Bug In DOS-Based Voting Machines Disrupts Belgian Election

← Back to Stories (view on slashdot.org)

Bug In DOS-Based Voting Machines Disrupts Belgian Election

Posted by samzenpus on Monday May 26, 2014 @07:15AM from the slowing-things-down dept.

jfruh (300774) writes "In 20 cantons in Belgium's Flanders region, voting machines are x86 PCs from the DOS era, with two serial ports, a parallel port, a paltry 1 megabyte of RAM and a 3.5-inch disk drive used to load the voting software from a bootable DOS disk. A software bug in those machines is slowing the release of the results from yesterday's election, in which voters chose members of the regional, national, and European parliaments. The remaining voting machines, which are Linux-based, are unaffected, as were voters in the French-speaking Wallonia region of the country, most of whom use paper ballots."

29 of 193 comments (clear)

Min score:

Reason:

Sort:

They almost made it, too by Anonymous Coward · 2014-05-26 07:19 · Score: 5, Funny

They were just about to upgrade to Windows XP for the next election.
It's a software bug, hardware unrelated by mechtech256 · 2014-05-26 07:25 · Score: 4, Insightful

A graphing calculator would probable have adequate power to handle taking votes. If the DOS machines are meeting the specifications required for Flanders elections, there's not much of a reason to upgrade them.
I guess I'm just not seeing the story here. Linux wouldn't stop a software bug either. I guess the only hassle here is that they might have to dig out the parallel cables to patch the machines.
1. Re:It's a software bug, hardware unrelated by Hsien-Ko · 2014-05-26 07:30 · Score: 4, Funny
  
  I guess their next 'logical' step is to upgrade to Windows XP
  
  and then use the same software in the DOSBox emulator
  
  and then complain on the DOSBox forum that it doesn't work, among the sea of other overentitled 'IT pros' that demand a gaming emulator to fit critical application usage
  *facepalm*
2. Re:It's a software bug, hardware unrelated by TheGratefulNet · 2014-05-26 09:25 · Score: 3, Funny
  
  If the DOS machines are meeting the specifications required for Flanders elections, there's not much of a reason to upgrade them.
  do I have to say it?
  alright then:
  "stupid flanders!"
  
  --
  
  --
  "It is now safe to switch off your computer."
3. Re:It's a software bug, hardware unrelated by sillybilly · 2014-05-26 15:26 · Score: 3, Interesting
  
  Your sig says "It is now safe to switch off your computer."
  
  With DOS, in the old days, you could just cut the power to the computer without any warning, and it would be fine, so shutdown time was 0 seconds, also boot time was super fast, like 1-10 seconds, unless you had a long autoexec.bat and config sys. And that was on 486 CPU's, pre-Pentium's.
  
