E-Voting Source Code Made Public In Estonia

← Back to Stories (view on slashdot.org)

E-Voting Source Code Made Public In Estonia

Posted by Soulskill on Friday July 12, 2013 @07:08AM from the but-omg-hackers dept.

New submitter paavo512 writes "Server-side source code used for electronic voting was made fully public by Estonian officials on July 11 (in Estonian). The aim is to encourage more specialists to get involved in the technical analysis of the software. It is hoped that public overview will help to ensure the security of the system. E-voting has been successfully used five times in Estonia since 2007. It facilitates national ID cards which are obligatory for all citizens. In the next municipal elections later this year it is planned to test an experimental feature where the voter can check via a physically separate channel (smart phone) if his or her vote has been registered correctly. The publicized source code is available at GitHub."

88 comments

Min score:

Reason:

Sort:

The big question by Anonymous Coward · 2013-07-12 07:11 · Score: 2, Interesting

How do you verify that the published source code is running unmodified on the production servers?
1. Re:The big question by i+kan+reed · 2013-07-12 07:20 · Score: 4, Insightful
  
  The typical answer is the same magic answer that's been a part of democracy since the invention of the secret ballot: oversight. Think the oversight is foxes watching the hen-house? Volunteer!
2. Re:The big question by Thry · 2013-07-12 07:33 · Score: 1
  
  The same way you verify that the published final result matches the actual votes!
3. Re:The big question by MarcoAtWork · 2013-07-12 07:41 · Score: 4, Insightful
  
  it's a lot simpler to have oversight of paper ballots being counted by hand than of a program running on a computer somewhere: there's no way anybody can be sure the program being actually run is the program that was generated via the source code you are given.
  Not to mention that there is no way you can be sure about the *environment* the software is run on, since it would be trivial to have some kernel/environment exploits that could alter the result arbitrarily.
  The only way one could be sure there are no electronic shenanigans would be redundancy:
  - provide the source code and build instructions for all the software
  - at voting time anybody can come in, get the raw data and run it on their own compiled copy of the software, if there is a discrepancy flags would be raised and the result would not be accepted until at least a certain number of independent computers come up with the same result
  
  --
  -- the cake is a lie
4. Re:The big question by Anonymous Coward · 2013-07-12 07:44 · Score: 1
  
  Signed binaries and random unannounced audits.
5. Re:The big question by tsadi · 2013-07-12 07:50 · Score: 1
  
  The part where they will be testing an "experimental feature where the voter can check via a physically separate channel (smart phone) if his or her vote has been registered correctly" sounds like a good start. When you get verified reports of people's votes getting changed along the way, you launch an investigation and trace how/where it happened.
6. Re:The big question by Pieroxy · 2013-07-12 08:01 · Score: 1
  
  The same way you verify that the published final result matches the actual votes!
  You mean by counting manually the bits in the RAM of the machine, or counting the votes (with a witness in the booth) and checking that against the overall results?
  The ONLY way to make e-voting productive is to have those machines ... produce a piece of paper on whitch the voter can check that the right name is printed on. Put it in an envelope, and in the urn. At the end of the day, the ballots are opened by some volunteers, the name printed on is read out loud, they are passed into a machine and a giant screen in the room shows the scores increase.
  That way:
  - Considerably less paper (one ballot per voter)
  - Faster counting (just read the name out loud, people check that the right dude gets the upcount - much faster than doing everything manually.
  - Possibility to do it manually for recount / electricity outage, etc... Everything in printed on ballots.
  - The voter can actually make sure he votes for the person he intended to. It's written on the piece of paper.
  - No need to check the software. because of the previous point.
  
  --
  Write boring code, not shiny code!
7. Re:The big question by lister+king+of+smeg · 2013-07-12 08:29 · Score: 2, Informative
  
  Ken Thompson compiler hack?
  
  --
  ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
8. Re:The big question by CastrTroy · 2013-07-12 08:30 · Score: 1
  
  But then you no longer have a secret ballot. If you can prove that you voted for a specific person, you can be coerced by others (your boss, the mob, some guy giving you money) to prove that you voted for who they wanted you to vote for. A system has to be verifiable in the sense that you can be reasonably sure that all the votes are counted correctly, without being altered, and without being able to attach the votes to who cast them. This is why paper ballots work. Start with an empty sealed box, verified by multiple people. Watch individual voters put individual ballots in to the sealed box. Keep the box sealed until counting. Watch the box be opened and verify things are counted correctly. Watch the ballots be put into another sealed box for recounting later if necessary, with signatures on the seals to ensure they aren't broken. Very simple for even not to bright people to verify. Anything based on computers is many times harder to verify and adds extra complications. Also, putting things in a centralized computer makes a large number of votes changable by a small number of people (or even a single person). With paper ballots, in small boxes, you have to get a lot of people to collude to contaminate a large number of the votes.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
9. Re:The big question by Anonymous Coward · 2013-07-12 08:55 · Score: 0
  
  The trick is, Estonian voting platform allows you to go back and change your vote. By showing the smartphone to your boss, you might be able to prove that you once voted for his favourite candidate, but not that you stuck with it.
10. Re:The big question by Kielistic · 2013-07-12 08:59 · Score: 1
  
  Democracy@Home - I actually find the idea quite interesting.
  Although now you have to find a way to ensure trust in the raw data...
11. Re:The big question by plover · 2013-07-12 09:20 · Score: 2
  
  I don't care how well you think you're watching. You are a human, and you are capable of overseeing simple activities, such as official pieces of paper being dropped in a box, or official stones being dropped in a jar. Your capabilities for "oversight" do not extend down to observing the correct bits are flowing through a CPU.
  The thing we've all forgotten in our rush to tune into the 24 hour news channel is that voting results do NOT have to be completed within 15 seconds of the polls closing. I don't care if Talking Hairpiece of the Nightly News wants to announce something, or if he really wants to announce something. The Constitutionally provided timeline for tallying election results specifies weeks, not minutes. The winner won't be seated in his office for two months following the election, so tallying the vote early or late doesn't change anything.
  My right to voting securely damn well better not be trumped by your desire to see a news story.
  
