Forgot your password?
typodupeerror

Dutch Securing E-voting After Being Pwned 269

Posted by kdawson
from the wouldn't-it-be-nice dept.
An anonymous reader writes, "After the Dutch we-don't-trust-voting-computers foundation demonstrated glaring security holes in Dutch voting computers last week, the Dutch government has ordered (Dutch) all software to be replaced, all hardware to be checked, unflashable firmware to be installed, and an iron seal to be placed on voting machines. A certification institute will double-check all measures, and on election day will cull random machines to check them for accuracy. The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue. Furthermore, foreign observers will monitor the upcoming elections on November 22nd. But the action group is still not confident (Dutch) that all problems are solved." US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.
This discussion has been archived. No new comments can be posted.

Dutch Securing E-voting After Being Pwned

Comments Filter:
  • TEMPEST? (Score:5, Informative)

    by CRCulver (715279) <crculver@christopherculver.com> on Saturday October 14, 2006 @12:38PM (#16437445) Homepage

    The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue.

    I assume they are referring to TEMPEST [wikipedia.org] attacks. It was a Dutchman, Vim van Eck who first brought TEMPEST attacks to public attention while in the U.S. even the security standard was classified. I imagine many Slashdot readers will recognize his name from the "Van Eck phreaking" described in Neal Stephenson's Cryptonomicon [amazon.com] .

    • Re: (Score:3, Informative)

      by AlXtreme (223728)
      You're correct. By measuring the emissions from the LCD-screen they have shown how one could figure out what someone was voting for. Although relatively low-tech (they detected that the LCD screen would refresh slower when non-ASCII characters were used), they measured this from a distance of 20 meters.

      I'm sure that, with some work, they could read the display using 'Van Eck', as in Cryptonomicon. So long for being able to keep your vote hidden.
  • "pwned"? (Score:2, Funny)

    by IHSW (960644)
    What is "pwned"?
    • Re:"pwned"? (Score:5, Insightful)

      by leonmergen (807379) * <(moc.liamg) (ta) (negreml)> on Saturday October 14, 2006 @12:41PM (#16437479) Homepage

      What is "pwned"?

      .. something that shouldn't belong in a slashdot headline..

      • Always kdawson (Score:5, Insightful)

        by a16 (783096) on Saturday October 14, 2006 @01:12PM (#16437743)
        "Pwned" has been showing up constantly recently, and it's always kdawson.

        What Slashdot need to remember is that their headlines show up in a variety of professional places (by rss) - Google news for one, and having words such as "pwned" looks beyond amateurish.

        How about the next story being "Slashdot editors pwned with a dictionary, improvements expected all round"?
        • Re: (Score:3, Interesting)

          by andrewdotcoza (981693)
          I realise that everyone isn't on the same page about this, but I read Slashdot precisely because its geeky and slightly off-beat. "Pwned" looks good in this headline and thats why I clicked on the story.

          If "professional places" choose to source headlines from Slashdot, they should surely accept how people communicate here. I see no reason why Slashdot needs to fit in with CNN's headline standards.

          Be yourself, no matter what the cost.
          • Re: (Score:3, Insightful)

            by Jugalator (259273)
            I'm geeky and off-beat and hate the word that originally seem to have come from 14 year olds playing Counterstrike far too much.
      • by thelost (808451)
        and yet this is the second time recently it has made it's way on. Is slashdot taking submissions from digg now?
      • sorry, I lost all of my mod points or you'd definately get them. It makes me terribly flustered when I see make-believe words on NEWS sites.
    • Re: (Score:3, Informative)

      by rvw (755107)

      From the Urban Dictionary... [urbandictionary.com]

      A corruption of the word "Owned." This originated in an online game called Warcraft, where a map designer misspelled "owned." When the computer beat a player, it was supposed to say, so-and-so "has been owned."

      Instead, it said, so-and-so "has been pwned."

