Slashdot Mirror

← Back to Stories (view on slashdot.org)

7,000 Irish e-Voting Machines To Be Scrapped

Posted by Soulskill on from the return-on-investment dept.

lampsie writes "You may recall from back in January 2012 that the Irish government had deemed their stock of 7,000 e-voting machines 'worthless.' Turns out they are not — after spending upwards of €54 million purchasing them almost a decade ago, all 7,000 will now be scrapped for €70,000 (just over nine Euros each). The machines were scrapped because 'they could not be guaranteed to be safe from tampering [...] and they could not produce a printout so that votes/results could be double-checked.'"

36 of 198 comments (clear)

  1. chéad phost by Anonymous Coward · · Score: 5, Funny

    chéad phost

    1. Re:chéad phost by Hognoxious · · Score: 3, Funny

      chéad mÃle iomarcaÃochtaÃ

      Fuck off, Legolas.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  2. awwwww by slashmydots · · Score: 3, Funny

    Daaaaamn, what a waste, considering people have proven you can run Tetris on them. They could have had a whole arcade.

  3. How Difficult Is It Really? by AnotherAnonymousUser · · Score: 3, Insightful

    As a question for the geeks and engineers of the community - how truly difficult is it to make one of these voting machines safe for use? Is there something I'm missing that would make it difficult to have a kiosk with an imaged system that's been certified, locked down, and can print out results, without it being easy to tamper with or easy to fudge the numbers of? It seems like this is something that engineers could have designed to be foolproof by now, and at a fraction of the budget. How truly complex is the problem they're trying to solve?

    1. Re:How Difficult Is It Really? by Hentes · · Score: 2

      Assuming that the goal is to make them secure, it's not easy. When someone has physical access to your machine you are already in a losing battle.

    2. Re:How Difficult Is It Really? by pegasustonans · · Score: 3, Insightful

      How truly complex is the problem they're trying to solve?

      Nothing that an old-fashioned optical scan ballot couldn't handle.

      In other words, using the machine was a solution looking for a problem (and causing numerous problems of its own).

      --
      And all our yesterdays have lighted fools The way to dusty death. --Will
    3. Re:How Difficult Is It Really? by alteridem · · Score: 3, Insightful

      I believe it is actually more difficult than it would appear, mainly because you need to give people access to the machine to enter the candidates and when you do that, you are potentially giving them access to do other things. That said, the problem is not insurmountable. I would suggest open-sourcing the software and the hardware design. There are enough people that are interested in this problem that I expect that it would be well supported and potential security flaws found and fixed quickly. It would also greatly reduce the development costs. We would still need companies and governments to work together to build and certify the machines, but everyone could be working off a common, open blueprint.

    4. Re:How Difficult Is It Really? by Confusedent · · Score: 5, Informative

      Here's what Schneier said about it in 2004:

      "Computer security experts are unanimous on what to do. (Some voting experts disagree, but I think we’re all much better off listening to the computer security experts. The problems here are with the computer, not with the fact that the computer is being used in a voting application.) And they have two recommendations:

      DRE machines must have a voter-verifiable paper audit trails (sometimes called a voter-verified paper ballot). This is a paper ballot printed out by the voting machine, which the voter is allowed to look at and verify. He doesn’t take it home with him. Either he looks at it on the machine behind a glass screen, or he takes the paper and puts it into a ballot box. The point of this is twofold. One, it allows the voter to confirm that his vote was recorded in the manner he intended. And two, it provides the mechanism for a recount if there are problems with the machine.

      Software used on DRE machines must be open to public scrutiny. This also has two functions. One, it allows any interested party to examine the software and find bugs, which can then be corrected. This public analysis improves security. And two, it increases public confidence in the voting process. If the software is public, no one can insinuate that the voting system has unfairness built into the code. (Companies that make these machines regularly argue that they need to keep their software secret for security reasons. Don’t believe them. In this instance, secrecy has nothing to do with security.)

      Computerized systems with these characteristics won’t be perfect -- no piece of software is -- but they’ll be much better than what we have now. We need to start treating voting software like we treat any other high-reliability system. The auditing that is conducted on slot machine software in the U.S. is significantly more meticulous than what is done to voting software. The development process for mission-critical airplane software makes voting software look like a slapdash affair. If we care about the integrity of our elections, this has to change."

      Source.

    5. Re:How Difficult Is It Really? by Sperbels · · Score: 2

      Is there something I'm missing that would make it difficult to have a kiosk with an imaged system that's been certified, locked down, and can print out results, without it being easy to tamper with or easy to fudge the numbers of?

