Dutch Securing E-voting After Being Pwned 269
An anonymous reader writes, "After the Dutch we-don't-trust-voting-computers foundation demonstrated glaring security holes in Dutch voting computers last week, the Dutch government has ordered (Dutch) all software to be replaced, all hardware to be checked, unflashable firmware to be installed, and an iron seal to be placed on voting machines. A certification institute will double-check all measures, and on election day will cull random machines to check them for accuracy. The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue. Furthermore, foreign observers will monitor the upcoming elections on November 22nd. But the action group is still not confident (Dutch) that all problems are solved." US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.
Comment removed (Score:5, Informative)
Re: (Score:3, Informative)
I'm sure that, with some work, they could read the display using 'Van Eck', as in Cryptonomicon. So long for being able to keep your vote hidden.
Re:TEMPEST? A fun experiment (Score:4, Informative)
"pwned"? (Score:2, Funny)
Re:"pwned"? (Score:5, Insightful)
What is "pwned"?
.. something that shouldn't belong in a slashdot headline..
Always kdawson (Score:5, Insightful)
What Slashdot need to remember is that their headlines show up in a variety of professional places (by rss) - Google news for one, and having words such as "pwned" looks beyond amateurish.
How about the next story being "Slashdot editors pwned with a dictionary, improvements expected all round"?
Re: (Score:3, Interesting)
If "professional places" choose to source headlines from Slashdot, they should surely accept how people communicate here. I see no reason why Slashdot needs to fit in with CNN's headline standards.
Be yourself, no matter what the cost.
Re: (Score:3, Insightful)
Re:Always kdawson (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Informative)
From the Urban Dictionary... [urbandictionary.com]
A corruption of the word "Owned." This originated in an online game called Warcraft, where a map designer misspelled "owned." When the computer beat a player, it was supposed to say, so-and-so "has been owned."
Instead, it said, so-and-so "has been pwned."
It basically means "to own" or to be dominated by an opponent or situation, especially by some god-like or computer-like force.
What is the theory... (Score:2)
In Canada we still use pencils and paper... call us inefficient and backward, but at least we never had an illigitimate government, b1atches!!
Re: (Score:2)
The US is a Federalist nation, built around the idea that the national government should have control over only what is absolutely necessary, and that the state should handle the rest. So the states each have the right to electoral votes in choosing the President, and representatives in Congress, but how the states choose their representatives and decide electoral votes before passing them on to Congress is up to the states.
Re: (Score:3, Insightful)
Re:What is the theory... (Score:4, Insightful)
Re: (Score:3, Interesting)
Re:What is the theory... (Score:5, Informative)
We have various methods to keep both sides honest here in Quebec.
We tried electronic voting machines for one election, and quickly abandoned them - it was actually quicker, as well as being more transparent, to process ballots by hand, and there were no problems with power, questionable software, etc.
Still, there are those who want to go back to using pine cones and beaver chips instead of a paper ballot.
Re: (Score:2, Informative)
Re: (Score:2)
Over here (Austria) you go to your local poll office, give your ID, they check you from the list and you get your ballot.
We never had any issues with fraud.
ALTERNATIVELY you can go until a week before the election to your local office, and request a "Vote-Card", they check you off the list, so you cannot go to the local poll office without that Vote-Card
Re: (Score:2)
Really? Sorry
a) I can't believe this is true.
b) even if it would, I can't believe you could call this a democracy.
Re: (Score:3, Interesting)
On the otherhand. We (most EU countries) have a proportional-election-system an thus usually e.g. 4 parties in the parlament, 2 together forming the government, which 2 varies due to the election results. Its just that 4 parties set the election rules, and 4 parties govern each oth
Re: (Score:3, Informative)
1.) The vote against vs vote for mentality. I don't want X to be elected to Y so I will vote for Z instead of A who might be best but can't win. I did this in the primararies.
2.) The third parties have positions well outside the political mainstream. Libertarians are borderline anarchists, the Green party is way too hippy, and the Constitutional party makes the Chris
Re:What is the theory... (Score:5, Insightful)
Because they used paper, there was something to find.
"In my state of WV they are still prosecuting people for vote buying and ballot box stuffing."
Because they used paper, and there was something which could be found.
