Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Dutch Securing E-voting After Being Pwned

Posted by kdawson on Sat Oct 14, 2006 12:32 PM
from the wouldn't-it-be-nice dept.
Government Security Politics
An anonymous reader writes, "After the Dutch we-don't-trust-voting-computers foundation demonstrated glaring security holes in Dutch voting computers last week, the Dutch government has ordered (Dutch) all software to be replaced, all hardware to be checked, unflashable firmware to be installed, and an iron seal to be placed on voting machines. A certification institute will double-check all measures, and on election day will cull random machines to check them for accuracy. The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue. Furthermore, foreign observers will monitor the upcoming elections on November 22nd. But the action group is still not confident (Dutch) that all problems are solved." US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.
+ -
story

Related Stories

[+] IT: Dutch Blackbox Voting Pwned 353 comments
An anonymous reader writes, "In a just-published report (PDF, in English, cached here), the Dutch we-don't-trust-voting-computers foundation (Dutch and English) details how it converted a Nedap voting machine, of a type used in Holland and France, to steal a pre-determined percentage of votes and reassign them to another party. The paper describes in great detail how 'anyone, when given brief access to the devices at any time before the election, can gain complete and virtually undetectable control over the election results.' As a funny bonus, responding to an earlier challenge by the manufacturer, the researchers reflashed a voting machine to play chess. The news was on national television (Dutch) last night and is growing into a major scandal. 90% of the votes in the Netherlands are cast on these machines and national elections will be held in a month." Please create mirrors for the 8.1-MB PDF and post their URLs. You might also try John Graham-Cumming's l8r.org service to tell you when the slashdot effect subsides from any of the mirrors.
[+] Your Rights Online: Voting Machines Banned by Dutch Minister 155 comments
5heep writes "Dutch Government Renewal Minister Atzo Nicolai has banned the use of one type of computer voting machine in national elections next month. The turnabout came after a group called We Don't Trust Voting Computers protested the vulnerability of electronic voting to fraud or manipulation. The reason for this ban is the radio signals emitted by the machines which can be used to peek at a voters' choice from several dozen meters away."
[+] Web-Based Assistant Changes the Face of Dutch Politics 190 comments
An anonymous reader writes "The elections held in The Netherlands on Wednesday have shaken the country. Almost 10 million votes were cast, and statistics show that a full half of those who voted used a popular web-based voter guide. This guide is operated by the independent institute for the public and politics. Advice is given to the visitor upon answering a number of multiple choice questions on some common political topics. Statistically, a number of people ended up scoring in support of populist parties both on the far left and far right. No bias was reported to exist in the test itself. However, these parties have ended up with an unforeseen amount of power as a result of the election. The voter participation was high, and the web-based advisories may have motivated people with little interest in politics to cast a vote anyway. Can politics be simplified to a ten minute test?"
[+] Deathblow To a Voting Machine 140 comments
SiggyRadiation writes "According to their newsletter (my English translation here), the Dutch group that 'doesn't trust the voting computers' has won a round against the industry and the civil servants that seem hell-bent on reintroducing voting machines — NewVote, made by SDU — that the Dutch minister of the interior has suspended. Apparently SDU provided 5 slightly different samples of its machine to the Dutch version of the NSA (well... the very humble Dutch version anyway) for testing purposes. Of those five, four machines emitted radiation in such a way that the votes cast could be monitored. SDU's NewVote received its final deathblow when it became clear that the one machine that stayed within the radiation limits used a green-on-red color-scheme for its screen. And that would be a small problem for the 4% of all men that cannot distinguish between red and green."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Dutch Securing E-voting After Being Pwned 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • TEMPEST? (Score:5, Informative)

    by CRCulver (715279) <crculver@christopherculver.com> on Saturday October 14 2006, @12:38PM (#16437445) Homepage

    The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue.

    I assume they are referring to TEMPEST [wikipedia.org] attacks. It was a Dutchman, Vim van Eck who first brought TEMPEST attacks to public attention while in the U.S. even the security standard was classified. I imagine many Slashdot readers will recognize his name from the "Van Eck phreaking" described in Neal Stephenson's Cryptonomicon [amazon.com] .

    • Re: (Score:3, Informative)

      by AlXtreme (223728)
      You're correct. By measuring the emissions from the LCD-screen they have shown how one could figure out what someone was voting for. Although relatively low-tech (they detected that the LCD screen would refresh slower when non-ASCII characters were used), they measured this from a distance of 20 meters.