      It basically means "to own" or to be dominated by an opponent or situation, especially by some god-like or computer-like force.

  • behind not controlling American elections at the National Level?

    In Canada we still use pencils and paper... call us inefficient and backward, but at least we never had an illigitimate government, b1atches!!
    • by supabeast! (84658)
      "...behind not controlling American elections at the National Level?"

      The US is a Federalist nation, built around the idea that the national government should have control over only what is absolutely necessary, and that the state should handle the rest. So the states each have the right to electoral votes in choosing the President, and representatives in Congress, but how the states choose their representatives and decide electoral votes before passing them on to Congress is up to the states.
      • Re: (Score:3, Insightful)

        by Trailwalker (648636)
        The Federal Government controls the actions of states by attaching conditions to funding. Highway speed limits and the .08 alcohol limit are examples. Easily done in other areas.
    • by From A Far Away Land (930780) on Saturday October 14, 2006 @12:51PM (#16437565) Homepage Journal
      Paper is neither inefficient, or backward. It's the only way to conduct an open and accurate election on a nation wide scale, without introducing unacceptable doubt into the legitimacy of the winner(s). Florida's paper chad system was a failure because machines more complicated than pencils, and obscuring of the working of the ballot was placed between the voter and the ballot. The result was a flawed result, and a delayed result, many times longer than the longest recent Canadian federal general elections.
      • Re: (Score:3, Interesting)

        by penix1 (722987)
        Paper ballots are subject to all the same security flaws that they have always been subject to. This means physical security for the most part. Ballot boxes can be "stuffed" and elections thrown into chaos quite quickly. In a bay in California they found several ballot boxes with uncounted votes still in them. In my state of WV they are still prosecuting people for vote buying and ballot box stuffing. Even when you use electronic voting with a paper receipt, they will still be vulnerable to all those securi
        • by tomhudson (43916) <barbara.hudson@NOSpAM.barbara-hudson.com> on Saturday October 14, 2006 @01:47PM (#16437981) Journal

          We have various methods to keep both sides honest here in Quebec.

          1. Your name has to be on the permanent voting list - all citizens over 18 are on it, except people who have committed an electoral crime in the past 5 years. The local voters list is distributed to your area well in advance of the elections, so there's no chance to get a bunch of fake voters on it, and it gives people who slipped through the cracks a chance to update their info (for example, if they moved).
          2. You have to first present ID to get your ballot. Your name is then removed from the list. The people (there are 2 for each box or "polling station") are appointed by the two parties who got the most ballots in the previous election - so they're watching each other, and making sure that nobody tries to pull a fast one.
          3. Before they give you your ballot, they sign the tear-off stub or counterfoil. When you present your ballot to be put in the box, they remove the stub after verifying their signature, and you put your ballot in the box. No chance to conceal a half-dozen ballots in your hand.
          4. The ballot boxes are opened and counted on iste. No chance for something to happen in transit. Then, after the count is made and everyone signs off on it, the ballots are put back in the box and the box re-sealed. Recounts are automatic for all results where there is less than 100 votes separating the winner from second place, and any candidate can ask for a judicial recount.
          5. We've disallowed all donations of money, goods or services except from individuals, and those are capped at $3k per annum. All donations totaling over $200/year/person have to be reported, identifying the donor - and these lists are made public.

          We tried electronic voting machines for one election, and quickly abandoned them - it was actually quicker, as well as being more transparent, to process ballots by hand, and there were no problems with power, questionable software, etc.

          Still, there are those who want to go back to using pine cones and beaver chips instead of a paper ballot.

          • Re: (Score:2, Informative)

            You forgot to mention that the ballot boxes are opened and shown to be empty to everyone present at the start of the polling day before the boxes are sealed and voting begins.
        • by mickwd (196449) on Saturday October 14, 2006 @02:53PM (#16438485)
          "In a bay in California they found several ballot boxes....."

          Because they used paper, there was something to find.

