Slashdot Mirror

← Back to Stories (view on slashdot.org)

Group Sues To Stop German E-Voting

Posted by kdawson on from the we-don't-like-them-either dept.

kRemit writes "The German hacker group Chaos Computer Club today sued the German State of Hessen to prevent the use of electronic voting machines (Google translation) in the upcoming elections on January 27. This comes as a follow-up to the Dutch initiative 'We don't trust voting machines,' which succeeded in banning the same type of voting machines in the Netherlands."

1 of 92 comments (clear)

  1. Electronic paper voting? by pv2b · · Score: 4, Interesting

    There's generally not much wrong with paper voting, as long as the process is totally transparent, but there are a few ways you can cheat with paper voting, but generally it's a pretty good system.

    There are a lot of smart people asking -- how can we make electronic voting as good as traditional voting with slips of paper? What if that's the wrong question? What if instead, paper voting could be made *better* with the advent of electronic technology?

    There was an article a week or so back describing some place printing ballots on demand. What if paper ballots were printed on demand, but the people printing them are the voters? A machine could be hooked up to print a ballot when a voter presses the correct buttons, and would only print out one ballot per voter. The ballots themselves would also have a barcode on them with a code certifying which machine printed them. The printers would count how many ballots were printed, and if that number doesn't match the number counted, that'd signify a problem -- either the machines were tampered with, or the physical ballots.

    Now, that'd still make it possible to print excessive ballots from a printer, but then the number of votes wouldn't match the number of voters, and thus, number of votes cast.

    To fix that, you could use some kind of public key cryptography system. In order to vote, you are sent a voter registration card, which contains a single-use private key on a 2D-barcode, which in turn is signed by whatever authority compiles the eligible voters list. That private key in turn is used to sign a message that simply says "I voted" and nothing else. That would eliminate the possibility of faking lists of who voted, except if the private key itself was falsified to start with, or if multiple such keys were assigned per person.

    But that's okay. Now there are only three possible attack vectors (that I can think of) -- key falsification (only possible if you're part of the authority that issues voter identities), key theft (possible if you rifle through the mail of whoever's identity you want to steal), and vote changing (would require tampering both with voting machines *and* with paper ballots).

    The key theft threat can be mitigated by rigorous identity checks -- posession of the proper private key should not be sufficient to vote -- some kind of ID should also be neccessary, and the key falsification threat can be minimized by *very* rigorous inspection of whatever authority issues said keys, and the vote changing scenario is made more difficult than it used to be.

    Now, such a system would probably never be implemented due to cost concerns. But it'd probably be better than the paper voting we have today, and it wouldn't break the secret ballot, nor would it make the system less transparent. It'd basically be the old system with a parallell electronic system to ensure whoever counts the paper ballots are honest. There are probably other flaws too, I don't know. :-)