×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

7,000 Irish e-Voting Machines To Be Scrapped

Soulskill posted about 2 years ago | from the return-on-investment dept.

Government 198

lampsie writes "You may recall from back in January 2012 that the Irish government had deemed their stock of 7,000 e-voting machines 'worthless.' Turns out they are not — after spending upwards of €54 million purchasing them almost a decade ago, all 7,000 will now be scrapped for €70,000 (just over nine Euros each). The machines were scrapped because 'they could not be guaranteed to be safe from tampering [...] and they could not produce a printout so that votes/results could be double-checked.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

198 comments

chéad phost (5, Funny)

Anonymous Coward | about 2 years ago | (#40493479)

chéad phost

Re:chéad phost (0)

nomoreunusednickname (1471615) | about 2 years ago | (#40493929)

chéad míle iomarcaíochtaí

Re:chéad phost (-1)

Anonymous Coward | about 2 years ago | (#40494051)

An bhfuil cead agam dul go dtí an leithreas, más é do thoil é?

Re:chéad phost (1)

AliasMarlowe (1042386) | about 2 years ago | (#40495157)

An bhfuil cead agam dul go dtí an leithreas, más é do thoil é?

Níl. Agus ghlanadh suas do praiseach ina dhiaidh sin.

awwwww (3, Funny)

slashmydots (2189826) | about 2 years ago | (#40493485)

Daaaaamn, what a waste, considering people have proven you can run Tetris on them. They could have had a whole arcade.

Re:awwwww (-1, Redundant)

slashmydots (2189826) | about 2 years ago | (#40494005)

Quick question...how can a comment be modded redundant when it's the FIRST POST?!

Re:awwwww (1)

Imrik (148191) | about 2 years ago | (#40494449)

The first post is in response to the summary, if it merely says something that's in the summary it would be correct to mod it redundant. Note that this is a hypothetical point, and in this case the moderation seems odd.

Happy Friday from The Golden Girls (-1)

Anonymous Coward | about 2 years ago | (#40493487)

Thank you for being a friend
Traveled down the road and back again
Your heart is true, you're a pal and a cosmonaut.

And if you threw a party
Invited everyone you ever knew
You would see the biggest gift would be from me
And the card attached would say, thank you for being a friend.

Re:Happy Friday from The Golden Girls (-1)

Anonymous Coward | about 2 years ago | (#40494011)

"you're a pal and a cosmonaut"

Cosmonaut? What a maroon! Try "confidante", dumbass.

How Difficult Is It Really? (3, Insightful)

AnotherAnonymousUser (972204) | about 2 years ago | (#40493509)

As a question for the geeks and engineers of the community - how truly difficult is it to make one of these voting machines safe for use? Is there something I'm missing that would make it difficult to have a kiosk with an imaged system that's been certified, locked down, and can print out results, without it being easy to tamper with or easy to fudge the numbers of? It seems like this is something that engineers could have designed to be foolproof by now, and at a fraction of the budget. How truly complex is the problem they're trying to solve?

use the same system for slot machines (4, Insightful)

Joe_Dragon (2206452) | about 2 years ago | (#40493551)

use the same system for slot machines
they go under lots of testing to make them hard to cheat them even to the point of shocking them.

Re:use the same system for slot machines (1)

Anonymous Coward | about 2 years ago | (#40493879)

The payout from slot machines can be monitored, and if it seems questionable then it can checked and/or scrapped. Tough to do that with e-voting machines, except maybe for the overall count of voters.

Re:use the same system for slot machines (5, Interesting)

rtfa-troll (1340807) | about 2 years ago | (#40493885)

Nobody actually knows how hard this is since nobody has ever actually succeeded in doing it, despite the fact that many people have tried. Here is another example:

use the same system for slot machines they go under lots of testing to make them hard to cheat them even to the point of shocking them.

This is one of the standard examples, the other given is bank machines. The average engineer/computer scientest will tell you this every time up to the stage of actually starting voting machine companies and spending millions on delivering machines which fail to be sufficiently secure. Just think about how much more hostile the voting machine environment

  • if you cheat a slot machine you can get a few hundred dollars - if you beat a voting machine you can controll F22 contracts worth US$66.7 billion
  • slot machines are run in an environemnt where you can watch the users - watching voters is illegal
  • you can see who wins on your slot machine and almost nobody cares - voters are supposed to be anonymous
  • slot machines are essentially static; the money is put in and taken out in the bar - voting machines have to be distributed to many locations
  • your slot machine will still earn money even if it is completely emptied several times a year - a voting machine only needs to lose once

It's true that the slot Las Vegas slot machine program is much better than any current voting machine goes through. That is outrageous. However, don't think that if you did follow the Las Vegas system that would be enough.

Re:use the same system for slot machines (2)

RobertLTux (260313) | about 2 years ago | (#40494017)

one "feature" that voting machines don't have that Vegas slots had back in the day

They used to break people for cheating the slot machines

Re:use the same system for slot machines (0)

Inda (580031) | about 2 years ago | (#40493917)

Why do people even need to walk to the polling station and use 'machines'?

I pay my bills online.
I do my banking online.
I order my shopping online...

Let me vote from my PC/Tablet/Phone/Generic_electronic_device

Deliver my voting slip to my door, just like you deliver my electoral registration form to my door by hand by an official goverment worker. Hell, you let me vote by post, ffs.

Crypto handshakes and hashes and keys and magic - it's all been done before.

UK only. Other countries may have different requirements. :)

Re:use the same system for slot machines (5, Insightful)

khendron (225184) | about 2 years ago | (#40494573)

I pay my bills online.
I do my banking online.
I order my shopping online...

And all those activities are the target of a significant amount of fraud. It is tolerated, though, because the savings outweigh the costs. You can't say the same for an election.

Re:use the same system for slot machines (1)

c0mpliant (1516433) | about 2 years ago | (#40494927)

And you think there isn't fraud in the voting system? The most easiest way you could do it is to register in a constituency to vote using the form thats sent out to houses in the lead up to elections without using the RFA3 form to transfer your vote from your original constituency. The reason a lot of people do this is because the form thats sent to each house just needs you to fill in the sections and then send it back in the post, postage free of charge. The RFA3 form requires you to fill it out, go to your local garda station and only your local garda station and get them to sign the form confirming you are who you say you are. Then to send it off to the local authority either in the post after paying for postage or drop it in yourself. People will generally take the path of least resistence and end up registered in two constituency. I really believe this is the only way that FF got anyone elected during the last election

Re:use the same system for slot machines (1)

Cinder6 (894572) | about 2 years ago | (#40495069)

Voting fraud is ridiculously easy (in California, at least): They don't even check your ID to make sure you're the person you say you are! Figuring out how to cheat the system on a wide scale is an exercise for the reader.

Re:use the same system for slot machines (1)

Paradise Pete (33184) | about 2 years ago | (#40494129)

use the same system for slot machines

The problem is that (unlike slot machines) there are conflicting goals - keeping verifiable totals while at the same time preventing any individual's vote from being revealed.

Re:use the same system for slot machines (1)

TapeCutter (624760) | about 2 years ago | (#40495599)

Trust is not a technical problem and slot machines are not transparent to all parties. The speed of a manual count is also not a problem. Basically electronic voting is fixing a problem that doesn't exist, like an electronic mouse trap it's expensive, unreliable, and pointless.

Re:How Difficult Is It Really? (-1)

Anonymous Coward | about 2 years ago | (#40493557)

I wiggle my ass, I wiggle my snap! Suddenly, slip'n'slide!

Fuckin' die now!

Re:How Difficult Is It Really? (-1)

Anonymous Coward | about 2 years ago | (#40493573)

not difficult at all. this is just a case of the wrong people making misinformed desicions

Re:How Difficult Is It Really? (2)

Hentes (2461350) | about 2 years ago | (#40493599)

Assuming that the goal is to make them secure, it's not easy. When someone has physical access to your machine you are already in a losing battle.

Re:How Difficult Is It Really? (1)

smooth wombat (796938) | about 2 years ago | (#40493779)

If you seal the machine, instead of having USB slots on the outside, that would go a long way to prevent tampering.

Not sure why you need to have an external connector available for anyone to use anyway, other than laziness on the part of the programmers and designers.

If they can seal an ATM, they can seal a voting machine. This truly isn't rocket science.

Re:How Difficult Is It Really? (2)

Grishnakh (216268) | about 2 years ago | (#40493955)

Wrong.

You don't give the voters access to the whole machine, you only give them access to the touchscreen monitor, and maybe some kind of keypad. If you were to be believed, then we wouldn't be able to use ATMs.

Now of course, as the other poster noted, this means you can't do stupid things like have USB or SD/MMC ports that are user-accessible.

When we talk about having "physical access" to a machine, that means the WHOLE machine, as in a desktop PC where you can put your hands on the tower case, plug in USB devices, open the side panel, unplug the hard drive and put it in another system to access it, etc. Having the system locked inside a kiosk where you'd need a plasma torch to open it, and only having a touchscreen accessible to users, is NOT the same thing.

Re:How Difficult Is It Really? (1)

mehrotra.akash (1539473) | about 2 years ago | (#40493609)

I guess its the anonymity requirement of the vote that makes it difficult
Otherwise, ATM's are secure, and the same technology could be applied to voting machines

Re:How Difficult Is It Really? (1)

azalin (67640) | about 2 years ago | (#40493765)

I guess its the anonymity requirement of the vote that makes it difficult Otherwise, ATM's are secure, and the same technology could be applied to voting machines

Do you have any idea how much money is stolen every day by using duplicated bank cards? ATMs are not secure enough for this.

Re:How Difficult Is It Really? (2)

Grishnakh (216268) | about 2 years ago | (#40494041)

That's because ATMs are stuck using 70s or 80s technology, namely easily-copied mag-stripe cards with crappy 4-digit PINs, with no encryption used at all. It's not the fault of the ATMs, it's because the whole industry refuses to move to a more secure access device. It's amazing that more money isn't stolen every day.

There's no requirement that voting machines use the same crappy access mechanism. In fact, the access mechanism would be totally different, because of the anonymity requirement; I'm just guessing, but if it's like the elections (which only use optically-scanned cards) I've voted in, you first have to go past one panel of people with your state ID so they can verify you're registered to vote in that precinct and cross your name off, and then they give you a card so you can vote on an anonymous form or machine. With e-voting, they'd just need to give you some sort of access card, or even not at all, just let you use the machine since only verified voters should be allowed to walk up to it and make a vote. It's not like these e-voting machines will be out in dark parking lots at night with anyone allowed to walk up to them.

Re:How Difficult Is It Really? (1)

aztracker1 (702135) | about 2 years ago | (#40494615)

I was thinking something similar... taken a step farther... if the system registers that the voter voted against one system, and the actual vote group to another system, with no correlation data between the two available, it would be reasonable to have online voting... would just need to ensure that both the registration that the person voted, and the record of the vote are separate... give the voter a token, that can be checked against their own vote record, but doesn't tie that token to their id, or that they have voted.

Re:How Difficult Is It Really? (1)

Grishnakh (216268) | about 2 years ago | (#40494929)

I think some other posters here have a good point that this whole thing really can't work very well. Technically, it could, but the potential for abuse is too great; while you could use encryption to keep things anonymous as you say, the problem is that very few people really understand that, so basically the population is trusting a very small number of people that the voting system is fair and not rigged. We've now tried electronic voting with private companies, and it's been a disaster, because these companies can't be trusted, and in most cases aren't even technically competent. Sure, some good engineers and encryption experts could get together and assemble a really good voting system, but they're not; they're all working at other places, and instead we have crappy companies like Sequoia slapping together some piece-of-shit systems that can't be trusted at all. With plain paper ballots, we don't have this problem: any bunch of regular citizens can get access to the ballots and count them themselves. Sure, it's slow, but it doesn't take an expert to do it, and you don't have the keys to democracy in the hands of some private corporation that may have a vested interest in who wins.

Re:How Difficult Is It Really? (3, Insightful)

pegasustonans (589396) | about 2 years ago | (#40493611)

How truly complex is the problem they're trying to solve?

Nothing that an old-fashioned optical scan ballot couldn't handle.

In other words, using the machine was a solution looking for a problem (and causing numerous problems of its own).

Re:How Difficult Is It Really? (0)

Anonymous Coward | about 2 years ago | (#40493727)

If it's like the US, it was a solution to the very well-defined problem of the "wrong" people winning elections.
Our routine election-verification tests are centered around detecting ballot-stuffing, not
vote-flipping [google.com] , because conventional ballots are hard to alter for a different candidate. All-electronic voting systems, however, make flipping trivial.

Re:How Difficult Is It Really? (1)

aztracker1 (702135) | about 2 years ago | (#40494635)

In us-AZ, the ballots are optical scan AND have the person(s) you are voting for printed on the ballot... scanning is digital, and there is a physical record... works very well.

Re:How Difficult Is It Really? (2)

Shagg (99693) | about 2 years ago | (#40494311)

In other words, using the machine was a solution looking for a problem

E-voting machines definitely solve a problem. It's just that the public's definition of a problem, and a politician's definition of a problem aren't the same thing.

For example, if you want to steal an election, physical paper voting/counting makes it very difficult to effect a large number of votes without having a lot of different people involved (greatly increasing the risk of the public finding out). E-voting machines definitely solve that problem.

Re:How Difficult Is It Really? (3, Insightful)

alteridem (46954) | about 2 years ago | (#40493647)

I believe it is actually more difficult than it would appear, mainly because you need to give people access to the machine to enter the candidates and when you do that, you are potentially giving them access to do other things. That said, the problem is not insurmountable. I would suggest open-sourcing the software and the hardware design. There are enough people that are interested in this problem that I expect that it would be well supported and potential security flaws found and fixed quickly. It would also greatly reduce the development costs. We would still need companies and governments to work together to build and certify the machines, but everyone could be working off a common, open blueprint.

Re:How Difficult Is It Really? (1)

aztracker1 (702135) | about 2 years ago | (#40494677)

Wish I had mod-points for this... for that matter, you could go to a polling site, and show your ID, they can check that you are registered, and give you a token to access an https website and cast your vote there... without correlation between your registration, and the vote token, it can be recorded, and you can check your token against the recorded vote later.

Re:How Difficult Is It Really? (5, Informative)

Confusedent (1913038) | about 2 years ago | (#40493651)

Here's what Schneier said about it in 2004:

"Computer security experts are unanimous on what to do. (Some voting experts disagree, but I think we’re all much better off listening to the computer security experts. The problems here are with the computer, not with the fact that the computer is being used in a voting application.) And they have two recommendations:

DRE machines must have a voter-verifiable paper audit trails (sometimes called a voter-verified paper ballot). This is a paper ballot printed out by the voting machine, which the voter is allowed to look at and verify. He doesn’t take it home with him. Either he looks at it on the machine behind a glass screen, or he takes the paper and puts it into a ballot box. The point of this is twofold. One, it allows the voter to confirm that his vote was recorded in the manner he intended. And two, it provides the mechanism for a recount if there are problems with the machine.

Software used on DRE machines must be open to public scrutiny. This also has two functions. One, it allows any interested party to examine the software and find bugs, which can then be corrected. This public analysis improves security. And two, it increases public confidence in the voting process. If the software is public, no one can insinuate that the voting system has unfairness built into the code. (Companies that make these machines regularly argue that they need to keep their software secret for security reasons. Don’t believe them. In this instance, secrecy has nothing to do with security.)

Computerized systems with these characteristics won’t be perfect -- no piece of software is -- but they’ll be much better than what we have now. We need to start treating voting software like we treat any other high-reliability system. The auditing that is conducted on slot machine software in the U.S. is significantly more meticulous than what is done to voting software. The development process for mission-critical airplane software makes voting software look like a slapdash affair. If we care about the integrity of our elections, this has to change."

Source. [schneier.com]

Re:How Difficult Is It Really? (1)

Anonymous Coward | about 2 years ago | (#40493945)

It's not possible.

There is no possibility to check if the firmware has been altered, be it a fully electronic machine, or a ballot scanner.

Moreover :
>> Either he looks at it on the machine behind a glass screen, or he takes the paper and puts it into a ballot box

1) if it looks at it then the "trail" stays in one piece, which means a third party can easily follow the paper roll and count the number of people who used that machine to find out the vote of a person : anonimity failed
2) if he puts it into a ballot box, we call that paper voting, coz it is nothing else than paper voting with just a fancy printer.

Re:How Difficult Is It Really? (1)

Confusedent (1913038) | about 2 years ago | (#40494153)

As to the first one, build the machine to randomize the order of the paper ballots. As to the second one, the only reason (I think) to have a paper ballot is in case there is a recount. If the vote comes down 70/30%, the odds that the so many have been miscounted out of a population of hundreds of millions is pretty low. If it ends up like Florida in 2000, or if there are later suspicions/accusations/whatever about the voting machines, then you do a careful manual recount of the paper ballots. I'm by no means an expert on this, I'm just regurgitating what guys like Schneier have come up with.

Re:How Difficult Is It Really? (1)

Imrik (148191) | about 2 years ago | (#40494557)

Putting it into the ballot box doesn't mean you have to count the paper ballots, they're just there if anyone wants to verify the machine's results.

Re:How Difficult Is It Really? (1)

del_diablo (1747634) | about 2 years ago | (#40494607)

Just have all the printed out "counts" to have 3 forms of hases to find out what firmware they are running. MD5 perhaps, and a few others?

Re:How Difficult Is It Really? (1)

xs650 (741277) | about 2 years ago | (#40495185)

That goes against the primary objective of computerized voting machines, which is to throw elections the direction the people controlling the function of the machines want is to come out.

Re:How Difficult Is It Really? (2)

Sperbels (1008585) | about 2 years ago | (#40493695)

Is there something I'm missing that would make it difficult to have a kiosk with an imaged system that's been certified, locked down, and can print out results, without it being easy to tamper with or easy to fudge the numbers of?

Yes. What you're missing is that the people making them/buying them didn't want secure machines. They wanted something they could tamper with.

Re:How Difficult Is It Really? (2)

azalin (67640) | about 2 years ago | (#40493821)

Yes. What you're missing is that the people making them/buying them didn't want secure machines. They wanted something they could tamper with.

I still have enough faith in humanity left to blame it on stupidity, ignorance, carelessness and greed.

Re:How Difficult Is It Really? (2)

unwastaken (1586569) | about 2 years ago | (#40494145)

Yes. What you're missing is that the people making them/buying them didn't want secure machines. They wanted something they could tamper with.

I still have enough faith in humanity left to blame it on stupidity, ignorance, carelessness and greed.

Read this [slashdot.org] and then tell me whether you still feel like that.

Re:How Difficult Is It Really? (1)

bzipitidoo (647217) | about 2 years ago | (#40494735)

the people making them/buying them didn't want secure machines

I agree. The technical problems are the lesser difficulty. They are all solvable problems.

It's corruption that's really hard. There are always some who think they can use a situation like this to pull something unethical, hiding all the evidence so no one can be sure what happened. They're the ones fighting hard to keep as much as possible hidden. There is no excuse for keeping the software of a voting machine closed. So why did Diebold refuse to release source code? At least try to reduce the appearance of corruption? Maybe because they really were cheating and rigging votes? In which case releasing the source code would reveal the smoking gun. Diebold made themselves the perfect target for such suspicions. Added even more to the smoke (and fire?) by being blatantly partisan with their own political preferences. Diebold's reputation got so bad they sold their voting machine business.

Re:How Difficult Is It Really? (0)

Anonymous Coward | about 2 years ago | (#40493697)

. How truly complex is the problem they're trying to solve?

As I see it there is no problem to solve. Pen and paper works just fine.

Berite Ahern, the former Irish prime-minister (who pushed for the machines) was very condescending about the old (and existing) system referring to "stupid old pencils", but modernization for the sake of modernization, is not a valid argument.

Perhaps the real motivation was to grant a 50+ million euro contract to someone willing to give him a brown envolope, the Irish euphemism for a bribe. This was the same guy who while serving as the Irish finance minister claims he did not have a bank account. Apparently he prefers cash :-)

Re:How Difficult Is It Really? (3, Insightful)

EnergyScholar (801915) | about 2 years ago | (#40493709)

It's really, really difficult to secure electronic voting machines and the associated system. Close to impossible. Worse, what's the point? Seriously, electronic voting does nothing new, and adds many new vectors for systemic fraud. It's a losing proposition, unless you wish to defraud the voting system, in which case it's a win.

Re:How Difficult Is It Really? (3, Insightful)

Skapare (16644) | about 2 years ago | (#40494473)

Electronic voting speeds up the results. But it's only the new media that wants that.

The design I proposed was a triple path election system. There would be simple machines to vote at that produce three "results": paper, storage, and communication. But it is the paper result that counts. The stored results (on a CF card) are just for verification. The communicated results are just for the media. The paper result is actually handed to the voter. It will be printed in clear text with the names of who they voted for, and a bar code or QR code to checksum the vote. They take the paper over to the ballot box area. But first, the paper is scanned by a reader right there. Then the paper is inserted into the sealed ballot box. The scanner also stores results and transmits these results separately, which are cross checked. The official results will be the paper count. But the electronic results satisfy the media hunger for instant answers.

Re:How Difficult Is It Really? (2)

Bookwyrm (3535) | about 2 years ago | (#40493743)

The effort and cost of designing such a thing is one aspect. *Verifying* that the actual manufactured item is tamper-proof, accurate, etc. is another. For instance, if you have to secure your entire supply chain to make sure none of the components involved might have been compromised or substituted due to cost cutting (keep in mind that this does not have to be someone trying to skew the vote on purpose, it could be someone being cheap or lazy and producing something prone to errors,) then that aspect can take quite a lot of time and effort.

It's not just designing the box. It's designing the box and the entire process such that not only the box but the process of making the box can be audited through out the life-cycle of the box and its operation. (And there might be some level of who audits the auditors, etc. What happens if a part must be replaced by a different part because of a supply chain problem -- does everything need to be re-certified, etc.)

That's not cheap or simple. It's not the design, it's the process and logistics.

Re:How Difficult Is It Really? (1)

Nethead (1563) | about 2 years ago | (#40494897)

*Verifying* that the actual manufactured item is tamper-proof, accurate, etc. is another.

Just give it to Bev. [http] She'll gladly verify it for you.

That depends on your limitations (3, Interesting)

Casandro (751346) | about 2 years ago | (#40493771)

Building a voting computer which satisfies the demands for a democratic election is near impossible.
Since fraud needs to be detectable even by single uneducated voters, there minimum security would be like this:

1. Get at least 80% of your voters a degree in Mathematics and Cryptology. They need to be able to verify all the algorithms used in the process.
2. Get at least 80% of your voters fluent in reading machine code off microscope images of ROM chips.
3. Get at least 80% of your voters good at re-engineering micro controller systems from silicon up in a reasonable timespan. (e.g. 30 minutes, this might require genetic engineering)
4. Develop a form of computing device which is transparent.

The big point is, it's not enough if we have some "perfect" voting computer which 10 specialists attest to be "perfect". For a democratic election everybody who is allowed to vote must be able to check the system for fraud. With a simple pen and paper system that is trivial. You just sit at the polling station, check that only single sheets are handed out to the voters. You also check that the voting urn is empty when the voting starts and that everybody just puts in his single sheet into it. Then you check the counting for miscounts and people trying to hide votes. The total number of votes can be compared in different ways.

So everybody involved in it can check it. There is no secret knownledge involved. You can come up with the points I just wrote by yourself. You can even find the points I was missing. That's the minimum standard for voting systems, and it can be settled by the cheapest way to conduct elections, pen and paper. Why on earth should we spend a lot of money for much worse systems?

Re:That depends on your limitations (1)

Nadaka (224565) | about 2 years ago | (#40493971)

According to the CEO of Diebold, voting machine manufacturer, that verifiability is a defect. How can he promise to deliver victory to republican candidates if he does not have a way to tamper with the votes?

Re:That depends on your limitations (0)

Anonymous Coward | about 2 years ago | (#40494039)

Back home we use an optical scan system. Just fill in the bubble with a dark pen and it gets scanned through a machine. If you make a mistake you just X it out and fill in the one you meant. The counting itself is done in a large room with tables that don't have drawers that has glass walls all around it and where the public can watch the count proceeding.

It was put in place because conservatives were whining about the vote count stealing statewide races. It turns out that they were being robbed by the voters that were voting against them.

I'm not sure how much more secure you can get than that. Sometimes technology isn't the solution to the problem.

Re:How Difficult Is It Really? (1)

archen (447353) | about 2 years ago | (#40493785)

That seems like circular logic. If they could be certified, and locked down they would be. As it stands now it's been shown that the e-prom can be replaced and thus the machines can't be guaranteed of security at the hardware level. Keeping in mind that these machines are intended to talk to something at the other end, and that part would also probably need modification. Tthe whole system was poorly thought out. It sounds like a lot of money wasted, but how much more should Ireland dump on it before they decide it's not going to work? See New York city Fog Creek debacle originally slated to cost about $83 million that went on to over $500 million.

Re:How Difficult Is It Really? (1)

cr_nucleus (518205) | about 2 years ago | (#40493793)

Electronic voting will always be a democratic failure because there's simply no way to actually check the result without an output from the system itself (wich is therefore also tainted).

This is not an engineering problem, period.

Re:How Difficult Is It Really? (1)

dremspider (562073) | about 2 years ago | (#40493847)

The rule in security is one thing.... if I can touch it, I can break it... period. The problem with the voting process is you have to trust A LOT of people who all have very mixed motives. These machines need to to be transported to their polling place, set up by humans, then used by people. And to top things off, there is a lot of payoff if you can tamper with these machines. Voting also has a major problem, you don't want to be able to monitor them. Securing these systems well (not perfectly) could be done and the damage could be limited when they are tampered with it just isn't monetarily practical nor does it fit in well with democratic ideas such as anonymous voting. Implementing policies such as a device must be locked in a secure location at all times in a box that requires multiple keys to open and is guarded by at least 2 people would help fix a lot of the problems but would make the process so ridiculously expensive it would be insane. The answer to "securing" the vote is TO NOT TRUST THE MACHINES. Something simple like a printout that the user is given that can then be verified by the user and is then run through a well guarded tally device would go a long way to fixing a lot of the problems.

Re:How Difficult Is It Really? (1)

Grishnakh (216268) | about 2 years ago | (#40493913)

It's not that difficult, but it does require a team of competent engineers, so it does require some money and time. Apparently, the company the Irish government purchased these machines from lacks that.

Re:How Difficult Is It Really? (1)

Shagg (99693) | about 2 years ago | (#40494195)

It seems like this is something that engineers could have designed to be foolproof by now

Are you sure they're supposed to be foolproof?

Re:How Difficult Is It Really? (1)

Anonymous Coward | about 2 years ago | (#40494509)

The problem, I think, is that people want to make sure "the right process happened" but all you can ever get is "the right data resulted." It's trivial to prove that someone can tamper with a voting machine in such a way that it behaves exactly as it should, except in vote tallying. Maybe you recount verified paper ballots, but maybe you don't do that in all districts (because it's expensive, and you might only need to cheat by 1% to swing an election, which makes the modified districts hard to detect), and if you do it everywhere, what has the machine accomplished? The problem is that, at the end of the day, all you have is a pile of data -- you can say "this is the record the machine produced at noon, and this is the one at 5pm" but you can't say "this is what the machine was doing at noon, and this is what it was doing at 5pm."

The solution to this is to focus less on process and more on data. An easy example of this (which should show why we don't do it):

1) Government creates very strong public/private keypair.
2) Government distributes public key on massive scale.
3) Government allows citizens to appear at town hall with good ID (passport, maybe?) to have their own key signed by government key.
4) Citizens MUST NOT publicize this key.
5) At voting time, citizens generate a large, random chunk of data. They save this for later. They also append the plaintext vote to it, and encrypt the whole thing with the government's public key. Finally, they sign the whole thing with their own private key.
6) The government verifies incoming signatures against their list of citizens' public keys. Bad signatures, or signatures for unrecognized keys, are discarded. They then decrypt the vote using their private key. They then count the votes, as well as publishing an aggregation of the remaining data (vote + random data).
7) Citizens look at aggregated data for their vote. They can verify it because the random data they saved for later will appear next to it.

Benefits:
1) You can't vote if you're not registered.
2) You can't figure out who a specific person voted for, unless you have access to the raw vote data and government key list.
3) Vote counts are accurate.
4) Each voter can verify their own vote.

Drawbacks:
1) New requirements for voting: ID, willingness to register encryption keys, access to computer for generating/saving encryption keys, ability to protect encryption keys, way to get encrypted vote to government (internet, thumb drive).
2) If the government key is stolen, the election is stolen. Note that the government's public key is, in fact, public, so it is only a matter of time until it is cracked. The amount of time may be acceptable (one billion years) or unacceptable (10 years), and that amount may change as the fields of cryptography and computer hardware advance.
3a) If the government throws away the signed vote after checking it, they can publish an aggregated vote list with dummy entries and rig the election, and no one can verify otherwise.
3b) If the government does NOT throw away the signed vote, anyone who recovers it and the government-signed key list can figure out who voted for whom.
3c) This applies on a small scale as well -- if you know someone's public key, and they vote online, and you tap their connection, you can monitor their vote.
4) Incredibly expensive investment in infrastructure.

While many of these issues are the same, or worse, in traditional systems, the risks and expenses make "the devil you know" very attractive.

just because they could be hacked? (-1)

Anonymous Coward | about 2 years ago | (#40493593)

the america's Republi-con party will be snapping these up and putting them to use in the heavily democratic precincts. oh wait they already have, Debold makes them and the companies owner has guaranteed "positive" results for the cons.

Re-refurbished Louisana Voting Machines (0)

Anonymous Coward | about 2 years ago | (#40493601)

I hear Mexico has some Re-refurbished voting machines they purchased from Louisiana after we got "updated" touch voting machines.
Apparently they were really upset when Edwin Edwards [wikipedia.org] was elected as President of Mexico.
I am sure they would be willing to sell them really cheap.

I look forward to the official statement (2)

poetmatt (793785) | about 2 years ago | (#40493621)

I can just see it now:

"Did we get screwed? I think so"

while the reality is "Maybe we should have researched this before investing"

Interesting Maths (2)

AlastairMurray (537904) | about 2 years ago | (#40493629)

all 7,000 will now be scrapped for €70,000 (just over nine Euros each).

I suppose €10 is just over €9.

Re:Interesting Maths (1)

91degrees (207121) | about 2 years ago | (#40493711)

In other news, the Independent has deemed its stock of pocket calculators worthless because they can't get the right answer to siple calculations.

(Actually there were 7500 of them, going for â9.30 each but where's the fun in that?)

Re:Interesting Maths (2)

rtfa-troll (1340807) | about 2 years ago | (#40494267)

If you had READ the FINE ARTICLE; you would know that 7000 == 7500 and 9 == 9.30 and 70,000 == 70,267. Typical careless rounding of the type that can easily get the wrong person elected..

So basically what you're saying is... (1)

dohzer (867770) | about 2 years ago | (#40493657)

... because they could be compromised, they're worthless?

Yes (0)

Anonymous Coward | about 2 years ago | (#40493969)

Not because they can be compromised.
But because they cannot be proven uncompromised.

Re:So basically what you're saying is... (1)

Immerman (2627577) | about 2 years ago | (#40495511)

Yes.

More precisely they're worthless as voting machines because they're considerably easier to compromise than the pen-and-paper alternative, and it would be almost impossible to detect. Since it appears these specific machines are special-purpose devices without a lot of other applications that pretty much reduces them to scrap value.

Not guaranteed safe from tampering? Nae! (1)

mistaryte (2446492) | about 2 years ago | (#40493685)

They were really scrapped because they did not dispense a shot of Jameson's after vote completion.

Re:Not guaranteed safe from tampering? Nae! (1)

Chrisq (894406) | about 2 years ago | (#40493949)

They were really scrapped because they did not dispense a shot of Jameson's after vote completion.

That would be one way to guarantee a 100% turnout

refurb/rebrand/resell (1)

Sooner Boomer (96864) | about 2 years ago | (#40493795)

Touch screen computers from Ireland? Sell them as the "New iTablets*", and "not from that fruit company either!". At 20E a piece, you could *double* your money!

*Irish Tablets, thank my Lucky Charms!

Re:refurb/rebrand/resell (1)

JDG1980 (2438906) | about 2 years ago | (#40493943)

Touch screen computers from Ireland?

If there were flat-panel touch screens, or even regular flat-panel color LCD monitors, then the units would probably have been worth more than 9 euros each. I did a search and found some photos of these machines (there's one at the top of this article [thesun.co.uk] ) and they don't have any of this. There is only what appears to be a two-line, character-based, monochrome LCD display, with a big row of labeled pushbuttons and corresponding LEDs below it. Cheap, generic, largely worthless hardware.

Re:refurb/rebrand/resell (0)

MickLinux (579158) | about 2 years ago | (#40494759)

Well, considering that the Irish used those very voting machines to vote out the "pro-bailout european banks" politicians, I think they did very well with what they had.

On the other hand, considering the folks they voted *in* (the "let the investors who make bad investments bear their own loss" politicians) immediately turned around and bailed out the European banks, maybe they were worthless after all.

Yeah. I'd probably say they shouldn't be valued at more than 9 euros [and a bronx cheer] each.

an outline for a secure voting machine (2)

RobertLTux (260313) | about 2 years ago | (#40493893)

1 have as little of the OS loaded as possible
2 the OS image should be on a readonly image (with the image FIXED no later than 14 days before an election)
3 the poll info should be on a separate image (also readonly)

the voting screen should have a hash of both images on a "rail" at the bottom so that both can be verified at random

when you vote your vote info should be etched on a metal plate (each one should be given a serial number and accounted for) that holds X votes. Also a printout should be presented to you so you can verify your votes.

if any issues show up then you
1 count the info from the plates
2 count the info from the voter "chits"

and then deal with any problems as needed (good luck tampering with all three counts)

of course then we will need to deal with the Vote Early Vote Often problems in some areas but...

Re:an outline for a secure voting machine (2)

JDG1980 (2438906) | about 2 years ago | (#40494047)

1 have as little of the OS loaded as possible 2 the OS image should be on a readonly image (with the image FIXED no later than 14 days before an election) 3 the poll info should be on a separate image (also readonly)

For such a simple application, why use an OS at all? Wouldn't it make more sense to run on bare metal on a microcontroller?

Re:an outline for a secure voting machine (1)

RobertLTux (260313) | about 2 years ago | (#40494711)

well if you could get all the bits crammed into a microcontroller then yes but even a simple (like win95 level) OS could work the point here is to have as little as possible running (so no Network Stack at all).

Re:an outline for a secure voting machine (0)

Anonymous Coward | about 2 years ago | (#40494905)

Metal plates?

I was just thinking that the machine should be pre-loaded with a unique random number for each vote. Store the voted ballot in the machine, with the random number part of the ballot.

Print a receipt with the random number on it.

Post the votes and the random numbers online. Anonymity is preserved, because you just have random numbers next to votes. You don't have timestamps, the polling place, or any other data. When the random numbers and ballots are dumped from the machine to the server (the machine is not connected to the net while voting) the polling place data are not preserved. That's about as anonymous as you can get; probably more anonymous than paper ballots.

Voters can then verify their votes online by keying in the random number.

Oh, BTW, anybody attempting to enforce contracts in their .sig agrees to pay my attorney for reviewing the contract. He charges $500/hr, minimum 1 hr for each contract reviewed.

No verification? (1)

hendridm (302246) | about 2 years ago | (#40493939)

they could not be guaranteed to be safe from tampering [...] and they could not produce a printout so that votes/results could be double-checked.

Well, whose dumbass idea was it to leave that out of the spec? This is voting we're talking about. It's ALWAYS scrutinized.

Hi! (0)

Anonymous Coward | about 2 years ago | (#40494001)

This is very old news. These machines were on track to be scrapped as they are crap and open to corruption. Move along.
BTW, I'm Irsh. nice to meet you!! Paper trail place. Any Socialist Republicans left in the world - yay!

Repurposing e-voting machines? (2)

oneiros27 (46144) | about 2 years ago | (#40494105)

At the very least, all of the e-voting machines that I've seen have touch screens. I would think that someone could be able to get these for pennies on the dollar, and find a way to use the parts to build kiosks for other purposes.

The CPUs might not have the necessary power for much, but if it's just a lookup & display system, it shouldn't require much.

Re:Repurposing e-voting machines? (1)

Nethead (1563) | about 2 years ago | (#40494931)

I would think that someone could be able to get these for pennies on the dollar...

It sounds like someone did.

Re:Repurposing e-voting machines? (1)

bussdriver (620565) | about 2 years ago | (#40494933)

You must have no experience with government. Their easiest way out would be a gov auction like we sometimes have - problem is you have to be setup to do those to make them worth it and by the time we have enough junk to do an auction the gear has been sitting around for years - making computer gear kind of useless.

Then there is all the oversight and paperwork involved in doing anything. There is always some official wanting to flex their oversight muscle to show they are protecting the public and since they are most likely crooks they are looking for easy examples to distract from the real stuff they are pulling.

Politics: if something is a failure it is preferred to destroy all evidence of the failure rather than allow some wiseguy investigating and pointing out in detail what went wrong ("how dare they tell us how and why we failed!" the deciders all have such egos they never can handle critiques.) Security often means covering your own ass.

Re:Repurposing e-voting machines? (1)

oneiros27 (46144) | about 2 years ago | (#40495203)

You must have no experience with government

I've worked as a contractor for the federal government for the last 8 years, I've been a municipal elected official for the last 4 years, I was chief election judge for the same municipality for 4 years, I did two years of contracting for a state government, and I interned for three summers in high school with the DoD.

So, I actually *do* know how these things work ... and all it really takes it one person who knows what they hell they're doing to get these things straightened out.

In my case, the location that I work has an 'excess warehouse' ... which, given the right person to sign off on the paperwork, I've been able to go down there and acquire old computer equipment to repurpose in different roles. (one of which required me going through the higher up 'I can't believe they still have this stuff around' shelves to try to find a working 21" CRT monitor that met certain size & weight distribution requirements)

Given the right people to do this, you could have those things repurposed and placed into government buildings for people to figure out which floor they need to go to for different issues; what courtroom for specific cases; card catalog lookups in libraries; etc.

Secure and anonymous (1)

ColdCat (2586245) | about 2 years ago | (#40494211)

Secure and anonymous at the same time is the challenge.
And as every actual technical solution will be always worse than paper.
Better stay with paper

1 bug in machine=all people vote suspicious
1 "bug" in paper=1 paper ignored

Why did they buy 7000? (0)

Anonymous Coward | about 2 years ago | (#40494423)

Why did they buy 7000 of them instead of just two or three for testing purposes to figure this out?

Bet you 70,000 euros... (0)

Anonymous Coward | about 2 years ago | (#40494501)

...that the state of South Carolina is the one buying them at a discount. Voter accuracy? Pshaw. What do we care?

Thanks for the memories Bertie (0)

Anonymous Coward | about 2 years ago | (#40494675)

The voting machines are former Irish Prime Minster Bertie Aherne's baby. I remember him in 2002 chastising those in parliament who were distrustful of them, he was almost angry that people would have the temerity to question The Machine. Unlike Bertie's economic policies, this thankfully never lived long enough to do any damage.

Why not print SAT style bubble-sheets? (0)

Anonymous Coward | about 2 years ago | (#40494689)

I'm wondering if we are being way too technical in our solution. How about a machine that translates your touch-screen choice into a printed page representing your vote like on a school style bubble test. So you put your choices in the touch screen and the machine prints a page that has the list of candidates and a bubble next to the one you chose. It can be clearly verified that the bubble appears next to the choice you made. Then you put this into the same style reader that is used in many places today. The paper copy is easily verified by the voter, recounts are possible, and it relies on basically existing technology.

A new low in arithmetic? (0)

Anonymous Coward | about 2 years ago | (#40494971)

"all 7,000 will now be scrapped for €70,000 (just over nine Euros each)"

To all those who though "WTF, €10!" and didn't bother RTFA, it's actually 7500 machines at 9.30 Euros each and the total is close enough ;)

What a waste (0)

Anonymous Coward | about 2 years ago | (#40495505)

I'm sure some US precincts would have paid at least 10 EUR for them!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...