Dutch Blackbox Voting Pwned 353
An anonymous reader writes, "In a just-published report (PDF, in English, cached here), the Dutch we-don't-trust-voting-computers foundation (Dutch and English) details how it converted a Nedap voting machine, of a type used in Holland and France, to steal a pre-determined percentage of votes and reassign them to another party. The paper describes in great detail how 'anyone, when given brief access to the devices at any time before the election, can gain complete and virtually undetectable control over the election results.' As a funny bonus, responding to an earlier challenge by the manufacturer, the researchers reflashed a voting machine to play chess. The news was on national television (Dutch) last night and is growing into a major scandal. 90% of the votes in the Netherlands are cast on these machines and national elections will be held in a month." Please create mirrors for the 8.1-MB PDF and post their URLs. You might also try John Graham-Cumming's l8r.org service to tell you when the slashdot effect subsides from any of the mirrors.
Let me guess (Score:3, Funny)
Re:Let me guess (Score:5, Funny)
Here's a map [google.com]. The blob to the left is the UK. Holland is right to it ("east" for nerds) while Norway is in the top-middle of the screen.
Re:Let me guess (Score:5, Funny)
Jon's from Norway, not Holland.
But, as most Americans know, Holland is the capital of Norway.
Re:Let me guess (Score:4, Funny)
Comments on the PDF (Score:5, Insightful)
I would first like to say that I admire your diligence in this matter and gratefully appreciate the work and effort you have put forth to protect the votes of many people the world over including my own.
Secondly, I would like to point out that, although you are a group of experts/scientists, I have witnessed concerns based on science go unheeded by politics--at least in the United States. I hope it is different in other countries, but I have seen a large organization of scientists from all walks of life oppose some of the current administration's actions here with little or no effect on the populace.
Whether this is because people still view scientists as nerds or outcasts of society, I cannot comment on. I only want to make it known--at least on Slashdot--that I support what you're doing and am amazed at the work contained in this PDF. I am more so amazed that someone was kind enough to take the time to translate it to English.
I hope your efforts are met with international recognition as being a champion of voting security--although I fear the reality is you may be criticized and possibly even sued.
My favorite criticism listed in the PDF: After reading a bit of the PDF, I must say that the only thing I don't like is that there is no clear solution offered aside from allusions to opening up the process and technology on how all of this works so that it can be scrutinized. It is pointed out that Security by Obscurity is not the best route
Re: (Score:2, Insightful)
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
You have mechanical counters behind a curtain. At the end of the curtain is a turnstile. When you walk out of the turnstile, it allows one increment of a counter per group (a group is a race or issue). At the other side of the curtain you have a large group of people monitoring the count. The numbers are large enough to read. Through closed circuit television, there is a live feed to the central counting facility as well as to regional TV. Also a f
Re: (Score:3, Informative)
a minor point: The report was written in English; not written in Dutch and then translated. Some of the writers don't speak Dutch.
Re: (Score:2)
A valid point. To be fair, though, the report has been rushed a bit in view of the up
Re: (Score:2, Informative)
I can only speak to the situation in the United States; I hope it's different in other parts of the world. I think it's due to a growing feeling by the average person that scientists and academics are a condescending, intellectual elite. The situation is exacerbated by the crumbling foundations of science education, the general lack of emphasis on critical thinking in primary schools, and wholesale re
Re:there will always be problems with a secret bal (Score:3, Insightful)
Here Please? (Score:2)
These things clearly need to be critically looked at.
Re:Here Please? (Score:5, Insightful)
The difference isn't that nobody is doing this in the US. It's that nobody is listening in the US. In order to become a democratic country again, you don't need to elect a new president, you need to elect a new media.
(Memory) Pages and Child (functions)... (Score:2, Funny)
Re: (Score:3, Insightful)
Re:(Memory) Pages and Child (functions)... (Score:4, Funny)
If you re-program those machines to show child porn on election day, you'll surely get a scandal, even if the actual votes don't get manipulated ... but then, a little background picture showing a naked breast will do as well. Just be careful that the nipple isn't obscured by the names of the candidates. :-)
Go with the breast. Sexual exploitation of children still seems to be a partisan issue. Breasts are an uncontested national crisis.
