The Netherlands Opts For Manual Vote-Count Amid Cyberattack Fears

Bruce66423 writes: Following revelations about the lack of security of the software, the Dutch government has decided to abandon the use of it to count the ballots at the forthcoming election in March. The Independent reports: The decision was taken amidst fears that hackers could influence next month's elections after allegations by the U.S. intelligence agency that Russia hacked into Democrats' emails to help Donald Trump get elected. Russia denies any wrongdoing. Intelligence agencies have warned that three crucial elections in Europe this year in the Netherlands, France and Germany could be vulnerable to manipulation by outside actors. In a letter to the Dutch Parliament, Interior Minister Ronald Plasterk said that 'reports in recent days about vulnerabilities in our systems raise the question of whether the results could be manipulated' and that 'no shadow can be allowed to hang over the result.' In previous elections, the ballots were counted by hand locally but regional and national counts were done electronically. But this year, all ballots will be counted by hand after voters make their choice on 15 March. Dutch media have reported that the counting software may not only be insecure but also outdated. The counting software is reported to be distributed by CD-ROM to regional counting centers, where it is set-up on old computers that are internet connected."

I'll never vote over the net

[Anonymous Coward]

Paper ballots, either scanned or manually counted is the ONLY secure way to vote. If there isn't a hard-copy, it didn't happen.

Re:

[by (1706743)]

I like the idea of posting all voting results publicly, where you are identified by something like a randomly generated UUID given to you at the time of voting (or some hash of your various personal information like name and SSN, etc.).

Although it doesn't address "extra" votes, you would at least be able to verify that your vote got counted as you intended, which is something...

Re:

[Highdude702]

Then how do you circumvent vote buying?

E-voting problems

[Anonymous Coward]

Read Craig Burton's http://www.parliament.vic.gov.... [vic.gov.au] submission to the Victorian government (southern state of Australia) about the difficulties of e-voting, it's well thought out. If you can't get this level of security, better to only allow paper voting.

Re:

[Anonymous Coward]

Vote buying is really a non-issue as long as politicians themselves are for sale.

Re:

[slashrio]

And here is a prime example of how naive ignorance makes one stupid.

Re:

[Opportunist]

Exactly.

Buying politicians, what bullshit. Start leasing, they might become worthless come next election.

LaaS

[Howitzer86]

Legislation-as-a-Service. All the hip new kids are doing it.

Re:

[stoatwblr]

Why buy the voters when you can simply buy the vote counters?

Re:

[arglebargle_xiv]

I've seen this brought up a number of times as a counterargument to ready auditability, and it's always seemed like a red herring to me. I don't live in the US so I don't know whether this sort of thing is rampant over there, but vote-buying in the countries I've lived in (stable democracies, e.g. the Netherlands) is essentially nonexistent. It's just not done, so there's no need to compromise your voting system auditability in order to deal with it.

Re:

[TuringTest]

And you don't think that, the fact that the voting system is not exploitable, plays a large part in making vote-buying nonexistent?

The very same countries that have stable democracies now are the ones which implanted such systems because vote-buying was a common practice in the past.

Re:

[arglebargle_xiv]

And you don't think that, the fact that the voting system is not exploitable, plays a large part in making vote-buying nonexistent?

I know this unicorn repellant I'm wearing works because I've never been attacked by a unicorn.

Re:

[anarcobra]

My house has never flooded. Guess we don't need all these levees everywhere.
Better just tear them down amirite?

Re:

[Altus]

These voting protections you are talking about weren't in place just a short while ago. You would need to show that vote buying was happening then.... IE, the house was flooding before we build the levees.

Re:

[eric_harris_76]

Then how do you circumvent vote buying?

We haven't. We've only changed the process slightly.

"Vote for me and I'll have the government rob other people to pay for the goodies the government is going to give you. But if you don't vote for me, well, I might not win."

(It also comes in another form: "Vote for me and I'll have the government rob you less than you're being robbed now. But if you don't vote for me, well, I might not win.")

That kind of vote-buying is self-enforcing, to a degree.