          "In my state of WV they are still prosecuting people for vote buying and ballot box stuffing."

          Because they used paper, and there was something which could be found.
        • Canada has methods to overcome each of those problems. You can't inspect electrons, but scrutineers from each party that registers one, can keep an eye on officials, and since there's a paper record an audit can be done of the ballots, which are numbered for added security.
        • by anshil (302405)
          Until they invent the bullet proof way to get votes directly to the voting precinct reliably and securely, problems will be in every election with or without electronic voting.

          This is absolutely wrong. And thats the thinking the US is doing wrong. Who tells you the voting precinct is doing stuff correctly.

          Count the votes on the local poll office. Have all parties be present at the local poll office so they can check each other and watch their fingers respectively. Sent the counted summ over to the voting pr
    • We have no elections that are nationwide, for one thing. The biggest scope of any election is statewide.
      • by Merovign (557032)
        Forget it, dude, they aren't listening. They've got a SlashMeme, and they aren't going to let facts get in the way!

        But seriously, elections are always going to have a certain amount of abuse, whether it's tampering (Chicago), legal challenges (Florida & Washington), stuffing (Venezuela) or death threats and imprisonment (Iran).

        I don't know the Canadian history of voting well enough, but I'd bet there have been tampering and scandals there, too.

        I worry less about mechanisms than processes, in this case,
      • Re: (Score:3, Informative)

        by CastrTroy (595695)
        Well technically in Canada there are no "National" elections either. Not even at the provincial level. Each person votes for someone in their riding. Whoever gets the most votes in the riding gets a seat in parliament. There are 308 seats for the entire country. Whichever party gets the most seats is "in power" although if they don't have the majority of the seats, they don't really have the power, as other parties can team up against them to over power them when voting on different issues. Who ever i
  • fixed here (Score:5, Funny)

    by frovingslosh (582462) on Saturday October 14, 2006 @12:40PM (#16437469)
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Oh, don't worry, I have it on good authority that the elections will be fixed here.

  • by thrill12 (711899) on Saturday October 14, 2006 @12:41PM (#16437473) Journal
    ...of the group is that they are simply replacing eproms with proms, while the group demonstrated that the chips could be replaced, not just 'reprogrammed'.
    This is probably still something some politicians 'fail' to see over here: we can buy these chips in any electronics store, so why reprogram them - apart from the fact that reprogramming would take much more time than simply replacing.

    It (the prom instead of eprom) is probably a failing idea of the company Nedap [nedap.nl], which makes these monsters. Heck, they need to change their own software too, from time to time.
    • simply replacing eproms with proms, while the group demonstrated that the chips could be replaced, not just 'reprogrammed'.

      Is that not why they also are using the tamper-evident seals?
  • Paper trail? (Score:4, Insightful)

    by Constantine Evans (969815) on Saturday October 14, 2006 @12:42PM (#16437481) Homepage
    They do all of these things, and yet still do not create a paper trail of each vote?

    It appears that the machines only create a paper copy of the results at the end of the day...
    • by pe1chl (90186)
      Having a paper trail of each vote would be very dangerous to voting security, as the team behind the table knows exactly in what sequence the voters have passed along the machine. So a sequential printout of all votes on the paper roll printer would be a very bad thing to have.
    • Re: (Score:3, Insightful)

      by RAMMS+EIN (578166)
      ``It appears that the machines only create a paper copy of the results at the end of the day...''

      Yes. I never understood the use of that. Nice that you can verify that the count the machine reported electronically matches what it printed on paper, but that doesn't say _anything_ at all about whether it's been tampered with, right?

      I always thought that the simple solution would be that the machine print out what you just voted, and you check that this is what you intended and dump the printout in a ballot bo
  • understandable (Score:3, Interesting)

    by agent dero (680753) on Saturday October 14, 2006 @12:42PM (#16437483) Homepage
    I get it, see, e-voting is worth all the trouble and hassles because it...does...what better than paper voting?