Re: (Score:2)
Re: (Score:2)
This is absolutely wrong. And thats the thinking the US is doing wrong. Who tells you the voting precinct is doing stuff correctly.
Count the votes on the local poll office. Have all parties be present at the local poll office so they can check each other and watch their fingers respectively. Sent the counted summ over to the voting pr
No national elections (Score:2)
Re: (Score:2)
But seriously, elections are always going to have a certain amount of abuse, whether it's tampering (Chicago), legal challenges (Florida & Washington), stuffing (Venezuela) or death threats and imprisonment (Iran).
I don't know the Canadian history of voting well enough, but I'd bet there have been tampering and scandals there, too.
I worry less about mechanisms than processes, in this case,
Re: (Score:3, Informative)
Re: (Score:2)
Opinion polls for the current President would suggest otherwise. Legitimacy is more complicated than saying someone wasn't elected democratically. It's part perception.
Also you can't afford NOT to use pencil and paper. It's the proven method of keeping an election fair and auditable, and legitimate in the eyes of the voters. If the vote takes about ten times to complete compared to an election in Canada, it would still be counted and settle
fixed here (Score:5, Funny)
Oh, don't worry, I have it on good authority that the elections will be fixed here.
Re:much more efficient (Score:2)
One of the major concerns... (Score:3, Interesting)
This is probably still something some politicians 'fail' to see over here: we can buy these chips in any electronics store, so why reprogram them - apart from the fact that reprogramming would take much more time than simply replacing.
It (the prom instead of eprom) is probably a failing idea of the company Nedap [nedap.nl], which makes these monsters. Heck, they need to change their own software too, from time to time.
Re: (Score:2)
Is that not why they also are using the tamper-evident seals?
Re:One of the major concerns... (Score:4, Insightful)
What Microsoft does in an xbox360 is not relevant to what a small engineering company would have done over 20 years ago.
You could call it the disadvantage of an early rollout of modern technology.
On the other hand, you can also claim that the current hardware can be understood by a causal onlooker with electronics and software background.
It contains only off-the-shelf parts and the protest group was able to disassemble and analyze it (as well as port a chess program to the hardware) in a months time.
Try that with an Xbox.
Re: (Score:2)
That is of course correct.
However, back in the 80s I was involved with some pirate radio station. In order to make our transmitters tamper and weather proof and reduce acustic resonance, we'd usually cover them in epoxy, which was a well known idea already back then.
Re: (Score:2)
Re: (Score:2)
The code signing is only really needed if you want to allow for replacable firmware. If you write your code to a rom and cover the board with epoxy, it already becomes very hard to tamper with. Flash rom wasn't as available as it is now, in fact, it was invented in the late 80s, so not at all available when those machines were designed,.
Re: (Score:3, Informative)
Re: (Score:2)
You don't necessarily need to be able to do things in a short time. These machines are often left unattended for extended periods of time.
``Shouldn't be to hard to implement.''
The problem is not that it would be hard to improve the security of these machines, it's that absolutely no thought whatsoever had been given to it. That applies to Nedap (the manufacturer), but also to the government - if they had demanded securi
Re: (Score:2)
This would be much like holding the government responsible for the absence of antilock braking, a feature that is required in today's new cars, in all of the current car fleet
Re: (Score:2)
Perhaps, but that's no excuse for not evaluating and upgrading the security in the meantime.
Re: (Score:2)
Those machines were quite expensive and have to be amortized over a large number of elections, and thus: years.
It is not something that is being evaluated and upgraded all the time, like a PC.
Had they used a PC instead of this machine, and upgraded it to the latest state-of-the-art, it would maybe be replaced by a "trusted computing platform" system this or next year.
However, in practice that would most likely have been a less accountable and less secure system than w
Paper trail? (Score:4, Insightful)
It appears that the machines only create a paper copy of the results at the end of the day...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Even my cheap laser printer can do that! If I don't mount the exit tray correctly, it all falls behind (in a box) with no checkable order!
Re: (Score:2)
Re: (Score:2)
After all, better make next month an election with pen&paper (which has worked well for 200-300 years) then a bad election with corrupted/risky e-voting. The value of democraticy is much higher then an abortive project/experiment.
Re: (Score:3, Insightful)
Yes. I never understood the use of that. Nice that you can verify that the count the machine reported electronically matches what it printed on paper, but that doesn't say _anything_ at all about whether it's been tampered with, right?