      I'm sure that, with some work, they could read the display using 'Van Eck', as in Cryptonomicon. So long for being able to keep your vote hidden.
  • What is "pwned"?

    • Re:"pwned"? (Score:5, Insightful)

      by leonmergen (807379) * <(moc.liamg) (ta) (negreml)> on Saturday October 14 2006, @12:41PM (#16437479) Homepage

      What is "pwned"?

      .. something that shouldn't belong in a slashdot headline..

      • Always kdawson (Score:5, Insightful)

        by a16 (783096) on Saturday October 14 2006, @01:12PM (#16437743)
        "Pwned" has been showing up constantly recently, and it's always kdawson.

        What Slashdot need to remember is that their headlines show up in a variety of professional places (by rss) - Google news for one, and having words such as "pwned" looks beyond amateurish.

        How about the next story being "Slashdot editors pwned with a dictionary, improvements expected all round"?

        • Re: (Score:3, Interesting)

          by andrewdotcoza (981693)
          I realise that everyone isn't on the same page about this, but I read Slashdot precisely because its geeky and slightly off-beat. "Pwned" looks good in this headline and thats why I clicked on the story.

          If "professional places" choose to source headlines from Slashdot, they should surely accept how people communicate here. I see no reason why Slashdot needs to fit in with CNN's headline standards.

          Be yourself, no matter what the cost.

          • Re: (Score:3, Insightful)

            by Jugalator (259273)
            I'm geeky and off-beat and hate the word that originally seem to have come from 14 year olds playing Counterstrike far too much.
      • and yet this is the second time recently it has made it's way on. Is slashdot taking submissions from digg now?

    • Re: (Score:3, Informative)

      by rvw (755107)

      From the Urban Dictionary... [urbandictionary.com]

      A corruption of the word "Owned." This originated in an online game called Warcraft, where a map designer misspelled "owned." When the computer beat a player, it was supposed to say, so-and-so "has been owned."

      Instead, it said, so-and-so "has been pwned."

      It basically means "to own" or to be dominated by an opponent or situation, especially by some god-like or computer-like force.

  • behind not controlling American elections at the National Level?

    In Canada we still use pencils and paper... call us inefficient and backward, but at least we never had an illigitimate government, b1atches!!
    • "...behind not controlling American elections at the National Level?"

      The US is a Federalist nation, built around the idea that the national government should have control over only what is absolutely necessary, and that the state should handle the rest. So the states each have the right to electoral votes in choosing the President, and representatives in Congress, but how the states choose their representatives and decide electoral votes before passing them on to Congress is up to the states.

      • Re: (Score:3, Insightful)

        by Trailwalker (648636)
        The Federal Government controls the actions of states by attaching conditions to funding. Highway speed limits and the .08 alcohol limit are examples. Easily done in other areas.

    • Re:What is the theory... (Score:4, Insightful)

      by From A Far Away Land (930780) on Saturday October 14 2006, @12:51PM (#16437565) Homepage Journal
      Paper is neither inefficient, or backward. It's the only way to conduct an open and accurate election on a nation wide scale, without introducing unacceptable doubt into the legitimacy of the winner(s). Florida's paper chad system was a failure because machines more complicated than pencils, and obscuring of the working of the ballot was placed between the voter and the ballot. The result was a flawed result, and a delayed result, many times longer than the longest recent Canadian federal general elections.

      • Re: (Score:3, Interesting)

        by penix1 (722987)
        Paper ballots are subject to all the same security flaws that they have always been subject to. This means physical security for the most part. Ballot boxes can be "stuffed" and elections thrown into chaos quite quickly. In a bay in California they found several ballot boxes with uncounted votes still in them. In my state of WV they are still prosecuting people for vote buying and ballot box stuffing. Even when you use electronic voting with a paper receipt, they will still be vulnerable to all those securi

        • Re:What is the theory... (Score:5, Informative)

          by tomhudson (43916) <hudsonNO@SPAMvideotron.ca> on Saturday October 14 2006, @01:47PM (#16437981) Journal

          We have various methods to keep both sides honest here in Quebec.