    Maybe somebody can enlighten me, besides the ease of rigging an election what exactly do 'we' gain from e-voting?
    • Re: (Score:3, Funny)

      by ichigo 2.0 (900288)
      But it's electronic, so it must be better!
    • Countability. If it weren't controlled by companies with a vested interest in rigging e-voting would be much superior to paper voting because a mistake in counting would be much less likely. When people ask for a paper trail they really mean an audit trail which could be done fully electronically too.
    • by supabeast! (84658)
      Maybe somebody can enlighten me, besides the ease of rigging an election what exactly do 'we' gain from e-voting?


      Rapid results for election commentary on cable news. And a lot of money into the coffers of Diebold.
      • by mjbkinx (800231)

        Rapid results for election commentary on cable news.

        But that takes all the fun out of it. I actually like exit polls, projections and so on. I get all excited when they say they have a new extrapolation based on the latest results. I enjoy watching a tight race for hours. I hate watching sports, but just have a thing for bar graphs and politics.

        • by pe1chl (90186)
          And don't forget the endless reports of some party going from 10% to 15% of the votes, with the presenter making the claim that this is an increase by 5%.
          Again and again and again. As if the programmer of the election graphics system would not be able to display some change percentage with each bar so that the presenter (who can subtract, but not divide, by head) can report it...
      • Well it definitely isn't for the rapid results. It still will take all friggin night to show the results that ultimately few people care about. So it must be the money to Diebold.
    • by hcdejong (561314)
      E-voting does two things better than paper voting:
      - no counting errors (yes, assuming the software works correctly)
      - results are in much faster than with hand counting. We basically know who won 5 minutes after the poll closes.

      IOW, we use e-voting because it's convenient.
      • Re: (Score:2, Interesting)

        by anshil (302405)
        We use pen&paper voting, we know who won 4 hours after the poll closes.

        Whooo 4 hours every 4-6 years... how can you wait so much..?

        The votes are counted by seperatly by the different parties monitoring the poll. Different results -> count again.
        So counting errors are *very* unlikely also.
    • by Reverend528 (585549) on Saturday October 14, 2006 @02:28PM (#16438283) Homepage
      I get it, see, e-voting is worth all the trouble and hassles because it...does...what better than paper voting?

      I guess you were part of the 3% of the population that voted against electronic voting and not part of the 203% that support it.*

      *numbers calculated by diebold voting machines.

  • by Anonymous Coward on Saturday October 14, 2006 @12:46PM (#16437509)
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Arguments for local control of voting regulations.
    (posting as AC to save my devil's advocate ass)
    1 - The United States Of America was designed as a confederation of (mostly) independent states. Only the powers explicitly given to the federal government are not the jurisdiction of the states.
    2 - The innovative power of the open market. The belief that by allowing a competition of ideas in how best to run elections (as long as they meet minimal standards) the best choice will be eventually reached.
    3 - Local boards of elections consist of an equal number of members of both parties. The belief is that Democrats won't allow Republicans to steal the election, and vise versa.
    • Good post. Just to clarify some things:

      Arguments for local control of voting regulations. [...]

      1 - The United States Of America was designed as a confederation of (mostly) independent states. Only the powers explicitly given to the federal government are not the jurisdiction of the states.

      Actually a federation rather than a confederation. The difference is slight but important. Nonetheless, the 10th ammendment is very specific about the limits of powers of the federal government vs state government

    • The innovative power of the open market.

      Voting a market? Whoo how. Slow down.
      Voting isn't a market! There are several market conditions that are not met.

      Where is the price?
      Where is the costumers free choice? (In fact it's all a set of "monopolies".)
      Where is the comparisen mechanism? Who determines what is better and whats worse?
      Where is the economic equilibrium?

      Nooo. Voting is no market. Nooo...
    • The innovative power of the open market. The belief that by allowing a competition of ideas in how best to run elections (as long as they meet minimal standards) the best choice will be eventually reached.

