Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Dutch Blackbox Voting Pwned

Posted by kdawson on Thu Oct 05, 2006 09:55 AM
from the playing-chess-at-the-polls dept.
Security Government Politics
An anonymous reader writes, "In a just-published report (PDF, in English, cached here), the Dutch we-don't-trust-voting-computers foundation (Dutch and English) details how it converted a Nedap voting machine, of a type used in Holland and France, to steal a pre-determined percentage of votes and reassign them to another party. The paper describes in great detail how 'anyone, when given brief access to the devices at any time before the election, can gain complete and virtually undetectable control over the election results.' As a funny bonus, responding to an earlier challenge by the manufacturer, the researchers reflashed a voting machine to play chess. The news was on national television (Dutch) last night and is growing into a major scandal. 90% of the votes in the Netherlands are cast on these machines and national elections will be held in a month." Please create mirrors for the 8.1-MB PDF and post their URLs. You might also try John Graham-Cumming's l8r.org service to tell you when the slashdot effect subsides from any of the mirrors.
+ -
story

Related Stories

by
[+] Politics: Dutch Securing E-voting After Being Pwned 269 comments
An anonymous reader writes, "After the Dutch we-don't-trust-voting-computers foundation demonstrated glaring security holes in Dutch voting computers last week, the Dutch government has ordered (Dutch) all software to be replaced, all hardware to be checked, unflashable firmware to be installed, and an iron seal to be placed on voting machines. A certification institute will double-check all measures, and on election day will cull random machines to check them for accuracy. The Dutch intelligence service AIVD has been approached to consult on the radio emissions issue. Furthermore, foreign observers will monitor the upcoming elections on November 22nd. But the action group is still not confident (Dutch) that all problems are solved." US elections are controlled at the local level, so unfortunately such a nationwide fix would not be workable here.
[+] Your Rights Online: Voting Machines Banned by Dutch Minister 155 comments
5heep writes "Dutch Government Renewal Minister Atzo Nicolai has banned the use of one type of computer voting machine in national elections next month. The turnabout came after a group called We Don't Trust Voting Computers protested the vulnerability of electronic voting to fraud or manipulation. The reason for this ban is the radio signals emitted by the machines which can be used to peek at a voters' choice from several dozen meters away."
[+] Politics: Web-Based Assistant Changes the Face of Dutch Politics 190 comments
An anonymous reader writes "The elections held in The Netherlands on Wednesday have shaken the country. Almost 10 million votes were cast, and statistics show that a full half of those who voted used a popular web-based voter guide. This guide is operated by the independent institute for the public and politics. Advice is given to the visitor upon answering a number of multiple choice questions on some common political topics. Statistically, a number of people ended up scoring in support of populist parties both on the far left and far right. No bias was reported to exist in the test itself. However, these parties have ended up with an unforeseen amount of power as a result of the election. The voter participation was high, and the web-based advisories may have motivated people with little interest in politics to cast a vote anyway. Can politics be simplified to a ten minute test?"
[+] Politics: Deathblow To a Voting Machine 140 comments
SiggyRadiation writes "According to their newsletter (my English translation here), the Dutch group that 'doesn't trust the voting computers' has won a round against the industry and the civil servants that seem hell-bent on reintroducing voting machines — NewVote, made by SDU — that the Dutch minister of the interior has suspended. Apparently SDU provided 5 slightly different samples of its machine to the Dutch version of the NSA (well... the very humble Dutch version anyway) for testing purposes. Of those five, four machines emitted radiation in such a way that the votes cast could be monitored. SDU's NewVote received its final deathblow when it became clear that the one machine that stayed within the radiation limits used a green-on-red color-scheme for its screen. And that would be a small problem for the 4% of all men that cannot distinguish between red and green."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Dutch Blackbox Voting Pwned 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Let me guess (Score:3, Funny)

    by should_be_linear (779431) on Thursday October 05 2006, @10:01AM (#16320559)
    Most popular party in Holland is Jon Lech Johansen's "DVD Party"

  • Comments on the PDF (Score:5, Insightful)

    by eldavojohn (898314) * <my/.username@@@gmail.com> on Thursday October 05 2006, @10:01AM (#16320561) Homepage Journal
    We, the authors of this paper, are part of a growing group of computer experts that opposes the use of electronic voting technology that is built in such a way that the outcome of an election is not voter-verifiable. We believe public elections are pointless unless people have the right and the meaningful possibility to verify that that their votes are counted correctly. We further strongly believe that trade secrets, secret computer programs and secret test reports have absolutely no place in any democratic election.
    (emphasis mine)

    I would first like to say that I admire your diligence in this matter and gratefully appreciate the work and effort you have put forth to protect the votes of many people the world over including my own.

