Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Dutch Securing E-voting After Being Pwned

Posted by kdawson on Sat Oct 14, 2006 01:32 PM
from the wouldn't-it-be-nice dept.
Government Security Politics
An anonymous reader writes, "After the Dutch we-don't-trust-voting-computers foundation demonstrated glaring security holes in Dutch voting computers last week, the Dutch government has ordered (Dutch) all software to be replaced, all hardware to be checked, unflashable firmware to be installed, and an iron seal to be placed on voting machines. A certification institute will double-check all measures, and on election day will cull random machines to check them for accuracy. The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue. Furthermore, foreign observers will monitor the upcoming elections on November 22nd. But the action group is still not confident (Dutch) that all problems are solved." US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.
+ -
story

Related Stories

[+] IT: Dutch Blackbox Voting Pwned 353 comments
An anonymous reader writes, "In a just-published report (PDF, in English, cached here), the Dutch we-don't-trust-voting-computers foundation (Dutch and English) details how it converted a Nedap voting machine, of a type used in Holland and France, to steal a pre-determined percentage of votes and reassign them to another party. The paper describes in great detail how 'anyone, when given brief access to the devices at any time before the election, can gain complete and virtually undetectable control over the election results.' As a funny bonus, responding to an earlier challenge by the manufacturer, the researchers reflashed a voting machine to play chess. The news was on national television (Dutch) last night and is growing into a major scandal. 90% of the votes in the Netherlands are cast on these machines and national elections will be held in a month." Please create mirrors for the 8.1-MB PDF and post their URLs. You might also try John Graham-Cumming's l8r.org service to tell you when the slashdot effect subsides from any of the mirrors.
[+] Your Rights Online: Voting Machines Banned by Dutch Minister 155 comments
5heep writes "Dutch Government Renewal Minister Atzo Nicolai has banned the use of one type of computer voting machine in national elections next month. The turnabout came after a group called We Don't Trust Voting Computers protested the vulnerability of electronic voting to fraud or manipulation. The reason for this ban is the radio signals emitted by the machines which can be used to peek at a voters' choice from several dozen meters away."
[+] Web-Based Assistant Changes the Face of Dutch Politics 190 comments
An anonymous reader writes "The elections held in The Netherlands on Wednesday have shaken the country. Almost 10 million votes were cast, and statistics show that a full half of those who voted used a popular web-based voter guide. This guide is operated by the independent institute for the public and politics. Advice is given to the visitor upon answering a number of multiple choice questions on some common political topics. Statistically, a number of people ended up scoring in support of populist parties both on the far left and far right. No bias was reported to exist in the test itself. However, these parties have ended up with an unforeseen amount of power as a result of the election. The voter participation was high, and the web-based advisories may have motivated people with little interest in politics to cast a vote anyway. Can politics be simplified to a ten minute test?"
[+] Deathblow To a Voting Machine 140 comments
SiggyRadiation writes "According to their newsletter (my English translation here), the Dutch group that 'doesn't trust the voting computers' has won a round against the industry and the civil servants that seem hell-bent on reintroducing voting machines — NewVote, made by SDU — that the Dutch minister of the interior has suspended. Apparently SDU provided 5 slightly different samples of its machine to the Dutch version of the NSA (well... the very humble Dutch version anyway) for testing purposes. Of those five, four machines emitted radiation in such a way that the votes cast could be monitored. SDU's NewVote received its final deathblow when it became clear that the one machine that stayed within the radiation limits used a green-on-red color-scheme for its screen. And that would be a small problem for the 4% of all men that cannot distinguish between red and green."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Dutch Securing E-voting After Being Pwned 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • TEMPEST? (Score:5, Informative)

    by CRCulver (715279) <crculver@christopherculver.com> on Saturday October 14 2006, @01:38PM (#16437445) Homepage

    The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue.

    I assume they are referring to TEMPEST [wikipedia.org] attacks. It was a Dutchman, Vim van Eck who first brought TEMPEST attacks to public attention while in the U.S. even the security standard was classified. I imagine many Slashdot readers will recognize his name from the "Van Eck phreaking" described in Neal Stephenson's Cryptonomicon [amazon.com] .

    • Re: (Score:3, Informative)

      by AlXtreme (223728)
      You're correct. By measuring the emissions from the LCD-screen they have shown how one could figure out what someone was voting for. Although relatively low-tech (they detected that the LCD screen would refresh slower when non-ASCII characters were used), they measured this from a distance of 20 meters.

      I'm sure that, with some work, they could read the display using 'Van Eck', as in Cryptonomicon. So long for being able to keep your vote hidden.

  • fixed here (Score:5, Funny)

    by frovingslosh (582462) on Saturday October 14 2006, @01:40PM (#16437469)
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Oh, don't worry, I have it on good authority that the elections will be fixed here.