*head explodes*
Re: (Score:2)
http://youtube.com/watch?v=sQDMmFmP4ow [youtube.com]
The problem here is that nobody cares. The media shrugs and the politicians have their heads up their behinds (and they love the view).
"Pwned"?! (Score:5, Insightful)
Re: (Score:2, Funny)
Re: (Score:2)
Where did you get that idea?
Re: (Score:2)
See, slashdot is a place where people *could* look at "the other side" of the coin about news, and at least read a bit of a more informed comments (in the sense of technology). But what other people will see when they look at google news is this [google.com]. And from my point of view that does not seems very informative.
I can pass that the su
Re:"Pwned"?! (Score:5, Insightful)
Corruption of 'owned'. Someone made a typo, and the typo became popular. (Guess this says something about AOL, or
BTW, your question garnered 8 smartass replies, not one of them containing this answer. Come on, people, if you need to be wiseacres, at least answer the original question!
Re: (Score:2, Funny)
Re: (Score:2)
It's not a typo, it's a new word (Score:3, Insightful)
'Pwned' may have started as a typo, but it's now a full-fledged word with a different meaning than 'owned'. Compare:
I owned that car. (That car used to be mine, before I sold it)
I pwned that car. (We were racing, and I left it way behind)
First there was the slang word "ownage", which means dominance, and is
Re: (Score:3, Funny)
'iwned' is when you are killed by a stingray... (Score:3, Funny)
No kidding (Score:2)
Re: (Score:2)
--Rob
Re: (Score:2, Insightful)
http://www.saddam.com/ [saddam.com]
Mirror (Score:4, Informative)
http://www.preinheimer.com/dump/Es3b-en.pdf [preinheimer.com]
MirrorDot of the PDF (Score:4, Informative)
Meanwhile, at Pirate Party QH (Score:2)
Yeeeeaarrrrgggghhhhh!!! Avast Mateys!! We'll be needin' to get some of these here votin' machines fer the next elec-shun!! We'll teach those scurvy dawgs a thing or two... Arrrrrr!!!
Coral Cache link (Score:2)
Which was in the summary, duh (Score:2)
PDF mirror (Score:2)
direct link to the file
Mirror on Testcompany.com (Score:2)
http://www.testcompany.com/archive/October2006-40
create mirrors? (Score:5, Insightful)
Hrm, funny, every time we complain that slashdot should go through the process of automating a simple mirror process to avoid hammering an unsuspecting server into rubble, all the "editors" go pointing at the FAQ as some sort of ironclad reasoning against doing so. But here we have an "editor" instructing the readership to do slashdot's work for them. This all just points to the fact that OSTG will pay the bandwidth bills if it means ad revenue, but doesn't want to actually foot the bill to use their server complex for disseminating information.
Re: (Score:2)
.. which, if you can do it (and apparantly they can), and want to make more money (well, obvious), is only logical..
I mean, you're still reading slashdot, I'm still reading slashdot, and the fact that this whole slashdot effect exists means that a helluva lot of other people are also still reading slashdot..
Re: (Score:2)
Re: (Score:3, Interesting)
Erm, I'm sorry, where does it state that it is Slashdot's job to mirror linked sites and documents?
I think you're viewing Slashdot as a content provider, which is not what it is -- at its most basic level, it's a content indexer. The whole point of Slashdot (IMO) is the community -- it's the community discussion that I log in for, and it's the community who can choose to help out linked sites by creating and posting mir
mirror (Score:3, Informative)
The Dutch get outraged but Americans don't? (Score:5, Insightful)
So here we have a similar set of circumstances--only the nation at risk has really changed--and the Dutch appear to be fighting mad over this. What gives?
Re:The Dutch get outraged but Americans don't? (Score:5, Funny)
Re: (Score:2)
Re: (Score:3, Insightful)
Re:The Dutch get outraged but Americans don't? (Score:4, Insightful)
Re: (Score:2)
There is an audit of various voting software going on for one Major Northeastern US State. (Data withheld deliberately - I might know a whole lot more than I am telling right now. - Major hint!) The audit consists of checking the software for technical issues like commenting. It will be presented to the voters as the software meets standards for the voting machines. The implied value will be that the machines are proper and accurate for voting.
Draw your own conclusions ...