  --
  John
12. Re:The big question by Anonymous Coward · 2013-07-12 09:25 · Score: 0
  
  From the summary:
  
  In the next municipal elections later this year it is planned to test an experimental feature where the voter can check via a physically separate channel (smart phone) if his or her vote has been registered correctly.
  
  Guess that doesn't verify the server is running what is published, but I would think that level of transparency would make election fraud more difficult. Sure they could still insert new votes, but only so much of that can be done before it starts to become obvious that the vote counts don't match the # of people going to the polls.
  The downside of course is that if you can prove who you voted for, so can someone else.
13. Re:The big question by Anonymous Coward · 2013-07-12 09:31 · Score: 0
  
  But that means that your boss/mob can just ask you the next day to confirm that you have/haven't changed your vote in accordance with their wishes. It is no solution at all.
14. Re:The big question by Anonymous Coward · 2013-07-12 09:34 · Score: 0
  
  How about you create a hash of the software build, publish it online and let all others build from the tree and see if the result is the same ?
15. Re:The big question by Anonymous Coward · 2013-07-12 10:02 · Score: 1
  
  Ken Thompson compiler hack?
  So they would somehow make sure that every independent person who built the software did so using the hacked compiler?
16. Re:The big question by Anonymous Coward · 2013-07-12 10:02 · Score: 0
  
  And who wrote and provided and installed the auditing software? And which rootkit is providing you with the "correct" information to audit?
  We already have many auditors in place at each polling place: they're called election judges. They are capable watching that the right person gets the right piece of paper, and that they drop it in the right box. They are capable of ensuring the boxes are empty at the start of the election, and that nobody has tampered with them during the election. But they are incapable of doing anything but look at a "red light" / "green light" on a mysterious black box when it comes to a computerized system. Their ability to "audit" an electronic system is equal to your ability to personally audit every line of code in Windows 8, which is to say it's beyond human capabilities.
  Once you head down that path, it turns out paper ballots are always cheaper and always more secure. Defrauding a paper ballot election is very, very hard. Fraud is naturally limited to attempts at individual polling locations, and election fraud cannot be scaled up simply by breaking into a network. Even tampering with a handful of swing precincts in a couple of swing counties in a key state would cost millions of dollars, and would likely not stay secret for long.
17. Re:The big question by jnork · 2013-07-12 12:10 · Score: 1
  
  Or you could have end-to-end verification of your vote. Doesn't guarantee the software is the same, but at least you'd know that YOUR vote got there intact. And if not, presumably there'd be something you could do about it. Enough people complaining might get paid attention to.
  "...planned to test an experimental feature where the voter can check via a physically separate channel (smart phone) if his or her vote has been registered correctly." Yep, that's the kind of thing I had in mind. It'd have to be done properly, of course, but somebody is apparently thinking along the same lines.
  The fact that the government is asking for help with the software suggests to me that they're making an honest effort. But if you start from the premise that the government is automatically and irredeemably dishonest, and this is just being done as a distraction, then there's not much you can do short of overthrowing it.
  
  --
  Cleverly disguised as a responsible adult.
18. Re:The big question by manu0601 · 2013-07-12 14:40 · Score: 1
  
  The ONLY way to make e-voting productive is to have those machines ... produce a piece of paper on whitch the voter can check that the right name is printed on.
  You also need to check identity of voters and count them so that no vote can be injected. And that cannot be done remotely, voters need to attend physically for that, otherwise someone will manage to vote for the deads.
19. Re:The big question by MarcoAtWork · 2013-07-12 17:51 · Score: 1
  
  for ballot box votes it would be pretty easy to guarantee raw data trust via the usual observers, as long as the voting machines leave a paper trail (and they should). For remote e-voting you would set up end-to-end vote verification as the poster below was saying, it would just be part of the voting process, you go to vote on the day, and the next day you verify that your vote was counted. With vote verification and distributed verification of the results it seems it would be a very solid system.
  This said IMHO simple paper ballots with manual counting have been used for a long time and given enough impartial observers are next to impossible to break, it is mildly inconvenient to have physical poll stations and manual counting (no touch screen machines, no chads, simple paper ballots in a box), but if one can't be bothered to go to the poll to vote it doesn't seem like they have that much interest in the democratic process anyways...
  