    Secondly, I would like to point out that, although you are a group of experts/scientists, I have witnessed concerns based on science go unheeded by politics--at least in the United States. I hope it is different in other countries, but I have seen a large organization of scientists from all walks of life oppose some of the current administration's actions here with little or no effect on the populace.

    Whether this is because people still view scientists as nerds or outcasts of society, I cannot comment on. I only want to make it known--at least on Slashdot--that I support what you're doing and am amazed at the work contained in this PDF. I am more so amazed that someone was kind enough to take the time to translate it to English.

    I hope your efforts are met with international recognition as being a champion of voting security--although I fear the reality is you may be criticized and possibly even sued.

    My favorite criticism listed in the PDF:
    By adding extra security measures against the over-emphasized threat posed by outsiders, one can actually increase the risk posed by insiders.
    After reading a bit of the PDF, I must say that the only thing I don't like is that there is no clear solution offered aside from allusions to opening up the process and technology on how all of this works so that it can be scrutinized. It is pointed out that Security by Obscurity is not the best route ... ever. This is good criticism but it's never explored whether or not we could dream up a scheme that would be protected.

  • "Pwned"?! (Score:5, Insightful)

    by Rearden82 (923468) on Thursday October 05 2006, @10:03AM (#16320583)
    What the fuck is "Pwned"? I thought this was a news site, not an AOL chatroom.

    • Re:"Pwned"?! (Score:5, Insightful)

      by Arslan ibn Da'ud (636514) <ArslanIbnDaud@gmail.com> on Thursday October 05 2006, @10:56AM (#16321491) Homepage
      > What the fuck is "Pwned"? I thought this was a > news site, not an AOL chatroom.

      Corruption of 'owned'. Someone made a typo, and the typo became popular. (Guess this says something about AOL, or /., when typos become more popular than correct spellings.)

      BTW, your question garnered 8 smartass replies, not one of them containing this answer. Come on, people, if you need to be wiseacres, at least answer the original question!

  • Mirror (Score:4, Informative)

    by PktLoss (647983) on Thursday October 05 2006, @10:03AM (#16320589) Homepage Journal
    here's a mirror, good luck fair server
    http://www.preinheimer.com/dump/Es3b-en.pdf [preinheimer.com]

  • create mirrors? (Score:5, Insightful)

    by Speare (84249) on Thursday October 05 2006, @10:12AM (#16320733) Homepage

    Hrm, funny, every time we complain that slashdot should go through the process of automating a simple mirror process to avoid hammering an unsuspecting server into rubble, all the "editors" go pointing at the FAQ as some sort of ironclad reasoning against doing so. But here we have an "editor" instructing the readership to do slashdot's work for them. This all just points to the fact that OSTG will pay the bandwidth bills if it means ad revenue, but doesn't want to actually foot the bill to use their server complex for disseminating information.

  • The Dutch get outraged but Americans don't? (Score:5, Insightful)

    by BeeBeard (999187) on Thursday October 05 2006, @10:17AM (#16320823)
    I've been keeping tabs on the Diebold stories coming from U.S. news sources, and it's not like the Diebold problems have been kept secret. Nevertheless, many Americans have reacted to the information with a collective yawn.

    So here we have a similar set of circumstances--only the nation at risk has really changed--and the Dutch appear to be fighting mad over this. What gives?

    • Re:The Dutch get outraged but Americans don't? (Score:5, Funny)

      by kidtwist (726601) on Thursday October 05 2006, @10:28AM (#16321001)
      Don't bother me with this stuff, "Dancing with the Stars" is on.

    • Re:The Dutch get outraged but Americans don't? (Score:4, Insightful)

      by miro2 (222748) on Thursday October 05 2006, @10:30AM (#16321031)
      The problem is that the stories on this in America are generally technical and involve complicated recommendations for "open source" systems with "paper trails." Thats too difficult to keep anyone's attention. America pays attention when it gets Sensation and Scandal! We absolutely need someone in the United States to hack a Diebold machine into changing its votes and demonstrate how they can do that in a quick and easy way when they have access to the machine. If it can be turned into a 2-minute feature on a news station (with enlarged graphics showing the vote totals changing LIVE) it will become big news.

