Slashdot Mirror
Voting Machines Banned by Dutch Minister
5heep writes "Dutch Government Renewal Minister Atzo Nicolai has banned the use of one type of computer voting machine in national elections next month. The turnabout came after a group called We Don't Trust Voting Computers protested the vulnerability of electronic voting to fraud or manipulation. The reason for this ban is the radio signals emitted by the machines which can be used to peek at a voters' choice from several dozen meters away."
How about writing to the people responsible to show some support?
According to my local newspaper, these voting machines have been used in the last two elections.
Paper ballots... you can count them... You can check them, you can verify them.
Computer Ballots don't leave the average Joe with any sense that they can be verified.
Too much potential for problems with Electronic voting from a voter perception perspective.
I like putting my little X on the ballot.
- F1 NEWS
Why would these machines transmit radio signals, and why would they broadcast who someone was voting for?!
This signature was left intentionally blank.
Europe understands something we (Americans) are still struggling with.
So rise up, all ye lost ones, as one, we'll claw the clouds.
I know more than a bit about electronics and electrical engineering, having spent part of my early career designing various gadgets. I have to wonder why all this fiasco with these electronic voting machines when it would be so very easy to simply build a small printer which uses a roll of paper (think cash register) inside to create a paper polling record.
It would not add substantially to the cost, and the small rolls of paper that resulted would be perfect in cases where a recount was demanded or required. Why the resistance? Make it too difficult to steal an election?
like this? http://www2.norwich.edu/mkabay/overviews/infowar_1 995.htm
Settle down.
It's not ALL voting computers, just one type, which makes up about 10% of their machines (according to TFA). And that's just for the next election, which comes in 3 weeks. You can't redesign a machine & get it certified & redeployed in that kind of time frame, so banning it makes sense.
Why is voting different? If your ATM and stockbroker were not able to give you a paper receipt you wouldn't trust them either. That's why.
Think about it. Your examples revolve around money or human life. The manufacturers of those machines __must__ get them right, or there is immediate finantial fallout.
Those examples do not produce hidden results; if your atm gobbles up your deposit without crediting it, you find out. If a plane crashes, you hear about it.
The average voter has no way of knowing if a voting machine is doing it's job. What is the penalty if the manufacturer 'unwittingly' messes up? There is not as much incentive for accuracy in this case.
First, they are banning one type of machine, not electronic voting.
And it's different because voting fraud can potentially have worse consequences than those, and one of the fraudsters could be the guy that organizes the event, the governing party, with all the power available.
Plus, voting machines are everyday proved insecure. Of course it's possible that someone comes up with a design that isn't soo prone to fraud, and that machine is actually used, but it hasn't happened yet.
The only sensile way to go should be a mixed system, when you use the electronic part to have a preliminary count of the votes, and then count the papers to have a more reliable number.
indeed there are issues with those other appliances as well, but they do usually not compromise one's democratic rights, which we value highly in the Netherlands. We have a lot less reason than some other countries (US is one of them) to suspect someone would even try to fraud elections, because the rest of the system works quite well, and the whole process is quite democratic. This is again, because we value democracy highly, the exact reason we don't want to use machines that can compromise secracy in voting.
Having found a problem less than a month from the election, do you honestly think they are going to be able to fix it in time? The article doesn't say voting machines are banned forever, just that this specific kind if banned from this specific election. "In short, the machines made by the company Sdu can now be tapped, and there are no technical measures that can be taken before the upcoming elections that would prevent this tapping and guarantee the secrecy of the ballot." I know when there's few comments on an article, its tempting to post a comment really quickly and get your name up there (oh joy!) but next team RTFA.
Ah well, but those systems are vulnerable to similar things as those voting computers...
In todays world, you'd think some systems are better closed than open.
In the case of an election, hackers can't hack paper ballots or fiddle with code. Stick with what works in this case.
If you go exposing something this important to an electronic medium, realistically, you risk catastrophy.
These machined aren't banned for being hard to verify, but for emitting signals that makes it easy to see what vote is being cast, thus compromising the constitutional right to an anonymous vote. This group has demonstrated this to work.