          1. Your name has to be on the permanent voting list - all citizens over 18 are on it, except people who have committed an electoral crime in the past 5 years. The local voters list is distributed to your area well in advance of the elections, so there's no chance to get a bunch of fake voters on it, and it gives people who slipped through the cracks a chance to update their info (for example, if they moved).
          2. You have to first present ID to get your ballot. Your name is then removed from the list. The people (there are 2 for each box or "polling station") are appointed by the two parties who got the most ballots in the previous election - so they're watching each other, and making sure that nobody tries to pull a fast one.
          3. Before they give you your ballot, they sign the tear-off stub or counterfoil. When you present your ballot to be put in the box, they remove the stub after verifying their signature, and you put your ballot in the box. No chance to conceal a half-dozen ballots in your hand.
          4. The ballot boxes are opened and counted on iste. No chance for something to happen in transit. Then, after the count is made and everyone signs off on it, the ballots are put back in the box and the box re-sealed. Recounts are automatic for all results where there is less than 100 votes separating the winner from second place, and any candidate can ask for a judicial recount.
          5. We've disallowed all donations of money, goods or services except from individuals, and those are capped at $3k per annum. All donations totaling over $200/year/person have to be reported, identifying the donor - and these lists are made public.

          We tried electronic voting machines for one election, and quickly abandoned them - it was actually quicker, as well as being more transparent, to process ballots by hand, and there were no problems with power, questionable software, etc.

          Still, there are those who want to go back to using pine cones and beaver chips instead of a paper ballot.

                    • Re: (Score:3, Interesting)

                      by anshil (302405)
                      I personally believe the problem is the 2-party system. Its just to few incitation to pull some things straight. Yes I totally believe that you are correct with your "I am bad, but I know you are bad too" politics betweet the two.

                      On the otherhand. We (most EU countries) have a proportional-election-system an thus usually e.g. 4 parties in the parlament, 2 together forming the government, which 2 varies due to the election results. Its just that 4 parties set the election rules, and 4 parties govern each oth

                    • Re: (Score:3, Informative)

                      by Joey7F (307495)
                      It is not like there are not 3rd parties in the US, it is just very tough for them to be elected. There are many reasons but the main ones are:

                      1.) The vote against vs vote for mentality. I don't want X to be elected to Y so I will vote for Z instead of A who might be best but can't win. I did this in the primararies.

                      2.) The third parties have positions well outside the political mainstream. Libertarians are borderline anarchists, the Green party is way too hippy, and the Constitutional party makes the Chris

        • Re:What is the theory... (Score:5, Insightful)

          by mickwd (196449) on Saturday October 14 2006, @02:53PM (#16438485)
          "In a bay in California they found several ballot boxes....."

          Because they used paper, there was something to find.

          "In my state of WV they are still prosecuting people for vote buying and ballot box stuffing."

          Because they used paper, and there was something which could be found.
    • We have no elections that are nationwide, for one thing. The biggest scope of any election is statewide.

      • Re: (Score:3, Informative)

        by CastrTroy (595695)
        Well technically in Canada there are no "National" elections either. Not even at the provincial level. Each person votes for someone in their riding. Whoever gets the most votes in the riding gets a seat in parliament. There are 308 seats for the entire country. Whichever party gets the most seats is "in power" although if they don't have the majority of the seats, they don't really have the power, as other parties can team up against them to over power them when voting on different issues. Who ever i

  • fixed here (Score:5, Funny)

    by frovingslosh (582462) on Saturday October 14 2006, @12:40PM (#16437469)
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Oh, don't worry, I have it on good authority that the elections will be fixed here.

  • One of the major concerns... (Score:3, Interesting)

    by thrill12 (711899) on Saturday October 14 2006, @12:41PM (#16437473)
    ...of the group is that they are simply replacing eproms with proms, while the group demonstrated that the chips could be replaced, not just 'reprogrammed'.
    This is probably still something some politicians 'fail' to see over here: we can buy these chips in any electronics store, so why reprogram them - apart from the fact that reprogramming would take much more time than simply replacing.

    It (the prom instead of eprom) is probably a failing idea of the company Nedap [nedap.nl], which makes these monsters. Heck, they need to change their own software too, from time to time.
    • simply replacing eproms with proms, while the group demonstrated that the chips could be replaced, not just 'reprogrammed'.

      Is that not why they also are using the tamper-evident seals?

      • Re:One of the major concerns... (Score:4, Insightful)

        by pe1chl (90186) on Saturday October 14 2006, @01:24PM (#16437821)
        Remember that these electronic voting machines were designed and build in the eighties of the last century, and have been used ever since.
        What Microsoft does in an xbox360 is not relevant to what a small engineering company would have done over 20 years ago.

