and integrity in our government is far more of an important issue than any speed of transmission/ tabulation. no electronic voting. no mechanical voting. paper ballots only. of course malfeasance can still occur with paper ballots. but with more complex systems, you only add more points for manipulation. this is not a luddite's point of view. i am as much a technophile as the next slashdotter. i just have an appreciation for the limits of technology's ability to solve problems, and that for some limited subset of problems, due to malfeasance and the potential for it, more technology need not apply. voting is such a problem

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:voting does not need technophilia by Peter+Simpson · · Score: 3, Insightful

      Completely agree. In my small town, we use Diebold AccuVote optical scanners, but the actual voting documents are paper ballots, marked with a black felt pen. Therefore, if there is ever any question as to the accuracy of the "AccuVote" totals, we can do some good, old fashioned ballot counting by hand.

      As an engineer, it's annoying to me when politicians attempt to equate "spiffy touchscreen machine with lots of features" with an improvement in the voting process. The voting process in this country is just fine, it's not "broke", and it doesn't need fixing (except, perhaps, by getting rid of the punch-card voting system). I'm extremely suspicious of the claim that people who are not entitled to vote are doing so, or that people are voting more than once. My town deals with this alleged issue by having printouts of the voter list, and drawing a line through your name when you get your ballot. Again, the KISS principle seems to work just fine.

      As for "helping America vote", the only group having a problem with marking paper ballots would be visually impaired voters, and the law allows them to bring a person of their choice into the voting booth with them, to assist them. Disenfranchisement through poorly maintained voter records is, I suspect, a far greater problem (but that would be caused by the bureaucratic apparatus not doing its job, and so there's no incentive to get *that* fixed) Voters who are too frail or lack the ability to correctly indicate their choices on a paper ballot probably won't improve their abilities when a touchscreen machine is placed before them.

      Touchscreen machines (whether based on Linux or Windows) do not appreciably improve the voting process, whether from the user's or the election authority's point of view. They are more complex than simple optical readers, therefore, they will fail more frequently. The voting facility in my small town has three precincts, all vote at the same location and there is one optical reader for each precinct (plus a spare or two, I assume). There are 6 or 8 voting booths per precinct, for a total of 18 to 20 voting stations. Clearly, optical counters are a good investment, but 18 voting machines to maintain, initialize and support would be a much greater burden for *no* increase in efficiency and a significant added risk of problems during the election.

      The most frequent maintenence required with the current system is the periodic replacement of the black markers. I fail to see why this is a process that needs fixing. I don't object to the electronic readers, they streamline (but do not control) the vote counting process. I do strongly object to complex systems that completely control the voting process, without allowing for any manual backup method of counting the votes (and I do not consider strips of paper output from the touchscreen machines as valid documentation of a vote -- and anyway, the voter keeps those, not the voting authority)

      Touchscreen voting machines are a Bad Idea, for many reasons. However, they are extremely profitable for the manufacturers, and they add even more uncertainty to the election process. This is good both for politicians who are in close races, because, if there is doubt, there is hope; and for lobbyists and their friends, because contracts mean profit.

    2. Re:voting does not need technophilia by JakartaDean · · Score: 2, Insightful
      what we need is simplicity when it comes to voting, not complexity. i believe we should never go to electronic voting, and even get rid of mechanical voting booths, which has a sordid history of tampering
      [me too]I couldn't agree more. [/me too]In Canada, they manage to count about 20 million ballots, at the stations, before the polls have closed in the later time zones. Where I live now, in Indonesia, with a short history of democracy, they open the ballot boxes and count the votes in front of anyone who cares to watch, and compare the total to the possible electors who showed up. Who needs a machine? It looks like a solution looking for a problem to me.

      On-site counting, with subsequent publication, seems to guarantee 100% accountability, fast acces to results and no downside.

      --
      The subject who is truly loyal to the Chief Magistrate will neither advise nor submit to arbitrary measures (Junius)
  7. Re:on that note by Ravenscall · · Score: 4, Insightful

    You obviously do not talk to many 16-22 year olds, some of the views they espouse are frightening. I chalk it up to going through school systems where surveillance, random searches, and cops in the halls are normal things. They have been desensitized to the tools of the police state, and it is starting to show.