And that kind of vote-buying is not stoppable, AFAIK.

Re:I'll never vote over the net

[Jeremi]

I like the idea of posting all voting results publicly, where you are identified by something like a randomly generated UUID given to you at the time of voting (or some hash of your various personal information like name and SSN, etc.).

Although it doesn't address "extra" votes, you would at least be able to verify that your vote got counted as you intended, which is something...

The problem is that your boss (who has promised to fire you unless you vote for his candidate, and/or has offered to pay $20 to every employee who can prove they voted for his candidate) can also use this mechanism to verify that you voted the way he told you to.

Keeping peoples' votes private is important to avoid that sort of abuse, and I don't think there is any reliable way to allow a voter to verify his own vote without also allowing someone else to lean on that voter for evidence that they voted "correctly".

Re:

[Opportunist]

I was blasting during the speech, I was. People around me didn't like it.

And then I was fired for being a Trumpet player.

Re:

[Anonymous Coward]

Make every vote public, linked to a random and non deterministic UUID that is shown at the time you voted.

Look up your own UUID afterwards to verify your vote was registered correctly.

Give your boss someone else's UUID from the public list of all votes, who voted the way he demanded to keep your job or get the $20. Except your boss will know you could pick an UUID at random and claim it was yours, so making such threats/promises would be worthless.

I suppose he could demand you bring a camera into the voting

Re:

[ChoGGi]

Right after you cast your vote, (along with your personal UUID) you get a list of UUIDs for each candidate?

Re:

[Goaway]

Which won't be on the tally?

Re:

[stoatwblr]

"But he could also demand you bring a camera into the booth and snap a picture of you making a cross in the right box on the ballot paper"

Which is exactly why taking photos of people voting or in the ballot box is expressly prohibited in most functional democracies.

Re:

[Magnus Pym]

I think that ship has sailed; mail-in ballots are vulnerable to that sort of scheme as well. Now that we have adopted mail-in ballots, may as well go the whole hog and do full verification.

Re:

[Goaway]

Or, fix your idiotic system and stop accepting mail-in votes!

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[GNious]

People, incl politicians, have been posting vote-booth selfies for the last few years now - if you want to buy votes, have people post selfies with them, it'll get drowned out by the noise of everyone else doing so, even if illegal in your region.

Re:

[number6x]

I like the idea of posting all voting results publicly, where you are identified by something like a randomly generated UUID given to you at the time of voting (or some hash of your various personal information like name and SSN, etc.). Although it doesn't address "extra" votes, you would at least be able to verify that your vote got counted as you intended, which is something...

The important thing is the vote, not the person casting it. In this system, a vote is a recorded thing so the UUID should be based on parameters of the vote:

• - date-time Stamp when the vote is scanned (or entered)

• - location id of the voting place (state/locality/precinct/ward/polling place id

• - machine id of vote paper-scanner or electronic voting machine

• - sequence number of vote on that paper scanner or e-vote machine that day

• - id of voting judge who checked you off the polls?

Re:I'll never vote over the net

[Caesar Tjalbo]

The story is about the software used to send the results to a central place. So the voting was done by paper ballots but from there on it went digital. The "shocking" (probably not so much anymore) thing was that the particular vulnerability was known for years and pointed out by a student in 2011.

Re:

[Ol Olsoc]

Paper ballots, either scanned or manually counted is the ONLY secure way to vote. If there isn't a hard-copy, it didn't happen.

Ill give you a two point boost for telling the truth, AC MOd this guy up people.

Anyone who belives that computer systems are safe for voting cannot call themselves a technical or computer professional. Well that might, but tht would explain a lot. Because voting machinery has ben tampered with and is 100 percent insecure and long long before the 2016 election.

Re:I'll never vote over the net

[currently_awake]

The secret to Democracy is trust. The people must trust the voting system to be the will of the people. If you can't prove to the people the system is trustworthy then Democracy won't work. A black box computer system is not provable.

Re:

[arglebargle_xiv]

The secret to Democracy is trust.