    • Re:The Dutch get outraged but Americans don't? (Score:5, Insightful)

      by k98sven (324383) on Thursday October 05 2006, @11:13AM (#16321777) Journal
      So here we have a similar set of circumstances--only the nation at risk has really changed--and the Dutch appear to be fighting mad over this. What gives?


      Yup, same thing.. [princeton.edu] but the question? Good question.

      The obvious answer is that they're freedom-hating socialists. :)

      But seriously? It's the culture. The Netherlands and the Nordic countries are about the same like this. Big on democracy, accountability, transparency, highly intolerant of corruption, etc.

      In the end, it's basically a self-fulfilling thing, really. People trust the system --> therefore they have low tolerance for corruption --> get very pissed when it happens --> therefore they have low corruption --> therefore they trust the system.

      It's not just faith in the Government itself, but to all the institutions, and the parliament, etc. And there's a lot less political polarization. Of course part of the latter is due to the multi-party system. I used to be agnostic on which system was better, but now I'm pretty convinced that the many-party parliamentary system is superior to the US system.

      In particular the President has just too much power and it's emphasized too much as well. And too much negative power - the Veto is too strong, and the constitution is (IMHO) too hard to amend. I don't think the Founding Fathers would have done it the same way if they'd anticipated there'd be another 37 states. This is of course heresey - which is another problem; Not only is it hard to change, but there's a strong disinclination against doing so since it's been raised almost to the status of some kind of Holy Scripture. With the Founding Fathers as some kind of prophets. Every dang constitutional debate is always in terms of "What did the F.Fs intend?"*. There's just too little impetus.

      (*Damnit, I'll tell you what they wanted: They wanted a democracy based on ideas of critical reason. They sure as heck didn't want to be elevated to the status of unquestionable demigods.)
  • what we need is simplicity when it comes to voting, not complexity. i believe we should never go to electronic voting, and even get rid of mechanical voting booths, which has a sordid history of tampering

    of course you can do fraud scams with simple paper ballots too: lose them for entire districts, stuff the boxes with fake votes, etc. but any more complexity in the voting system doesn't remove these scams, it just adds a new layer of possible scams

    fraud happens in all forms of voting mechanisms, and voting is just too much of an important and vulnerable part of our social cohesion and the source of so much faith in and integrity of our government. being so vital and vulnerable, the point in my mind would be to oversimplify the voting process on purpose. the more complex the system, the more points of failure and the more possibilities of fraud. so make the process very simple: paper ballots

    i mean seriously, why the technophilia? voting is a problem that is not solved better with more technology, just made more complex. paper ballots, period, end of story, for all time. the slashdots crowd of any crowd of people should know all about the various and sordid ways malfeasance can be achieved in electronic communication and electronic storage. voting is not a complex math problem. it's very simple. no computer need apply

    electronic voting can be a downright scary prospect. don't mess with it, simplify it, which means avoiding computers in the voting process like the plague. i'm not a luddite, i am simply saying that specifically in reference to the voting process, it must be simplified technologically to ensure faith and integrity in our government

    because people already doubt enough about how much their vote counts. why give them yet another paranoid schizophrenic reason for them to think their vote doesn't count/ doesn't matter ("it doesn't matter man, it's all in the computer, and they just change the votes to whatever they want them to be man")

    bottom line: faith and integrity in our government is far more of an important issue than any speed of transmission/ tabulation. no electronic voting. no mechanical voting. paper ballots only. of course malfeasance can still occur with paper ballots. but with more complex systems, you only add more points for manipulation. this is not a luddite's point of view. i am as much a technophile as the next slashdotter. i just have an appreciation for the limits of technology's ability to solve problems, and that for some limited subset of problems, due to malfeasance and the potential for it, more technology need not apply. voting is such a problem

  • FIELD / SERVICE (Score:4, Interesting)

    by achurch (201270) on Thursday October 05 2006, @10:24AM (#16320941) Homepage
    From the PDF:

    4.3 Maintenance mode: "GEHEIM"

    The ISS software has a `maintenance mode' that is supposed to be only accessible to members of the "verkiezingswacht", the Nedap election-day helpdesk. You need a password to get the software in this mode. A quick look in the binary revealed this password to be "GEHEIM", the Dutch word for "SECRET".

    Hello? Did someone not get the memo about secure passwords? Or better yet, no default passwords at all? Granted, physical access makes the point rather moot, but if this is the kind of security the designer had in mind, it looks like they can give Diebold a run for their money . . .

