Slashdot Mirror
Group Sues To Stop German E-Voting
kRemit writes "The German hacker group Chaos Computer Club today sued the German State of Hessen to prevent the use of electronic voting machines (Google translation) in the upcoming elections on January 27. This comes as a follow-up to the Dutch initiative 'We don't trust voting machines,' which succeeded in banning the same type of voting machines in the Netherlands."
Whoever said hackers couldn't be useful?
The higher the technology, the sharper that two-edged sword.
but it is cumbersome, slow, small in scale, and hard to hide
on the other hand with electronic voting (and to a lesser extent mechanical voting), you have an order of magnitude more attack vectors. you can also do a lot more damage with the slightest of effort, quickly, with a lot of volatility and potential for permanent obfuscation, destruction, or scrambling and outright manipulation. you can cover your tracks well too, and you can quickly survey the landscape and tweak votes in ways that are hard to sniff out later
paper voting is totally transparent to everyone involved. electronic voting is opaque. there is no verification, nothing of substance. nothing to see or touch
electronic voting is probably one of the greatest threats to faith in democracy in the 21st century. not a joke in the least
we need to lose this really bad idea asap
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
My predictions for comments on this article:
1. Two words that I will see over and over again "Paper ballots" and arguements for them.
2. Many people bashing the American voting mess.
3. Another word... Diebold.
4. "The Canadian system is better because..."
For all of these generic posts and more, check out the history of Slashdot articles concerning the issue.
NH (and most of the rest of New England) doesn't seem to mind about its own digital voting being in unaccountable private hands, as it wields its totally disproportionate influence on the voting of the entire country.
--
make install -not war
Hessen, and the rest of the Germany too, listen up! Pardon my German, but... DAS ELEKTRONISCHE WAHLEN IST SCHLECT!! Did you get that? Electronic voting is bad! I don't know how many discussions, lawsuits, and protests that blast e-voting's many shortcomings it is going to take before they become what they should be, landfill fodder.
Seriously, at best they are a waste of money. At worst, and probably most likely, they add all sorts of new vectors for corruption in a process that is inherently corrupt. Listen, most sane people realize that instant election results are not worth the dangers involved with excessive automation of the process. Keep to Occam's razor. The simpler the system the better. Pen and paper are ideal, but a punch card system is a fair choice as well.
All the arguments are hashed and tired. There's no sensible reason to move to electronic voting. It doesn't magically increase turn-out. It's expensive. I needn't go on. However, if anyone on the elections board or whatever decisional authority over elections is reading this, this is a good starting point for comprehending the e-voting situation as it stands as a piece of the larger issue of elections in general.
SAGEN SIE NICHT ZUM ELEKTRONISCHEN WÄHLEN!!
I got a catholic block.
Why link to a crappy Google translator version when a reasonably good english version of TFA is available? There are big flags at the top of the article, one for Germany, and one for English. I suppose the submitter didn't realize that funny blue and red flag was for Great Britain and meant English.
It is however to be noted that most polling stations use Electronical voting machines in the Netherlands.
There's generally not much wrong with paper voting, as long as the process is totally transparent, but there are a few ways you can cheat with paper voting, but generally it's a pretty good system.
:-)
There are a lot of smart people asking -- how can we make electronic voting as good as traditional voting with slips of paper? What if that's the wrong question? What if instead, paper voting could be made *better* with the advent of electronic technology?
There was an article a week or so back describing some place printing ballots on demand. What if paper ballots were printed on demand, but the people printing them are the voters? A machine could be hooked up to print a ballot when a voter presses the correct buttons, and would only print out one ballot per voter. The ballots themselves would also have a barcode on them with a code certifying which machine printed them. The printers would count how many ballots were printed, and if that number doesn't match the number counted, that'd signify a problem -- either the machines were tampered with, or the physical ballots.
Now, that'd still make it possible to print excessive ballots from a printer, but then the number of votes wouldn't match the number of voters, and thus, number of votes cast.
