Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government Security Politics Technology

7,000 Irish e-Voting Machines To Be Scrapped 198

lampsie writes "You may recall from back in January 2012 that the Irish government had deemed their stock of 7,000 e-voting machines 'worthless.' Turns out they are not — after spending upwards of €54 million purchasing them almost a decade ago, all 7,000 will now be scrapped for €70,000 (just over nine Euros each). The machines were scrapped because 'they could not be guaranteed to be safe from tampering [...] and they could not produce a printout so that votes/results could be double-checked.'"
This discussion has been archived. No new comments can be posted.

7,000 Irish e-Voting Machines To Be Scrapped

Comments Filter:
  • by Anonymous Coward on Friday June 29, 2012 @09:11AM (#40493479)

    chéad phost

  • awwwww (Score:4, Funny)

    by slashmydots ( 2189826 ) on Friday June 29, 2012 @09:12AM (#40493485)
    Daaaaamn, what a waste, considering people have proven you can run Tetris on them. They could have had a whole arcade.
  • by AnotherAnonymousUser ( 972204 ) on Friday June 29, 2012 @09:14AM (#40493509)
    As a question for the geeks and engineers of the community - how truly difficult is it to make one of these voting machines safe for use? Is there something I'm missing that would make it difficult to have a kiosk with an imaged system that's been certified, locked down, and can print out results, without it being easy to tamper with or easy to fudge the numbers of? It seems like this is something that engineers could have designed to be foolproof by now, and at a fraction of the budget. How truly complex is the problem they're trying to solve?
    • by Joe_Dragon ( 2206452 ) on Friday June 29, 2012 @09:16AM (#40493551)

      use the same system for slot machines
      they go under lots of testing to make them hard to cheat them even to the point of shocking them.

      • by rtfa-troll ( 1340807 ) on Friday June 29, 2012 @09:42AM (#40493885)
        Nobody actually knows how hard this is since nobody has ever actually succeeded in doing it, despite the fact that many people have tried. Here is another example:

        use the same system for slot machines they go under lots of testing to make them hard to cheat them even to the point of shocking them.

        This is one of the standard examples, the other given is bank machines. The average engineer/computer scientest will tell you this every time up to the stage of actually starting voting machine companies and spending millions on delivering machines which fail to be sufficiently secure. Just think about how much more hostile the voting machine environment

        • if you cheat a slot machine you can get a few hundred dollars - if you beat a voting machine you can controll F22 contracts worth US$66.7 billion
        • slot machines are run in an environemnt where you can watch the users - watching voters is illegal
        • you can see who wins on your slot machine and almost nobody cares - voters are supposed to be anonymous
        • slot machines are essentially static; the money is put in and taken out in the bar - voting machines have to be distributed to many locations
        • your slot machine will still earn money even if it is completely emptied several times a year - a voting machine only needs to lose once

        It's true that the slot Las Vegas slot machine program is much better than any current voting machine goes through. That is outrageous. However, don't think that if you did follow the Las Vegas system that would be enough.

        • one "feature" that voting machines don't have that Vegas slots had back in the day

          They used to break people for cheating the slot machines

        • The US voting machine contracts were given to politically connected companies after the Republicans got a lot of flack for the 2000 election vote counting failures. Accountability and Auditability were very much not requirements - they didn't want paper trails that could be audited and recounted. Speed of deployment was a requirement, and sloppiness wasn't viewed as a problem.

          And while Las Vegas slot machines have a strong house advantage, the way the Republicans provided a house advantage in Ohio in 2004

      • Trust is not a technical problem and slot machines are not transparent to all parties. The speed of a manual count is also not a problem. Basically electronic voting is fixing a problem that doesn't exist, like an electronic mouse trap it's expensive, unreliable, and pointless.
      • by mdvolm ( 68424 )

        Not a bad idea, except that the main source of security for a slot machine comes from the fact that it is under 24/7 surveillance. Give someone unsupervised physical access to the machine though, and all "security" is lost.

    • by Hentes ( 2461350 )

      Assuming that the goal is to make them secure, it's not easy. When someone has physical access to your machine you are already in a losing battle.

      • If you seal the machine, instead of having USB slots on the outside, that would go a long way to prevent tampering.

