Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dutch Securing E-voting After Being Pwned

Posted by ryuzaki0 on from the wouldn't-it-be-nice dept.

An anonymous reader writes, "After the Dutch we-don't-trust-voting-computers foundation demonstrated glaring security holes in Dutch voting computers last week, the Dutch government has ordered (Dutch) all software to be replaced, all hardware to be checked, unflashable firmware to be installed, and an iron seal to be placed on voting machines. A certification institute will double-check all measures, and on election day will cull random machines to check them for accuracy. The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue. Furthermore, foreign observers will monitor the upcoming elections on November 22nd. But the action group is still not confident (Dutch) that all problems are solved." US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

47 of 269 comments (clear)

  1. TEMPEST? by CRCulver · · Score: 4, Informative

    The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue.

    I assume they are referring to TEMPEST attacks. It was a Dutchman, Vim van Eck who first brought TEMPEST attacks to public attention while in the U.S. even the security standard was classified. I imagine many Slashdot readers will recognize his name from the "Van Eck phreaking" described in Neal Stephenson's Cryptonomicon .

    1. Re:TEMPEST? by AlXtreme · · Score: 2, Informative

      You're correct. By measuring the emissions from the LCD-screen they have shown how one could figure out what someone was voting for. Although relatively low-tech (they detected that the LCD screen would refresh slower when non-ASCII characters were used), they measured this from a distance of 20 meters.

      I'm sure that, with some work, they could read the display using 'Van Eck', as in Cryptonomicon. So long for being able to keep your vote hidden.

      --
      This sig is intentionally left blank
  2. "pwned"? by IHSW · · Score: 2, Funny

    What is "pwned"?

    1. Re:"pwned"? by leonmergen · · Score: 4, Insightful

      What is "pwned"?

      .. something that shouldn't belong in a slashdot headline..

      --
      - Leon Mergen
      http://www.solatis.com
    2. Re:"pwned"? by rvw · · Score: 2, Informative

      From the Urban Dictionary...

      A corruption of the word "Owned." This originated in an online game called Warcraft, where a map designer misspelled "owned." When the computer beat a player, it was supposed to say, so-and-so "has been owned."

      Instead, it said, so-and-so "has been pwned."

      It basically means "to own" or to be dominated by an opponent or situation, especially by some god-like or computer-like force.

    3. Re:"pwned"? by Kingrames · · Score: 2, Insightful

      "Would CNN run this headline on their front page?"

      If the answer is yes, don't post it on slashdot.

      I hate redundant news.
      Anyone complaining about seeing the word "pwned" on a geek website better get their news from somewhere else.

      --
      If you can read this, I forgot to post anonymously.
    4. Re:"pwned"? by jamstar7 · · Score: 2, Insightful
      sorry, I lost all of my mod points or you'd definately get them. It makes me terribly flustered when I see make-believe words on NEWS sites.

      You sure you're not new here????

      This is Slashdot, not the NYT, or the WSJ. We're GEEKS dammit!

      --
      Understanding the scope of the problem is the first step on the path to true panic.
  3. fixed here by frovingslosh · · Score: 4, Funny
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Oh, don't worry, I have it on good authority that the elections will be fixed here.

    --
    I'm an American. I love this country and the freedoms that we used to have.
  4. One of the major concerns... by thrill12 · · Score: 2, Interesting

    ...of the group is that they are simply replacing eproms with proms, while the group demonstrated that the chips could be replaced, not just 'reprogrammed'.
    This is probably still something some politicians 'fail' to see over here: we can buy these chips in any electronics store, so why reprogram them - apart from the fact that reprogramming would take much more time than simply replacing.

    It (the prom instead of eprom) is probably a failing idea of the company Nedap, which makes these monsters. Heck, they need to change their own software too, from time to time.

    --
    Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
    1. Re:One of the major concerns... by pe1chl · · Score: 3, Insightful

      Remember that these electronic voting machines were designed and build in the eighties of the last century, and have been used ever since.
      What Microsoft does in an xbox360 is not relevant to what a small engineering company would have done over 20 years ago.