      So, um.. it's been over two hundred years. How come our election methods still suck?
  • I thought we all agreed [slashdot.org] that "pwn" should not be in the topic. Why the hell does it keep popping up? "Up next... the prescription medication you bought may in fact be pwned by that super-duper company who is roffling poopsickles to pimp the quick buck, ha ha." /. is better than that.
  • by masklinn (823351) <slashdot,org&masklinn,net> on Saturday October 14, 2006 @12:49PM (#16437533)

    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Why the hell wouldn't it be? Sure it would cost more and probably be harder to setup than in holland since there is more territory and a much higher population count, but not workable? We're talking democracy at stake here, I don't see much that you could want to "fix" more than the risk of losing your voice, of making your votes irrelevant and inexistant, or being cheated out of choosing your leaders and the way your country will behave in the future.

    Of course, some people may be more interested in there being a high risk of electronic electoral fraud, if they're committing or benefiting from the fraud in the first place...

    • by schwit1 (797399)
      The problem with a national 'fix' is that politics has infected everything done at the national level. Legalized influence peddling would ensure that a trusted election process could never occur.
    • by RexRhino (769423)
      What makes you think nationalizing the voting process would make it harder to cheat in an election? If anything, the patchwork of differing voting systems makes it harder to create some silver bullet exploit that would swing an election.

      If monoculture is bad for computer security, why would monoculture be good for voting security?
    • The point being that any nationwide change would require convincing thousands of county clerks to all do the same thing. Ever tried to get unanimous consent from several thousand people? Some of whom can barely afford the operation they're running now?
      • Re: (Score:3, Informative)

        by Stradivarius (7490)
        If it was federal law that voting machines had to meet certain federally-defined minimum standards (hardware/software must be independently audited, machine must produce a paper trail, etc), then it's no longer a matter of persuasion so much as "do-this-or-face-the-punishment". Just like any other federal statute.

        IANAL, but I'm guessing that at least for federal elections, this is within the federal government's power to do. Even if it were a power reserved to the states, Congress could easily tie complianc
  • by hcdejong (561314) <hobbes&xmsnet,nl> on Saturday October 14, 2006 @12:53PM (#16437583)
    If true, this is a major step. The voting process hasn't been very transparent, with Nedap trying to keep the software and voting procedures a secret. Wijvertrouwenstemcomputersniet forced the issue using the Dutch 'freedom of information' act to get access to documents.
    Let's hope this committee will have access to the source code, and will be able to monitor and verify that the new PROMs actually contain the code the committee has been reviewing.

    I, for one, welcome our election-monitoring overlords. Where do I sign up to be one of them?
    • by RAMMS+EIN (578166)
      ``Let's hope this committee will have access to the source code''

      They'd better well have access to the source code! Nedap can claim all they want that this is their intellectual property, but this is the whole country that's at stake here. If the whole scandal about their voting machines being "secure as long as you don't make the slightest effort to tamper with them" isn't enough to dump them and get a responsible vendor, than certainly a refusal to let their machines be audited will be?

      Besides, what deep
    • Where do I sign up? (Score:3, Informative)

      by rvw (755107)
      I, for one, welcome our election-monitoring overlords. Where do I sign up to be one of them?

      If you visit their site, you'll find information about what you can actually do. You are allowed to stay in the voting room, as long as you don't disturb the process of voting. More information can be found on their action page [wijvertrou...ersniet.nl] .

      • by hcdejong (561314)
        Thanks for pointing that out. I get their newsletter, but hadn't noticed this yet.
        Apparently, there are still several voting districts that use paper ballots. And it's possible to get a pass to vote in a different district.
    • ...TNO stands for "Netherlands Organisation for Applied Scientific Research [wikipedia.org]", but one of the major concerns - also pointed forward by the wedontrustvotingcomputers organization - is that TNO refuses to publically state its findings on the NEDAP voting computers [wijvertrou...ersniet.nl].