Re: (Score:2)
Also, since the Netherlands is very densely populated, if someone missed t
Re: (Score:2, Interesting)
Because in the US we need sex in a political story to catch peoples' attention?
The Dutch, I think they have all the access to sex they could ever want (if they so desire), so their minds are free to pay attention to issues that matter.
Not that inaction over the behavior of a pedophile who happens to serve in Congress doesn't matter...
Re: (Score:2)
Close, but you missed a bit. It's a drunk, GAY, pedophile who happens to serve in Congress.
* sigh * (Score:3, Insightful)
That's because most of the Diebold problems are theoretical at this point. Someone COULD do all these nasty things and steal elections. Until we have some PROOF that someone stole an election from us using these machines, Americans will do what they always do, change the channel and
Re: (Score:2)
The Dutch apparently believe that their votes count for something, while the American people recognize that the entire election process was Pwned by the Republicrat and Democrian parties long ago, and that the people's votes have no real effect on what kind of candidate gets elected -- hence the abysmal turn-out on election day in this country.
For democracy to work, people have to believe in it. If people see the same sort of scum repeatedly get elected to office, while the party machinery preve
Re:The Dutch get outraged but Americans don't? (Score:5, Insightful)
Yup, same thing.. [princeton.edu] but the question? Good question.
The obvious answer is that they're freedom-hating socialists.
But seriously? It's the culture. The Netherlands and the Nordic countries are about the same like this. Big on democracy, accountability, transparency, highly intolerant of corruption, etc.
In the end, it's basically a self-fulfilling thing, really. People trust the system --> therefore they have low tolerance for corruption --> get very pissed when it happens --> therefore they have low corruption --> therefore they trust the system.
It's not just faith in the Government itself, but to all the institutions, and the parliament, etc. And there's a lot less political polarization. Of course part of the latter is due to the multi-party system. I used to be agnostic on which system was better, but now I'm pretty convinced that the many-party parliamentary system is superior to the US system.
In particular the President has just too much power and it's emphasized too much as well. And too much negative power - the Veto is too strong, and the constitution is (IMHO) too hard to amend. I don't think the Founding Fathers would have done it the same way if they'd anticipated there'd be another 37 states. This is of course heresey - which is another problem; Not only is it hard to change, but there's a strong disinclination against doing so since it's been raised almost to the status of some kind of Holy Scripture. With the Founding Fathers as some kind of prophets. Every dang constitutional debate is always in terms of "What did the F.Fs intend?"*. There's just too little impetus.
(*Damnit, I'll tell you what they wanted: They wanted a democracy based on ideas of critical reason. They sure as heck didn't want to be elevated to the status of unquestionable demigods.)
Re: (Score:3, Interesting)
Or if they'd anticipated 820k people per Member of the House instead of 30k. That's where the accountability really drops off for the legislative branch.
I find this statement very funny, sorry -- because ascribing them such a humble perspective across-the-board does kind of elevate them to that status.
Re:The Dutch get outraged but Americans don't? (Score:5, Insightful)
Have you seen any of the constitutional amendments they've been trying to pass lately? Have you seen how close some of the anti-freedom votes have been? I'd frankly feel safer if the amendment process required modern politicians to build a time machine and get John Hancock's signature first.