      You could call it the disadvantage of an early rollout of modern technology.
      On the other hand, you can also claim that the current hardware can be understood by a causal onlooker with electronics and software background.
      It contains only off-the-shelf parts and the protest group was able to disassemble and analyze it (as well as port a chess program to the hardware) in a months time.
      Try that with an Xbox.

    2. Re:One of the major concerns... by hanwen · · Score: 2, Informative

      The problem is that these machines are actually from the late 80s. It's not feasible to retrofit new chips onto these boards. For a fun look, go to www.wijvertrouwenstemcomputersniet.nl, where there are pictures of the board-internals. These show soldered resistors, the likes of which I've last seen in my Apple II.

      --

      Han-Wen Nienhuys -- LilyPond

  5. Paper trail? by Constantine+Evans · · Score: 4, Insightful

    They do all of these things, and yet still do not create a paper trail of each vote?

    It appears that the machines only create a paper copy of the results at the end of the day...

    1. Re:Paper trail? by RAMMS+EIN · · Score: 2, Insightful

      ``It appears that the machines only create a paper copy of the results at the end of the day...''

      Yes. I never understood the use of that. Nice that you can verify that the count the machine reported electronically matches what it printed on paper, but that doesn't say _anything_ at all about whether it's been tampered with, right?

      I always thought that the simple solution would be that the machine print out what you just voted, and you check that this is what you intended and dump the printout in a ballot box. If there's any doubt about the reliability of the machines, count the votes on the printouts; they have been verified by the voters to contain the correct data.

      --
      Please correct me if I got my facts wrong.
  6. understandable by agent+dero · · Score: 2, Interesting

    I get it, see, e-voting is worth all the trouble and hassles because it...does...what better than paper voting?

    Maybe somebody can enlighten me, besides the ease of rigging an election what exactly do 'we' gain from e-voting?

    --
    Error 407 - No creative sig found
    1. Re:understandable by ichigo+2.0 · · Score: 2, Funny

      But it's electronic, so it must be better!

    2. Re:understandable by Reverend528 · · Score: 3, Funny
      I get it, see, e-voting is worth all the trouble and hassles because it...does...what better than paper voting?

      I guess you were part of the 3% of the population that voted against electronic voting and not part of the 203% that support it.*

      *numbers calculated by diebold voting machines.

      --
      Badass Resumes
    3. Re:understandable by anshil · · Score: 2, Interesting

      We use pen&paper voting, we know who won 4 hours after the poll closes.

      Whooo 4 hours every 4-6 years... how can you wait so much..?

      The votes are counted by seperatly by the different parties monitoring the poll. Different results -> count again.
      So counting errors are *very* unlikely also.

      --

      --
      Karma 50, and all I got was this lousy T-Shirt.
  7. Arguments for local control of voting regulations. by Anonymous Coward · · Score: 3, Interesting
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Arguments for local control of voting regulations.
    (posting as AC to save my devil's advocate ass)
    1 - The United States Of America was designed as a confederation of (mostly) independent states. Only the powers explicitly given to the federal government are not the jurisdiction of the states.
    2 - The innovative power of the open market. The belief that by allowing a competition of ideas in how best to run elections (as long as they meet minimal standards) the best choice will be eventually reached.
    3 - Local boards of elections consist of an equal number of members of both parties. The belief is that Democrats won't allow Republicans to steal the election, and vise versa.
  8. impossible wtf or impossible, wtf? by masklinn · · Score: 3, Insightful

    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Why the hell wouldn't it be? Sure it would cost more and probably be harder to setup than in holland since there is more territory and a much higher population count, but not workable? We're talking democracy at stake here, I don't see much that you could want to "fix" more than the risk of losing your voice, of making your votes irrelevant and inexistant, or being cheated out of choosing your leaders and the way your country will behave in the future.