        Not sure why you need to have an external connector available for anyone to use anyway, other than laziness on the part of the programmers and designers.

        If they can seal an ATM, they can seal a voting machine. This truly isn't rocket science.

        • by TapeCutter ( 624760 ) on Friday June 29, 2012 @12:20PM (#40496143) Journal

          If they can seal an ATM, they can seal a voting machine. This truly isn't rocket science.

          No it's not rocket science, nor is it ATM science. Learn how and why the traditional paper systems work and one day you may understand why the quote above is 'not even wrong'.

          This method is used in Sweden for example, and conducted as follows. The voter casts three ballots, one for each of the three elections (national, regional, and local), each in a sealed envelope. The party and candidate names are pre-printed on the ballot, or the voter can write them in on a blank ballot. When voting has finished, all envelopes are opened on the counting table, for one election at a time. They are sorted in piles according to party, inspecting them for validity. The piles are then counted manually, while witnesses around the table observe. The count is recorded, and the same pile is counted again. If the results do not agree, it is counted a third time. When all piles are counted and the results agree, the result is certified and transmitted for central tabulation. The count as received is made public, to allow anyone to double-check the tabulation and audit the raw data. There appears to be a high level of confidence in this system among the population, as evidenced by the lack of criticism of it." - Shamelessly C&P from WP.

          The last sentance in the quote hits the nail on the head, elections are about trust, anyone who thinks electronic voting is a good idea should be asking themselves what "problem" are they "solving"?

      • Wrong.

        You don't give the voters access to the whole machine, you only give them access to the touchscreen monitor, and maybe some kind of keypad. If you were to be believed, then we wouldn't be able to use ATMs.

        Now of course, as the other poster noted, this means you can't do stupid things like have USB or SD/MMC ports that are user-accessible.

        When we talk about having "physical access" to a machine, that means the WHOLE machine, as in a desktop PC where you can put your hands on the tower case, plug in US

        • You don't give the voters access to the whole machine, you only give them access to the touchscreen monitor,

          It's not the vote which matters. It's who counts them.

          • Yes, but that's a different issue altogether. If you're trying to protect a computer from people doing unauthorized things to it, like plugging in USB drives and infecting it with malware, or taking out the hard drive and copying or altering it, that's easy, you just lock it up the way an ATM does. If you're worried about authorized people (who have keys to the machine's cabinet) tampering with the vote, that's a whole separate problem, and a good reason that proprietary machines from private companies sh

        • by AmiMoJo ( 196126 )

          You don't give the voters access to the whole machine, you only give them access to the touchscreen monitor, and maybe some kind of keypad.

          What about the people running the polling station? They represent a far bigger risk since they have access to the machine for much longer and a voter who can reasonably spend a maximum of 10 minutes in the booth before people start to worry. Plus in the UK the booths are actually open on one side, your body effectively shielding your choice from view, and maybe Ireland is like that too. It would be hard to fiddle with a voting machine without being seen.

          • If you don't trust the people running the polling station to not stuff the ballot box (in a case where you're using paper ballots), then this is really moot.

            Of course, I guess with paper ballots, you can put some simple checks into the system to detect tampering, like only having a specific number of ballots printed and using magnetic ink so they're not easily duplicated. Detecting e-voting tampering would be much more difficult. Even so, by making sure that no one (or two) person is allowed access to the

    • I guess its the anonymity requirement of the vote that makes it difficult
      Otherwise, ATM's are secure, and the same technology could be applied to voting machines
      • by azalin ( 67640 )

        I guess its the anonymity requirement of the vote that makes it difficult Otherwise, ATM's are secure, and the same technology could be applied to voting machines

        Do you have any idea how much money is stolen every day by using duplicated bank cards? ATMs are not secure enough for this.

        • That's because ATMs are stuck using 70s or 80s technology, namely easily-copied mag-stripe cards with crappy 4-digit PINs, with no encryption used at all. It's not the fault of the ATMs, it's because the whole industry refuses to move to a more secure access device. It's amazing that more money isn't stolen every day.

