×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Researchers Demo Hardware Attacks Against India's E-Voting Machines

timothy posted more than 4 years ago | from the only-the-good-guys-bother-to-explicate dept.

Government 179

An anonymous reader writes "India, the world's largest democracy, votes entirely on government-made electronic voting machines that authorities claim are 'tamperproof,' 'infallible,' and 'perfect,' but last week security researchers proved that they can be manipulated to steal elections. A team led by Hari Prasad, Professor J. Alex Halderman, and Rop Gonggrijp released an awesome video that shows off hardware hacks they built. These machines are much simpler than e-voting designs used in the US, but as the research paper explains, this makes attacking the hardware even easier. Halderman's students at the University of Michigan took only about a week to build a replacement display board that lies about the vote totals, and the team also built a pocket-sized device that clips onto the memory chips, with the machine powered on, and rewrites the votes. Clippy says, 'It looks like you're trying to rig an election ...'"

Sorry! There are no comments related to the filter you selected.

FIRST POST! (-1, Redundant)

Vegemeister (1259976) | more than 4 years ago | (#32152886)

FIRST POST! iopuhfg weragiophiophmwragio[h ih rio[hio[ io[h ih g

In Soviet Russia, (0)

Anonymous Coward | more than 4 years ago | (#32153488)

the hardware attacks you!

Looks like Diebold has some new competition! (1)

toby (759) | more than 4 years ago | (#32152896)

Oh, sorry, "Premier Election Solutions"...

Re:Looks like Diebold has some new competition! (1)

human.american (1808158) | more than 4 years ago | (#32153156)

funny. I think what they've got is superior. further: http://www.youtube.com/watch?v=ZlCOj1dElDY&feature=player_embedded [youtube.com] a 'security analysis'/expose' on e-voting. I take the position that paperless is no better than some e-voting and worse than papered voting with follow-up confirmation [by mail, for example] in getting the best estimate of the will of the most stable popular majority. I would like to point out... that just as the 'man behind the curtain,' elections are as honest, or almost as honest, as the transporters, counters, reporters... others [not to include technicians]? Also, the "LOW-tech" seals are better than other methods, relying on both the physical manipulation of material in such a way that passes non-skeptical [casual] scrutiny [by many], as well as requiring "on-location hacks" for each tampered machine. I notice each of the voting machines on this video must be physically manipulated [including breaking visually-obvious, less-than-generic physical seals] as well as physical tamperage. I do note than the procurement of devices used in voting and the knowledge of virus-laded chips making factory lines adds an uncomfortable factor favoring paper to paperless, in this case. I am reminded that the Indian census takes 'head-shots,' thumbprints and [not blood samples], but names of the most reclusive they are able to contact to complete government survey. ...So I will.

Re:Looks like Diebold has some new competition! (1, Offtopic)

Ihmhi (1206036) | more than 4 years ago | (#32153416)

You know, the ATM I use nearly every day is made by Diebold.

It's an awesome little ATM. I'm nowhere near rich or even financially secure, and the ability to be able to withdraw money by an exact dollar amount ($6 for breakfast? I can take out exactly six bucks FUCK YEAH) is very appealing. The machine has been down exactly once in the three years I've been using my bank and there has never been any problems with it (save for the time it ate my card while I took to long counting the money - my fault, not the machine's).

This nice little ATM leads me to believe that the only reason the Diebold election systems were so shitty was because they were deliberately designed that way per request or they didn't use whichever competent people engineered their ATMs.

Re:Looks like Diebold has some new competition! (2, Insightful)

Eivind (15695) | more than 4 years ago | (#32153502)

There's a much simpler reason.

The people ordering ATMs, care a great deal more about their correct and secure operation, than the people ordering voting-machines.

Re:Looks like Diebold has some new competition! (1)

NickFortune (613926) | more than 4 years ago | (#32153820)

The people ordering ATMs, care a great deal more about their correct and secure operation, than the people ordering voting-machines.

Maybe.

Or maybe they just notice quicker when they get cheated on a daily basis than when it happens once every four years. The fact that the user can verify the ATM transaction probably speeds awareness, as well.

I think ignorance is more plausible than apathy in this case.