    Of course, some people may be more interested in there being a high risk of electronic electoral fraud, if they're committing or benefiting from the fraud in the first place...

    --
    "The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
    1. Re:impossible wtf or impossible, wtf? by Stradivarius · · Score: 2, Informative

      If it was federal law that voting machines had to meet certain federally-defined minimum standards (hardware/software must be independently audited, machine must produce a paper trail, etc), then it's no longer a matter of persuasion so much as "do-this-or-face-the-punishment". Just like any other federal statute.

      IANAL, but I'm guessing that at least for federal elections, this is within the federal government's power to do. Even if it were a power reserved to the states, Congress could easily tie compliance to receiving federal highway or other funding, which has been an effective strategy in the past for separation-of-powers concerns. And no county clerk in his right mind is going to buy/maintain two separate sets of voting equipment, one for federal elections and one for everything else. Thus would all elections become effectively subject to federal quality standards.

    2. Re:impossible wtf or impossible, wtf? by LandruBek · · Score: 2, Insightful

      Even if it were a power reserved to the states, Congress could easily tie compliance to receiving federal highway or other funding, which has been an effective strategy in the past for separation-of-powers concerns.

      You say that like it's a good thing. Federal bullying of states and localities is not something we should be encouraging. I'd rather try to raise a ruckus in my county about sensible election equipment, i.e., take it on as MY problem as a citizen, than have the feds dictate how we run our elections. I don't trust them.
      --
      $META_SIG_JOKE
  9. Re:What is the theory... by From+A+Far+Away+Land · · Score: 3, Insightful

    Paper is neither inefficient, or backward. It's the only way to conduct an open and accurate election on a nation wide scale, without introducing unacceptable doubt into the legitimacy of the winner(s). Florida's paper chad system was a failure because machines more complicated than pencils, and obscuring of the working of the ballot was placed between the voter and the ballot. The result was a flawed result, and a delayed result, many times longer than the longest recent Canadian federal general elections.

    --
    Oh You POS
  10. 'Independent committee'? by hcdejong · · Score: 2, Insightful

    If true, this is a major step. The voting process hasn't been very transparent, with Nedap trying to keep the software and voting procedures a secret. Wijvertrouwenstemcomputersniet forced the issue using the Dutch 'freedom of information' act to get access to documents.
    Let's hope this committee will have access to the source code, and will be able to monitor and verify that the new PROMs actually contain the code the committee has been reviewing.

    I, for one, welcome our election-monitoring overlords. Where do I sign up to be one of them?

  11. It would work by Spazmania · · Score: 4, Insightful

    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Sure it would. Powers reserved for the states have been nationalized over and over again by the simple application of cash: The federal government offers funding for a particular project but you have to follow the federal rules to get it. The federal rules are rarely too onorous and the money you don't have to collect in local taxes is too much to turn down when the neighboring states all take it.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  12. Re:What is the theory... by Trailwalker · · Score: 2, Insightful

    The Federal Government controls the actions of states by attaching conditions to funding. Highway speed limits and the .08 alcohol limit are examples. Easily done in other areas.

  13. Re:TEMPEST? A fun experiment by arabagast · · Score: 4, Informative

    Using your monitor as a AM transmitter. This little program is a real eye opener for those who still thinks that TEMPEST attacks are something you just see in the movies.

    --
    Doolittle : ...What is your one purpose in life?
    Bomb no.20 : To explode of course.
  14. Local Level? by Corbets · · Score: 3, Informative

    "US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here."

    Um, as an American currently living in Switzerland, I have to ask... do you know how big the Netherlands are (is? that's a tricky one)? Smaller than Chicago, if I remember correctly... so being applied at the national level there is essentially the same as the local level in the US.

    1. Re:Local Level? by Anonymous Coward · · Score: 2, Interesting

      The Netherlands (while still a small country) are about 70 times as large as Chicago.