Correct video link (Score:2)
pwned? (Score:2)
Re: (Score:2)
voting does not need technophilia (Score:5, Insightful)
of course you can do fraud scams with simple paper ballots too: lose them for entire districts, stuff the boxes with fake votes, etc. but any more complexity in the voting system doesn't remove these scams, it just adds a new layer of possible scams
fraud happens in all forms of voting mechanisms, and voting is just too much of an important and vulnerable part of our social cohesion and the source of so much faith in and integrity of our government. being so vital and vulnerable, the point in my mind would be to oversimplify the voting process on purpose. the more complex the system, the more points of failure and the more possibilities of fraud. so make the process very simple: paper ballots
i mean seriously, why the technophilia? voting is a problem that is not solved better with more technology, just made more complex. paper ballots, period, end of story, for all time. the slashdots crowd of any crowd of people should know all about the various and sordid ways malfeasance can be achieved in electronic communication and electronic storage. voting is not a complex math problem. it's very simple. no computer need apply
electronic voting can be a downright scary prospect. don't mess with it, simplify it, which means avoiding computers in the voting process like the plague. i'm not a luddite, i am simply saying that specifically in reference to the voting process, it must be simplified technologically to ensure faith and integrity in our government
because people already doubt enough about how much their vote counts. why give them yet another paranoid schizophrenic reason for them to think their vote doesn't count/ doesn't matter ("it doesn't matter man, it's all in the computer, and they just change the votes to whatever they want them to be man")
bottom line: faith and integrity in our government is far more of an important issue than any speed of transmission/ tabulation. no electronic voting. no mechanical voting. paper ballots only. of course malfeasance can still occur with paper ballots. but with more complex systems, you only add more points for manipulation. this is not a luddite's point of view. i am as much a technophile as the next slashdotter. i just have an appreciation for the limits of technology's ability to solve problems, and that for some limited subset of problems, due to malfeasance and the potential for it, more technology need not apply. voting is such a problem
Re: (Score:3, Insightful)
As an engineer, it's annoying to me when politicians attempt to equate "spiffy touchscreen machine with lots of features" with an improvement in the voting process. The voting process in this country is ju
mod parent up (Score:2)
Re: (Score:2)
For all the stupidity that surrounds it, the Help America Vote Act (HAVA) at least tries to address the fact that a large percentage of Americans have been denied a basic right in voting since... well, since we started counting votes.
Come up with a way to handle this without technolo
FIELD / SERVICE (Score:4, Interesting)
Hello? Did someone not get the memo about secure passwords? Or better yet, no default passwords at all? Granted, physical access makes the point rather moot, but if this is the kind of security the designer had in mind, it looks like they can give Diebold a run for their money . . .
Re: (Score:3, Funny)
I have a Solution! (Score:5, Funny)
Of course, anyone else walking through the door stands to have their ATM and credit cards wiped out, but hey, it's a small price to pay for Democracy, don't you think.
For the severely humor-impaired, the above is intended as a joke and in no way reflects the author's actual thoughts on this matter.
Allow me to quickly illustrate a point (Score:2)
Well, I went to the resellers site... (Score:2, Informative)
Kan de Nedap stemmachine gemanipuleerd worden?
Alles is te manipuleren.
Can the Nedap voting machine be manipulated?
Everything can be manipulated
Is de Nedap stemmachine beveiligd tegen moedwillige manipulatie?
Ja. Tegen iedere nieuwe bedreiging worden maatregelen genomen.
Is the Nedap voting machine secured against manipulation
Yes. Against every new threat measures are taken
Kan de uitslag
Re: (Score:2)
That's why voting is secret. If you can't verify what people voted (and those people know for sure that you can't verify it), holding a gun against their head doesn't help much: They can claim to have voted the way you told them, and still vote different. You have no chance to proof individually that they didn't vote your way.
Very elegant way to steal the election... (Score:5, Insightful)
In the US, you could steal an election with a small software update on a small percentage of the machines. The tallies would all add up and most of the votes counted would reflect the votes cast -- but just enough wouldn't to skew the ultimate result. The only hint you would have something was wrong would be a minor but crucial deviation between exit poll results and the official count.
It makes for a good simulation for students to put together to see just how simple it is to do.
Re: (Score:2)
In the US or any district-system, things would be as you describe.
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
"Was the 2004 Election Stolen?" [rollingstone.com]
Worried? (Score:2)
Not really, the weaknesses presented can only be exploited on a per-machine basis and there are some 8000 of them.
Of course on longer term these machines need to be replaced by a inherently secure system.
What I find more worrying is the closed source software running the machines and tallying the results, this has to be replaced by an open source system that can be checked by any one.
Dutch elections are simple, just a single vote per citizen and the requi
Re: (Score:2)
Just "open sourcing" the voting machine code would create a false sense of security. How would you know that the binary code running the machine is compiled from the source code you inspected? And even if it is, you'd still have no guarantee that the compiler itself wasn't tampered with.
Amazing claim by voting machine maker (Score:2)
Q: Can the results of the Nedap voting machine be manipulated?
A: Much more difficult than with "paper" elections
The system we had in place for paper elections wasn't perfect. But it was at least nontrivial to change more than one vote at a time. These machines were introduced because they're convenient and because they eliminate counting errors, not because they were more secure than paper ballots.
