So you think tamperable voting machines are a US-only problem huh? Here’s an interesting report (English) from the website wijvertrouwenstemcomputersniet.nl (we don’t trust voting computers). I like the part where the manufacturer Nedap states “I’d like to see proven that it is a general computer so it can play chess” and the guys actually make it do that. Too funny. While the software is not written badly and a ton of redundancy is build into the systems, the basic root problem is the whole “security by obscurity” design. And don’t say they should build it on non standard hardware. It will only deepen the problem. A quote.
In contrast Jan Groenendaal, the maker of the ES3B software, in 2006 says:
“However Open Source or publishing the source code provides opportunities for dubious characters and unfortunately election and election fraud are both as old as democracy itself. The fact that only few people have this knowledge can also be interpreted in a positive light. If something goes wrong one quickly knows where to look, and this mere fact is a deterrent for willful manipulation (inside attack)”
This reasoning is a clear example of a controversial design practice often dubbed Security By Obscurity: the inner workings of his system need to remain secret to protect our elections from “dubious characters”. Many of the poor design choices that underlie the ES3B’s security problems can be excused against the backdrop of the 1980s, when fewer options were available to system designers and many of the present-day security concerns had not yet surfaced. But given that Dutch democracy now completely depends on his technology, the fact that Groenendaal’s 2006 viewpoints on security are so far removed from the general consensus in the computer security community is cause for concern.
What is funny in relation to this quote is that the secret keystroke sequence to enter maintenance mode on the computer is the word GEHEIM. yes, you got it, SECRET in Dutch. Oh man!
btw Nedap, the main contractor and hardware builder is a key supplier of RFID technology and look-alikes, such as door openers, theft detecting gates and even cow-labels, so the computer can identify the feeding animal and dispensing the calculated foodstuff.
Update: Things are seriously heating up now, commercial television on the 5th, public radio on the 10th. Denial mode from the administration and the manufacturer is slowly coming around. And more facts are popping up. Random selection:
- In Amsterdam, election officials were being instructed by a private party. In essence, the administration has outsourced the elections (and has no way to verify them).
- A court case is being prepared by the foundation I mentioned above.
- They are also organizing for people to go cast their vote in the last 10 municipalities in the country that still vote using red pencil and paper (one can by law change voting office).
- I personally asked questions in writing to my local municipality, no response yet.
- I will have a remark made in the official report of my local voting office, which I urge any Dutch reader to do. It is secured in the law, see above mentioned website.
No worries, I will keep on breathing.
Update: One of the two machine types (SDU, that used a wireless modem, eeww!) has been disapproved by the government. Amongst others, Amsterdam is going to vote with pencil and paper.