Voting machines can be constructed in any way possible, but never completely exclude the fact that you can commit fraud with them.
One solution often presented is the XBOX-type of security - encrypted links between hardware, redundancy etc etc - but as *we* know this type of security is breakable. You only have to do this once to break the security of all voting machines.
Apart from this, some people mention the use of a paper trail. This trail itself has to be counted fully then, irrespectful of the outcome that the machines themselves produce, to verify a correct vote has been cast:
The voting machine in itself can still not accurately or thrustworthingly tell the outcome of the elections and becomes a nice "exit-poll".
Voting also brings with it the right for secrecy: this is something that does NOT occur in your examples. While the data is compartimentalized to certain groups of people, the data is still available on multiple sites and can be cross-verified. Voting machines store the data on 1 place (with or without redundancy) and when the vote has been changed, you can no longer cross-verify whether the voter actually did vote what he appeared to have voted...
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
Can't one do a similar thing with regular voting? X-rays or whatever...
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
exactly what is it that the dutch and the americans find so hard about putting an x on a piece of paper is beyond me next they will be telling us that only 99.9% of them are illiterate!
www.tdobson.net #### Dare to Dream #### blog.tdobson.net
This last point is a little fuzzy, because I'm sure electronic voting machines are better than poorly-designed punch-card ballots, and maybe some other flawed mechanisms. But the best system available right now is optical-scan paper ballots that can easily be hand-audited and hand-recounted. They are easy to use, require only a very circumscribed use of technology, and can easily be verified by people if there are any problems or a very close result.
Sure -- I don't think anyone is saying we should never use computers for voting. Fix the problems, and then use them for voting. Advocates of electronic voting seem to be saying we should do it the other way around, which is insane.
The current round of voting machines are insultingly under-engineered, considering the problems I listed above. There are many types of threats to the integrity of voting machines, and Diebold et. al. aren't interested in addressing them. They're more interested in shutting down debate and research about them, in fact, which is very worrying to me.
-Esme
Nothing in the media about open sourcing the OS that runs on it however. Too bad, it could've been some good publicity for the OSS ideals.
This is a huge victory of the tech people! This shows that if you try hard enough, you can convince people who know nothing about computers, open source, EM radiation, etc.
The guy who started the group is a hacker, who started the best ISP in the Netherlands, XS4ALL. they have a very good record when it comes to consumer privacy and helping the internet evolve. He's a nerd, like most of us, but he can convince other people. We can do more if we try harder.
If you truly don't see why voting and free and fair election are more important than those other uses, then I suggest a lenghty review of history.
Seriously, did you take a eigth grade civics?
They may be just as vulnerable, but you can check your balance and know if there is something suspicious going on.
"What next? Seriously, why is voting any different from these other very important uses of computers? Doesn't it make more sense to fix the problem rather than ban the machines?"
There's a very good reason why it's different: because in a secret ballot recorded by computer there is no way to verify the integrity of the data. In all of the examples you list above (electronic trading, ATMs), it is possible to compare the data in the computer with the data you expect to be in the computer.
For example, if you take €200 out of an ATM and your bank balance is debited by €500, this error will be pretty obvious to you. If you cast a vote in an electronic election, you can never know if your vote was recorded correctly.
There is no way to get around this problem without a voter-verifiable audit trail (VVAT).
In any case, the election in question is in 3 weeks' time, which doesn't really allow adequate time to fix the machines, even if that were possible.
The automated financial transactions (like your "automated ATM machine teller machine") are auditable.
The life & safety equipment is subject to extensive testing.
Unfortunately, the voting machines are not subject to the same scrutiny.
Have you considered that threatening to ban voting machines might just be one way to "fix the problem"?
I am not a crackpot.
People not being able to vote due to paper jams. More moving parts will be problematic.
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
init 11 - for when you need that edge.
You can object to transactions because you usually do get a receipt, but it's much more difficult to object to election results because an inherent property of secret elections is that you get no receipt, meaning that it's _very_ difficult to find any proof if an election fraud was done by modifying the voting computers.
A monkey is doing the real work for me.