          There's no requirement that voting machines use the same crappy access mechanism. In fact, the access mechanism would be totally different, because of the anonymity requirement; I'm just gue

          • I was thinking something similar... taken a step farther... if the system registers that the voter voted against one system, and the actual vote group to another system, with no correlation data between the two available, it would be reasonable to have online voting... would just need to ensure that both the registration that the person voted, and the record of the vote are separate... give the voter a token, that can be checked against their own vote record, but doesn't tie that token to their id, or that
            • I think some other posters here have a good point that this whole thing really can't work very well. Technically, it could, but the potential for abuse is too great; while you could use encryption to keep things anonymous as you say, the problem is that very few people really understand that, so basically the population is trusting a very small number of people that the voting system is fair and not rigged. We've now tried electronic voting with private companies, and it's been a disaster, because these c

    • by pegasustonans ( 589396 ) on Friday June 29, 2012 @09:21AM (#40493611)

      How truly complex is the problem they're trying to solve?

      Nothing that an old-fashioned optical scan ballot couldn't handle.

      In other words, using the machine was a solution looking for a problem (and causing numerous problems of its own).

      • by Shagg ( 99693 )

        In other words, using the machine was a solution looking for a problem

        E-voting machines definitely solve a problem. It's just that the public's definition of a problem, and a politician's definition of a problem aren't the same thing.

        For example, if you want to steal an election, physical paper voting/counting makes it very difficult to effect a large number of votes without having a lot of different people involved (greatly increasing the risk of the public finding out). E-voting machines definitely solve that problem.

    • by alteridem ( 46954 ) on Friday June 29, 2012 @09:23AM (#40493647) Homepage
      I believe it is actually more difficult than it would appear, mainly because you need to give people access to the machine to enter the candidates and when you do that, you are potentially giving them access to do other things. That said, the problem is not insurmountable. I would suggest open-sourcing the software and the hardware design. There are enough people that are interested in this problem that I expect that it would be well supported and potential security flaws found and fixed quickly. It would also greatly reduce the development costs. We would still need companies and governments to work together to build and certify the machines, but everyone could be working off a common, open blueprint.
      • Wish I had mod-points for this... for that matter, you could go to a polling site, and show your ID, they can check that you are registered, and give you a token to access an https website and cast your vote there... without correlation between your registration, and the vote token, it can be recorded, and you can check your token against the recorded vote later.
        • Doesn't this allow you to sell your vote, and be able to prove you voted a specific way? This opens up a big issue as well.

          Boss: "Vote Democan or you're fired!"
          99%: "Umm...I did..!"
          Boss: "Prove it, what is your token?"

          And thus, the entire thing falls apart. You shouldn't be able to prove how you voted, while needing to be sure how you voted is how its being counted. This is why its so difficult.
      • I believe it is actually more difficult than it would appear, mainly because you need to give people access to the machine to enter the candidates and when you do that, you are potentially giving them access to do other things.

        Do you mean "an admin entering the names of the candidates so they can be displayed for selection", then that's an easily solvable problem. You just give the user an unchangeable selection of "Candidate A", "Candidate B", etc., and print the names of each candidate on posters stuck on and around the polling machine. Finish the evening's count with "Candidate B wins" and then look at the table to see who that is.

        If you mean "give the voter access to the machine to make a selection", then I'm not sure I under

    • by Confusedent ( 1913038 ) on Friday June 29, 2012 @09:23AM (#40493651)
      Here's what Schneier said about it in 2004:

      "Computer security experts are unanimous on what to do. (Some voting experts disagree, but I think we’re all much better off listening to the computer security experts. The problems here are with the computer, not with the fact that the computer is being used in a voting application.) And they have two recommendations:

      DRE machines must have a voter-verifiable paper audit trails (sometimes called a voter-verified paper ballot). This is a paper ballot printed out by the voting machine, which the voter is allowed to look at and verify. He doesn’t take it home with him. Either he looks at it on the machine behind a glass screen, or he takes the paper and puts it into a ballot box. The point of this is twofold. One, it allows the voter to confirm that his vote was recorded in the manner he intended. And two, it provides the mechanism for a recount if there are problems with the machine.