  • One of the major concerns... (Score:3, Interesting)

    by thrill12 (711899) on Saturday October 14 2006, @01:41PM (#16437473)
    ...of the group is that they are simply replacing eproms with proms, while the group demonstrated that the chips could be replaced, not just 'reprogrammed'.
    This is probably still something some politicians 'fail' to see over here: we can buy these chips in any electronics store, so why reprogram them - apart from the fact that reprogramming would take much more time than simply replacing.

    It (the prom instead of eprom) is probably a failing idea of the company Nedap [nedap.nl], which makes these monsters. Heck, they need to change their own software too, from time to time.

      • Re:One of the major concerns... (Score:4, Insightful)

        by pe1chl (90186) on Saturday October 14 2006, @02:24PM (#16437821)
        Remember that these electronic voting machines were designed and build in the eighties of the last century, and have been used ever since.
        What Microsoft does in an xbox360 is not relevant to what a small engineering company would have done over 20 years ago.

        You could call it the disadvantage of an early rollout of modern technology.
        On the other hand, you can also claim that the current hardware can be understood by a causal onlooker with electronics and software background.
        It contains only off-the-shelf parts and the protest group was able to disassemble and analyze it (as well as port a chess program to the hardware) in a months time.
        Try that with an Xbox.

  • Paper trail? (Score:4, Insightful)

    by Constantine Evans (969815) on Saturday October 14 2006, @01:42PM (#16437481) Homepage
    They do all of these things, and yet still do not create a paper trail of each vote?

    It appears that the machines only create a paper copy of the results at the end of the day...

  • understandable (Score:3, Interesting)

    by agent dero (680753) on Saturday October 14 2006, @01:42PM (#16437483) Homepage
    I get it, see, e-voting is worth all the trouble and hassles because it...does...what better than paper voting?

    Maybe somebody can enlighten me, besides the ease of rigging an election what exactly do 'we' gain from e-voting?
    • But it's electronic, so it must be better!

    • Re:understandable (Score:4, Funny)

      by Reverend528 (585549) on Saturday October 14 2006, @03:28PM (#16438283) Homepage
      I get it, see, e-voting is worth all the trouble and hassles because it...does...what better than paper voting?

      I guess you were part of the 3% of the population that voted against electronic voting and not part of the 203% that support it.*

      *numbers calculated by diebold voting machines.

  • Arguments for local control of voting regulations. (Score:3, Interesting)

    by Anonymous Coward on Saturday October 14 2006, @01:46PM (#16437509)
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Arguments for local control of voting regulations.
    (posting as AC to save my devil's advocate ass)
    1 - The United States Of America was designed as a confederation of (mostly) independent states. Only the powers explicitly given to the federal government are not the jurisdiction of the states.
    2 - The innovative power of the open market. The belief that by allowing a competition of ideas in how best to run elections (as long as they meet minimal standards) the best choice will be eventually reached.
    3 - Local boards of elections consist of an equal number of members of both parties. The belief is that Democrats won't allow Republicans to steal the election, and vise versa.

  • US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Why the hell wouldn't it be? Sure it would cost more and probably be harder to setup than in holland since there is more territory and a much higher population count, but not workable? We're talking democracy at stake here, I don't see much that you could want to "fix" more than the risk of losing your voice, of making your votes irrelevant and inexistant, or being cheated out of choosing your leaders and the way your country will behave in the future.

    Of course, some people may be more interested in there being a high risk of electronic electoral fraud, if they're committing or benefiting from the fraud in the first place...

  • 'Independent committee'? (Score:3, Insightful)

    by hcdejong (561314) <acme.xmsnet@nl> on Saturday October 14 2006, @01:53PM (#16437583)
    If true, this is a major step. The voting process hasn't been very transparent, with Nedap trying to keep the software and voting procedures a secret. Wijvertrouwenstemcomputersniet forced the issue using the Dutch 'freedom of information' act to get access to documents.
    Let's hope this committee will have access to the source code, and will be able to monitor and verify that the new PROMs actually contain the code the committee has been reviewing.

    I, for one, welcome our election-monitoring overlords. Where do I sign up to be one of them?

  • It would work (Score:5, Insightful)

    by Spazmania (174582) on Saturday October 14 2006, @01:56PM (#16437625) Homepage
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Sure it would. Powers reserved for the states have been nationalized over and over again by the simple application of cash: The federal government offers funding for a particular project but you have to follow the federal rules to get it. The federal rules are rarely too onorous and the money you don't have to collect in local taxes is too much to turn down when the neighboring states all take it.

  • Local Level? (Score:4, Informative)

    by Corbets (169101) on Saturday October 14 2006, @02:03PM (#16437681) Homepage
    "US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here."

    Um, as an American currently living in Switzerland, I have to ask... do you know how big the Netherlands are (is? that's a tricky one)? Smaller than Chicago, if I remember correctly... so being applied at the national level there is essentially the same as the local level in the US.

  • Nationwide vs International... (Score:4, Interesting)

    by davidsyes (765062) on Saturday October 14 2006, @09:48PM (#16440593) Homepage Journal
    US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.