To fix that, you could use some kind of public key cryptography system. In order to vote, you are sent a voter registration card, which contains a single-use private key on a 2D-barcode, which in turn is signed by whatever authority compiles the eligible voters list. That private key in turn is used to sign a message that simply says "I voted" and nothing else. That would eliminate the possibility of faking lists of who voted, except if the private key itself was falsified to start with, or if multiple such keys were assigned per person.
But that's okay. Now there are only three possible attack vectors (that I can think of) -- key falsification (only possible if you're part of the authority that issues voter identities), key theft (possible if you rifle through the mail of whoever's identity you want to steal), and vote changing (would require tampering both with voting machines *and* with paper ballots).
The key theft threat can be mitigated by rigorous identity checks -- posession of the proper private key should not be sufficient to vote -- some kind of ID should also be neccessary, and the key falsification threat can be minimized by *very* rigorous inspection of whatever authority issues said keys, and the vote changing scenario is made more difficult than it used to be.
Now, such a system would probably never be implemented due to cost concerns. But it'd probably be better than the paper voting we have today, and it wouldn't break the secret ballot, nor would it make the system less transparent. It'd basically be the old system with a parallell electronic system to ensure whoever counts the paper ballots are honest. There are probably other flaws too, I don't know.
Computer enthusiasts really like computers, so when they say, "No, I don't think it's a good idea to use computers for this," you should probably listen.
I'm confused.
...the idea is being pushed all over the US. Either someone thinks this is a good idea and is pressing on regardless, or someone knows this is a bad idea and is pushing it through because they have ulterior motives.
The way things are going at the moment I wouldn't be surprised if either or both are eventually proven true.
Seven Days with Ubuntu Unity
Didn't anyone see that Heroes episode? A determined team of black hats could accomplish all that easily enough, and with enough noise in the ballots to make fraud statistically fiendish to detect.
E-vote tampering is not science fiction. It's an inevitable fact.
May the Maths Be with you!
Quantity has a quality all its own.
Many people seem to have the mistaken impression that electronic voting doesn't change anything fundamental about vote fraud, it just changes how it happens. But, if the change is big enough, it becomes qualitatively different as well.
Once again, every time this topic comes up, the answer is always *paper ballots*. I feel compelled to point out that the entire reason there are electronic voting machines throughout the USA is because *we had a big problem with paper ballots in Florida*. The problems with paper ballots are almost the sole reason electronic voting is being persued. It's clearly *not* transparent and *not* straightforward - there are STILL people going over the ballots trying to get a different result and people are STILL arguing about "hanging chads" and stuff like that. Not to mention the numerous election "irregularities" that happened and continue to happen with paper ballots over history.
The points about electronic voting are largely valid (the technical points, not the conspiracy drivel) but the theory that paper ballots represent some sort of perfect world are just foolish and fly in the face of the numerous demonstrated problems
Brett
Adolf Hitler?
The best hackers complain that the best hackers control... everything?
I am confused.
Oh do they still burn hackers alive to get confessions out of them? Don't burn out our best programmers! What a waste!! oh I see now.
THE TRUTH may very well be that E - Voting is a threat to the current power structure (they know this) a system that disallows or stops the influence of special interests and or the delusions of individuals on policy making and legislative voting.
E - Voting properly implemented creates Collective Control eliminating the Corrupt Control. A few or singular individuals can be influenced and corrupted, many individuals cannot be corrupted. In other words it does not cost much to corrupt or influence.
Read the Creme Principle the best rises to the top by word of link. http://iamblogging.net/archives/2005/12/the_creme_princ.html In Infinite Play the Movie they caution to not implement Collective Control until the independent subscriber based media (intelligence services for the people) is in place and a major shift in attention is away from the corporate controlled media paid off via advertising to propagate various fictions, or fail to bring to light disruptive to the industries and professions intelligence.
Read It is said that the Corporate Status Quo Media will collapse when the end of disease protocols are released and trillion dollar class actions are brought against medical industrial complex. The media currently depends heavily on Pharmaceutical Company advertising. In other words the Media gets a cut of the drug profits and qualifies as an industry that profit from disease classifying it as one of the Death Industries. This is why they don't promote the knowledge to end disease.