      I know 'independent' is not quite the same as 'open', but for a thing like the public voting process, doesn't it make sense to make these findings public ?

      Apparently, they found some errors in the past - as they have tested the voting machines f
    • by bfree (113420)
      I believe that a lot (most) of the useful information they received came from the documentation of the Irish Commission which was set up to evaluate the aspects of the system purchased in Ireland (which is virtually identical to the Dutch machines, just a few extra leds).
  • It would work (Score:5, Insightful)

    by Spazmania (174582) on Saturday October 14, 2006 @12:56PM (#16437625) Homepage
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Sure it would. Powers reserved for the states have been nationalized over and over again by the simple application of cash: The federal government offers funding for a particular project but you have to follow the federal rules to get it. The federal rules are rarely too onorous and the money you don't have to collect in local taxes is too much to turn down when the neighboring states all take it.
  • Please, "pwned" in a story title, again? Has Slashdot been taken over by 12 year old Counter-Strike players?
  • Local Level? (Score:4, Informative)

    by Corbets (169101) on Saturday October 14, 2006 @01:03PM (#16437681) Homepage
    "US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here."

    Um, as an American currently living in Switzerland, I have to ask... do you know how big the Netherlands are (is? that's a tricky one)? Smaller than Chicago, if I remember correctly... so being applied at the national level there is essentially the same as the local level in the US.
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      The Netherlands (while still a small country) are about 70 times as large as Chicago.

      Netherlands: 41,526 SQ KM
      Chicago: 600 SQ KM

      I know, I know... everything American has to be bigger by definition...
      • by Peyna (14792)
        Even all of Chicagoland is only 28,000 km2.
      • by spisska (796395)
        It's more a matter of population than area (though by no means a good comparison).

        The Netherlands is over 16 million while the Chicago metro area (Chicagoland), is a hair under 10 million.

        But that's beside the point of the OP, which is that it is neither practical nor constitutional for the US government to run elections.
    • by owlnation (858981)

      Um, as an American currently living in Switzerland, I have to ask... do you know how big the Netherlands are (is? that's a tricky one)?

      Greater Chicago Metropolitan Population = 9,443,356
      Netherlands Population = 16,336,346

      In fact the Netherlands is the second most densly populated country in the World after Bangladesh. So, enjoy your time in Switzerland, you may wish to get out and about and learn some things while you are here - or at least take a quick look in an atlas before you post any

  • Anyone could get us Canadaians [canadobserv.org] to observe the election. And we would be happy to do so.
  • ...the voting machines pwn you!
  • Nedap Commentary (Score:3, Interesting)

    by RAMMS+EIN (578166) on Saturday October 14, 2006 @01:35PM (#16437901) Homepage Journal
    I remember when this was on the news (I live in the Netherlands), there was a spokesperson for Nedap who said something like:

    ``Our machines are fine. I don't understand why the website is called "We don't trust voting machines", rather than "We don't trust people".''

    I think that about sums up their approach to security. We don't need any security measures; people should just behave themselves. Yeah, right.
  • "US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here."

    US-local and NL-nation wide are more or less the same ;)
  • by AgNO3 (878843)
    Today on l337d07.o®g WHAT THE F. Really Pwned does not belong on a legit profession web page about serious topics. This is not a gaming chat room.
  • I basically scoff at the idea of a secure election in general.
  • by davidsyes (765062) on Saturday October 14, 2006 @08:48PM (#16440593) Homepage Journal
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Hmmm, the Dutch aren't exactly Botswana or some place in South America where votes might be escorted by military convoys. Yet, the Dutch will have FOREIGN observers?

    Wow. Considering all the diebold bullshit going on, one would think and ask where are the INTERNATIONAL observers when US voting (local, county, state, federal) elections occur.

    I think the UN should declare an occupation to several major US cities. Make things interesting a bit....

That does not compute.

Working...