Re:Looks like Diebold has some new competition! (1)

digitig (1056110) | more than 4 years ago | (#32153830)

Well, if the Diebold systems are alleged to be built by Republicans to be rigged for a Republican win, we have to go for your "wrong engineers" theory because they didn't work last time!

Re:Looks like Diebold has some new competition! (1)

Hognoxious (631665) | more than 4 years ago | (#32153888)

// to do: insert joke about outsourcing here.

A real hacker... (5, Funny)

smallfries (601545) | more than 4 years ago | (#32152900)

...would register a one-issue party against the use of insecure voting machines. Then win the election. Then fix the problem.

Re:A real hacker... (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#32153022)

a real hacker would rig the system to vote for goatse as a write-in.

Re:A real hacker... (1)

siloko (1133863) | more than 4 years ago | (#32153126)

Yep I guess that's true. But a real 'internet' hacker, with inbuilt faux machismo, would also ferret out anyone who says the voting machines are are 'tamperproof,' 'infallible,' and 'perfect,' and give them a slap. And then another one.

Re:A real hacker... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32153306)

GT Bike Parts [gt-bikes.info]
  GT Bike For Sale [gt-bikes.info]

Re:A real hacker... (1)

Grim Leaper (442986) | more than 4 years ago | (#32153722)

Your ideas are intriguing to me and I wish to subscribe to your newsletter.

Secure e-voting (0)

Anonymous Coward | more than 4 years ago | (#32152910)

Whilst technically possible, I can't see a secure e-voting system ever being created.

Still, the current crop seem beyond incompetent. I've seen better security in gaming anti-cheat technology.

Re:Secure e-voting (4, Interesting)

MichaelSmith (789609) | more than 4 years ago | (#32152976)

Or even poker machines. Every machine runs from a PROM. Authorities keep a table of validated PROM image checksums. Operators of the machines have to let inspectors validate the checksums on demand, and if it doesn't match then your gaming license gets revoked and the place closes down.

Now thats no too hard, is it? Validate a small number of images, then make damn sure they don't get changed. Encourage simple, embedded systems as opposed to big operating systems with 30 million lines of code.

Re:Secure e-voting (3, Insightful)

Thanshin (1188877) | more than 4 years ago | (#32153002)

Operators of the machines have to let inspectors validate the checksums on demand, and if it doesn't match then your gaming license gets revoked and the place closes down.

And how to you suggest to apply that system on an election environment? If the checksum doesn't match, you remove all votes from the voters who used that particular machine? You repeat the elections until no machine was tampered with?

Re:Secure e-voting (2, Insightful)

MichaelSmith (789609) | more than 4 years ago | (#32153054)

Operators of the machines have to let inspectors validate the checksums on demand, and if it doesn't match then your gaming license gets revoked and the place closes down.

And how to you suggest to apply that system on an election environment? If the checksum doesn't match, you remove all votes from the voters who used that particular machine? You repeat the elections until no machine was tampered with?

Yes, sounds about right.

Re:Secure e-voting (2, Interesting)

Thanshin (1188877) | more than 4 years ago | (#32153104)

And how to you suggest to apply that system on an election environment? If the checksum doesn't match, you remove all votes from the voters who used that particular machine? You repeat the elections until no machine was tampered with?

Yes, sounds about right.

Nice system. So once my party governs I can simply block any further election to ever finish, just by touching a single machine.

Re:Secure e-voting (1)

fgouget (925644) | more than 4 years ago | (#32153518)

Nice system. So once my party governs I can simply block any further election to ever finish, just by touching a single machine.

Even better, tamper with a machine, accuse your main competitor of it thus causing a huge public outcry against them, rerun the election and win by a landslide.

The moral of the story is: you cannot rerun an election without modifying its result.

Re:Secure e-voting (2, Interesting)

Dilaudid (574715) | more than 4 years ago | (#32153534)

Why are there so many stories on slashdot about how awful e-Voting is? Is there a large part of the slashdot audience that seeks a return to pencil and paper solutions, instead of this new-fangled transistorisation? I think your idea makes perfect sense, the situation where a PROM is touched is the same situation as where a ballot box has been broken open.