If you jigger the results so your candidate wins by some legally specified margin (say, you fix it so he gets 51.03% of the vote), then in most jurisdictions there is no basis for a recount and no grounds for legal challenge. All you have to do is survive the pre- and post- validity checks (and in some jurisdictions give the right responses to a check during the election), fairly trivial programming tasks. The fact that a vote one way is reflected on the paper and the vote is tallied in a different way electronically will never become apparent unless you hand count every precinct every time--all you have to do to win is to jigger the tally in the precincts that survey in favor of your opponent, and if you are the party in power, you do your check counts where you haven't jiggered the tally. You have to have your eye on the total electoral process when electronic voting is the standard, and you have fairly easy ways of checking paper ballots unless your political leaders have chosen stupid systems which are obivously prone to error, as was the case in Florida in the 2000 presidential election.
Plus, voting machines are everyday proved insecure.
Even more so in this special case. I was told by well-informed sources that these machines are actually Windows-XP-based and have GPRS connection. Rumors say that the Dutch secret service had security-audited this type of machine, and seems to have found some potential security holes, which seems to be the unofficial reason for the ban.
A monkey is doing the real work for me.
In the PDF document they tell that they were challenged by the builder of the original voting-machine to turn it into a chess-computer.
:)
Which they did.
This unique sig is intended to make this user more recognisable.
Of the other 90% (another brand of voting machines) the dutch secret service still has to confirm whether they are safe or not. The action group responsible for this uproar has already demonstrated on television how easy it is to read out some of the information of a vote on this brand.
Yes they do http://www.computerworld.com/printthis/2005/0,4814 ,99290,00.html/.
A problem that has been hapening is that the paper ribbon in the machine will jam frequently or run out. When they run out, many times the polling volunteers don't have a clue on how to fix it.
You may disagree, but not using voting machines seems the best idea so far. Hell, our country had an electional scandal because of the vote data being stored insecurely, despite the fact that the elections were paper-based. It is highly unlikely to find the guilty (or even to confirm manipulations) in a voting machine situation as digital voting lets someone to modify the results maliciously without leaving a trace. Is that a right route to take?
If voting machines were tested as rigorously as avionics I don't think there would be as much of a problem.
The parent makes a good point. Many of those Point of Sale terminals would probably make better voting machines than the expensive $100,000 each voting machines.
- Each of those point of sale terminals has a printer (for paper records).
- Each has been thoroughly analysed to minimize the likelihood of hacking.
- At least here in Canada, many of the communications are encrypted.
- Due to widespread use, we have much empirical data on how hard / easy each machine is to hack.
- Some have even been developed to minimize EMI emissions, so they don't broadcast everyones PIN (vote) around the room.
- Many of the chips inside have been developed to resist hacking. They are designed so people can't easily get access to the firmware and encryption codes. They are designed to resist unauthorized reprogramming and remain a useful (functional) device.
All told, they would be a pretty inexpensive starting point if you wanted to build a secure voting system.
Secret service involvement is not a rumor. The press release (Dutch only) by the responsible Minister states that the AIVD (Dutch secret service) has examined these voting machines, and has concentrated on whether voting is remotely observable (Van Eck-type attacks). The press release doesn't mention GPRS-related attacks. What the AIVD found officially was serious enough on its own, and very plausible. No need for it to be a cover for another type of attack.
Why should we take E-voting advice from a Dutch guy who probably thinks our Joint Chiefs of Staff are a bunch of Native American elders rolling extra-large doobies?
And it's not like the Dutch know what a proper voting machine looks like. As Taco himself said, these Dutch diebolds have less space than a Nomad and no wireless: lame
Obama likes poor people so much, he wants to make more of them.
Open Voting Consortium which needs your donations of time or money to develop the open source implementation of this, and Populex, a commercial product both work exactly as you describe. But plugging all the loopholes in it is trickier than you might think. Go to OVC's site and read up.
Some drink at the fountain of knowledge. Others just gargle.
I think its all bollocks. All those voting machines are equal, the only difference maybe the software which is being used but its just that which makes it vulnerable. The software is embedded on an EPROM which is very easily switched which can influence the ellections. By the way; its not the national goverment but a few local goverments (in Dutch "gemeenten", counties I guess, but in a different sense of the word) which decided on this.