      Netherlands: 41,526 SQ KM
      Chicago: 600 SQ KM

      I know, I know... everything American has to be bigger by definition...

  15. Always kdawson by a16 · · Score: 5, Insightful

    "Pwned" has been showing up constantly recently, and it's always kdawson.

    What Slashdot need to remember is that their headlines show up in a variety of professional places (by rss) - Google news for one, and having words such as "pwned" looks beyond amateurish.

    How about the next story being "Slashdot editors pwned with a dictionary, improvements expected all round"?

    1. Re:Always kdawson by DittoBox · · Score: 4, Insightful

      No, nerds don't use terms like 'pwned.' Lame World of Warcraft players who think, just because they've touched a RPG of sorts, that they now classify as 'nerd' use the word.

      --
      Good. Cheap. Fast. Pick Two.
    2. Re:Always kdawson by andrewdotcoza · · Score: 3, Interesting

      I realise that everyone isn't on the same page about this, but I read Slashdot precisely because its geeky and slightly off-beat. "Pwned" looks good in this headline and thats why I clicked on the story.

      If "professional places" choose to source headlines from Slashdot, they should surely accept how people communicate here. I see no reason why Slashdot needs to fit in with CNN's headline standards.

      Be yourself, no matter what the cost.

    3. Re:Always kdawson by Jugalator · · Score: 2, Insightful

      I'm geeky and off-beat and hate the word that originally seem to have come from 14 year olds playing Counterstrike far too much.

      --
      Beware: In C++, your friends can see your privates!
  16. Re:What is the theory... by penix1 · · Score: 2, Interesting

    Paper ballots are subject to all the same security flaws that they have always been subject to. This means physical security for the most part. Ballot boxes can be "stuffed" and elections thrown into chaos quite quickly. In a bay in California they found several ballot boxes with uncounted votes still in them. In my state of WV they are still prosecuting people for vote buying and ballot box stuffing. Even when you use electronic voting with a paper receipt, they will still be vulnerable to all those security concerns. Until they invent the bullet proof way to get votes directly to the voting precinct reliably and securely, problems will be in every election with or without electronic voting.

    B.

    --
    This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
  17. Nedap Commentary by RAMMS+EIN · · Score: 2, Interesting

    I remember when this was on the news (I live in the Netherlands), there was a spokesperson for Nedap who said something like:

    ``Our machines are fine. I don't understand why the website is called "We don't trust voting machines", rather than "We don't trust people".''

    I think that about sums up their approach to security. We don't need any security measures; people should just behave themselves. Yeah, right.

    --
    Please correct me if I got my facts wrong.
  18. Re:No national elections by CastrTroy · · Score: 2, Informative

    Well technically in Canada there are no "National" elections either. Not even at the provincial level. Each person votes for someone in their riding. Whoever gets the most votes in the riding gets a seat in parliament. There are 308 seats for the entire country. Whichever party gets the most seats is "in power" although if they don't have the majority of the seats, they don't really have the power, as other parties can team up against them to over power them when voting on different issues. Who ever is the leader of the party in power is the Prime Minister.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  19. Re:What is the theory... by tomhudson · · Score: 4, Informative

    We have various methods to keep both sides honest here in Quebec.

    1. Your name has to be on the permanent voting list - all citizens over 18 are on it, except people who have committed an electoral crime in the past 5 years. The local voters list is distributed to your area well in advance of the elections, so there's no chance to get a bunch of fake voters on it, and it gives people who slipped through the cracks a chance to update their info (for example, if they moved).
    2. You have to first present ID to get your ballot. Your name is then removed from the list. The people (there are 2 for each box or "polling station") are appointed by the two parties who got the most ballots in the previous election - so they're watching each other, and making sure that nobody tries to pull a fast one.
    3. Before they give you your ballot, they sign the tear-off stub or counterfoil. When you present your ballot to be put in the box, they remove the stub after verifying their signature, and you put your ballot in the box. No chance to conceal a half-dozen ballots in your hand.
    4. The ballot boxes are opened and counted on iste. No chance for something to happen in transit. Then, after the count is made and everyone signs off on it, the ballots are put back in the box and the box re-sealed. Recounts are automatic for all results where there is less than 100 votes separating the winner from second place, and any candidate can ask for a judicial recount.
    5. We've disallowed all donations of money, goods or services except from individuals, and those are capped at $3k per annum. All donations totaling over $200/year/person have to be reported, identifying the donor - and these lists are made public.