      Yes. What you're missing is that the people making them/buying them didn't want secure machines. They wanted something they could tamper with.

    6. Re:How Difficult Is It Really? by EnergyScholar · · Score: 3, Insightful

      It's really, really difficult to secure electronic voting machines and the associated system. Close to impossible. Worse, what's the point? Seriously, electronic voting does nothing new, and adds many new vectors for systemic fraud. It's a losing proposition, unless you wish to defraud the voting system, in which case it's a win.

    7. Re:How Difficult Is It Really? by Bookwyrm · · Score: 2

      The effort and cost of designing such a thing is one aspect. *Verifying* that the actual manufactured item is tamper-proof, accurate, etc. is another. For instance, if you have to secure your entire supply chain to make sure none of the components involved might have been compromised or substituted due to cost cutting (keep in mind that this does not have to be someone trying to skew the vote on purpose, it could be someone being cheap or lazy and producing something prone to errors,) then that aspect can take quite a lot of time and effort.

      It's not just designing the box. It's designing the box and the entire process such that not only the box but the process of making the box can be audited through out the life-cycle of the box and its operation. (And there might be some level of who audits the auditors, etc. What happens if a part must be replaced by a different part because of a supply chain problem -- does everything need to be re-certified, etc.)

      That's not cheap or simple. It's not the design, it's the process and logistics.

    8. Re:How Difficult Is It Really? by azalin · · Score: 2

      Yes. What you're missing is that the people making them/buying them didn't want secure machines. They wanted something they could tamper with.

      I still have enough faith in humanity left to blame it on stupidity, ignorance, carelessness and greed.

    9. Re:How Difficult Is It Really? by Grishnakh · · Score: 2

      Wrong.

      You don't give the voters access to the whole machine, you only give them access to the touchscreen monitor, and maybe some kind of keypad. If you were to be believed, then we wouldn't be able to use ATMs.

      Now of course, as the other poster noted, this means you can't do stupid things like have USB or SD/MMC ports that are user-accessible.

      When we talk about having "physical access" to a machine, that means the WHOLE machine, as in a desktop PC where you can put your hands on the tower case, plug in USB devices, open the side panel, unplug the hard drive and put it in another system to access it, etc. Having the system locked inside a kiosk where you'd need a plasma torch to open it, and only having a touchscreen accessible to users, is NOT the same thing.

    10. Re:How Difficult Is It Really? by Grishnakh · · Score: 2

      That's because ATMs are stuck using 70s or 80s technology, namely easily-copied mag-stripe cards with crappy 4-digit PINs, with no encryption used at all. It's not the fault of the ATMs, it's because the whole industry refuses to move to a more secure access device. It's amazing that more money isn't stolen every day.

      There's no requirement that voting machines use the same crappy access mechanism. In fact, the access mechanism would be totally different, because of the anonymity requirement; I'm just guessing, but if it's like the elections (which only use optically-scanned cards) I've voted in, you first have to go past one panel of people with your state ID so they can verify you're registered to vote in that precinct and cross your name off, and then they give you a card so you can vote on an anonymous form or machine. With e-voting, they'd just need to give you some sort of access card, or even not at all, just let you use the machine since only verified voters should be allowed to walk up to it and make a vote. It's not like these e-voting machines will be out in dark parking lots at night with anyone allowed to walk up to them.

    11. Re:How Difficult Is It Really? by unwastaken · · Score: 2

      Yes. What you're missing is that the people making them/buying them didn't want secure machines. They wanted something they could tamper with.

      I still have enough faith in humanity left to blame it on stupidity, ignorance, carelessness and greed.

      Read this and then tell me whether you still feel like that.

    12. Re:How Difficult Is It Really? by Shagg · · Score: 2

      In other words, using the machine was a solution looking for a problem

      E-voting machines definitely solve a problem. It's just that the public's definition of a problem, and a politician's definition of a problem aren't the same thing.

      For example, if you want to steal an election, physical paper voting/counting makes it very difficult to effect a large number of votes without having a lot of different people involved (greatly increasing the risk of the public finding out). E-voting machines definitely solve that problem.

      --
      Unix is user friendly, it's just selective about who its friends are.
    13. Re:How Difficult Is It Really? by Skapare · · Score: 3, Insightful

      Electronic voting speeds up the results. But it's only the new media that wants that.