Another delicate, yet ignored, issue is the way voting machines are locked down. All those machines can be started and stopped with the exact same key. Naturally this little issue doesn't get any attention from our local goverment. And thats not even getting into more details with regards to storage. Many of those voting machines (yes, the ones which will be actually used in the actual process) are not safely locked away. A report has shown that its rather easy to gain entry to such a storage depot: in many cases all you need to do is climb a single fence.
The last reason I think this is all a bunch of balony is the fact that the producer of this voting machine works and believes in the "Security through obscurity" strategy, our goverment has even bound themselves to that. Concluding that it would be impossible for them to share the actual reason why this particular machine was banned from the elections. Simply because it would mean that they'd have to disclose a difference between them which, alledgedly, isn't there to begin with. So to me its all a bunch of balony. Just taking some action to make the population feel safe again. Well, if I have the chance I too will try to avoid a voting machine and cast my vote the old way. My trust in those cettles has really dropped to below 0.
And in addition to that local newspapers also report that Nedap (company which makes these machines) is already in the process to deliver 500 extra. You can read this report here (its in Dutch). It basicly says that the counties ("gemeenten") who rejected the machines can get replacements.
Only the Sdu computers (a small minority) are banned. The rather thoroughly hacked Nedap computers are still okay, according to minister Nicolai. Instead of showing him some support, ask him to ban those too, because they're really not any better.
A few minor improvements have been made, but the basic problem remains: voting computers are a black box, and it's impossible for normal voters to check if they work properly, if their vote is being counted, if somebody has messed with it (and it is easy to mess with them), etc.
The average voter has no way of knowing if a voting machine is doing it's job.
The average voter?
Would anyone know if votes were tampered with in software?
Paper and pencil, please! I will count the votes myself if no one else wants to.
Spoon not. Fork, or fork not. There is no spoon.
OK, then at least parts of the rumor were true.
A monkey is doing the real work for me.
Okay, I'm saying it: We should never use computers for voting.
Computers don't really bring much to the table that's positive, but they do bring a lot of potential problems. I would consider it if and only if it were the case that the computer did nothing beyond print out a piece of paper with your choices clearly designated that you could then drop in a box. At least that would fix the hanging chad/erasure marks problems with paper.
As important as this is, we also need to force people to show a government-issued ID in order to vote and make sure the voter rolls are as accurate as possible. There are plenty of ways that people are currently "hacking" our elections which don't rely on computers.
Do you have ESP?
MAN!.. it'd be just like the 80's, papercuts and big metal barrels!
The more you regulate a company, the worse its products become.
>"What can be detected is the image on the screen that's visible to the voter, by which his voting could be monitored,"
says the government minister. They're talking about van Eck eavesdropping. Think about the cost-benefit ratio for an attacker. The Dutch must take ballot secrecy really seriously.
Tempest equipment is economically out of the question, maybe this is a niche for an e-ink display.
Sorry to say so but the best system is to have 1 paper with "Bush" written on it, 1 paper with "kerry" written on it, 1 envelope and you put the paper with the name of the guy you want to vote for.
Then the envelopes are opened in presence of guys from both parties and the papers are counted.
We do like this in France, we are 60 millions and we have OFFICIAL election results at around midnight when the polls are closing at 20.00, of course in the meantime you have the exit polls estimates but the official stuff comes very rapidly, I don't see why it wouldn't be possible to od this in the US, each voting station would have around 10-20 thousand ballots to count as is the case here and the results would come in quickly...
Of course it would mean bad news for diebold, but I think diebold means bad news for elections....
The government should develop a new "internet" of sorts, give access to every citizen, provide each citizen with a special proprietary "voting box" that is connected to this "internet". Everyone can vote from his or her home. This way, we could also vote directly concerning different bills and acts in congress, instead of having some stupid representative that doesn't properly represent you do your voting for you. They can come up with the ideas, but we can vote for them. I like this idea... Any takers?
The nice part about being a pessimist is that you are constantly being either proven right or pleasantly surprised.