        You could call it the disadvantage of an early rollout of modern technology.
        On the other hand, you can also claim that the current hardware can be understood by a causal onlooker with electronics and software background.
        It contains only off-the-shelf parts and the protest group was able to disassemble and analyze it (as well as port a chess program to the hardware) in a months time.
        Try that with an Xbox.

      • Re: (Score:3, Informative)

        by hanwen (8589)
        The problem is that these machines are actually from the late 80s. It's not feasible to retrofit new chips onto these boards. For a fun look, go to www.wijvertrouwenstemcomputersniet.nl, where there are pictures of the board-internals. These show soldered resistors, the likes of which I've last seen in my Apple II.

  • Paper trail? (Score:4, Insightful)

    by Constantine Evans (969815) on Saturday October 14 2006, @12:42PM (#16437481) Homepage
    They do all of these things, and yet still do not create a paper trail of each vote?

    It appears that the machines only create a paper copy of the results at the end of the day...

    • Re: (Score:3, Insightful)

      by RAMMS+EIN (578166)
      ``It appears that the machines only create a paper copy of the results at the end of the day...''

      Yes. I never understood the use of that. Nice that you can verify that the count the machine reported electronically matches what it printed on paper, but that doesn't say _anything_ at all about whether it's been tampered with, right?

      I always thought that the simple solution would be that the machine print out what you just voted, and you check that this is what you intended and dump the printout in a ballot bo

  • understandable (Score:3, Interesting)

    by agent dero (680753) on Saturday October 14 2006, @12:42PM (#16437483) Homepage
    I get it, see, e-voting is worth all the trouble and hassles because it...does...what better than paper voting?

    Maybe somebody can enlighten me, besides the ease of rigging an election what exactly do 'we' gain from e-voting?
    • But it's electronic, so it must be better!
    • Countability. If it weren't controlled by companies with a vested interest in rigging e-voting would be much superior to paper voting because a mistake in counting would be much less likely. When people ask for a paper trail they really mean an audit trail which could be done fully electronically too.
    • Maybe somebody can enlighten me, besides the ease of rigging an election what exactly do 'we' gain from e-voting?


      Rapid results for election commentary on cable news. And a lot of money into the coffers of Diebold.
    • E-voting does two things better than paper voting:
      - no counting errors (yes, assuming the software works correctly)
      - results are in much faster than with hand counting. We basically know who won 5 minutes after the poll closes.

      IOW, we use e-voting because it's convenient.

    • Re:understandable (Score:4, Funny)

      by Reverend528 (585549) on Saturday October 14 2006, @02:28PM (#16438283) Homepage
      I get it, see, e-voting is worth all the trouble and hassles because it...does...what better than paper voting?

      I guess you were part of the 3% of the population that voted against electronic voting and not part of the 203% that support it.*

      *numbers calculated by diebold voting machines.

      • no more spoiled ballots

        I live in the UK, and we still use paper, and I like being able to spoil my ballot (indeed, i did it at the last general election); it's my form of protest at our main political parties and the fact we have no real choice. It's more proactive than simply abstaining. Not being able to spoil ballots is a bad thing, no a good one.

  • Arguments for local control of voting regulations. (Score:3, Interesting)

    by Anonymous Coward on Saturday October 14 2006, @12:46PM (#16437509)
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Arguments for local control of voting regulations.
    (posting as AC to save my devil's advocate ass)
    1 - The United States Of America was designed as a confederation of (mostly) independent states. Only the powers explicitly given to the federal government are not the jurisdiction of the states.
    2 - The innovative power of the open market. The belief that by allowing a competition of ideas in how best to run elections (as long as they meet minimal standards) the best choice will be eventually reached.
    3 - Local boards of elections consist of an equal number of members of both parties. The belief is that Democrats won't allow Republicans to steal the election, and vise versa.

    • Good post. Just to clarify some things:

      Arguments for local control of voting regulations. [...]

      1 - The United States Of America was designed as a confederation of (mostly) independent states. Only the powers explicitly given to the federal government are not the jurisdiction of the states.

      Actually a federation rather than a confederation. The difference is slight but important. Nonetheless, the 10th ammendment is very specific about the limits of powers of the federal government vs state government

    • The innovative power of the open market. The belief that by allowing a competition of ideas in how best to run elections (as long as they meet minimal standards) the best choice will be eventually reached.