  --
  -- the cake is a lie
20. Re:The big question by Anonymous Coward · 2013-07-13 00:11 · Score: 0
  
  Ken Thompson compiler hack?
  Don't forget that it was an Air Force manual that Ken first heard mention of such attack... Additionally, that it works for any compiler, even Verilog, i.e. compiling microcode for hardware. They are so complex that we must use computers to make and debug a computers. It is game over, and always has been.
21. Re:The big question by AK+Marc · 2013-07-13 08:19 · Score: 1
  
  Where I grew up, you could only volunteer if you were a verified fox (a member of a party with candidate in the election). How's that for oversight? If the US oversaw it's own elections to the degree they oversee others, all of the elections since 1996 would be declared invalid.
  
  --
  Learn to love Alaska
22. Re:The big question by AK+Marc · 2013-07-13 08:25 · Score: 1
  
  There's one *very* easy way nobody likes to talk about. Abolish secret voting. Open voting is more secure than any secret ballot used or conceived of to date. It worked for the first 100 years of the US, and failed only when there was a Civil War. A return to Open Voting would allow for vote buying (which is easily possible today under all absentee voting systems I've seen in the US, but still doesn't happen), but eliminates 100% of the most common frauds. Fix the system in 1 easy step. Then it doesn't matter if someone hacks the terminal or steals all the ballots. Fraud *can't* happen, unless you find a precinct with a slant against you, spoil all the official ballots, and kill all the people there to prevent verification. But if you get to the point where mass-murder is allowed to spoil an election, there are millions more ways to do that with secret ballots.
  
  Open verified voting is more secure in *every* way than what we have now, and what we are moving towards.
  
  --
  Learn to love Alaska
23. Re:The big question by AK+Marc · 2013-07-13 08:27 · Score: 1
  
  Paper or electronic, once they are in the urn, there are hundreds of ways to spoil them. Lose them, stuff them, in all sorts of ways. Paper is broken, that's why e-voting is getting traction. The only system not broken is voter-verified open voting.
  
  --
  Learn to love Alaska
24. Re:The big question by Pieroxy · 2013-07-14 08:47 · Score: 1
  
  The only system not broken is voter-verified open voting.
  What is that? Can you give us more than 4 words to get an idea?
  
  --
  Write boring code, not shiny code!
25. Re:The big question by AK+Marc · 2013-07-14 09:28 · Score: 1
  
  Vote buying in the US is easy. Your employer fills out 100 ballots (in an office of 100) and passes them out. You are required to sign them and hand them back. He'll seal them and send them for you. Your vote is cast in his desired manner or you are fired. He then calls a special day on vote Tuesday. Everyone works a 12 hour shift, in-house lunch provided, so nobody can sneak away to vote in person that day.
  
  That's all easily possible today. Yet it *never* happens. The *only* attack vector to open voting is illegal and people would be able to see it, verify it, and defeat it. The people who don't like open voting (what, don't want everyone to know you voted for Bush twice, then Obama twice?) claim vote buying will start when it's possible, when my proof against that is that it's easy now and doesn't happen.
  
  Just have a system where you get a numerical printout, and that's tied to your vote receipt, and a numerical printout of your voter ID (printed by separate machines that don't share information) and if there's a close count, or a recount, everyone comes back with their receipt, and votes can be counted with 100% accuracy (excepting people who die between the vote and the count), with no traceability between person and vote. The "veil" is lifted only in the case of a possibly spoiled election.
  
  Or a system where your vote is 100% public, visible to anyone who wants to look it up would also work. It'd be better than we have today. Why should some stranger be looking at chads trying to determine my intent, when they can just ask me? Everyone looks up their own vote after the election and verifies it was counted correctly.
  
  --
  Learn to love Alaska
26. Re:The big question by i+kan+reed · 2013-07-15 03:03 · Score: 1
  
  The threat of an open ballot election isn't that someone will murder you, it's that the police chief you voted against "happens" to suspect you of running a meth-lab, and runs a no-knock warrant on your home. Or the health inspector might just find a few specks of dust that don't belong. It's like pay-for-play kickbacks, but you can't ever prove the connection.
27. Re:The big question by AK+Marc · 2013-07-15 06:55 · Score: 1
  
  So it's like today. If you vote for someone, you hope he does something that benefits you. Only there will possibly be more direct link between voting and actions. And yes, there have been cases of politicians acting against those who didn't vote for them. Even with secret ballots there will be. There will just be more guesses about who it was who voted against. Again, it's a problem today that secret ballots doesn't stop. The theory is that the candidates would not act in such a revenge manner. After all, it would do nothing to improve their chances of reelection, so why bother? Bribing for votes would be a much more effective election influencing act, rather than vote punishing.
  
  --
  Learn to love Alaska
28. Re:The big question by Kavafy · 2013-07-21 23:13 · Score: 1
  
  Again, it's a problem today that secret ballots doesn't stop. The theory is that the candidates would not act in such a revenge manner. After all, it would do nothing to improve their chances of reelection, so why bother? Bribing for votes would be a much more effective election influencing act, rather than vote punishing.
  Isn't the point that, without a secret ballot, candidates can intimidate people into voting a particular way? IOW the key period is before the election, not after?
29. Re:The big question by AK+Marc · 2013-07-22 09:04 · Score: 1
  
  Isn't the point that, without a secret ballot, candidates can intimidate people into voting a particular way? IOW the key period is before the election, not after?
  They do that today. It's just less personal. If it became personal, John Smith gets a letter stating if he doesn't vote for Bob Barker his house will be demolished to make way for a road, don't you think John Smith publishing that letter would affect the campaign (and arrest) of Bob Barker?
  