      The design I proposed was a triple path election system. There would be simple machines to vote at that produce three "results": paper, storage, and communication. But it is the paper result that counts. The stored results (on a CF card) are just for verification. The communicated results are just for the media. The paper result is actually handed to the voter. It will be printed in clear text with the names of who they voted for, and a bar code or QR code to checksum the vote. They take the paper over to the ballot box area. But first, the paper is scanned by a reader right there. Then the paper is inserted into the sealed ballot box. The scanner also stores results and transmits these results separately, which are cross checked. The official results will be the paper count. But the electronic results satisfy the media hunger for instant answers.

      --
      now we need to go OSS in diesel cars
    14. Re:How Difficult Is It Really? by TapeCutter · · Score: 3, Insightful

      If they can seal an ATM, they can seal a voting machine. This truly isn't rocket science.

      No it's not rocket science, nor is it ATM science. Learn how and why the traditional paper systems work and one day you may understand why the quote above is 'not even wrong'.

      This method is used in Sweden for example, and conducted as follows. The voter casts three ballots, one for each of the three elections (national, regional, and local), each in a sealed envelope. The party and candidate names are pre-printed on the ballot, or the voter can write them in on a blank ballot. When voting has finished, all envelopes are opened on the counting table, for one election at a time. They are sorted in piles according to party, inspecting them for validity. The piles are then counted manually, while witnesses around the table observe. The count is recorded, and the same pile is counted again. If the results do not agree, it is counted a third time. When all piles are counted and the results agree, the result is certified and transmitted for central tabulation. The count as received is made public, to allow anyone to double-check the tabulation and audit the raw data. There appears to be a high level of confidence in this system among the population, as evidenced by the lack of criticism of it." - Shamelessly C&P from WP.

      The last sentance in the quote hits the nail on the head, elections are about trust, anyone who thinks electronic voting is a good idea should be asking themselves what "problem" are they "solving"?

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    15. Re:How Difficult Is It Really? by sl4shd0rk · · Score: 2

      You don't give the voters access to the whole machine, you only give them access to the touchscreen monitor,

      It's not the vote which matters. It's who counts them.

      --
      Join the Slashcott! Feb 10 thru Feb 17!
    16. Re:How Difficult Is It Really? by Grishnakh · · Score: 2

      If you don't trust the people running the polling station to not stuff the ballot box (in a case where you're using paper ballots), then this is really moot.

      Of course, I guess with paper ballots, you can put some simple checks into the system to detect tampering, like only having a specific number of ballots printed and using magnetic ink so they're not easily duplicated. Detecting e-voting tampering would be much more difficult. Even so, by making sure that no one (or two) person is allowed access to the machines without supervision, it should be possible to minimize the possibility of tampering. Surely there's checks like that in place with regular paper voting too.

  4. use the same system for slot machines by Joe_Dragon · · Score: 4, Insightful

    use the same system for slot machines
    they go under lots of testing to make them hard to cheat them even to the point of shocking them.

    1. Re:use the same system for slot machines by rtfa-troll · · Score: 5, Interesting
      Nobody actually knows how hard this is since nobody has ever actually succeeded in doing it, despite the fact that many people have tried. Here is another example:

      use the same system for slot machines they go under lots of testing to make them hard to cheat them even to the point of shocking them.

      This is one of the standard examples, the other given is bank machines. The average engineer/computer scientest will tell you this every time up to the stage of actually starting voting machine companies and spending millions on delivering machines which fail to be sufficiently secure. Just think about how much more hostile the voting machine environment

      • if you cheat a slot machine you can get a few hundred dollars - if you beat a voting machine you can controll F22 contracts worth US$66.7 billion
      • slot machines are run in an environemnt where you can watch the users - watching voters is illegal
      • you can see who wins on your slot machine and almost nobody cares - voters are supposed to be anonymous
      • slot machines are essentially static; the money is put in and taken out in the bar - voting machines have to be distributed to many locations
      • your slot machine will still earn money even if it is completely emptied several times a year - a voting machine only needs to lose once

      It's true that the slot Las Vegas slot machine program is much better than any current voting machine goes through. That is outrageous. However, don't think that if you did follow the Las Vegas system that would be enough.

      --
      =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
    2. Re:use the same system for slot machines by RobertLTux · · Score: 2

      one "feature" that voting machines don't have that Vegas slots had back in the day

      They used to break people for cheating the slot machines

      --
      Any person using FTFY or editing my postings agrees to a US$50.00 charge
    3. Re:use the same system for slot machines by khendron · · Score: 5, Insightful

      I pay my bills online.
      I do my banking online.
      I order my shopping online...

      And all those activities are the target of a significant amount of fraud. It is tolerated, though, because the savings outweigh the costs. You can't say the same for an election.