      So, um.. it's been over two hundred years. How come our election methods still suck?
  • I thought we all agreed [slashdot.org] that "pwn" should not be in the topic. Why the hell does it keep popping up? "Up next... the prescription medication you bought may in fact be pwned by that super-duper company who is roffling poopsickles to pimp the quick buck, ha ha." /. is better than that.

  • US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Why the hell wouldn't it be? Sure it would cost more and probably be harder to setup than in holland since there is more territory and a much higher population count, but not workable? We're talking democracy at stake here, I don't see much that you could want to "fix" more than the risk of losing your voice, of making your votes irrelevant and inexistant, or being cheated out of choosing your leaders and the way your country will behave in the future.

    Of course, some people may be more interested in there being a high risk of electronic electoral fraud, if they're committing or benefiting from the fraud in the first place...

      • Re: (Score:3, Informative)

        by Stradivarius (7490)
        If it was federal law that voting machines had to meet certain federally-defined minimum standards (hardware/software must be independently audited, machine must produce a paper trail, etc), then it's no longer a matter of persuasion so much as "do-this-or-face-the-punishment". Just like any other federal statute.

        IANAL, but I'm guessing that at least for federal elections, this is within the federal government's power to do. Even if it were a power reserved to the states, Congress could easily tie complianc

  • 'Independent committee'? (Score:3, Insightful)

    by hcdejong (561314) <acme AT xmsnet DOT nl> on Saturday October 14 2006, @12:53PM (#16437583)
    If true, this is a major step. The voting process hasn't been very transparent, with Nedap trying to keep the software and voting procedures a secret. Wijvertrouwenstemcomputersniet forced the issue using the Dutch 'freedom of information' act to get access to documents.
    Let's hope this committee will have access to the source code, and will be able to monitor and verify that the new PROMs actually contain the code the committee has been reviewing.

    I, for one, welcome our election-monitoring overlords. Where do I sign up to be one of them?
    • I, for one, welcome our election-monitoring overlords. Where do I sign up to be one of them?

      If you visit their site, you'll find information about what you can actually do. You are allowed to stay in the voting room, as long as you don't disturb the process of voting. More information can be found on their action page [wijvertrou...ersniet.nl] .

  • It would work (Score:5, Insightful)

    by Spazmania (174582) on Saturday October 14 2006, @12:56PM (#16437625) Homepage
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Sure it would. Powers reserved for the states have been nationalized over and over again by the simple application of cash: The federal government offers funding for a particular project but you have to follow the federal rules to get it. The federal rules are rarely too onorous and the money you don't have to collect in local taxes is too much to turn down when the neighboring states all take it.
  • Please, "pwned" in a story title, again? Has Slashdot been taken over by 12 year old Counter-Strike players?

  • Local Level? (Score:4, Informative)

    by Corbets (169101) on Saturday October 14 2006, @01:03PM (#16437681) Homepage
    "US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here."

    Um, as an American currently living in Switzerland, I have to ask... do you know how big the Netherlands are (is? that's a tricky one)? Smaller than Chicago, if I remember correctly... so being applied at the national level there is essentially the same as the local level in the US.

  • Nedap Commentary (Score:3, Interesting)

    by RAMMS+EIN (578166) on Saturday October 14 2006, @01:35PM (#16437901) Homepage Journal
    I remember when this was on the news (I live in the Netherlands), there was a spokesperson for Nedap who said something like:

    ``Our machines are fine. I don't understand why the website is called "We don't trust voting machines", rather than "We don't trust people".''

    I think that about sums up their approach to security. We don't need any security measures; people should just behave themselves. Yeah, right.

  • Nationwide vs International... (Score:4, Interesting)

    by davidsyes (765062) on Saturday October 14 2006, @08:48PM (#16440593) Homepage Journal
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Hmmm, the Dutch aren't exactly Botswana or some place in South America where votes might be escorted by military convoys. Yet, the Dutch will have FOREIGN observers?

    Wow. Considering all the diebold bullshit going on, one would think and ask where are the INTERNATIONAL observers when US voting (local, county, state, federal) elections occur.

    I think the UN should declare an occupation to several major US cities. Make things interesting a bit....

      • Re: (Score:3, Insightful)

        by fyngyrz (762201) *
        US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

        Let me fix that for you:

        US elections are controlled at the local^H^H^H^H^H corporate level, so unfortunately such a nationwide fix would not be workable here.

        There. No problem, no need to thank me.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.