  --
  Learn to love Alaska
Sounds Great But... by ArgonautThief · 2013-07-12 07:13 · Score: 0

I'm all for code being released publicly, unfortunately though my cynical (realistic) side, sees this as the officials in Estonia creating an opportunity for exploitable bugs to be "introduced" to the code...

--
The difference between stupidity and genius is that genius has its limits. - Albert Einstein
1. Re:Sounds Great But... by zero.kalvin · 2013-07-12 07:16 · Score: 1, Insightful
  
  In other news, sending a copy of yesterday's lecture to a friend magically changes the original copy, news at 11!
Naturally... by Anonymous Coward · 2013-07-12 07:14 · Score: 1

...Nothing can beat the audit trail of Elbonian clay tablets.
Allows vote selling by Anonymous Coward · 2013-07-12 07:15 · Score: 0

That's a bad thing.
But it's not like they vote on anything that matters anyways and probably better than being forced to vote one party like before.
1. Re:Allows vote selling by Anonymous Coward · 2013-07-12 07:21 · Score: 0
  
  No it doesn't, because you can change your vote at any time, as often as you want, right up until the election ends.
s/facilitates/is facilitated by/ by Anonymous Coward · 2013-07-12 07:16 · Score: 0

s/facilitates/is facilitated by/
Sheesh.
1. Re:s/facilitates/is facilitated by/ by Samantha+Wright · 2013-07-12 07:53 · Score: 2
  
  Classic translation error. As far as hilarious editorial travesties go, I think that one's fairly understandable. Given that Estonian is pretty unambiguous about how to put the sentence in passive voice (See on hõlbustanud... instead of See lihtsustab... according to Google Translate) I'd guess the original author didn't know the exact meaning of "facilitate" in English, which is odd because Estonian has several comparable verbs which all have the same direction.
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
debian by Anonymous Coward · 2013-07-12 07:21 · Score: 0

In the repo there is a debian folder. DEBIAN FTW! :P
Cannot work EVER by Anonymous Coward · 2013-07-12 07:27 · Score: 0

Especially not in Estonia, were there are so many skilled hackers. Electronic voting is the end of democracy, it will be manipulated and abused pervasively at some time.
1. Re:Cannot work EVER by Anonymous Coward · 2013-07-12 09:08 · Score: 0
  
  Why does it matter what country the hackers are in? Anyone could try to hack these servers from anywhere.
  Contrary to popular belief, it IS possible to build a hack-proof system, it just gets harder with increasing complexity.
2. Re:Cannot work EVER by Jorgensen · 2013-07-12 09:45 · Score: 1
  
  So... The hackers will win. And the problem is....?
3. Re:Cannot work EVER by AK+Marc · 2013-07-13 08:28 · Score: 1
  
  Secret voting was the end of democracy. It just took a while to get as bad as it is now.
  
  --
  Learn to love Alaska
Security: To Do? by Anonymous Coward · 2013-07-12 07:28 · Score: 0

https://github.com/vvk-ehk/evalimine/blob/master/ivote-server/hes/vote_analyzer.py?source=cc
e-stonian speaking here by Anonymous Coward · 2013-07-12 07:28 · Score: 5, Informative

National ID cards are NOT mandatory for citizens.
E-voting used five times? Uh, it has been an OPTION. People vote in person mostly. In press articles+commentaries, e-voting has drawn rampant suspicions of corruption. (There's a scandal with some party internal voting, which is quite unrelated, but......)
As an estonian, I have to say I bloody hate this stupid hype. I also believe the cheapest and most reliable method of voting continues to be in-person voting. (Your BRAIN, casting the vote, is attached to your FACE, which typically is fuzzy-recognized by the local officials. This system is very hard to improve upon.)
captcha: contrary
1. Re:e-stonian speaking here by linnumees · 2013-07-12 07:52 · Score: 1
  
  The only ones with the "rampant suspicions of corruption" are the opposition parties spreading FUD, especially by comparing that to electronic voting elsewhere: voting machines - which is a totally different thing.
  The scandal with some party's internal voting didn't even use the same infrastructure. FUD much?
2. Re:e-stonian speaking here by Anonymous Coward · 2013-07-12 08:01 · Score: 1
  
  In press articles+commentaries, e-voting has drawn rampant suspicions of corruption. (There's a scandal with some party internal voting, which is quite unrelated, but......
  Really? Rampant? There was one guy who pointed out a potential security vulnerability, which so far is unconfirmed - hypothetical, it relies on the assumption that a users computer could be compromised and the voting software UI manipulated, iirc. Party internal voting scandal is a completely different matter. They used a weak internal voting procedure which is unrelated of the state run e-voting system.
3. Re:e-stonian speaking here by Anonymous Coward · 2013-07-12 08:31 · Score: 3, Informative
  
  National ID cards are NOT mandatory for citizens.
  E-voting used five times? Uh, it has been an OPTION. People vote in person mostly. In press articles+commentaries, e-voting has drawn rampant suspicions of corruption. (There's a scandal with some party internal voting, which is quite unrelated, but......)
  As an estonian, I have to say I bloody hate this stupid hype. I also believe the cheapest and most reliable method of voting continues to be in-person voting. (Your BRAIN, casting the vote, is attached to your FACE, which typically is fuzzy-recognized by the local officials. This system is very hard to improve upon.)
  captcha: contrary
  You are a lousy estonian then. ID cards are mandatory, passports are not. Soovitan sul seadust lugeda seltsimees.
4. Re:e-stonian speaking here by kuldkollane · 2013-07-12 09:55 · Score: 1
  
  The ID card is mandatory for citizens. https://www.eesti.ee/eng/topics/kodakondsus/eesti_kodakondsus/isikut_toendavad_dokumendid (English version).
  
