Schneier on Security
A blog covering security and security technology.
« American Express Patenting Tracking People via RFID |
| Misplacing the Blame in Personal Identity Thefts »
March 23, 2007
Dutch eVoting Scandal
His software is used with the Nedap voting machines currently used in 90 per cent of the electoral districts, and although it is not used in the actual vote count, it does tabulate the results on both a regional and national level.
According to the freedom of information disclosures, Groenendaal wrote to election officials in the lead up to the national elections in November 2006, threatening to cease "cooperating" if the government did not accede to his requests.
Posted on March 23, 2007 at 6:12 AM
• 24 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
If the printer of the paper ballots threatened with something similar, would anybody care (beyond switching to a new supplier)?
I have a feeling electronic voting needlessly gives people the ability to manipulate our democratic process.
The more interesting thing is, that these voting maschines have also been shown to be insecure by a group of Dutch and German Hackers.
Groenendaal has agreed to be interviewed by the voting commission, in a closed-door session, without transcript, and not under oath.
...since he has nothing to hide, there's no reason to testify under oath. :-)
In the Netherlands this is not considered a scandal. In fact it is rather old news and the doubts concerning these machines are being rather well handled by the government.
That an engineer is pissed that people are messing with his product is not new either. Anyway, the technology is at least 20 years old, so many contemporary attacks don't work agianst it.
The main protection against manipulating the outcome of elections in the Netherlands is not having a corrupt goverment and civil servants.
If there was wide-spread corruption I would not see how paper voting would prevent that, as is well demonstrated in many corrupt countries. The protection of democracy is in democracy.
Regarding other threats I would say it is equally easy to spy on people doing a paper vote (e.g. small camera), rather then trying to work out remotely recieved radiation.
The biggest problem perhaps is not having a paper trail. I'd be rather worried about internet voting with which also the Dutch government is experimenting. Last national elections I indeed casted my vote at home from behind my laptop. However, even that worry is only small and the added convenience is great, provided the Netherlands remains a democracy.
@Derob: have You been following the news the last half year ? what theory is this, that the technology is too old to be attacked, have You read this, there's plenty of attacks:
and this was not "messing with an engineers product" but a security analysis which nedap of course doesn't like because it showed that their machines are unsecure crap in almost every aspect.
how is that well handled ? in fact they are still using the same machines, they've done nothing.
and internet voting in the Netherlands is intended for dutch people living in foreign countries replacing postal ballots, which You probably know when You've been using it.
the nedap machines are all DRE so far, so to Your last sentence i have a nice quote (don't remember from whom):
"either democracy get's rid of black box voting or black box voting gets rid of democracy."
Well, Groenendaal has also requestet from the government to arrest the group of hackers (AFAIR the CCC and "Wij vertrouwen stemcomputers niet") demonstrating how to manipulate the machines as terrorists. ;-)
The machines are also used in parts of germany, with some protests going on because oberservers observed irregularities in some elections.
Last month a complaint against the last federal election was filed at the constitutional court because the Nedap machines were used. Im curious about the results.
@Genau: Yes, I did follow the news. I also did not state that no attacks are possible. I simply don't think the protection of democracy is achievable by technology, whether that is based on paper or electronics. I don't think the Germans had voting computers, 75 years back, did they?
Groeneveld is pissed because (in his eyes) they are messing with his system. I know quite a lot of engineers who would react in a similar fashion. His reaction is actually rather kind ;-)
I think a big threat to machine voting is if all machines can be attacked in a well hidden manner at the same time. That's hard with the Dutch system, in particular now new procedural measures seem to be put in place.
Uhh, Groenendaal... ah what does it matter.
Well, I guess you have to accept that people 'mess' around with 'your' stuff, if you design/build/construct technology, where operational security is relevant.
A few persons (or even one) can manipulate quite a lot of Nedap machines if you they are insiders.
Of course you can manipulate elections even if there is a clear paper trail. But it is a hell lot easier if there ist no way to audit the election afterwards. (Thats the reason why auditability is a key requirement for democratic elections, no matter what technology you use.)
Secure voting equipment is necessary, but not sufficient, to safeguard voting. You seem to think that since it's not sufficient, the necessary clause is irrelevant. That is a fatal fallacy.
The correct statement is x & y & z then w, where x is secure voting equipment, y is a well structured civil service that minimizes corruption, z is a culture of democratic citizenry, and w is actual functioning democracy. If any of the precedents fail, then democracy will also.
nice, Copi and Cohen would be proud
Scratch that last comment, it should read:
Nice, Copi and Cohen would be proud.
Sorry for the mix-up,
"...although it is not used in the actual vote count, it does tabulate the results ..."
Does this mean the software does not count the votes before it counts the votes?
Bruce, some year back I send you a e-mail about this… Maybe the last report from the OVSE ( http://www.wijvertrouwenstemcomputersniet.nl/... ) make the difference, but I don’t expect it. There are experiments with voting over internet, I broke the system at my own (a child could be do it) but that seems not make any difference at this moment. Some other point about the economics from electronic elections. And to make it even worse it cost a lot of more monny as simple paper ballots. At last, it is in Dutch, but most people understand this strip I think….: http://www.wijvertrouwenstemcomputersniet.nl/...
The video for that particular video is up as are many others (on ftp), but some aren't yet finished (click on my name)
People who are interested in the german version of the comic strip LsH mentioned in the previous posting, should visit the homepage of the CCC Berlin:
Maybe someone knows english version?
Emma Goldman once remarked that if voiting could change anything, the rulers would make it illegal.
The entire hoopla around e-voting is distracting from the real problem: namely that representative democracy is a scam to begin with.
If what exactly sense a majority candidate can be said to represent those who voted for another? They have NO representation, period.
And, of course, there's the "smallish" issue of getting on the ballot - this process is not democratic in any sense of the word. The usual result is a "choice" between a pair of scoundrels which nobody in his right mind would lend a hundred bucks for a week.
So... in "honest" elections a scoundrel wins and a majority of people have no representation. In "crooked" elections (ain't they all?) a scoundrel wins and a majority of people have no representation. So what the fuss is about?
Afraid that e-voting would make it perfectly clear the ridiculousness of the belief into the supreme morality of the crowd?
I think the TV networks would be against electronic voting - I can see the election coverage - starts at 6pm, and at 6.00.03 - and the winner is...... hardly exciting viewing!
It is a little bit slower... we don't use them anyware, Amsterdam is still voting on paper ballots. So we have to wait for some time.
I was intrigued by the Diebold key vulnerability, and, while I was allowed to access the Register, the school safety and DHS compliant firewall PREVENTED me from seeing the substituted key on Diebold, so I had to use the same system to go to the Brad Blog and see both the decoy WITH the real deal. So, you see, our voting security DEPENDS UPON public school and library firewalls preventing high school kids from looking at images on the internet. Hmmm.
Could you tell us some more details by what you mean by 'I broke the system at my own'? What system and how?
Note: read the OVSE report and you will notice that this report is not presenting any negative conclusions on the way voting takes place in the Netherlands but merely makes (or remakes as you wish) the point of paper-trail or need for other voters verification in the future.
What kind of insider attacks are you thinking about? The Nedap machines are mostly owned, stored and operated by the local municipals, hence there is rarely any single person with uncontrolled access too lots of machines without the need for largescale conspiracy.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.