Re:Secure e-voting (2, Informative)

ProfMobius (1313701) | more than 4 years ago | (#32154038)

Why are there so many stories on slashdot about how awful e-Voting is? Is there a large part of the slashdot audience that seeks a return to pencil and paper solutions, instead of this new-fangled transistorisation? I think your idea makes perfect sense, the situation where a PROM is touched is the same situation as where a ballot box has been broken open.

I don't really get if you are complaining or agreeing...

Thing is, there are many differences between a ballot box and a e-voting system.

In the case of the ballot box, you need to tamper with it after the election, when it is best garded. Each ballot box only contain a limited number of votes, and you need to prepare a large amount of false ballots before hand.

In the case of the e-voting system, you can tamper with it before the election and make 'invisible' tampering (ROM flashing, replacing the display with hidden chips, etc). Once you got access to the machine once, you are good to change many elections. Also, the machine can contain more votes than a ballot box.

In my opinion, this is not a question of how hard it is to tamper with something, but the scale of the changes you can produce. Paper ballots only allow for small changes, while evoting allows for large scale changes

Re:Secure e-voting (2)

jonbryce (703250) | more than 4 years ago | (#32153172)

Much simpler system. Voting machine prints out a ballot paper that goes into the ballot box. Select a random sample of ballot boxes and check the contents to what the computer says.

Re:Secure e-voting (0)

Anonymous Coward | more than 4 years ago | (#32153190)

You simply implement the exact same procedures for dealing with a ballot box that had been tampered with. I do not see what the difficulty is here except a general naive requirement that if a voting system is not utterly perfect it should not be used at all.

Re:Secure e-voting (1)

Thanshin (1188877) | more than 4 years ago | (#32153296)

You simply implement the exact same procedures for dealing with a ballot box that had been tampered with. I do not see what the difficulty is here

1 - They don't have to let you spend some time alone with the box as part of the voting process.
2 - It's harder to tamper with the box in a way that makes it impossible to detect until after the elections are over.

Re:Secure e-voting (3, Interesting)

UnHolier than ever (803328) | more than 4 years ago | (#32153276)

No, if the checksum doesn't match you cancel the election, run it again with paper ballots and charge all the costs of doing so to the company that was responsible for the security of the machines, suing them into bankruptcy.

Re:Secure e-voting (1)

vegiVamp (518171) | more than 4 years ago | (#32153308)

Don't sue them, silly. Just put in in the terms of the contract and see who still dares to offer voting machines.

Re:Secure e-voting (1)

UnHolier than ever (803328) | more than 4 years ago | (#32153702)

Sorry, I meant "enforce your contract". However, I am certain you will have to sue one or two to force them to actually respect the contract before they start taking the clause seriously.

Re:Secure e-voting (1)

AlecC (512609) | more than 4 years ago | (#32153402)

And how to you suggest to apply that system on an election environment? If the checksum doesn't match, you remove all votes from the voters who used that particular machine? You repeat the elections until no machine was tampered with?

That, basically, is what what you do if you discover fraud in a paper based election. Repeat the election until the level of fraud is below the winner's margin. Repeat elections have happened. If the fraudsters are convinced enough that tampering will be discovered and the election re-run, they don't bother to try. But you have to make it clear that you /will/ re-run fraudulent polls, whether the fraud is electronic, paper, or voter intimidation.

Re:Secure e-voting (2, Interesting)

nameer (706715) | more than 4 years ago | (#32153434)

If the machine was tampered with, then you disregard the electronic count from that machine and do a hand count of the voter-verified paper ballots. You did print a voter verified paper ballot right?

Re:Secure e-voting (1)

c-reus (852386) | more than 4 years ago | (#32153346)

What about the Estonian e-voting system [wikipedia.org] ? Can you point out any insecure parts in that system?

Some of the more common scenarios (man in the middle, vote buying and a few others) are addressed in chapter 4.6 of an analysis of e-voting security [triinu.net] (warning: large PDF file).