  --
  I was possibly drunk when writing that.
5. Re:e-stonian speaking here by Anonymous Coward · 2013-07-12 10:22 · Score: 0
  
  An identification document or ID-card
  Identification document = passport
  OR
  ID card
6. Re:e-stonian speaking here by Anonymous Coward · 2013-07-12 10:35 · Score: 1
  
  Estonian speaking and with law degree: national ID card is the one and only MANDATORY identification in Estonia. Passports are just travel documents and are not mandatory. ID cards, mandatory.
7. Re:e-stonian speaking here by kuldkollane · 2013-07-12 10:47 · Score: 1
  
  I'm sorry, unfortunately the English translation removes some of the nuances: "Isikutunnistus ehk ID-kaart on Eesti kodaniku ja Eestis püsivalt elava Euroopa Liidu kodaniku kohustuslik isikut tõendav dokument." Trying really hard to come up with a better translation here; would you accept "The identification document, also known as ID-card"? Probably not. I'm sorry, but this is mainly a translation issue. The card itself is still mandatory for Estonian citizens and EU citizens whose permanent country of residence is Estonia.
  
  --
  I was possibly drunk when writing that.
8. Re:e-stonian speaking here by pjt33 · 2013-07-12 18:53 · Score: 1
  
  The card itself is still mandatory for ... EU citizens whose permanent country of residence is Estonia.
  That will only last as long as the first challenge in the European courts. Spain used to make its ID card mandatory for all residents, but some expat EU citizen challenged it and Strasbourg ruled that EU citizens only need identity documents from their home country.
9. Re:e-stonian speaking here by Freultwah · 2013-07-12 20:17 · Score: 2
  
  It HAS been used five times, and nowhere in the summary does it say it has been mandatory and the only way. So, a nice strawman there, but try to rein in that hate a little better and use actual arguments. The e-voting system is an excellent option to improve participation, and if you do not like it, don't use it. There is no need to become a Bolshevik about it, as in "I don't like it for me, let's get rid of it for everybody".
  Besides, throwing all this Centre Party's FUD around is just not a good way to participate in a conversation. (A little background for those not familiar with the issue: The Estonian Centre Party whose voting demographic, ie. the elderly and the less educated, is largely less tech-savvy than that of the, say, liberals or the greens, keeps publicly accusing the system of being rigged against them because they do not get enough e-votes, tailing other political parties.)
10. Re:e-stonian speaking here by Anonymous Coward · 2013-07-12 22:37 · Score: 2, Informative
  
  This is correct. Parent is not.
  (Estonian here as well, but I don't think calling each other comrades is "the thing" after the collapse of Soviet Union.)
11. Re:e-stonian speaking here by Anonymous Coward · 2013-07-13 07:47 · Score: 0
  
  No, ID cards are not mandatory in Estonia IF you have a valid passport!
  Mine kooli tagasi, juristinärakas! (Eng. (Fuck off) and go back to school, lawyer scum!)
12. Re:e-stonian speaking here by Anonymous Coward · 2013-07-13 08:07 · Score: 0
  
  e-voting FUD is spread by asshole called Edgar Savisaar and his army of retarded followers. BTW, this asshole just got caught his pans down, taking a 200K € bribe.
  Guess what was his defense: "But...but , but it was just a loan I don't have to pay back!". WTF!? Bribe was paid by 2 known scumbags in Estonia.
  Edgar Savisaar and his Keskerakond (actually all the political parties ) is another pool of scum. They hate e-voting because they can not bend it their way.
13. Re:e-stonian speaking here by kuldkollane · 2013-07-16 09:18 · Score: 1
  
  I know I'm now late, but could you provide a source? I'd really like to learn more but I can't really find any official rulings. I'd appreciate it a lot!
  
  --
  I was possibly drunk when writing that.
14. Re:e-stonian speaking here by pjt33 · 2013-07-16 11:06 · Score: 1
  
  Fair question! I've not been able to track down a source which exactly matches my understanding; ruling C-157/03 appears to deal with some related aspects, and this analysis of Directive 2004/38/EC (not a brilliant source without provenance) in section 8.2 talks about the elimination of "residence cards" for foreign EU citizens. That's the best I've been able to find in about 45 minutes.
15. Re:e-stonian speaking here by kuldkollane · 2013-07-18 01:09 · Score: 1
  
  Thanks for the links! It looks like that section is not about permanent residence. Upon checking article 19:
  
  Upon application Member States shall issue Union citizens entitled to permanent residence, after having verified duration of residence, with a document certifying permanent residence.
  New: The fact of having acquired a permanent right of residence entails a series of important additional rights. For this reason Union citizens are entitled to apply for a document certifying permanent residence.
  It is possible that I misunderstood something, I'm terrible at legalese even though this document's fairly simple. In Estonia the ID-card is the document which among other functions certifies permanent residence. Also, it's rather annoying not to have one, as it is used for identifying oneself in electronic environments and for signing documents with a digital signature - and most of the documents are electronic in Estonia.
  If you have a valid Estonian driver's license and you are the registered owner of the vehicle you are driving, you can also prove this by simply showing your ID-card to the police, when prompted to. This only works within Estonia, though, I don't think the rest of the EU has access to these databases.
  