I always thought that the simple solution would be that the machine print out what you just voted, and you check that this is what you intended and dump the printout in a ballot bo
understandable (Score:3, Interesting)
Maybe somebody can enlighten me, besides the ease of rigging an election what exactly do 'we' gain from e-voting?
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
Rapid results for election commentary on cable news. And a lot of money into the coffers of Diebold.
Re: (Score:2)
Rapid results for election commentary on cable news.
But that takes all the fun out of it. I actually like exit polls, projections and so on. I get all excited when they say they have a new extrapolation based on the latest results. I enjoy watching a tight race for hours. I hate watching sports, but just have a thing for bar graphs and politics.
Re: (Score:2)
Again and again and again. As if the programmer of the election graphics system would not be able to display some change percentage with each bar so that the presenter (who can subtract, but not divide, by head) can report it...
Re: (Score:2)
Re: (Score:2)
- no counting errors (yes, assuming the software works correctly)
- results are in much faster than with hand counting. We basically know who won 5 minutes after the poll closes.
IOW, we use e-voting because it's convenient.
Re: (Score:2, Interesting)
Whooo 4 hours every 4-6 years... how can you wait so much..?
The votes are counted by seperatly by the different parties monitoring the poll. Different results -> count again.
So counting errors are *very* unlikely also.
Re:understandable (Score:4, Funny)
I guess you were part of the 3% of the population that voted against electronic voting and not part of the 203% that support it.*
*numbers calculated by diebold voting machines.
Re: (Score:2)
I live in the UK, and we still use paper, and I like being able to spoil my ballot (indeed, i did it at the last general election); it's my form of protest at our main political parties and the fact we have no real choice. It's more proactive than simply abstaining. Not being able to spoil ballots is a bad thing, no a good one.
Re: (Score:2)
Re: (Score:2)
Why is this different instead of not voting at all?
Look, what you vote is absolutely secret, but it's not secret data IF you voted at all.
Arguments for local control of voting regulations. (Score:3, Interesting)
Arguments for local control of voting regulations.
(posting as AC to save my devil's advocate ass)
1 - The United States Of America was designed as a confederation of (mostly) independent states. Only the powers explicitly given to the federal government are not the jurisdiction of the states.
2 - The innovative power of the open market. The belief that by allowing a competition of ideas in how best to run elections (as long as they meet minimal standards) the best choice will be eventually reached.
3 - Local boards of elections consist of an equal number of members of both parties. The belief is that Democrats won't allow Republicans to steal the election, and vise versa.
Re:Arguments for local control of voting regulatio (Score:3, Insightful)
Good post. Just to clarify some things:
Arguments for local control of voting regulations. [...]
1 - The United States Of America was designed as a confederation of (mostly) independent states. Only the powers explicitly given to the federal government are not the jurisdiction of the states.
Actually a federation rather than a confederation. The difference is slight but important. Nonetheless, the 10th ammendment is very specific about the limits of powers of the federal government vs state government
Re:Arguments for local control of voting regulatio (Score:2)
Voting a market? Whoo how. Slow down.
Voting isn't a market! There are several market conditions that are not met.
Where is the price?
Where is the costumers free choice? (In fact it's all a set of "monopolies".)
Where is the comparisen mechanism? Who determines what is better and whats worse?
Where is the economic equilibrium?
Nooo. Voting is no market. Nooo...
Re:The state is the customer. The method is the pr (Score:2)
* voting security does not have a setable price, uncheck (the cheapest voting system isn't the best...)
* you are mixing up: the market of voting systems against the market of voting machines. There is no Economic equilibrium on voting sytems, uncheck
Winning votes for your party... has a price! What a horror having a market here.
Ethical driven system cannot and should not work with market logic. Not with a supreme overlooker driven by another logic than economy.
(Ta
Still waiting for the market to work... (Score:3, Informative)
So, um.. it's been over two hundred years. How come our election methods still suck?
I thought.. (Score:2)
impossible wtf or impossible, wtf? (Score:4, Insightful)
Why the hell wouldn't it be? Sure it would cost more and probably be harder to setup than in holland since there is more territory and a much higher population count, but not workable? We're talking democracy at stake here, I don't see much that you could want to "fix" more than the risk of losing your voice, of making your votes irrelevant and inexistant, or being cheated out of choosing your leaders and the way your country will behave in the future.