It's simple really, use our best communication tool to do politics => the net.
How to do that securely?
Well, first of all internet has the potential to bring a *HUGE* change, it could be much much more, a Direct Democracy where everybody could participate on every issue all the time and from every where.
When, Where, What. A revolution.
Of course there is one consequence: votes could be bought. Is it a problem? Can it be fought? To be decided by each group.
Here, I'm working on such an internet democracy tool, in Ruby on Rails, called parlement. http://leparlement.org/
There are ways to secure it quite well: http://leparlement.org/security
Basically:
* P2P servers
* PGP signatures
* electoral lists
I cannot trust computer code I am not permitted to read.
There is no legitimate reason not to allow the owners of voting machines to read every last bit of the code loaded onto any computer used to register or tally votes.
Otherwise, paper ballots, hand counted.
Ed Craig "Who cares what you think?" George W. Bush, 4th of July 2001
OK, in theory it is possible to have a secure voting system - plenty of pdfs around, just go search for it.
:).
However, what I don't understand is why is it such a big deal that voters can't keep a receipt of how they voted. Or that votes have to be so secret. Yes it'll be good if they are secret or at least most of them.
So what if it means the voter can sell his/her vote?
Also, if someone could coerce 1 voter to vote a particular way (the proof being the receipt) AND get away with it, if you are pragmatic it isn't really a big issue.
If someone could force thousands of voters to vote a particular way, that's called Diebold, and not enough seem to care anyway.
If you have some evil organisation forcing thousands of voters (or more) to vote a particular way AND getting away with it, the country is already so screwed up the results aren't going to matter that much are they?
So what's the big deal
Police will patroll the voting places for the Dutch national elections extra carefully on November 22nd in order to prevent spying.
;)
The SDU machines that are now banned could be monitored from 120+ Feet (40 Meter). The more common (in the Dutch elections) but not yet banned Nedap voting computer can be monitored from 15 Feet (5 Meter). So the Dutch police will be on the lookout for anybody close to the voting locations with an antenna sticking our of their pocket
sorry, germans only ;)
https://berlin.ccc.de/index.php/Anti-Wahlcomputer- Petition
My precinct votes with optically-scanned ballots on thick paper. It's kind of like standardized tests in schools, either fill in the circle or complete the line. The printing is right on the ballot, so there's no confusion of which circle of line to mark.
Not to be Luddite or anything, but as far as I can tell, it's pretty much perfect for voting. Understandable, machine-count for speed, and verifiable.
The living have better things to do than to continue hating the dead.
voting machines raised to cost per election in amsterdam from 1,6 million euros to 2,7, source: http://www.heise.de/newsticker/meldung/76905 (german)
Voter cards. Why don't we have Voter Cards? You show up, use your card, your vote is registered with your Voter ID. It could be made to be as safe and secure as anything we have now, and there would be accountability - you could have your vote recorded digitally on your card (a receipt!). You'd be required to have a card (like a social security card or whatever), and if you don't want to vote, just as in Australia, you pay a $20 fee for the privilege of "making a statement by not voting" or just to be lazy (it could come right out of your taxes).
Voting isn't just a privilege or a right, it's a duty. We should treat it that way.
"I would rather be exposed to the inconveniences attending too much liberty than to those attending too small a degree of it." - Thomas Jefferson
"To vote is like the payment of a debt--a duty never to be neglected, if its performance is possible." -- Rutherford B. Hayes
"But you must remember, my fellow-citizens, that eternal vigilance by the people is the price of liberty, and that you must pay the price if you wish to secure the blessing. It behooves you, therefore, to be watchful in your States as well as in the Federal Government." -- Andrew Jackson
"Let each citizen remember at the moment he is offering his vote... that he is executing one of the most solemn trusts in human society for which he is accountable to God and his country." -- Samuel Adams
"Nobody will ever deprive the American people of the right to vote except the American people themselves--and the only way they could do this is by not voting." -- Franklin D. Roosevelt
"Elections belong to the people. It is their decision. If they decide to turn their back on the fire and burn their behinds, then they will just have to sit on their blisters." -- Abraham Lincoln
"Bad politicians are sent to Washington by good people who don't vote." -- William E. Simon
"Let each citizen remember at the moment he is offering his vote that he is not making a present or a compliment to please an individual--or at least that he ought not so to do; but that he is executing one of the most solemn trusts in human society for which he is accountable to God and his country." -- Samuel Adams
U.S. digs for vote-machine links to Hugo Chávez In the debate about the reliability of electronic voting technology, the South Florida parent company of one of the nation's leading suppliers of touch-screen voting machines is drawing special scrutiny from the U.S. government. Federal officials are investigating whether Smartmatic, owner of Oakland, Calif.-based Sequoia Voting Systems, is secretly controlled by Venezuelan President Hugo Chávez, according to two people familiar with the probe. ...