  --
  I was possibly drunk when writing that.
US aversion for ID cards by dargaud · 2013-07-12 07:42 · Score: 4, Insightful

I truly do not understand the US aversion for identity papers. (*) There needs to be a way for you to interact with the state / federal government, it's obvious. But how do you prove who you are when you do ? ID papers provide this certification easily. I've heard all kind of 'slippery slope' arguments like 'it's the first step towards a nazi state'. Well duh, every country in Europe has had ID papers since at least WWII and it hasn't changed anything. Instead of that the US relies on driver's license for the same purpose, or much worse, social security number which anybody can figure out and copy at will. Dumb.

(*) And at the same time I don't understand why most USamericans don't give a flying squirrel about the wholesale spying going on. They don't want a piece of paper to identify them once a year when a cop or a govnmt employee asks for it for a legitimate purpose, but they don't care to have their every word archived to some big brother 5 zetabytes database with sorry consequences years from now. Beats me.

--
Non-Linux Penguins ?
1. Re:US aversion for ID cards by Anonymous Coward · 2013-07-12 07:48 · Score: 0
  
  C.... Communism?
2. Re:US aversion for ID cards by Anonymous Coward · 2013-07-12 07:49 · Score: 0
  
  I truly do not understand the US aversion for identity papers.
  The aversion is not to the papers, it's to the process involved in getting them.
3. Re:US aversion for ID cards by CanHasDIY · 2013-07-12 08:25 · Score: 2
  
  I truly do not understand the US aversion for identity papers.
  Well, basically it boils down to legal requirements for government accessibility - not everyone can get to the ID shop (a 90-year-old quadriplegic living below the poverty line doesn't really have the means to get an ID, and thus, to access their right to vote), and a lot of people bitch about the "cost to taxpayers" when you explain that charging people for access to government via legally required ID would be unconstitutional.
  Of course, there's also the ever-present rationale (if it can be called that) exhibited by egomanical morons, that their opinions are the only ones that matter.
  
  And at the same time I don't understand why most USamericans don't give a flying squirrel about the wholesale spying going on. They don't want a piece of paper to identify them once a year when a cop or a govnmt employee asks for it for a legitimate purpose, but they don't care to have their every word archived to some big brother 5 zetabytes database with sorry consequences years from now. Beats me.
  I blame it on a combination of the steadily declining quality of public education, mass media's extremely successful brainwashing programs, and the Democrat/Republican duopoly that ensures the aforementioned fucktards are the only ones whose voices get heard.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
4. Re:US aversion for ID cards by Anonymous Coward · 2013-07-12 08:30 · Score: 0
  
  I truly do not understand the US aversion for identity papers. (*) There needs to be a way for you to interact with the state / federal government, it's obvious. But how do you prove who you are when you do ?
  In my daily life I interact with many people and organizations without ever requesting to see their ID cards or having the same asked of me. In what sorts of situations would there be such a need?
5. Re:US aversion for ID cards by Anonymous Coward · 2013-07-12 08:54 · Score: 1
  
  There is a difference between having ID papers so you can use them at appropriate times and requiring every citizen to carry ID papers all the time. In the Netherlands, it used to be the former, it is now the latter, and I fucking hate it (and do not comply).
6. Re:US aversion for ID cards by Anonymous Coward · 2013-07-12 09:03 · Score: 0
  
  "I truly do not understand the US aversion for identity papers."
  It's because of evangelical demagoguing. It's not really prevalent today, but there used to be a pretty heavy push to conflate national IDs with the "Mark of the Beast". I don't see much about that these days, but the general sentiment against national IDs (and even state ones) remains.
7. Re:US aversion for ID cards by plover · 2013-07-12 09:46 · Score: 1
  
  It's not just the religious fundamentalists. Students of history understand that tracking of things is a useful step in controlling those things.
  There's a very common pattern used by tyrannical governments. They demonize and marginalize the "undesirables", whether they be religious cultists, intellectuals, liberals, or conservatives (when you hear the word "terrorist" used without a weapon of mass destruction actually being detonated, you're seeing this step in action.) They isolate undesirables by restricting their travels: note that you don't have to pin a red star on their lapel if you place their names on a secret list. They build up lists of associations between people, so that if one undesirable does something violent, they instantly roll up his entire network. And if they know who the registered gun owners are, they go to their houses and disarm them before taking away any more of their rights. (This is tied closely into the American gun culture.)
  I won't deny that bringing these topics up sounds like paranoia today, because today's definition of paranoia seems to now exclude the "irrational belief" clause. People who claim such things are marginalized as "conspiracy theorists". What is being deliberately forgotten is that both the Second World War and the Cold War involved these exact same activities. Today's children and young adults may not remember or understand the Nazis or the Red Menace, but their grandparents do, and the parallels to the US government's current activities are unmistakable. I don't think it qualifies as irrational when the threat has a basis in history and in documented, observable behavior today.
  