The reason I suspect it is an artificial issue is that electronic voting can be secure. I can certainly design a voting system that will work, using architecture and methods I have already developed. I think others have as well.
I think we could do the secure E-secure voting system for 250K or even maybe open source. Diebold got $10's of millions for an MS Access database? I could of done it for the taxpayers for $25,000.
"an infinite player that has lost his finite mind" ~Infinite Play the Movie (it blends with reality)
The best hackers don't want to control anything.
Mod parent up. CCC is run by anarchy. The anarchists have the best groupware.
on the 24th chaos communication congress there were two interesting lectures:
one about electronic voting in the netherlands (english): http://outpost.h3q.com/fnord/24c3-torrents/24c3-2342-en-it_was_a_bad_idea_anyway.mkv.torrent
another about electronic voting vulnerabilities and the status in germany (german): http://outpost.h3q.com/fnord/24c3-torrents/24c3-2380-de-nedap_wahlcomputer_in_deutschland.mkv.torrent
I'd like to hear your description of "properly implemented". Remember that you have to reconcile three things: voter verification, accurate counting, and secret ballot. (Pick two.)
And by the way: Poorly implemented, it does just the opposite. Diebold's systems -- excuse me, Premiere Election Systems -- can have the vote compromised by anyone with access to the appropriate excel/Access database. (Might actually just be Excel.) That means there are a lot of people who are literally only a few keystrokes away from changing the vote.
I have tried, and I haven't been able to come up with anything that is better than paper, in any way.
Don't thank God, thank a doctor!
The fact these devices are not simple mechanical aides, but complex, impossible-to-verify black-box computer systems is stressed.
Actually, Hitler came to power by strategically forcing elections. He didn't much care about having them stopped as he just locked his opponents up.
I live in Germany and kept track of the voting machine controversy here. The problem is not that people want voting machines, but that politicians want them (properly because they get money from manufacturer or want to be modern or are impressed by them). When hacker groups (like the CCC) prove that voting machine are hackable, those politicians just insist they are not. They don't even try to argue, they just trust the manufacturer so much.
:-)
In this case, they want to use voting machines that the CCC has already proven to be insecure. Luckily this time this is news for mainstream media and not just heise (German slashdot equivalent)
Off Topic: About your German: the word is "schlecht" not "schlect"; and "sagen Sie Nein zum elektronischen Wählen" (say no to electronic voting) not "sagen sie nicht" (say not)
Interestingly the main argument in the case at hand is NOT that the machines are faulty or can be manipulated.
Until now elections in germany are held in public. This means that anybody can come in and watch the votes beeing counted. However with the voting machines used the people are requested to believe the government that they operate correctly. This trust should be based on secret reviews of the machines hard and software conducted by the government.
The CCC argues that his does not qualify as a public election. Elections are all about controlling the government and not about trusting it.
Using open source machines probably would meet at least this criterion of a public election.
The only reason Florida had any vote problems was Jeb Bush wanting his brother elected.
I am the unwilling control for my Origin.
Old paper voting systems, one might say, were perfected for their use.
Use them.
But underneath them, have an electronic sensor system that detects the votes.
This eliminates the problem of stuffing paper ballots as in Chicago's past and Kenya's yesterday;
and eliminates the problem of electronic machines giving whatever numbers the last programmer wanted,
not what the voters selected.
That's a double check.
No voting system should be allowed that is less trustworthy than the old paper system.
If we allow voting to be compromised, we no longer have democracies --
we have the government some programmer wants (programmocracy),
or some thug with burlap bags of ballots wants (thugocracy).
Hackers are frequently useful. Crackers are seldom if ever useful.
Acts of massive stupidity are almost never covered by warranty. --me.
"Voter verification" is a non-issue. You can see your name, address and who you voted for on some screen. But that doesn't mean jack shit. You can't be sure that the totals are correct without looking at everybody's vote. But the majority of those people are strangers to you. You don't even know that they exist, let alone how they voted.