  DOS came with no bullshit, you can't really blame DOS for the programming error in the voting software, DOS is a reliable, secure(has no network layer unless you add one, and you can add non-tcp-ip stuff), real time, direct hardware access, and it is reliable and secure because it's so small, it fits on a floppy with plenty of room to spare unlike these 5 GB bloatloads of crap with daily patches they are releasing at microshaft these days. I don't remember a single service pack for DOS. Well, there were incremental versions, like 6.0, 6.2, 6.21, 6.22. By the way windows 95 comes with DOS 7,0, a very good version, and you can find most of the missing stuff in the oldmsdos folder on the win95 cdrom. Plus you get a neat version of windows for free,with a very small registry, and relatively low bs, but it doesn't run much modern stuff either, but it runs VB6 classic, and Office 97 just fine. They have yet to make an office version better than Office 97sp2 (service packs mostly fix vba crashes, but you can almost live with those crashes/hangs), Office 2000 is on par without needing bugfix service packs, while office 2002 is already too bloated(plus may require the activation bullshit), shit started going downhill by then, really accelerating by 2003, and pretty much turning into annoying piece of crap by office 2007, plus activation. Activation means you can't run it 50 years from now if Microsoft is out of business by then, or they simply refuse to activate it, and instead tell you to upgrade, which may happen even these days, to all versions starting with office xp=office 2002. Same goes for the OS, if you're packing up reserves for the future, and archiving stuff in case you have to go back to it, go for win95 full version that includes dos 7, and windows 2000, the very last windows without activation, also office 97 with sp1+sp2, and VB6 sp5 (don't use sp6, it introduces bugs on purpose, to usher along for upgrading.) Also Firebase database might come in handy, or ADO with SQL Server 7 or 2000, but SQL Server is expensive, and on a network it requires NT/2k server with client access licenses and such, so it's better to run off a common file on a network drive, or off of PostgreSQL 6-8 on Linux 2.4/2.6. The DOA database with office 97 access kinda sucks, but the access 2000 one is ADO, and the two are not compatible, ADO being much simpler than DOA, but it started to get bloated a bit, not enough to not make it better than DOA. Also from what I read delphi 5 and 7 are golden, but there is Lazarus now, I don't know how that would work on win95. Absolutely nobody is selling delphi 5 or 7, or it's like 300 bux. Delphi was a secret of coding houses cutting development time by like 5x compared to all the alternatives. I never programmed in it, but I've seen a lot of quality software by very smart people written in it, so it must be something really good if they chose it. VB6/VBA still kicks ass for basic stuff, but it's not very fast, and for heavy duty large projects, in development speed and code execution speed and codesize kept in balance, nothing beats delphi 5 or 7. The later dotnet versions of delphi are absolute pure raw crap, from what I read, just like anything touched by dotnet.
Paltry by wiredlogic · 2014-05-26 07:26 · Score: 5, Insightful

The problem wasn't on the voting machines with the "paltry" amount of memory:

After the elections are over the results are loaded on a 3.5-inch floppy disk and shipped to the canton headquarters where the disks are fed into another computer that adds up the votes before sending the results to the ministry. It was there that the problem occurred, the spokesman said, adding that the votes that ended up on the disks were correct.

There is nothing wrong with a simple dedicated system that is based on proven hardware. Most of the computers in use today have even less than 1MiB at their disposal. It is a fallacy of thought that you have to have an extensive operating system with virtual memory and other elaborate support systems to accomplish a simple task.

--
I am becoming gerund, destroyer of verbs.
1. Re:Paltry by NoNonAlphaCharsHere · 2014-05-26 07:55 · Score: 2
  
  This is the kind of project you could do in a weekend on a Raspberry Pi. Off-the-shelf , disposable hardware; demonstrably provable software.
2. Re:Paltry by fgouget · 2014-05-26 09:24 · Score: 3, Insightful
  
  Do I have to provide links to all the election workers that find paper ballots in their trunk right after they know just how many votes they need? Cite LBJ?
  Sure, one can make a paper based voting system that can be hacked. The easiest way is to require that all ballots be moved around to a central location before they are counted. That provides plenty enough of opportunities for fraud during transport. To maximize fraud-opportunities, cost and slowness you can even claim you cannot start counting the ballots until the next day so all the ballot boxes have time to arrive and so you don't have to pay the people you hired extra for night work.
  Or you can pick volunteers among the voters to count the ballots as soon as the election closes, right in the polling station. With tables of four volunteers working together and checking each other's work (in addition to the usual party representatives), you get the results within 2 hours and have a really fraud-proof system. It also scales nicely with both the number of polling stations and the population, and needs only 1% to volunteer.
3. Re:Paltry by fgouget · 2014-05-26 09:34 · Score: 3, Insightful
  
  This is the kind of project you could do in a weekend on a Raspberry Pi. Off-the-shelf , disposable hardware; demonstrably provable software.
  A voter will never be allowed to verify that the software actually running on the voting computer is your 'demonstrably provable software' software. If he were allowed to do so, not only would it cause a huge backup in the line, but it would also require completely compromising the security of the system. Then that voter would also have to check that the hardware is really an unmodified Raspberry Pi board rather than one that was 'upgraded' by the NSA (or someone else).
  Open-source (or provable software) and open-hardware change strictly nothing to the electronic voting opacity.
4. Re:Paltry by bruce_the_loon · 2014-05-26 09:55 · Score: 4, Informative
  
  South Africa just did it that way and it works well. First you count the total ballots, still folded, then you count the votes and that way nobody can add other ballots in during the vote tally to make up numbers. No cellphones etc allowed in the hands of the counters, elections officials or party observers during the count.
  Got one addition to the process that we don't do. No results should be released from a polling station until every single station has finished counting and certified within the station. Forget this running TV tally and all that crap, if the numbers in each station remain secret until all stations are ready to report, then you can reduce the risk of "finding" additional votes in the trunk of a car.
  