  --
  John
8. Re:US aversion for ID cards by Anonymous Coward · 2013-07-12 09:52 · Score: 1
  
  There's no need for ID cards. In the UK, which, depending on which side you're on, is either in or just next to Europe, the system is the same like in the US. You identify using your name when you vote, and using a two utility bills (or a utility bill and a tax bill - from either HMRC or your local Council) when you open a bank account.
  If they were to introduce e-voting in the UK, they'd do it in a very similar way to postal voting. You ask for a postal vote form plus envelope, which you fill in and send to the electoral authority, or an e-vote authorization card which you use to log into the voting website. As long as you're on the electoral roll, it's all good. There are articles on the Internet that use probability statistics to show why this is fine the way it is, and why government issued ID isn't needed - and thus is a waste of money.
  If you don't leave the country (which requires a passport), you can get born in the UK, live your whole life there, vote normally, conduct your life normally, and die, and have only your birth certificate from the government, and nothing else, to prove that you exist. And your tax records. But if you conduct all your business under a name different from your birth name (common law principle that you can call yourself whatever you like, without notifying anybody, as long as it's not for fraud etc. purposes) and not even your tax records will link you to your birth certificate.
  The government has so much data on you, without inconveniencing you to visit its offices on a regular basis, that any other papers are a waste of money.
9. Re:US aversion for ID cards by AK+Marc · 2013-07-13 08:39 · Score: 1
  
  The US sees them as the first step in control. Identify everyone, make them reveal home addresses, and require the papers be shown on demand, and you have a registration system. The next step is to come for the Communists. And under McCarthy, they really did, if they had a suitable national registry, there would have been mass arrests and internments. But there wasn't, so it was much harder for the government to get anything done. That's the point. We don't trust our government so we want to make it hard on them to do anything, then later complain about the cost because we made it so hard on them.
  
  --
  Learn to love Alaska
E-voting = No anonymity by Anonymous Coward · 2013-07-12 07:44 · Score: 0

There is something profoundly wrong about e-voting concept and it has nothing to do with technology. Namely, there is always a chance that violent family members or "friends" watch your vote process behind your back and force you to vote for their option. At a physical polling station, the government makes sure to asure your anonymity at the very action of vote (OK, not in Soviet Russia or Florida, but otherwise it's cool). There's no comparable level of anonymity when taking e-vote or taking a postmail vote.
1. Re:E-voting = No anonymity by Anonymous Coward · 2013-07-12 08:06 · Score: 0
  
  Namely, there is always a chance that violent family members or "friends" watch your vote process behind your back and force you to vote for their option. At a physical polling station, the government makes sure to asure your anonymity at the very action of vote (OK, not in Soviet Russia or Florida, but otherwise it's cool). There's no comparable level of anonymity when taking e-vote or taking a postmail vote.
  Yes, there have been some reported cases of it happening. As a counter measure, people can change their electronic vote until the official election day (e-voting usually opens days earlier).
2. Re:E-voting = No anonymity by AK+Marc · 2013-07-13 08:41 · Score: 1
  
  What's wrong with no anonymity? For the first 100 years of the US, there was open voting only. It wasn't until a Civil War that there were problems that forced closed voting. When Reconstruction was over, we should have gone back to open voting. But we didn't. Open is better in every way.
  
  --
  Learn to love Alaska
How do you know it's been successful? by Anonymous Coward · 2013-07-12 07:49 · Score: 0

How do you know it's been successful ? Can you verify the system? Can you without forgetting anonymity?
And how do you know the provided source code is the one running on the systems? You don't. Do someone check it? How?
Don't worry, the black box is fine, don't ask.
Not to be modified, just for bug fixes by healyp · 2013-07-12 07:57 · Score: 1

Under a NoDeriv license so it cannot be built upon. http://creativecommons.org/licenses/by-nc-nd/3.0/
1. Re:Not to be modified, just for bug fixes by Anonymous Coward · 2013-07-12 08:43 · Score: 0
  
  Under a NoDeriv license so it cannot be built upon. http://creativecommons.org/licenses/by-nc-nd/3.0/
  
  You're right. Thats a bad choice of license in my opinion, but at least its out there to look at. Completely undocumented though. Readme is empty!
  Look at this source file (chosen at random): master/ivote-server/common/election.py. Number of comments other than license: 0.
  Looks like its all in python, served as a CGI through apache. Not what I would use, but nothing particularly wrong with that.
  Readme is empty, so I can't even figure out what algorithm they are using.
  My open source election software is BSD licensed, and has a readme that says what it does, and some comments in the code. Its also more self documenting (type safe language!). Sure, mine is no where near usable, but at least its licensed such that it can be used. I just started it recently, and its just a hobby project of mine, so don't expect too much. I'm not looking for help or review of my system yet, but I'll get there eventually!
  My approach is based on RSA blind signing and should be secure (either correct or provably fraudulent while protecting voter anonymity) in the face of a hostile authority running all the servers, assuming you can agree on a list of registered voters and collect public keys from them (and yes, I know thats very non trivial).
  Anyway, given their license and lack of documentation, I'll just keep working on mine. I don't even know where I'd start a review of their system. Can anyone actually figure out what their system does from a algorithm /cryptography standpoint?
2. Re:Not to be modified, just for bug fixes by Anonymous Coward · 2013-07-12 10:04 · Score: 0
  
  What a crazy license. In other words, this is nothing but a cheap PR stunt. How lame.
Five successes eh ? by Anonymous Coward · 2013-07-12 08:31 · Score: 0