      Software used on DRE machines must be open to public scrutiny. This also has two functions. One, it allows any interested party to examine the software and find bugs, which can then be corrected. This public analysis improves security. And two, it increases public confidence in the voting process. If the software is public, no one can insinuate that the voting system has unfairness built into the code. (Companies that make these machines regularly argue that they need to keep their software secret for security reasons. Don’t believe them. In this instance, secrecy has nothing to do with security.)

      Computerized systems with these characteristics won’t be perfect -- no piece of software is -- but they’ll be much better than what we have now. We need to start treating voting software like we treat any other high-reliability system. The auditing that is conducted on slot machine software in the U.S. is significantly more meticulous than what is done to voting software. The development process for mission-critical airplane software makes voting software look like a slapdash affair. If we care about the integrity of our elections, this has to change."

      Source. [schneier.com]
      • by xs650 ( 741277 )
        That goes against the primary objective of computerized voting machines, which is to throw elections the direction the people controlling the function of the machines want is to come out.
    • Is there something I'm missing that would make it difficult to have a kiosk with an imaged system that's been certified, locked down, and can print out results, without it being easy to tamper with or easy to fudge the numbers of?

      Yes. What you're missing is that the people making them/buying them didn't want secure machines. They wanted something they could tamper with.

      • by azalin ( 67640 )

        Yes. What you're missing is that the people making them/buying them didn't want secure machines. They wanted something they could tamper with.

        I still have enough faith in humanity left to blame it on stupidity, ignorance, carelessness and greed.

        • Yes. What you're missing is that the people making them/buying them didn't want secure machines. They wanted something they could tamper with.

          I still have enough faith in humanity left to blame it on stupidity, ignorance, carelessness and greed.

          Read this [slashdot.org] and then tell me whether you still feel like that.

          • the people making them/buying them didn't want secure machines

            I agree. The technical problems are the lesser difficulty. They are all solvable problems.

            It's corruption that's really hard. There are always some who think they can use a situation like this to pull something unethical, hiding all the evidence so no one can be sure what happened. They're the ones fighting hard to keep as much as possible hidden. There is no excuse for keeping the software of a voting machine closed. So why did Diebold refuse to release source code? At least try to reduce the appe

        • by Shagg ( 99693 )

          Politicians are not members of humanity.

      • We could solve this voting issue very easily. Every vote costs a dollar and you can vote as many times as you want. It would be no different from the current system where only the rich have enough money to advertise themselves to get voted.

    • by EnergyScholar ( 801915 ) on Friday June 29, 2012 @09:27AM (#40493709)
      It's really, really difficult to secure electronic voting machines and the associated system. Close to impossible. Worse, what's the point? Seriously, electronic voting does nothing new, and adds many new vectors for systemic fraud. It's a losing proposition, unless you wish to defraud the voting system, in which case it's a win.
      • by Skapare ( 16644 ) on Friday June 29, 2012 @10:28AM (#40494473) Homepage

        Electronic voting speeds up the results. But it's only the new media that wants that.

        The design I proposed was a triple path election system. There would be simple machines to vote at that produce three "results": paper, storage, and communication. But it is the paper result that counts. The stored results (on a CF card) are just for verification. The communicated results are just for the media. The paper result is actually handed to the voter. It will be printed in clear text with the names of who they voted for, and a bar code or QR code to checksum the vote. They take the paper over to the ballot box area. But first, the paper is scanned by a reader right there. Then the paper is inserted into the sealed ballot box. The scanner also stores results and transmits these results separately, which are cross checked. The official results will be the paper count. But the electronic results satisfy the media hunger for instant answers.

    • by Bookwyrm ( 3535 )

      The effort and cost of designing such a thing is one aspect. *Verifying* that the actual manufactured item is tamper-proof, accurate, etc. is another. For instance, if you have to secure your entire supply chain to make sure none of the components involved might have been compromised or substituted due to cost cutting (keep in mind that this does not have to be someone trying to skew the vote on purpose, it could be someone being cheap or lazy and producing something prone to errors,) then that aspect can

      • by Nethead ( 1563 )

        *Verifying* that the actual manufactured item is tamper-proof, accurate, etc. is another.

        Just give it to Bev. [http] She'll gladly verify it for you.