Yep, and once you can con people into trusting that their vote counts, you've got it made.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[wyHunter]

Yes, thank goodness it's a Republic and not a Democracy.

Re:

[dryeo]

Language has changed since the 18th century. Democracy includes representative democracy where the people vote in representatives to run things and republic just means the opposite of monarchy.
Democracies include representative republics such as the USA and representative monarchies such as the UK or the Netherlands.
Republics range from countries where the citizens have a say in the makeup of their governments through elections to countries where there is little difference from an absolute monarchy such as

Re:

[Howitzer86]

Our Constitutional Republic is considered a form of Democracy. A Direct Democracy is also a form of Democracy. The fact that a Constitutional Republic isn't a Direct Democracy does not mean it's not a Democracy at all.

I think the people that make the fallacious point that we're not a Democracy do so in response to people complaining about their government not representing the will of the people. It's a statement in defense of a representative system clearly failing to represent, and a rejection of the idea

Re:

[hey!]

I have a theory for why voting machines are more popular with officials than optical tabulators. It has to do with election manipulation, but not by the mechanisms we're talking about.

With electronic voting machines, the number of functioning voting machines can be a bottleneck. That can be exploited to create delays in certain precincts, causing voters to give up and discouraging turnout in the long term. Whenever I see a news report of voters lined up for hours waiting, it always shocks me that the lin

Re:

[phantomfive]

My precinct has a voting machine, connected to a printer. After I finish voting, I can look at the printout, verify that it is correct, and push OK. I think that is a good way to do it, because it reduces counting errors, but preserves paper ballots in case a recount is needed.

Re:

[Altus]

The scanning isn't bad as long as you are doing sufficient manual checks.

Re:

Absolutely. Any machine complex enough to have an operating system and some software on it can be hacked. I'd be surprised if there are any military networks that haven't been infiltrated at one time or another, and they are much more secure than voting machines. In fact, voting machines have again and again been shown to be insecure by various security researchers and white or grey hat hackers like the German CCC.

A country that primarily uses electronic voting machine does not have a trustworthy democracy

Re:

[Damouze]

More like 17 milion people.

Nevertheless, a fantastic idea that should be adopted by other countries as well.

Democracy about People.

[rtb61]

Reality is democracy is all about people. People should make the votes and people should count the votes and real people should be voted for. Outside actors were never the problem, the corporations that make the devices and the current government in power that control the devices, they are the problem.

Re:

[Anonymous Coward]

Please provide proofs of Russia hacking registration databases.

This is the first I've heard of it, beyond the allegations of a fishing e-mail and the town hackcycle that was Hillary's private server.

I'll go out on a limb and say you're just rolling with some conspiracy theory you read on huffpo.

They are smart in the Netherlands

[surfdaddy]

IMHO we should never use voting machines unless technology gets to a place where we clearly are not at. No way to avoid the risks of mass tampering with machines.

Re:

[Carewolf]

IMHO we should never use voting machines unless technology gets to a place where we clearly are not at. No way to avoid the risks of mass tampering with machines.

I can't even see how it can be avoided with more technology. The whole purpose of using technology to count vote is to make it more efficient, but it is the inefficiency that makes human counting safer, any major improvement in efficiency will make tampering easier.

Re:They are smart in the Netherlands

[JaredOfEuropa]

Not just safer. Manual voting, counting and the applicable oversight all consist of transparent processes that pretty much any idiot can understand and take part in, as voter, counter or auditor. And that makes people's confidence in the results that much greater. Which is pretty important. "No shadow can be allowed to hang over the result" means the entire process must be transparent and auditable by laymen, which pretty much precludes the use of computers.

Shadows?

[Anonymous Coward]

"No shadow can be allowed to hang over the result"...