  --
  Trying to become famous by taking photos. Visit my homepage please.
5. Re:Paltry by gmhowell · 2014-05-26 10:13 · Score: 2
  
  Don't you have some more roommates and sorority sisters to kill?
  
  --
  Jesus was all right but his disciples were thick and ordinary. -John Lennon
6. Re:Paltry by Renaud · 2014-05-26 13:04 · Score: 2
  
  Or you can pick volunteers among the voters to count the ballots as soon as the election closes, right in the polling station. With tables of four volunteers working together and checking each other's work (in addition to the usual party representatives), you get the results within 2 hours and have a really fraud-proof system. It also scales nicely with both the number of polling stations and the population, and needs only 1% to volunteer.
  This is how France does it and always has. One of the few places where I won't complain about archaism : it just works, and the 2000 US presidential election fiasco for entire days seemed utterly insane to us.
overly complicated by WhiteZook · 2014-05-26 07:29 · Score: 2

A simple microcontroller could have done the job, so why introduce unnecessary complications and attack vectors by using DOS or Linux ?
1. Re:overly complicated by TechyImmigrant · 2014-05-26 07:58 · Score: 2
  
  Because writing the 3.5" floppy driver would suck.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Obligatory by ArcadeMan · 2014-05-26 07:29 · Score: 4, Funny

Stupid Flanders.

--
Get free satoshi (Bitcoin) and Dogecoins
Paper trail by ArcadeMan · 2014-05-26 07:30 · Score: 5, Insightful

In Canada, we use paper voting and we usually know the results of national elections within 24 hours.
Why mess with electronic voting?

--
Get free satoshi (Bitcoin) and Dogecoins
1. Re:Paper trail by sribe · 2014-05-26 07:33 · Score: 3, Insightful
  
  Why mess with electronic voting?
  SHINY! OOH OOH SHINY! That's why ;-)
2. Re:Paper trail by cpghost · 2014-05-26 08:00 · Score: 4, Insightful
  
  24 hours is quite a long time actually. In Germany, we use paper voting too, and the (final) results are usually available within 2-3 hours, 4 hours at most.
  
  --
  cpghost at Cordula's Web.
3. Re:Paper trail by Zeromous · 2014-05-26 08:07 · Score: 2
  
  Does Germany have 5 timezones?
  
  --
  ---Up Up Down Down Left Right Left Right B A START
4. Re:Paper trail by Rumagent · 2014-05-26 08:15 · Score: 3, Insightful
  
  No good reason. Except perhaps that a perfectly implemented system (if such a thing is possible, so far none has been devised) would be faster.
  Apart from that, the paper version is:
  Cheap,
  Reliable,
  Repeatable
  Extremely hard to rig on a large scale,
  Well tested
  Durable,
  And most important of all: Easy to understand and audit by a layperson.
  Many slashdot readers are well versed in CS and we do not trust these systems. How then can we expect the public to have any faith in these systems?
  If the many CS guys out there really want to help, they should think out algorithms for sorting that are efficient, precise and can be done by humans - preferably with some error correction built in. It will not make anyone rich, but it may just keep a bit of faith in elections
5. Re:Paper trail by ArcadeMan · 2014-05-26 08:22 · Score: 2
  
  How about inserting voting results into the bitcoin blockchain? Some transactions come with comments built-in (ex: "CoinAd.com Payment").
  If you can trust the data going into it (vote counts as bitcoin blockchain public comments), I don't know anything else that would be harder to rig right now.
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
6. Re:Paper trail by Anonymous Coward · 2014-05-26 08:50 · Score: 2, Informative
  