    --
    You say you want a revolution....
  8. Re:there will always be problems with a secret bal by Ed+Avis · · Score: 2, Insightful

    The basic test for any voting system is: how does it compare to paper ballots marked with a pen and dropped into a box by the voter? If it's not clearly more secure than that, don't use it. So far it doesn't seem any of the alternatives measure up.

    --
    -- Ed Avis ed@membled.com
  9. Very elegant way to steal the election... by FellowConspirator · · Score: 4, Insightful

    I was attempting to explain this to someone the other day. You don't need to alter the votes after the fact, though that may be easier. All you need is a good statistical guess (say, a poll by the local newspaper). Given that, you calculate the skew necessary for a candidate to win. Then, you simply tell the machine to randomly record a vote for person X as a vote for person Y every a certain percentage of the time. You only need to do this in specific areas where the races are close, concede a loss in areas where the skew would be too large, and presume victory in areas where the bias is for your candidate.

    In the US, you could steal an election with a small software update on a small percentage of the machines. The tallies would all add up and most of the votes counted would reflect the votes cast -- but just enough wouldn't to skew the ultimate result. The only hint you would have something was wrong would be a minor but crucial deviation between exit poll results and the official count.

    It makes for a good simulation for students to put together to see just how simple it is to do.

    1. Re:Very elegant way to steal the election... by seibed · · Score: 2, Insightful
      FellowConspirator said:
      minor but crucial deviation between exit poll results and the official count.
      You mean kind of like we had in the last election in certain critical counties/states? wow. what a coincidence.
    2. Re:Very elegant way to steal the election... by darkmeridian · · Score: 2, Insightful

      Did you read the Rolling Stone article about how the exit polls in the 2004 US Presidential Election were skewed from the actual election number? Someone already beat you to the punch.

      "Was the 2004 Election Stolen?"

      --
      A NYC lawyer blogs. http://www.chuangblog.com/
  10. Re:Fair and Balanced Vote Fraud by Anonymous Coward · · Score: 2, Insightful

    "I wonder if any "patriotic" Americans crackers will hack the digital machines collecting/counting votes in the upcoming election to favor Democrats in response to all the reports the past 6+ years that Republicans are getting more than their share of the benefit."

    Oh god I hope not.

    If the machines are vulnerable to compromise, there is no advantage in simply giving the election to *anyone* who is a legitimate candidate. That's just as bad as sitting back and letting the GOP (supposedly) steal it their way. Two wrongs don't make a right.

    If someone were to do this, I'd rather see 100% of the votes go to "Mickey Mouse" instead, since nobody in their right mind would ever write-in their favorite cartoon character, much less vote for him if it was an actual option.

    That way, there's *no* question that the machines are hackable. The story itself will also unfold with a mix of hilarity, dismay and (most important of all) a non-partisan wash of the election results. This makes it prime-time media fodder, un-encumbered by partisan politics, which is just what you want.

  11. Re:(Memory) Pages and Child (functions)... by maxwell+demon · · Score: 3, Insightful

    If you re-program those machines to show child porn on election day, you'll surely get a scandal, even if the actual votes don't get manipulated ... but then, a little background picture showing a naked breast will do as well. Just be careful that the nipple isn't obscured by the names of the candidates. :-)

    --
    The Tao of math: The numbers you can count are not the real numbers.
  12. * sigh * by Khammurabi · · Score: 2, Insightful
    I've been keeping tabs on the Diebold stories coming from U.S. news sources, and it's not like the Diebold problems have been kept secret. Nevertheless, many Americans have reacted to the information with a collective yawn.
    That's because most of the Diebold problems are theoretical at this point. Someone COULD do all these nasty things and steal elections. Until we have some PROOF that someone stole an election from us using these machines, Americans will do what they always do, change the channel and go back to eating their fat-injected burgers. (And no, exit polls are not enough to convice a jury of vote tampering.) The Dutch have proved it can be done, and the public has acted accordingly.