There is always shadow, gerrymandering, voter suppression, election hacking by foreign governments, foreign money used in PR etc.. I think it reaches a new level of dark, when you get an election and a clear majority vote for one candidate, and yet another candidate takes office, there is no transparency light that can shine to fix that. The majority spoke and it was loud and clear. So any system not based on majority of votes is highly vulnerable to atta

Re:

[camperdave]

Make a machine that will take a stack of ballots and split them into separate piles based on which box is ticked. Then run each of those piles through a separate tallying machine. The sorting machine doesn't count, and the counting machine doesn't sort. We've had this tech for nearly a century.

Re:

[Anonymous Coward]

The reason that electronic voting machines were forbidden the last time was (among others) that some politicians had a name with special characters (Turkish, or French, etc). The electromagnetic radiation signature the machines gave off when voting on such a person was different, thereby removing the anonymity required.
https://www.youtube.com/watch?v=B05wPomCjEY
A group of activists sued the state, and actually dropped the suit when they were about to win to prevent chaos. The voting machines were banned, al

Much Ado About Nothing

[93 Escort Wagon]

"The Independent reports: The decision was taken amidst fears that hackers could influence next month's elections after allegations by the U.S. intelligence agency that Russia hacked into Democrats' emails to help Donald Trump get elected."

You needn't worry, Netherlanders - if Donald Trump won your election, I'm pretty sure you'd figure out something went wrong pretty quickly.

Besides, I doubt it'd be legal for him to run four countries at once. He's not Putin.

The Dutch Trump

[Shane_Optima]

This is the 'Donald Trump' the Dutch are worried about [wikipedia.org], for those who are interested. They actually aren't terribly alike other than their tendency to not mince words about Islam, but I somehow suspect the comparison is being constantly made nonetheless.

Re:

[Shane_Optima]

Well, I suppose their hair could be distance cousins as well. That, and the Islam thing.

Re:

[Shane_Optima]

The guy is crazy, his party is extremely anti-democratic ... Even if his party becomes the largest, which is not unlikely according to current polls, he will not be in government and since most of his proposals are not supported by other parties, he will rarely get a majority of parliament behind him on anything. He may have a large following, but the majority of people in The Netherlands don't like him at all.

I know I was just dismissive of the stylistic and policy connections between him and Trump, but surely the parallels in the overall situation deserve commenting on.

When the public demands something and only a 'crazy, anti-democratic' guy steps forward to address that demand... that guy can still *win*, even if the majority of the public do not like him. If this can be true in a Presidential system, this surely must be true in a Parliamentary system as well (unless they have ditched first past the post vo

Re:

[Shane_Optima]

I wonder what would have happened if a politician in the US turned out to have provided a false name and a false date of birth when applying for citizenship

If that person was fleeing persecution from a hellhole like Somalia (or a hellhole-lite like Kenya) and there was no evidence that the false info was used for any nefarious purposes at all, no, there wouldn't be any negative repercussions for someone who had established herself as a high profile public servant. The reason she was forced out was because of her criticism of Islam, not because the Dutch government was incapable of re-approving her under another name.

Re:

[Shane_Optima]

Where is the section of Dutch law that says no one can ever reapply for citizenship once it is lost (for fraud, or for any reason)?

Re:

[Anonymous Coward]

The main effect in Europe of the Trump administration so far is that European governments are beginning to view the US as a threat rather than an ally and are starting to distance themselves from the US. The US is rapidly losing influence on the rest of the world.

Re:

[Ol Olsoc]

"

You needn't worry, Netherlanders - if Donald Trump won your election, I'm pretty sure you'd figure out something went wrong pretty quickly.

Besides, I doubt it'd be legal for him to run four countries at once. He's not Putin.

Bt would it not be hilarious for Trump to suddenly start winning every election in the world?

Re:

[93 Escort Wagon]

Bt would it not be hilarious for Trump to suddenly start winning every election in the world?

... also mayor's races, county council seats, and school board positions.

Re:

[Ol Olsoc]

Bt would it not be hilarious for Trump to suddenly start winning every election in the world?

... also mayor's races, county council seats, and school board positions.

Trumps for everything!

Re:

[93 Escort Wagon]

It's Trumps, all the way down!

so...Manual will count all the votes?

[turkeydance]

hope he gets a raise.