    We tried electronic voting machines for one election, and quickly abandoned them - it was actually quicker, as well as being more transparent, to process ballots by hand, and there were no problems with power, questionable software, etc.

    Still, there are those who want to go back to using pine cones and beaver chips instead of a paper ballot.

  20. Re:What is the theory... by innocent_white_lamb · · Score: 2, Informative

    You forgot to mention that the ballot boxes are opened and shown to be empty to everyone present at the start of the polling day before the boxes are sealed and voting begins.

    --
    If you're a zombie and you know it, bite your friend!
  21. Where do I sign up? by rvw · · Score: 2, Informative
    I, for one, welcome our election-monitoring overlords. Where do I sign up to be one of them?

    If you visit their site, you'll find information about what you can actually do. You are allowed to stay in the voting room, as long as you don't disturb the process of voting. More information can be found on their action page .

  22. Re:What is the theory... by mickwd · · Score: 5, Insightful

    "In a bay in California they found several ballot boxes....."

    Because they used paper, there was something to find.

    "In my state of WV they are still prosecuting people for vote buying and ballot box stuffing."

    Because they used paper, and there was something which could be found.

  23. Re:lol, dutch are gay by fyngyrz · · Score: 2, Insightful
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Let me fix that for you:

    US elections are controlled at the local^H^H^H^H^H corporate level, so unfortunately such a nationwide fix would not be workable here.

    There. No problem, no need to thank me.

    --
    I've fallen off your lawn, and I can't get up.
  24. Re:Arguments for local control of voting regulatio by spisska · · Score: 2, Insightful

    Good post. Just to clarify some things:

    Arguments for local control of voting regulations. [...]

    1 - The United States Of America was designed as a confederation of (mostly) independent states. Only the powers explicitly given to the federal government are not the jurisdiction of the states.

    Actually a federation rather than a confederation. The difference is slight but important. Nonetheless, the 10th ammendment is very specific about the limits of powers of the federal government vs state governments.

    Most of the expansion of federal authority has been carried out under the commerce clause of the Constitution -- that Washington has authority over matters of interstate trade, which has been used to enforce federal regulations from industrial emmissions to minimum wage to drug enforcement, etc. And it also comes into play when the Feds distribute federal HAVA (Help America Vote Act) funds to states. Though these only really apply to federal elections (i.e. Congress and President), no state is willing to maintain one election system for local and state elections and a second for federal elections.

    The 14th ammendment guarantees equal access to the polls, but does not, and cannot dictate the mechanisms and procedures used on the state level, other than making sure that they are compatible with the 14th ammendment and the Voting Rights Act.

    2 - The innovative power of the open market. The belief that by allowing a competition of ideas in how best to run elections (as long as they meet minimal standards) the best choice will be eventually reached.

    The first point is far more applicable. Elections are the responsibility of the state, not the federal government. Each state has the power to determine its own election laws and practices, and laws vary widely. WA, for example, is moving towards all-mail voting. SD is exempt from HAVA provisions mandating state-wide voter databases since that state does not require voter registration.

    Some states allow election day registration, others do not. Some states allow any voter to vote in all primary elections, some allow it for one primary election, and some states require that voters be registered in a given party to vote that party's primary ballot.

    The benefits of open competition are positive, but a side effect.

    And to the Anonymous Asshat who replied earlier: Diebold is not the leader in voting hardware. ES&S machines are used in roughly 50 percent of precincts and by roughly 50 percent of the US population. I believe, though am by no means sure, that Sequoia is the number two vendor by market share.

