Unusual Electronic Voting Machine Threat Model

Rats have destroyed dozens of electronic voting machines by eating the cables. It would have been a better story if the rats had zeroed out the machines after the votes had been cast but before they were counted, but it seems that they just ate the machines while they were in storage.

The EVMs had been stored in a pre-designated strong room that was located near a wholesale wheat market, where the rats had apparently made their home.

There's a general thread running through security where high-tech replacements for low-tech systems have new and unexpected failures.

EDITED TO ADD (5/14): This article says it was only a potential threat, and one being addressed.

Posted on May 2, 2014 at 2:00 PM • 16 Comments

Comments

hermanMay 2, 2014 2:18 PM

India is so corrupt, that I would not be surprised if someone stole parts and sold them for scrap or on eBay and then blamed it on rats.

AnuraMay 2, 2014 2:36 PM

If there is one thing I've learned about critical systems it's "Redundancy, redundancy, redundancy." You should make sure that your data is stored in multiple locations, so that if one machine has a problem, then you don't lose your data. By storing your data both locally and remotely, then if you have a physical problem locally, say a fire, then you still have your data backed up remotely.

Here's the model I came up with:

Each polling place has individual voting machines connected to a centralized and a local server. The user enters their vote, and when they are done, they are given a printed ballot and told to verify the vote is correct on the ballot, if not, they shred their paper ballot and obtain a new one once they have made their corrections. If it is correct, then they continue and the vote is transmitted electronically to the local server, which then transmits to the central server (they are queued in case of a loss of connectivity), and a receipt is given for the voter to hold on to.

Each vote has a random, unique identifier that identifies the vote. This is kept with the electronic record, printed on the paper ballot, and printed on the receipt that the voter receives. The paper ballot is considerd the official ballot and is counted separately, and then correlated with the electronic results for validation purposes, but the voter can also use the identifier on their receipt and check online to verify their vote was counted. The databases only contain the vote details, voting precinct, and unqiue identifier, as well as a a signature using the pricincts keypair; no timestamp or any other information that can allow the vote to be correlated to an individual voter. The databases can also be made publicly available.

Carl "Bear" BussjaegerMay 2, 2014 2:59 PM

"new and unexpected failures"

Rats, squirrels, and other rodents chewing cables and wires is hardly new, nor unexpected. I've seen more power outages chalked up to [expletive deleted] squirrels than "terrorists" shooting transformers. And more than 30 years ago I was spraying rodent repellent on cables as we buried them. When I had a set of remote microwave sites, my monthly PMs included installing and verifying steel mesh to keep rats and mice out of the equipment, and inspecting for and correcting any damage found.

That's just electronics. Shall we dig into centuries... nay, millenia of rats eating foodstocks and damaging property?

DanielMay 2, 2014 3:24 PM

"we have to spread it broadly, as broadly as the imagination of our attackers may roam. " From the post directly below this one.

So tell me about the imagination of rats.

Bob TMay 2, 2014 3:51 PM

"We had taken all possible measures to protect the EVMs. We realise how important it is to ensure that the EVMs are not harmed in any way. But rodent trouble was something we had not expected at all,"

They should have asked the wheat market how they protected the wheat.

Clive RobinsonMay 2, 2014 6:48 PM

Rat's do chew through cables and cause all sorts of problems.

Many years ago I was involved with setting up a new bank building in the middle east. We had got everything up and running on time and had sailed through a couple of days of acceptance testing and had got the all important customer managers squigle at the bottom. Feeling good the team went out for a major blow out meal in a good local restaurant. On returning the customers manager was running around panicing and nearly pulling out what was left of his thining hair. Everything was down even the uninteruptable powersupplies were not working, all of a sudden thing went from the joy of co.pleation to the nightmare of unknown failure. Tests showed that power was coming into the building but the circuit breakers had tripped, the UPSs likewise kicked out their circuit breakers when connected to the load regulator. After other tests it became clear there was a short on the output of the load regulator. It then became clear it was in the underfloor armourd cableing. On pulling up the floor tiles we eventualy were confronted by a large rat stagering around the floor space on catching it we found it had neither the will to fight or it's front teeth. What was left of them was found in the armourd cable shorting one of the phases to local ground not nutural, which had a high impedence fault which was the cause of all the circuit breakers kicking out. Thus the first entry in tge system fault log book was "power fail by rats teeth".

RichMay 2, 2014 10:06 PM

@Anura: Your voting system allows people to sell their vote, perhaps for $20, perhaps for a bottle of wine, perhaps to prevent getting broken thumbs. Here's how it works --

You vote, you give your receipt to the goon around the corner. You can either get paid when your vote is verified online or get paid immediately and get beat up if you lied about your vote.

AnuraMay 2, 2014 11:56 PM

@Rich

Good point. I was focussed on making it difficult to forge; I wasn't considering more traditional threats.

AC2May 3, 2014 1:54 PM

Bruce a little more fact checking pls before you post.

Rats haven't chewed up any EVMs yet.
http://indianexpress.com/article/cities/delhi/greatest-threat-to-free-and-fair-polls-in-ghaziabad-rats/

Also the EVMs are stored and transported in sealed hard plastic cases so the probability of rats chewing thru the shell to get to the electronics is low.
www.hindustantimes.com/photos-news/photos-punjab/nov5/article4-954485.aspx

But they are taking precautions in any case...

Clive RobinsonMay 3, 2014 8:10 PM

@ Alan Kaminsky,

Just as well that "Humans in the loop" is just --so far-- a figure of speach...

AC2May 3, 2014 9:54 PM

@Anura

There are a couple of problems with your proposal
- Some polling stations have limited to none road, telecom, power connectivity
- This one I've argued at length before here but when the voting population is greater than the population of the EU any model that depends on counting pieces of paper is flawed

While the whole rats-ate-EVMs thing is false what worries me more is this:
http://m.timesofindia.com/home/lok-sabha-elections-2014/news/Defective-Pune-EVM-transfers-all-votes-to-Congress/articleshow/33852397.cms

And the fact that the election commission hasn't released any info on why this happened.

dandrakaMay 5, 2014 7:22 AM

@Bruce did you by any chance turn off the blog's spam filter ?

Either that or your readers suddendly love Lacoste, Red Bull and what-have-you ;-)

anonymouseMay 5, 2014 11:10 AM

To be fair, rats can be just as much of a threat to low-tech voting methods too: they do love shredding paper after all, and a family of rats could easily destroy a precinct's package of paper ballots. Of course, those would probably be easier to replace on short notice, but it's still a possibility.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.