Why can't there be an accompanying paper printout? (Score:2)
You've now got your e-voting tallying votes quickly, and the paper trail should there be doubt cast upon the results.
Also used in Ireland (Score:3, Informative)
As well as being used in Holland and France, thousands of these NEDAP machines were bought by the Irish government with a view to replacing our paper election system with electronic voting. They had been used in a few pilot constituencies, and were due to be rolled out nationwide for the 2004 local and European elections. Luckily, determined lobbying by computer professionals (Irish Citizens for Trustworthy E-Voting [cs.may.ie]) and others forced the Government to set up an independent Commission on Electronic Voting [www.cev.ie], who decided that they couldn't stand over the use of the machines without further testing.
Interestingly enough, these Dutch hackers used the First Report of the Commission on Electronic Voting [www.cev.ie] to glean a lot of the technical details about the machines.
The most recent report of the Commission (July 2006 [www.cev.ie]) concluded that the machines needed some modification but were basically okay, but that the software used to manage an election was basically a joke and should be scrapped. The Government tried to use this as vindication of their actions in procuring the system, even though they had been perfectly willing to let a nationwide election go ahead with dodgy software.
Even that fig-leaf of respectibility has now been removed, and I expect that the Government will soon be moving the machines out of their costly storage facilities, and into the nearest recycling centre. As the Dutch hackers showed that they could be used to play chess, perhaps an amusement arcade will take them off their hands.
Lots of info at the Irish Citizens for Trustworthy E-Voting site linked above, including a discussion list archive which has covered every imaginable angle on E-Voting.
Well at least.. (Score:2, Funny)
Re:Well at least.. (Score:5, Informative)
"they can't open it with a minibar key.."
Don't be so sure...
From their report (the PDF linked above):
Hundreds of politicians are kicking themselves... (Score:2)
"Geez - if I'd known how easy it is, I coulda saved myself a BUNDLE on campaign expenses!"
Nedaps reaction (Score:3, Informative)
Translation:
Next USA state (Score:2)
My Mirror (Score:2)
http://www.koschfamily.com/tekrat/mirror/Es3b-en.
Re: (Score:3, Funny)
It's a Dutch blackbox, so it's obviously an African-European box!
However I have a problem on how to call black people in Africa. African-Africans?
Re: (Score:3, Funny)
Re:on that note (Score:5, Insightful)
Re: (Score:2)
I've seen lots of them on college campuses recently. By and large, they are not big supporters of the Republicans and the views the espouse and often very left-wing.
Re:on that note (Score:4, Insightful)
Re:on that note (Score:5, Insightful)
If the parents at home told the kids they did not approve of what was happening, and got off their asses and told the schools at pta mettings and other opportunities things would be very different.
Kids do pay attention to the parents... and they see mommie and daddy happily rolling over and playing dead.
Re: (Score:2)
Oh, I'm sure with these new voting machines, the number of non-voters will decrease. After all, it's easier to add votes than to switch them.
Re: (Score:2)
Apathy is a real issue, but why allow "why vote, my vote will not
be tallied as I want it tallied anyway" to the many reasons people
come up with for not voting?
Re: (Score:2, Insightful)
Oh god I hope not.
If the machines are vulnerable to compromise, there is no advantage in simply giving the election to *anyone* who is a legitimate candidate. That's just as bad as sitting back and letting the GOP (supposedly) steal it their way.
Re: (Score:2)
Every machine that is hackable, make sure that 100.0000% of the vote is assigned to the libertarian/green/etc party. Or the JustNotGeorgeBush party.
Make everyone, even the media, actually notice how horrible this problem is to the whole country.
Re: (Score:2)
Re: (Score:2)
in the first place. There *might* be a reaction then.
Re: (Score:3, Insightful)
I live in NYC - we know about machine politics, ward heelers and all kinds of fraud. But no evidence of them lately. The Chicago examples that people usually think of are ancient history. We're talking about criminal fraud happening next month, by those doing it in the past 2-10 years. That sounds like "Republicans" to me.
Re: (Score:2)
No, it is called a Semantic Pleonasm [wikipedia.org].
Yur güelcom =oP
Re:Easy verification - NO (Score:2)