Trompe 2017

[rossdee]

Build a wall and make the North Sea pay for it.

Re:

[Fire_Wraith]

Actually, the Dutch have been building walls to keep the North Sea out for some time now. They just pay for it themselves, though. :)

Thank you

[manu0601]

I am not sure who we should thank for the rejection of electronic vote: Russia or US intelligence.

Russia did not tamper with US voting, even US intelligence acknowledges this [dni.gov], and the real threat on electronic voting is more about fraud by national parties, but Russia threat made up by US intelligence seems the key to fix the problem.

Re:Thank you

[Fire_Wraith]

The "Russia hacked the vote" accusations didn't come from U.S. Intelligence, but rather, from a deliberate bit of confusion designed to act as a strawman to take away from the actual story. Nobody ever accused Russia of hacking VOTING MACHINES, and everyone official agrees that this didn't take place at all.

What did occur were several instances of politically motivated hacking that took place as part of a Russian campaign to find anything that seemed like dirty laundry on one side, and then dump that into the media. It was a digital Watergate operation, meant to influence who voted and how they voted, not one meant to stuff the ballot box or change votes that had already been cast.

That said, if this makes people paranoid enough to wake up to the dangers of unauditable electronic voting machines that Slashdot and others have been warning about for years, I'll certainly count that as a silver lining to the mess.

Trump just took sanctions off the KGB

[Anonymous Coward]

I can see you want to make it a partisan issue, but Trump just removed sanctions from the FSB (which is just the new name for the former KGB). It means Trump can send and receive money to the Russian KGB without violating US sanctions. Which is handy, because he's still got his Russian companies in place.

When asked to explain, he made a vague comment about 'FSB also dealing with trade'. Which is false. The sanctions were against Russia, they were not limited to the FSB/KGB and there are no trade tarrifs if

Re:

[wyHunter]

You mean handed over names of American agents like Clinton did by putting them in the news?

Re:

[tinkerton]

No that is not what occurred. There is proof whatsoever that Russia has given DNC dirty laundry to wikileaks and it's also unlikely, given that wikileaks denies it and in a situation where everyone expected Clinton to win, it's not really in Russia's interest to simultaneously signal their powerlessness and their aggression by scheming against her. It's plausible that Russia hacked DNC, or hacked anything they could hack. DNC could have been hacked a dozen times over actually by all kinds of parties. The NS

Re:

[theshowmecanuck]

Both options were bad. The one engineered into a candidate by manipulating the news and getting free advertising on CNN and... Dammit both Clinton and Trump did that. Well I guess the difference is that Clinton had help from the unscrupulous douchebags in the DNC, including that hag leader they had, and Trump got it by rating addicted news presidents and the Deliverance Babies of the republican party.

Re:

[tinkerton]

A bit hyperbolic but I think a valid argument to criticize the current hysteria. I think your argument about Seth Rich has too little foundation though.

lead app

[leadapp]

http://www.leadingappliances.c... [leadingappliances.com.au]

Hm..

[fluffernutter]

So if Trump wins in the Netherlands as well, will he continue to deny the Russians had any involvement?

Failure by Design

[Anonymous Coward]

The entire point of electronic voting is the fraud.

That's why the diebold machines had no paper-trail right from the start, and why everyone pointing out how easy it was to alter mere excel files on an unprotected system were chided, accused, or told to go put on their tinfoil hat.

So what's the LATEST on this?

[Bruce66423]

Given that the story - which is alarming - is over 6 weeks old, what has happened since?

Re:

[bongey]

Detroit city auditor said it was lack of training and broken machines. That is why a linked to the report from 2003, the report in 2003 said that it was basically impossible to over counted with the new machines they were getting in 2003. In 2

As it SHOULD be

[p51d007]

I have always been against ANY form of electronic voting, or mechanical voting. Piece of paper, box where you can put an X for your vote. Hand count them. Along with that, I would advocate that after you vote, you dip your index finger in that purple ink, to signify that you have voted. It's the old ways that help guarantee the election process is valid.