      --
      Life is like a web application. Sometime you need cookies just to get by.
  5. I look forward to the official statement by poetmatt · · Score: 2

    I can just see it now:

    "Did we get screwed? I think so"

    while the reality is "Maybe we should have researched this before investing"

  6. Interesting Maths by AlastairMurray · · Score: 2

    all 7,000 will now be scrapped for €70,000 (just over nine Euros each).

    I suppose €10 is just over €9.

    1. Re:Interesting Maths by rtfa-troll · · Score: 2

      If you had READ the FINE ARTICLE; you would know that 7000 == 7500 and 9 == 9.30 and 70,000 == 70,267. Typical careless rounding of the type that can easily get the wrong person elected..

      --
      =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
  7. That depends on your limitations by Casandro · · Score: 3, Interesting

    Building a voting computer which satisfies the demands for a democratic election is near impossible.
    Since fraud needs to be detectable even by single uneducated voters, there minimum security would be like this:

    1. Get at least 80% of your voters a degree in Mathematics and Cryptology. They need to be able to verify all the algorithms used in the process.
    2. Get at least 80% of your voters fluent in reading machine code off microscope images of ROM chips.
    3. Get at least 80% of your voters good at re-engineering micro controller systems from silicon up in a reasonable timespan. (e.g. 30 minutes, this might require genetic engineering)
    4. Develop a form of computing device which is transparent.

    The big point is, it's not enough if we have some "perfect" voting computer which 10 specialists attest to be "perfect". For a democratic election everybody who is allowed to vote must be able to check the system for fraud. With a simple pen and paper system that is trivial. You just sit at the polling station, check that only single sheets are handed out to the voters. You also check that the voting urn is empty when the voting starts and that everybody just puts in his single sheet into it. Then you check the counting for miscounts and people trying to hide votes. The total number of votes can be compared in different ways.

    So everybody involved in it can check it. There is no secret knownledge involved. You can come up with the points I just wrote by yourself. You can even find the points I was missing. That's the minimum standard for voting systems, and it can be settled by the cheapest way to conduct elections, pen and paper. Why on earth should we spend a lot of money for much worse systems?

  8. an outline for a secure voting machine by RobertLTux · · Score: 2

    1 have as little of the OS loaded as possible
    2 the OS image should be on a readonly image (with the image FIXED no later than 14 days before an election)
    3 the poll info should be on a separate image (also readonly)

    the voting screen should have a hash of both images on a "rail" at the bottom so that both can be verified at random

    when you vote your vote info should be etched on a metal plate (each one should be given a serial number and accounted for) that holds X votes. Also a printout should be presented to you so you can verify your votes.

    if any issues show up then you
    1 count the info from the plates
    2 count the info from the voter "chits"

    and then deal with any problems as needed (good luck tampering with all three counts)

    of course then we will need to deal with the Vote Early Vote Often problems in some areas but...

    --
    Any person using FTFY or editing my postings agrees to a US$50.00 charge
    1. Re:an outline for a secure voting machine by JDG1980 · · Score: 2

      1 have as little of the OS loaded as possible 2 the OS image should be on a readonly image (with the image FIXED no later than 14 days before an election) 3 the poll info should be on a separate image (also readonly)

      For such a simple application, why use an OS at all? Wouldn't it make more sense to run on bare metal on a microcontroller?

  9. Repurposing e-voting machines? by oneiros27 · · Score: 2

    At the very least, all of the e-voting machines that I've seen have touch screens. I would think that someone could be able to get these for pennies on the dollar, and find a way to use the parts to build kiosks for other purposes.

    The CPUs might not have the necessary power for much, but if it's just a lookup & display system, it shouldn't require much.

    --
    Build it, and they will come^Hplain.
  10. The question is... by darkshadow · · Score: 2

    could one construct a Beowulf cluster of these?

    --
    -Darkshadow (There was a thing called Heaven; but all the same they used to drink enormous quantities of alcohol.)
  11. Oh boy by fiannaFailMan · · Score: 2

    There are times when I wish I could change my /. username.

    --
    Drill baby drill - on Mars
  12. Re: Chad? by rnturn · · Score: 3, Funny

    Texas and Florida are probably submitting bids at this very moment.

    --
    CUR ALLOC 20195.....5804M
  13. double-checked, so they do by Hognoxious · · Score: 2

    The requirement for double checking wasn't part of the original spec. It's just that Irish people end every sentence with "to be sure, to be sure".

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  14. Voting Machines Features are Different in Ireland by billstewart · · Score: 2

    It's not so much that they need to have English and Gaelic instead of English and Spanish - it's that the US machines' "Change to vote to Republican when nobody's looking" option means something a lot different there.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks