Corante

Error: could not select database
In the Pipeline: Don't miss Derek Lowe's excellent commentary on drug discovery and the pharma industry in general at In the Pipeline

Civic Minded

« Online shopping guide: the Election Advent Calendar | Main | RootsCamp: Post Election Open Sessions from The New Organizing Institute »

October 8, 2006

Can we trust voting computers?

Email This Entry

Posted by Rolf Kleef

Since Wednesday, the Dutch group "We don't trust voting computers" has caused a bit of unrest with their report and tv appearance on the security of the NEDAP/Groenendaal voting computer. Interesting to read, a mix of fun (at least for those with a little feeling for technology) and scariness, with a typical "Rop Gongrijp" sense of humor over it. And quite relevant, with Dutch elections for Parliament coming up on November 22.

The hacker group claimed that these voting computers could be reprogrammed for other things, even for playing chess. Jan Groenendaal of NEDAP/Groenendaal wants to call those things "voting machines" rather than "voting computers", and challenged them to prove their point. So the report contains a description of how they turned the "machine" into a simple chess computer.

The report then continues to disprove Groenendaal's claim that "hackers stand absolutely no chance". They outline several ways in which the system can be adapted or reprogrammed to steal votes, even based on party names, robust enough to work over election cycles. And their "CDA detector" is a simple proof of concept invasion into voter privacy: with a cheap radio scanner, you can "listen" to voting computer. CDA, the only Dutch party with an accented letter in the name, causes an audible difference, so you can "hear" when someone votes for that party. In the tv program (in Dutch), it is shown that the security around the storage of the voting computers is quite poor too, and would allow for quite large-scale tempering with the machines.

For me, there are some worrying concerns in this debate:

- The Dutch computers are already quite "old" and don't really allow to implement contemporary concepts of computer security. But it's scary that the company producing them does not seem willing to acknowledge this. He states that there is a high level of "consumer trust" in these computers, so no need to worry. On the contrary, all the more reason to worry! Reading his reactions to the action group's claims made me shiver...

- The laws are inadequate in describing the security of the systems, and the law makers have too little knowledge or interest in this area. The voting computers pass all Dutch legal requirements. There is a physical lock on the computer, and there is a password to get maintenance access to the computer. But if you can use a bent paperclip, or buy a single key for all 8000 computers via the internet (around 1 euro), and you have to type the Dutch word for "SECRET" as the password, there is something terribly wrong. There are European guidelines for the security of these systems, but apparently the Dutch computer doesn't comply with these.

Although the research was (and still continues to be) done for the Dutch situation specifically, the voting computers are in use in several other countries (although Ireland declined to use them after a security assessment), and the concerns about understanding of security and legal regulations easily translate to other countries (including the US) with other voting computer systems.

In the meantime, the "We don't trust voting computers" have threatened to take the minister responsible for elections to court if he doesn't take action soon. And they have a special page recruiting whistle blowers, with instructions on how to be a whistle blower (in Dutch) to gather more information. To be continued...

Comments (1) + TrackBacks (0) | Category: e-Government


COMMENTS

1. tuesday on October 14, 2006 6:07 PM writes...

it really depends where the voting is going to take place. in a developing country like the philippines, we are still very skeptical about voting using computers. with all the corruption taking place and vote buying, we still trust the traditional way of counting votes.

Permalink to Comment

POST A COMMENT




Remember Me?



EMAIL THIS ENTRY TO A FRIEND

Email this entry to:

Your email address:

Message (optional):




RELATED ENTRIES
Avaaz is here
Creative Commons Salon launches in The Netherlands
e, the undersigned,...
Letter-writing was never easier
Amnesty presses Internet freedoms at UN's Internet Governance Forum
RootsCamp: Post Election Open Sessions from The New Organizing Institute
Can we trust voting computers?
Online shopping guide: the Election Advent Calendar