    3 - Local boards of elections consist of an equal number of members of both parties. The belief is that Democrats won't allow Republicans to steal the election, and vise versa.

    Again, this depends on the state. In some, like Ohio, the State Board of Elections is divided by state law between the two major parties. In some states the board is appointed while in others others Board seats are elected positions. While I'm not aware of any states that have election boards made up of members from only one party, there are many states that do not allocate board seats by party affiliation.

  25. Being from Chicago... by Pesh+Hawksfire · · Score: 2, Funny

    I basically scoff at the idea of a secure election in general.

  26. Re:We don't check. They do vote early and often! by anshil · · Score: 2, Interesting

    I personally believe the problem is the 2-party system. Its just to few incitation to pull some things straight. Yes I totally believe that you are correct with your "I am bad, but I know you are bad too" politics betweet the two.

    On the otherhand. We (most EU countries) have a proportional-election-system an thus usually e.g. 4 parties in the parlament, 2 together forming the government, which 2 varies due to the election results. Its just that 4 parties set the election rules, and 4 parties govern each other. The we are bad, you 3 are bad too thing just doesn't work that much, and thats good.

    --

    --
    Karma 50, and all I got was this lousy T-Shirt.
  27. Still waiting for the market to work... by Mr2001 · · Score: 2, Informative
    The innovative power of the open market. The belief that by allowing a competition of ideas in how best to run elections (as long as they meet minimal standards) the best choice will be eventually reached.

    So, um.. it's been over two hundred years. How come our election methods still suck?
    --
    Visual IRC: Fast. Powerful. Free.
  28. Nationwide vs International... by davidsyes · · Score: 3, Interesting

    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Hmmm, the Dutch aren't exactly Botswana or some place in South America where votes might be escorted by military convoys. Yet, the Dutch will have FOREIGN observers?

    Wow. Considering all the diebold bullshit going on, one would think and ask where are the INTERNATIONAL observers when US voting (local, county, state, federal) elections occur.

    I think the UN should declare an occupation to several major US cities. Make things interesting a bit....

    --
    Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
  29. Re:It's the result of two partys. by telso · · Score: 2, Informative

    The downside of parlamentary systems is obvious in reviewing the last hundard years of european political history. It often gives far too much power to fringe groups that act as tie breakers. You're confusing proportional representation parliamentary systems and first past the post parliamentary systems. The former can often lead to one-seat parties getting high Banzhaf power indicies while the latter can lead to one party getting an index of 1 and the others getting all 0 (i.e. majority parliament). If you look at the history of Commonwealth parliaments and/or Westminster systems that still use the FPTP system (UK, Canada, etc.), you'll see that most elections end up with majority parliaments, and while that also has problems (a party getting a majority with 38% of the vote, or a party losing the popular vote but getting a majority), parliamentary systems are not the cause of fringe groups getting some influence, and in these cases, often remove that possibility.

  30. Re:We don't check. They do vote early and often! by Joey7F · · Score: 2, Informative

    It is not like there are not 3rd parties in the US, it is just very tough for them to be elected. There are many reasons but the main ones are:

    1.) The vote against vs vote for mentality. I don't want X to be elected to Y so I will vote for Z instead of A who might be best but can't win. I did this in the primararies.

    2.) The third parties have positions well outside the political mainstream. Libertarians are borderline anarchists, the Green party is way too hippy, and the Constitutional party makes the Christian Right look tame.

    3.) Third parties are not well known/considered viable candidates, which shuts them out of debates, and the like.

    4.) Voter Apathy. They don't care who gets in, because they don't affect what happens to them.

    5.) Big Tent politics. Since each party knows that must get a majority of the country they tend to dilute their message until it becomes palatable to most people. Though I disagree with the cliche that "there isn't any difference between Republicans and Democrats", there can be considerable overlap outside of the bases.

    --Joey