Dutch Securing E-voting After Being Pwned

An anonymous reader writes, "After the Dutch we-don't-trust-voting-computers foundation demonstrated glaring security holes in Dutch voting computers last week, the Dutch government has ordered (Dutch) all software to be replaced, all hardware to be checked, unflashable firmware to be installed, and an iron seal to be placed on voting machines. A certification institute will double-check all measures, and on election day will cull random machines to check them for accuracy. The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue. Furthermore, foreign observers will monitor the upcoming elections on November 22nd. But the action group is still not confident (Dutch) that all problems are solved." US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

TEMPEST?

[CRCulver]

The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue.

I assume they are referring to TEMPEST attacks. It was a Dutchman, Vim van Eck who first brought TEMPEST attacks to public attention while in the U.S. even the security standard was classified. I imagine many Slashdot readers will recognize his name from the "Van Eck phreaking" described in Neal Stephenson's Cryptonomicon .

Re:TEMPEST? A fun experiment

[arabagast]

Using your monitor as a AM transmitter. This little program is a real eye opener for those who still thinks that TEMPEST attacks are something you just see in the movies.

Re:What is the theory...

[tomhudson]

We have various methods to keep both sides honest here in Quebec.

1. Your name has to be on the permanent voting list - all citizens over 18 are on it, except people who have committed an electoral crime in the past 5 years. The local voters list is distributed to your area well in advance of the elections, so there's no chance to get a bunch of fake voters on it, and it gives people who slipped through the cracks a chance to update their info (for example, if they moved).
2. You have to first present ID to get your ballot. Your name is then removed from the list. The people (there are 2 for each box or "polling station") are appointed by the two parties who got the most ballots in the previous election - so they're watching each other, and making sure that nobody tries to pull a fast one.
3. Before they give you your ballot, they sign the tear-off stub or counterfoil. When you present your ballot to be put in the box, they remove the stub after verifying their signature, and you put your ballot in the box. No chance to conceal a half-dozen ballots in your hand.
4. The ballot boxes are opened and counted on iste. No chance for something to happen in transit. Then, after the count is made and everyone signs off on it, the ballots are put back in the box and the box re-sealed. Recounts are automatic for all results where there is less than 100 votes separating the winner from second place, and any candidate can ask for a judicial recount.
5. We've disallowed all donations of money, goods or services except from individuals, and those are capped at $3k per annum. All donations totaling over $200/year/person have to be reported, identifying the donor - and these lists are made public.

We tried electronic voting machines for one election, and quickly abandoned them - it was actually quicker, as well as being more transparent, to process ballots by hand, and there were no problems with power, questionable software, etc.

Still, there are those who want to go back to using pine cones and beaver chips instead of a paper ballot.