E-voting has been successfully used five times in Estonia since 2007
So, for those of us not into Estonian politics, roughly how big a percentage of the votes were successfully miscounted to get the correct result ?
Not a fitting comment ? Then answer me this, how can "successfully" mean anything in the above sentence when you don't know for sure that it was not being abused ? One of the absolute biggest problems with E-voting machines is exactly this, cheating big time without being caught becomes much easier because you no longer have a system of oversight by a lot of people when it is just numbers in a machine. It is a lot harder to set up a conspiracy of many people involved in overseeing an election to do the same changes. And no, a paper trail does not fix this problem. It runs deeper than that. Neither does making it open source, as you don't know for sure that the open source version is the one running on the machines, and the attack surface is bigger than just the source code of the voting program. It involves stuff like running another version of the code on the machines, using malware to override the program, physical hacking of the hardware and so on.
This is a shocking security breach by Anonymous Coward · 2013-07-12 08:51 · Score: 0

... and I hope the people responsible for putting the voting code online are put in prison for a good long time. How are private concerns supposed to manipulate the vote when the source code is right out there where anyone can check it?!?
birthday by Anonymous Coward · 2013-07-12 09:22 · Score: 0

I just looked through the code, there's a way to attack the birthday to indicate the voter has a valid birthday when they do not. I'm not going to reveal it here. However, I'm sure there are other vectors of attack as well.
The Robinson Method of Voting solves all of this by Anonymous Coward · 2013-07-12 09:38 · Score: 0

http://www.paul-robinson.us/index.php/2008/10/25/the_robinson_method_a_really_simple_way_?blog=5
Why is nobody advocating this simple, fraud-proof method, instead of the ridiculously easy to fiddle electronic voting scam?
Keep up the good work, Estonia by Anonymous Coward · 2013-07-12 10:08 · Score: 0

Releasing the code in GitHub is something that none of the US based voting machine companies would ever do. You can bicker about the choice of license, but that is just nitpicking.
Venezuelan is open as well... by Anonymous Coward · 2013-07-12 11:21 · Score: 0

Last time I checked it looked like:
OnEventVoting(InputValue) { NicolasMaduro=1; VotesFor[NicolasMaduro]++; if (rnd > 0.5) VotesFor[InputValue]++; }
Amazing advance in voting process by Anonymous Coward · 2013-07-12 19:18 · Score: 0

I have always wondered why the only option to vote is to enter my vote into a (black) box and just rely that some valid results arrive later. There has been no way to check has my vote been registered to the correct person or registered at all. If Estonians are planning to fix this too with the new experimental feature, this is an amazing advance in voting process in general as it gives every voter an ability to make sure results are not tampered at least on her/his part.
1. Re:Amazing advance in voting process by Anonymous Coward · 2013-07-13 09:44 · Score: 0
  
  IIRC at least the original plan had the possibility to verify your vote.
  And the verification had also some cryptographic provisions against
  "verification fraud", that is making sure you can not claim that your vote was miscounted when in fact it was not.
latvian speaking here ! by Anonymous Coward · 2013-07-13 21:49 · Score: 0

Latvia is Estonia neighbor. We had some severe cases in a number of elections where some "individuals" where caught paying for a "right" vote in counties... just a step from election place. Some poor persons was willing to to give up their vote for peace of meat for barbecue at our countryside... That was covered on national TV and newspapers as well.
That is really interesting approach for Estonians - how to solve "Traveling salesman problem".... - it would be much easier for such people to buy and sell votes just by "renting" ID-card for a minute from poor persons that are willing to to give up their vote for peace of meat for barbecue...
The sole purpose of really democratic voting is to allow to monitor the voting process ! How e-voting guaranties it ? NO WAY !
Our (Latvian) government "takes it into account", and promises to develop e-voting as soon as possible.....
What wikipedia says about Election Monitoring ?
"Election monitoring is the observation of an election by one or more independent parties, typically from another country or a non-governmental organization (NGO), primarily to assess the conduct of an election process on the basis of national legislation and international standards. There are national and international election observers. Monitors do not directly prevent electoral fraud, but rather record and report such instances."
Our (Latvian) government "takes it into account", and promises to develop e-voting as soon as possible.....
Latvian speaking here by Anonymous Coward · 2013-07-13 22:01 · Score: 0

Latvia is Estonia neighbor.
We had some severe cases in a number of elections where some "individuals" where caught paying for a "right" vote in counties... just a step from election place. Some poor persons was willing to to give up their vote for peace of meat for barbecue at our countryside... That was covered on national TV and newspapers as well.
That is really interesting approach for Estonians - how to solve "Traveling salesman problem".... - it would be much easier for such people to buy and sell votes just by "renting" ID-card for a minute from poor persons that are willing to to give up their vote for peace of meat for barbecue...
The sole purpose of really democratic voting is to allow to monitor the voting process ! How e-voting guaranties it ? NO WAY !
Our (Latvian) government "takes it into account", and promises to develop e-voting as soon as possible.....
What wikipedia says about Election Monitoring ?
"Election monitoring is the observation of an election by one or more independent parties, typically from another country or a non-governmental organization (NGO), primarily to assess the conduct of an election process on the basis of national legislation and international standards. There are national and international election observers. Monitors do not directly prevent electoral fraud, but rather record and report such instances."
Our (Latvian) government "takes it into account", and promises to develop e-voting as soon as possible.....