  • I have a Solution! (Score:5, Funny)

    by Aqua_boy17 (962670) on Thursday October 05 2006, @10:26AM (#16320973)
    Okay, we in the US all know that there's not enough time before November elections to fix this. So I have a very simple solution. First we ban the sale of all flash memory for 7 days prior to the elections. Second, we put gigantic super-electromagnetic field generators in the doorways of all the polling places. This way we can ensure that any potential election fraudsters that try to smuggle in memory cards will find them wiped out when they open the Diebold machines with their hotel bar keys.

    Of course, anyone else walking through the door stands to have their ATM and credit cards wiped out, but hey, it's a small price to pay for Democracy, don't you think.

    For the severely humor-impaired, the above is intended as a joke and in no way reflects the author's actual thoughts on this matter.

  • Very elegant way to steal the election... (Score:5, Insightful)

    by FellowConspirator (882908) on Thursday October 05 2006, @10:36AM (#16321109)
    I was attempting to explain this to someone the other day. You don't need to alter the votes after the fact, though that may be easier. All you need is a good statistical guess (say, a poll by the local newspaper). Given that, you calculate the skew necessary for a candidate to win. Then, you simply tell the machine to randomly record a vote for person X as a vote for person Y every a certain percentage of the time. You only need to do this in specific areas where the races are close, concede a loss in areas where the skew would be too large, and presume victory in areas where the bias is for your candidate.

    In the US, you could steal an election with a small software update on a small percentage of the machines. The tallies would all add up and most of the votes counted would reflect the votes cast -- but just enough wouldn't to skew the ultimate result. The only hint you would have something was wrong would be a minor but crucial deviation between exit poll results and the official count.

    It makes for a good simulation for students to put together to see just how simple it is to do.

    • Re:Here Please? (Score:5, Insightful)

      by Tom (822) on Thursday October 05 2006, @10:07AM (#16320657) Homepage Journal
      Very similar exploits have been shown to be possible against Diebold machines.

      The difference isn't that nobody is doing this in the US. It's that nobody is listening in the US. In order to become a democratic country again, you don't need to elect a new president, you need to elect a new media.

      • Re:on that note (Score:5, Insightful)

        by Ravenscall (12240) on Thursday October 05 2006, @10:20AM (#16320875)
        You obviously do not talk to many 16-22 year olds, some of the views they espouse are frightening. I chalk it up to going through school systems where surveillance, random searches, and cops in the halls are normal things. They have been desensitized to the tools of the police state, and it is starting to show.

        • Re:on that note (Score:5, Insightful)

          by Lumpy (12016) on Thursday October 05 2006, @11:28AM (#16322009) Homepage
          sorry but it's not only the school immserion into a draconian watch environment but the parents at home beign good sheep and echoing the BS the press and government are spewing. Most of these soccer moms enjoy having freedom taken away to protect them from that terrorist hiding in the bushes just outside.

          If the parents at home told the kids they did not approve of what was happening, and got off their asses and told the schools at pta mettings and other opportunities things would be very different.

          Kids do pay attention to the parents... and they see mommie and daddy happily rolling over and playing dead.

          • Re:on that note (Score:4, Insightful)

            by Ravenscall (12240) on Thursday October 05 2006, @11:29AM (#16322043)
            That is my experience at small liberal arts schools, but every large state school I have hit recently, I hear people saying things like "If I have nothing to hide I don't care if people spy on me", "All mexicans (not just illegals) should be deported", among things like "We need to support the president even if he was wrong about our reason for getting ibnto this war". My only consolation is that most of these people also espouse that "I do not vote because it does not change anything".

    • Re:Well at least.. (Score:5, Informative)

      by Ryano (2112) on Thursday October 05 2006, @11:29AM (#16322045) Homepage

      "they can't open it with a minibar key.."

      Don't be so sure...

      From their report (the PDF linked above):

      The key system chosen by Nedap for both the locks on the voting computer is the "C&K YL Series 4 Tumbler Camlock". This lock always comes with the same key (marked "A126"), which probably explains why the same key is used on all 8000 ES3B machines throughout The Netherlands. Spare keys can be ordered separately online for roughly a Euro each by searching for the product number: 115140126. We ordered, payed for and were subsequently supplied with 100 of these keys without any problem. According to the product datasheet3, typical applications for this lock include "copy machines and office furniture". Even if spare keys were not so readily available: this is quite literally the type of lock we can open with a bent paperclip.

      The reader unit has, as stipulated by law, a lock with a different key for the slot marked 'programming' (it is marked "A154"), which is used to erase the ballot memory modules and to write new candidate lists to the modules. The key is of the same insecure type and the we expect it to also be the same all over the country.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.