    For those of you keeping score, a good portion of Americans have essentially given up on their government, which allows it to get away with murder. I honestly can't think of a single thing that Congress would stop this administration from doing. The politicians in power don't listen to us, and our only choices on election day are between two candidates who are ready to sell their soul and lie to the public all over again.

    And now we continually get reports that the politicians no longer need the public to get elected because of these new fangled e-voting machines. I write letters, I vote, I tell others about all of it, and yet the bastards keep doing what they do and don't go anywhere.

    True democracy only works when the populace is educated enough to make smart decisions. You could counter by saying vacuous crap like, "well why aren't you running?" But in the end the public is apathetic because it's takes too much work to care about this crap. Americans are rediculously lazy, you know. (After all we invented the internet so we could browse pr0n without walking into a shady bookstore.)

    [/apathy]
  13. Re:on that note by Lumpy · · Score: 4, Insightful

    sorry but it's not only the school immserion into a draconian watch environment but the parents at home beign good sheep and echoing the BS the press and government are spewing. Most of these soccer moms enjoy having freedom taken away to protect them from that terrorist hiding in the bushes just outside.

    If the parents at home told the kids they did not approve of what was happening, and got off their asses and told the schools at pta mettings and other opportunities things would be very different.

    Kids do pay attention to the parents... and they see mommie and daddy happily rolling over and playing dead.

    --
    Do not look at laser with remaining good eye.
  14. Re:on that note by Ravenscall · · Score: 3, Insightful

    That is my experience at small liberal arts schools, but every large state school I have hit recently, I hear people saying things like "If I have nothing to hide I don't care if people spy on me", "All mexicans (not just illegals) should be deported", among things like "We need to support the president even if he was wrong about our reason for getting ibnto this war". My only consolation is that most of these people also espouse that "I do not vote because it does not change anything".

    --
    You say you want a revolution....
  15. OSS is not the answer in this case by g253 · · Score: 2, Insightful

    In Belgium, the source code for voting machines has been made available and independent experts have pointed numerous flaws. No one seems to care, but that's off topic.

    My point is this : these experts explained that the only way to make the vote truly verifiable is to have a paper trail for each vote. I believe RMS said something similar about this problem.

  16. It's not a typo, it's a new word by Jimmy_B · · Score: 2, Insightful
    Corruption of 'owned'. Someone made a typo, and the typo became popular. (Guess this says something about AOL, or /., when typos become more popular than correct spellings.)

    'Pwned' may have started as a typo, but it's now a full-fledged word with a different meaning than 'owned'. Compare:
        I owned that car. (That car used to be mine, before I sold it)
        I pwned that car. (We were racing, and I left it way behind)

    First there was the slang word "ownage", which means dominance, and is only loosely related to the verb "own". Once ownage was widely used, people started using it in other forms: own, owned, owning. These are spelled and pronounced the same as the non-slang verb to own, but are not the same word in people's minds. This sort of thing happens all the time in languages, and what tends to happen is that people look for a way to separate the two words. Then a few people started using "pwned" satirically (to say, "I'm using this word in the sense a person who can't type would use it"). Well, pwn (pronounced "pone") just so happens to be a syllable with no widespread meaning, which makes it prime real estate for a new word to form. So when a few people started using "pwned", it caught on quickly and replaced the slang meaning of "owned". Voila, a new word is born. In a few years its spelling will probably be normalized to "powned", and then it'll be here to stay.
  17. Re:Fair and Balanced Vote Fraud by Doc+Ruby · · Score: 2, Insightful

    You don't need to be a Republican, but I'm still waiting to hear of any defrauded elections that elected a Democrat since, say, Republicans took over the House in 1994, over a decade ago.

    I live in NYC - we know about machine politics, ward heelers and all kinds of fraud. But no evidence of them lately. The Chicago examples that people usually think of are ancient history. We're talking about criminal fraud happening next month, by those doing it in the past 2-10 years. That sounds like "Republicans" to me.

    --

    --
    make install -not war