    Hmmm, the Dutch aren't exactly Botswana or some place in South America where votes might be escorted by military convoys. Yet, the Dutch will have FOREIGN observers?

    Wow. Considering all the diebold bullshit going on, one would think and ask where are the INTERNATIONAL observers when US voting (local, county, state, federal) elections occur.

    I think the UN should declare an occupation to several major US cities. Make things interesting a bit....

    • Re:"pwned"? (Score:5, Insightful)

      by leonmergen (807379) * <[moc.liamg] [ta] [negreml]> on Saturday October 14 2006, @01:41PM (#16437479) Homepage

      What is "pwned"?

      .. something that shouldn't belong in a slashdot headline..

      • Always kdawson (Score:5, Insightful)

        by a16 (783096) on Saturday October 14 2006, @02:12PM (#16437743)
        "Pwned" has been showing up constantly recently, and it's always kdawson.

        What Slashdot need to remember is that their headlines show up in a variety of professional places (by rss) - Google news for one, and having words such as "pwned" looks beyond amateurish.

        How about the next story being "Slashdot editors pwned with a dictionary, improvements expected all round"?

    • Re: (Score:3, Informative)

      by rvw (755107)

      From the Urban Dictionary... [urbandictionary.com]

      A corruption of the word "Owned." This originated in an online game called Warcraft, where a map designer misspelled "owned." When the computer beat a player, it was supposed to say, so-and-so "has been owned."

      Instead, it said, so-and-so "has been pwned."

      It basically means "to own" or to be dominated by an opponent or situation, especially by some god-like or computer-like force.

    • Re:What is the theory... (Score:4, Insightful)

      by From A Far Away Land (930780) on Saturday October 14 2006, @01:51PM (#16437565) Homepage Journal
      Paper is neither inefficient, or backward. It's the only way to conduct an open and accurate election on a nation wide scale, without introducing unacceptable doubt into the legitimacy of the winner(s). Florida's paper chad system was a failure because machines more complicated than pencils, and obscuring of the working of the ballot was placed between the voter and the ballot. The result was a flawed result, and a delayed result, many times longer than the longest recent Canadian federal general elections.

      • Re: (Score:3, Interesting)

        by penix1 (722987)
        Paper ballots are subject to all the same security flaws that they have always been subject to. This means physical security for the most part. Ballot boxes can be "stuffed" and elections thrown into chaos quite quickly. In a bay in California they found several ballot boxes with uncounted votes still in them. In my state of WV they are still prosecuting people for vote buying and ballot box stuffing. Even when you use electronic voting with a paper receipt, they will still be vulnerable to all those securi

        • Re:What is the theory... (Score:5, Informative)

          by tomhudson (43916) <hudson.videotron@ca> on Saturday October 14 2006, @02:47PM (#16437981) Journal

          We have various methods to keep both sides honest here in Quebec.

          1. Your name has to be on the permanent voting list - all citizens over 18 are on it, except people who have committed an electoral crime in the past 5 years. The local voters list is distributed to your area well in advance of the elections, so there's no chance to get a bunch of fake voters on it, and it gives people who slipped through the cracks a chance to update their info (for example, if they moved).
          2. You have to first present ID to get your ballot. Your name is then removed from the list. The people (there are 2 for each box or "polling station") are appointed by the two parties who got the most ballots in the previous election - so they're watching each other, and making sure that nobody tries to pull a fast one.
          3. Before they give you your ballot, they sign the tear-off stub or counterfoil. When you present your ballot to be put in the box, they remove the stub after verifying their signature, and you put your ballot in the box. No chance to conceal a half-dozen ballots in your hand.
          4. The ballot boxes are opened and counted on iste. No chance for something to happen in transit. Then, after the count is made and everyone signs off on it, the ballots are put back in the box and the box re-sealed. Recounts are automatic for all results where there is less than 100 votes separating the winner from second place, and any candidate can ask for a judicial recount.
          5. We've disallowed all donations of money, goods or services except from individuals, and those are capped at $3k per annum. All donations totaling over $200/year/person have to be reported, identifying the donor - and these lists are made public.

          We tried electronic voting machines for one election, and quickly abandoned them - it was actually quicker, as well as being more transparent, to process ballots by hand, and there were no problems with power, questionable software, etc.

          Still, there are those who want to go back to using pine cones and beaver chips instead of a paper ballot.

        • Re:What is the theory... (Score:5, Insightful)

          by mickwd (196449) on Saturday October 14 2006, @03:53PM (#16438485)
          "In a bay in California they found several ballot boxes....."

          Because they used paper, there was something to find.

          "In my state of WV they are still prosecuting people for vote buying and ballot box stuffing."

          Because they used paper, and there was something which could be found.

      • Re: (Score:3, Insightful)

        by Trailwalker (648636)
        The Federal Government controls the actions of states by attaching conditions to funding. Highway speed limits and the .08 alcohol limit are examples. Easily done in other areas.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.