Just displaying the person's vote you asked for and a row of "final totals" across the bottom of the screen would probably get past most people -- even if the "final totals" displayed were not the amounts you would get adding up the actual votes for each candidate. If you had some database of "who knows who" then you could even, based on the voter's ID, display their vote and the votes of anyone in their Wider Social Network correctly but alter the votes of strangers as necessary to match the "final totals".
Je fume. Tu fumes. Nous fûmes!
Theoretically possible, however, doesn't have much to do with any implementation that I've heard of. More of them seem designed to specifically allow election results to be faked than to produce honest results.
Fundamentally, the problem is that if the mechanism for counting votes is hidden, then the results can't be trusted. It could, potentially, pass every test but when a crucial date rolled around, or a switch was set, it could act in a very different way.
And it's not just the program. Every step of the procedure needs to be verifiable. It *should* be publicly verifiable, but at a bare minimum it's got to be verifiable by hired observers who aren't beholden to the participating parties.
I think we've pushed this "anyone can grow up to be president" thing too far.
even with open source software on the voting machines, there is now way for anyone to tell what the machine exactly does. even computer scientists can only hope that the machine right in front of them has the right software on it. also, if manipulations happen, there can be no recount.
also, the argument actually is about that those machines can be easily manipulated. a public counting process is only to ensure that there is no manipulation, therefore ensuring government legitimacy.
you are wrong.
We could also print out additional receipts for some other party to audit the system.
I have designed a universal information architecture / system that engineers Big Brother out of the system and retains privacy and control of one's data, yet includes transparency. The voting system could use some of the methods and structure.
The system is autonomous, with anonymity yet also providing certification and verification.
The stuff many have talked about for at least 25 years.
It can be done, perhaps those that worked on designing the voting machines thus far were not the brightest or those having the correct intentions. We just need to collectively decide to make it happen.
It is also my understanding based on insight and thought from William Poundstone and others that we need to switch from plurality voting to range voting or instant-runoff voting.
As far as hacking the system we will award anyone several hundred thousand dollars that can figure out how to hack the system. They also have to create the counter measure, fix or methods to close the vulnerability to get the award.
"an infinite player that has lost his finite mind" ~Infinite Play the Movie (it blends with reality)
- Votes left an indelible paper trail (you can't reattach a punched chad).
- The voting machines were extremely simple, requiring no electricity.
- The votes could be easily read by machines at a central location. (Standard punch card readers -- not so common anymore.)
The problems occurred because,- Some voters are idiots.
- There was no agreement in advance about how to conduct a recount.
I never noticed the slightest problem with how to mark my ballot: just move the slider to the candidate of choice and push down to punch the ballot. But, there are a lot of idiots, and no system is completely idiot proof.As to the recount, all this hanging chad business could have been prevented if they had agreed in advance to conduct recounts by machine. It's a binary decision -- the machine either registers a vote or not. The machine is not arbitrarily trying to "determine voter intent".
The new system in my county also seems like a good one. Voters mark a paper ballot with a black pen. You mark the oval, much like standard multiple-choice tests. The ballots are counted immediately by machine, but the paper ballot drops into the box, saved in case of recounts. Ballots with conflicting marks are kicked back right away so the voter can be offered another ballot. But, I'm sure some idiots will screw up this system also.
Computers obey me.
Alright, let me get this straight: Are these "public databases" exposed, in full? Are they simply every single vote, and who it was for?
If so, that kills your anonymity/secrecy. It now becomes possible for people to literally and directly buy votes, because they can make sure, when you come back out, that your vote was for the candidate they paid you to vote for.
I'll believe it when I see it. (Or specs, or a whitepaper, or an informal rant.)
Maybe so, but it doesn't solve the fundamental problems with the voting process.
Read this.
Read this. A relevant excerpt:
Look, we both agree on what the perfect, ideal goal is. I'm not really sure it's possible -- in fact, I'm reasonably sure it's not possible, and that we can only get some rough approximation of it. So, when I say "nice try", I actually mean that I'm glad you're trying, but I sincerely doubt you've come up with anything fundamentally different enough to work.
Don't thank God, thank a doctor!