    • by Casandro ( 751346 ) on Friday June 29, 2012 @09:32AM (#40493771)

      Building a voting computer which satisfies the demands for a democratic election is near impossible.
      Since fraud needs to be detectable even by single uneducated voters, there minimum security would be like this:

      1. Get at least 80% of your voters a degree in Mathematics and Cryptology. They need to be able to verify all the algorithms used in the process.
      2. Get at least 80% of your voters fluent in reading machine code off microscope images of ROM chips.
      3. Get at least 80% of your voters good at re-engineering micro controller systems from silicon up in a reasonable timespan. (e.g. 30 minutes, this might require genetic engineering)
      4. Develop a form of computing device which is transparent.

      The big point is, it's not enough if we have some "perfect" voting computer which 10 specialists attest to be "perfect". For a democratic election everybody who is allowed to vote must be able to check the system for fraud. With a simple pen and paper system that is trivial. You just sit at the polling station, check that only single sheets are handed out to the voters. You also check that the voting urn is empty when the voting starts and that everybody just puts in his single sheet into it. Then you check the counting for miscounts and people trying to hide votes. The total number of votes can be compared in different ways.

      So everybody involved in it can check it. There is no secret knownledge involved. You can come up with the points I just wrote by yourself. You can even find the points I was missing. That's the minimum standard for voting systems, and it can be settled by the cheapest way to conduct elections, pen and paper. Why on earth should we spend a lot of money for much worse systems?

      • by Nadaka ( 224565 )

        According to the CEO of Diebold, voting machine manufacturer, that verifiability is a defect. How can he promise to deliver victory to republican candidates if he does not have a way to tamper with the votes?

      • Having a paper print out which can be checked by the voter works well enough.

        • How does that work? Do you put the vote into an urn? How do you know the voting computer counted the vote the way it was printed?

          If you put the vote into an urn, why don't you just replace the voting computer with a pen? Germany proves that to be very efficient with most voting locales finishing their duty 30 minutes after the end of the election.

    • Electronic voting will always be a democratic failure because there's simply no way to actually check the result without an output from the system itself (wich is therefore also tainted).

      This is not an engineering problem, period.

    • It's not that difficult, but it does require a team of competent engineers, so it does require some money and time. Apparently, the company the Irish government purchased these machines from lacks that.

    • by Shagg ( 99693 )

      It seems like this is something that engineers could have designed to be foolproof by now

      Are you sure they're supposed to be foolproof?

    • As a question for the geeks and engineers of the community - how truly difficult is it to make one of these voting machines safe for use? Is there something I'm missing that would make it difficult to have a kiosk with an imaged system that's been certified, locked down, and can print out results, without it being easy to tamper with or easy to fudge the numbers of? It seems like this is something that engineers could have designed to be foolproof by now, and at a fraction of the budget. How truly complex i

    • by Livius ( 318358 )

      The hard part is finding people who genuinely want voting machines that are safe. The supplier was probably shocked that the Irish government wanted to actually count real votes, because that's not the purpose of the devices they sell.

    • by hey! ( 33014 )

      Well, a user readable paper receipt which the voter drops in a locked box would do the trick.

      Short of that, nothing you do to try to "secure* the machines can ever prove that the machines recorded votes correctly. The simplest demonstration of this is to ask yourself two questions. Who does a system require that you trust? And can you verify whether that trust has been violated?

      (1) Who do you have to trust. When you record a vote on a purely electronic voting machine, you have no proof that your vote is r

  • by poetmatt ( 793785 ) on Friday June 29, 2012 @09:21AM (#40493621) Journal

    I can just see it now:

    "Did we get screwed? I think so"

    while the reality is "Maybe we should have researched this before investing"

    • I think it meets the definition of criminal negligence. Someone has blown $60MM on worthless voting machines. I think that even someone who isn't a professional in the field of election automation could have spotted these flaws very quickly (if not immediately looking at the specs on paper never mind with an alpha trial).

      When will there be a prosecution in this case ?

  • all 7,000 will now be scrapped for €70,000 (just over nine Euros each).

    I suppose €10 is just over €9.