Of course, some people may be more interested in there being a high risk of electronic electoral fraud, if they're committing or benefiting from the fraud in the first place...
Re: (Score:2)
Re: (Score:2)
If monoculture is bad for computer security, why would monoculture be good for voting security?
Re: (Score:2)
Re: (Score:3, Informative)
IANAL, but I'm guessing that at least for federal elections, this is within the federal government's power to do. Even if it were a power reserved to the states, Congress could easily tie complianc
'Independent committee'? (Score:3, Insightful)
Let's hope this committee will have access to the source code, and will be able to monitor and verify that the new PROMs actually contain the code the committee has been reviewing.
I, for one, welcome our election-monitoring overlords. Where do I sign up to be one of them?
Re: (Score:2)
They'd better well have access to the source code! Nedap can claim all they want that this is their intellectual property, but this is the whole country that's at stake here. If the whole scandal about their voting machines being "secure as long as you don't make the slightest effort to tamper with them" isn't enough to dump them and get a responsible vendor, than certainly a refusal to let their machines be audited will be?
Besides, what deep
Where do I sign up? (Score:3, Informative)
If you visit their site, you'll find information about what you can actually do. You are allowed to stay in the voting room, as long as you don't disturb the process of voting. More information can be found on their action page [wijvertrou...ersniet.nl] .
Re: (Score:2)
Apparently, there are still several voting districts that use paper ballots. And it's possible to get a pass to vote in a different district.
Independent committee == "TNO" (Score:2)
I know 'independent' is not quite the same as 'open', but for a thing like the public voting process, doesn't it make sense to make these findings public ?
Apparently, they found some errors in the past - as they have tested the voting machines f
Re: (Score:2)
It would work (Score:5, Insightful)
Sure it would. Powers reserved for the states have been nationalized over and over again by the simple application of cash: The federal government offers funding for a particular project but you have to follow the federal rules to get it. The federal rules are rarely too onorous and the money you don't have to collect in local taxes is too much to turn down when the neighboring states all take it.
"Pwned" (Score:2)
Local Level? (Score:4, Informative)
Um, as an American currently living in Switzerland, I have to ask... do you know how big the Netherlands are (is? that's a tricky one)? Smaller than Chicago, if I remember correctly... so being applied at the national level there is essentially the same as the local level in the US.
Re: (Score:2, Interesting)
Netherlands: 41,526 SQ KM
Chicago: 600 SQ KM
I know, I know... everything American has to be bigger by definition...
Re: (Score:2)
Re: (Score:2)
The Netherlands is over 16 million while the Chicago metro area (Chicagoland), is a hair under 10 million.
But that's beside the point of the OP, which is that it is neither practical nor constitutional for the US government to run elections.
Re: (Score:2)
Greater Chicago Metropolitan Population = 9,443,356
Netherlands Population = 16,336,346
In fact the Netherlands is the second most densly populated country in the World after Bangladesh. So, enjoy your time in Switzerland, you may wish to get out and about and learn some things while you are here - or at least take a quick look in an atlas before you post any
Observers (Score:2)
Re: (Score:2)
I suck.
In Soviet Russia... (Score:2)
Nedap Commentary (Score:3, Interesting)
``Our machines are fine. I don't understand why the website is called "We don't trust voting machines", rather than "We don't trust people".''
I think that about sums up their approach to security. We don't need any security measures; people should just behave themselves. Yeah, right.
compare (Score:2)
US-local and NL-nation wide are more or less the same
PWNED (Score:2)
Being from Chicago... (Score:2, Funny)
Nationwide vs International... (Score:4, Interesting)
Hmmm, the Dutch aren't exactly Botswana or some place in South America where votes might be escorted by military convoys. Yet, the Dutch will have FOREIGN observers?
Wow. Considering all the diebold bullshit going on, one would think and ask where are the INTERNATIONAL observers when US voting (local, county, state, federal) elections occur.
I think the UN should declare an occupation to several major US cities. Make things interesting a bit....
Re: (Score:2)
(you deliver your "voted party X" proof to some agent and get cash or other advantages in return)
Re: (Score:3, Insightful)
Let me fix that for you:
There. No problem, no need to thank me.
Re: (Score:2)
Re: (Score:2)