http://www.miami.com/mld/miamiherald/news/15869919 .htm
it's just such a clever hack to convice US-citizens that voting machines might not be trusted :))
There is one other problem with e-voting: it adds some artificial bottlenecks to the system.
With paper voting, the voting is supervised by many local people, mostly (at least in Germany) senior citizens with a good sense of self respect and usually in a stable sitution. These people are not bought easily. You would have to bribe quite a lot of them to make an effect on the outcome. My grandad used to lead a voting station for several years and anyone offering to buy him would be looking for his teeth in the next county, I should think.
With e-voting, anyone interested in changing the outcome just has to find someone at one or at most the few companies making the machines and have him tamper with the things. This could be the manager who got the job from his political connections anyway or the unpaid summer intern or anyone in between. You just need one person in a whole company.
This makes evoting very susceptible to a money/power based attack even if it could be protected from an intelligence based attack.
-- Put crudely, the world is an extremely large problem instance. (Russel/Norvig Artificial Intelligence)
Is it any easier if a "paper" election is rigged? I really have my doubts.
It will not be hard to add a "receipt" function to a voting machine, but again, I don't think the additional value would really make the election less vulnerable.
But then again, I could be wrong.
They only banned SDU-machines and will now use those from nedap, which are also proven to be unsecure: http://www.wijvertrouwenstemcomputersniet.nl/Engli sh
green light for nedap:
http://www.heise.de/newsticker/meldung/80316/from/ atom10 (sorry, german only, babelfish it)
If you're going electronic, it's going to give you quick results. Just dump the results from the machines into a tabulator, and then you've got the vote.
Now afterwards, you have a group of people (with mixed or no political affiliation) count the paper votes. It might take longer, but in a few days you've got your initial electronic vote, and what is hopefully a consistent paper vote to back it up. If there's a big difference between the two, it's time to do some serious investigating as to why.
So few voters know the issues or candidates.
Many can't even figure out how to punch a chad from a card.
I say we just let the voting machines do the voting for us.
Put some real autonomy in the boxes, give 'em access to the web
(for researching the issues), and let 'em go at it!
Sure -- I don't think anyone is saying we should never use computers for voting. Fix the problems, and then use them for voting. Advocates of electronic voting seem to be saying we should do it the other way around, which is insane.
I am saying we should never use computers for voting.
It would take literally tens of thousands of man hours to review both the hardware and software coding. You'd have to approve not only the software, but every individual logic circuit on the system board. Through however many revisions you must endure to get from prototype to production unit.
Then you have to verify that the "approved" chips are the ones actually installed in the voting machines, by making them in a supervised, secure factory. Hacked chips could easily report themselves "approved". If they did, only examination with an electron microscope could prove them right or wrong.
You can do it, but how much are you willing to spend? It would take tens of thousands of hours by highly skilled coders and technicians to create a truly trustworthy system.
There's an easier solution that's just as effective, but it is cheaper and more trustworthy. Paper ballots.
"Electronic Voting Machines" must never be more than specialized devices for printing human-readable paper ballots, and SEPARATE machines to count the ballots quickly. (Even individual, on-the-spot optical counting machines would be fine, if you NEED the speed of electronic voting. You could be 99% counted before the precinct even closes!)
Anything else is untrustworthy, reduces confidence in the democratic process, and invites large scale fraud.
Sticking up your nose?
Especially the link re: availabilty!