    • If you had READ the FINE ARTICLE; you would know that 7000 == 7500 and 9 == 9.30 and 70,000 == 70,267. Typical careless rounding of the type that can easily get the wrong person elected..
  • Touch screen computers from Ireland? Sell them as the "New iTablets*", and "not from that fruit company either!". At 20E a piece, you could *double* your money!

    *Irish Tablets, thank my Lucky Charms!

    • Touch screen computers from Ireland?

      If there were flat-panel touch screens, or even regular flat-panel color LCD monitors, then the units would probably have been worth more than 9 euros each. I did a search and found some photos of these machines (there's one at the top of this article [thesun.co.uk]) and they don't have any of this. There is only what appears to be a two-line, character-based, monochrome LCD display, with a big row of labeled pushbuttons and corresponding LEDs below it. Cheap, generic, largely worthle

  • 1 have as little of the OS loaded as possible
    2 the OS image should be on a readonly image (with the image FIXED no later than 14 days before an election)
    3 the poll info should be on a separate image (also readonly)

    the voting screen should have a hash of both images on a "rail" at the bottom so that both can be verified at random

    when you vote your vote info should be etched on a metal plate (each one should be given a serial number and accounted for) that holds X votes. Also a printout should be presented to you so you can verify your votes.

    if any issues show up then you
    1 count the info from the plates
    2 count the info from the voter "chits"

    and then deal with any problems as needed (good luck tampering with all three counts)

    of course then we will need to deal with the Vote Early Vote Often problems in some areas but...

    • 1 have as little of the OS loaded as possible 2 the OS image should be on a readonly image (with the image FIXED no later than 14 days before an election) 3 the poll info should be on a separate image (also readonly)

      For such a simple application, why use an OS at all? Wouldn't it make more sense to run on bare metal on a microcontroller?

      • well if you could get all the bits crammed into a microcontroller then yes but even a simple (like win95 level) OS could work the point here is to have as little as possible running (so no Network Stack at all).

  • they could not be guaranteed to be safe from tampering [...] and they could not produce a printout so that votes/results could be double-checked.

    Well, whose dumbass idea was it to leave that out of the spec? This is voting we're talking about. It's ALWAYS scrutinized.

  • by oneiros27 ( 46144 ) on Friday June 29, 2012 @09:57AM (#40494105) Homepage

    At the very least, all of the e-voting machines that I've seen have touch screens. I would think that someone could be able to get these for pennies on the dollar, and find a way to use the parts to build kiosks for other purposes.

    The CPUs might not have the necessary power for much, but if it's just a lookup & display system, it shouldn't require much.

    • by Nethead ( 1563 )

      I would think that someone could be able to get these for pennies on the dollar...

      It sounds like someone did.

    • You must have no experience with government. Their easiest way out would be a gov auction like we sometimes have - problem is you have to be setup to do those to make them worth it and by the time we have enough junk to do an auction the gear has been sitting around for years - making computer gear kind of useless.

      Then there is all the oversight and paperwork involved in doing anything. There is always some official wanting to flex their oversight muscle to show they are protecting the public and since th

      • You must have no experience with government

        I've worked as a contractor for the federal government for the last 8 years, I've been a municipal elected official for the last 4 years, I was chief election judge for the same municipality for 4 years, I did two years of contracting for a state government, and I interned for three summers in high school with the DoD.

        So, I actually *do* know how these things work ... and all it really takes it one person who knows what they hell they're doing to get these things

  • could one construct a Beowulf cluster of these?

  • by fiannaFailMan ( 702447 ) on Friday June 29, 2012 @11:48AM (#40495617) Journal

    There are times when I wish I could change my /. username.

  • by Hognoxious ( 631665 ) on Friday June 29, 2012 @01:01PM (#40496775) Homepage Journal

    The requirement for double checking wasn't part of the original spec. It's just that Irish people end every sentence with "to be sure, to be sure".

  • Do the math.  That's horrible.

    I suppose they're out of warranty...

    But the thing is...how could they ever be worth that much money?  I mean, even if they worked--why not just use paper and save 54 million euros?
    • by tbird81 ( 946205 )

      But then the suppliers, who happen to be quite good friends with the people in charge, would not have had the chance to make 53.95 million euros.

  • I've just whipped up a quick mockup in PHP. :-D

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...