  Continental UE has 3 timezones and results of the European elections were known the same evening. Actually, in some EU countries voting ends at 19 pm and first official (partial) results are ready to go on TV at 20pm. For European elections Italy votes until 10pm or something like that, first official results (for the whole EU) were delayed until after Italy finished voting. Citizens from overseas territories under EU jurisdiction voted few days before to avoid delays due to their timezone.
Poodle Slaughterhouse! by TechyImmigrant · 2014-05-26 07:33 · Score: 2

>The fault appeared in the system despite the fact that the application was especially developed for these elections, was "tested thousands of times" and was certified by PriceWaterhouseCoopers, he said.
There's your problem

--
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
electronic voting is easier to rig. by Joe_Dragon · 2014-05-26 07:38 · Score: 2

electronic voting is easier to rig.
With paper you have to stuff the ballot box
1. Re:electronic voting is easier to rig. by OFnow · 2014-05-26 11:49 · Score: 2
  
  Any voting system can be subverted. The cool thing with electronic voting is that the subversion will of course make recounting meaningless.
Incorrect story by Anonymous Coward · 2014-05-26 07:45 · Score: 4, Informative

While it is true that most of Wallonia votes with paper, all the places using e-vote in Wallonia and in Brussel are "affected" by the bug as well.
"affected" with marks, as the actual problem happened with the software in charge of centralizing all the votes coming from these places. So the e-vote process had no actual problem, it's the counting afterwards that crashed.
source: I live in Belgium, it's been all over the news here. I'll also add that I heard exactly zero reports about the same problem occuring in Flanders, but I might have overlooked some reports.
disclaimer: I strongly oppose e-vote.
a number af factual errors in the original article by joris.w · 2014-05-26 08:38 · Score: 5, Informative

for a more accurate account of the facts, you could read http://datanews.knack.be/ict/n... (in dutch)
the vote counting problem in Flanders was related to manual procedures in the Ghent area
the DOS based e-voting system is used in Brussels, not Flanders
as stated already in other comments: the DOS based systems did not fail, it was the central vote collecting system that failed
lesson learned: If you want accurate reports, go to the source and don't rely on second hand reports
Dos, Memory? by Tablizer · 2014-05-26 08:39 · Score: 3, Funny

a paltry 1 megabyte of RAM...
640 votes ought to be enough for anyone. -B. Gates

--
Table-ized A.I.
Computers are not the solution for elections by Opportunist · 2014-05-26 08:45 · Score: 2

Especially when you do not have a problem. If anything, computers are a liability for elections. For many reasons.
First, the obvious one that was showcased in this issue: KISS is the principle to follow with elections. The more complicated it gets, the more places something can go wrong. Moreover, the more places someone can try to manipulate without anyone having a chance to detect it. I'll get to that in a bit. But the bug in the software shows quite well what's wrong with this idea: It's complicated. Paper and pencil is a technology ANYONE can use and understand. It's time tested and foolproof. There is exactly NOTHING that could go wrong with making a cross somewhere on a sheet of paper and tossing that into a box. It's a simple, mechanical way of voting that simply can not fail, from a "technical" point of view. Yes, it's more complicated to count, but that's all that makes it less attractive.
And yes, a paper ballot can be manipulated. But it is WAY harder to detect manipulations with computer voting systems. With a paper ballot, provided your system allows it (which it should), anyone who wants to check whether there has been some foul play can do so. Any party that thinks there might be some sort of election fraud can send observers to any of the polling stations and ensure that people can (actually must!) vote in secrecy and that the ballot is not only sealed and tamper free until counting but also that any kind of transport happens in a secure way. Simply accompany that ballot box. You don't need any kind of specially trained personnel to do that. What the observer needs is fairly good vision (may be corrected) and a more or less functioning brain.
To test a voting machine against tampering or election fraud, at the very least you need a pretty good security auditor. And then you also need to trust that guy. I guess I'm not the only one who could see some populist party crying foul play should people start to realize that they're selling snakeoil and pretend that those voting machines are rigged. And then try to disprove that in such a way that the population, who knows jack about computers, believes you.
In a nutshell, voting machines are dangerous to the faith people have in democracy and elections.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.