Re:Secure e-voting (1)

rtfa-troll (1340807) | more than 4 years ago | (#32153946)

The whole Estonian system is based on having secure systems connected to the internet. It's possible to do a mass attack on the voters systems and/or servers on the day of the attack. The study you give simply ignores this possibility by "assuming" that the chance of an attack is low. However, it bases this assumption on total falacies. If you assume that your enemy is well funded (likely in the Estonian case; it may well be the Russian government) then they have a zero day exploit ready to go just before the election. They can then either manipulate the individual voters systems during election period so that when the voters select one candidate in fact the attacker's candidate is selected. This corrupted vote looks identical to a normal one and so is counted as such. It's possible they get caught, but they can minimise that risk (e.g. by only attacking PCs in real voter areas, reducing the risk of attacking a security expert's PC). Anyway, if they do get caught cheating, it's likely they don't actually get caught physically. They can just try again next time in a cleverer way.

To be frank, a scary read.

Re:Secure e-voting (2, Interesting)

sznupi (719324) | more than 4 years ago | (#32153970)

More than security is at stake here. Transparency also matters. With paper voting many citizens are perfectly able to go to the polling station and observe (and grasp!) the whole voting process and counting votes; generally check that everything happens according to the procedure. Have such people in every polling station and you can independently confirm the result of elections.
It builds confidence in the results.

There's no transparency with electronic voting. None. Even you are "IT pro" and go to see what happens...well, on /. it's not necessary to explain that you will see almost nothing of the procedure. Now imagine average folks.
In this case, you have inherent distrust in the results.

Security (5, Insightful)

Thanshin (1188877) | more than 4 years ago | (#32152914)

Any security professional, IT or otherwise, who ever says "impossible to break" in any of its forms, should be directly fired.

No discussion. No explanations. You blabber idiocies about your supposed area of expertise, you're fired.

Re:Security (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32152960)

I doubt any IT professional would say that. Usually politicians and managers are the ones responsible for this kind of nonsense because they have no clue or just want to sell their product.

Politicians are generally untouchable, no matter what they say or how bad they screw up. And managers make sure the contract contains some fineprint along the lines of "we guarantee nothing" and "not really impossible to break".

So yea, nothing you can do about it.

Re:Security (0)

Anonymous Coward | more than 4 years ago | (#32152994)

Australia is about to install an infallible content filter. The Minister responsible is not going to be fired.

Have access to hardware = all bets off. But seriously, things like seals and stickers, and trusted people that inspect the seals before and after make it a lot harder than low tech solutions - like getting the printer to print a few million extra voting forms.

Re:Security (1)

MichaelSmith (789609) | more than 4 years ago | (#32153008)

Australia is about to install an infallible content filter.

I doubt it, the way things are going for the Government [abc.net.au] right now.

Re:Security (1)

Thanshin (1188877) | more than 4 years ago | (#32153036)

seals and stickers, and trusted people that inspect the seals before and after make it a lot harder than low tech solutions - like getting the printer to print a few million extra voting forms.

Are you suggesting that the machine can't be hacked as long as they use seals and stickers? That it's impossible to devise a way of touching a machine's hardware as long as it's protected by seals and stickers?

Or maybe you're saying that that method of tampering with the machine, that we don't even know of, will be more complex to implement than replacing the paper votes inside a closed box with new ones.

Re:Security (3, Informative)

hairyfeet (841228) | more than 4 years ago | (#32153654)

You know, maybe I'm missing something, but I thought the E-Voting machines I used in the last election was just about as good as you could get. It was fast, simple, and at least from this old greybeard's thinking got rid of the paper ballot problems without adding new ones. Now don't ask me who made them because I never thought to look, but here is how it worked-

You got in line, stepped up and they checked you against the role, and here is what I thought was a nice touch, if anyone showed up that was in the wrong district they did NOT have to go play "hunt the polling place" because an election official would simply pull them aside for a few minutes while he got on a cell phone and have them changed over for this one election. I saw it happen twice and the wait was less than five minutes for the one in the wrong place.

Then you walked up to the machine, which was just a large flat screen with a pair of sides to keep those on either side from looking at your votes, and began to choose. Each choice after you were given a screen asking if this is what your choice was to make sure you didn't hit a button by mistake, was printed on a flat paper ballot that would scroll in this glass partition next to the screen where you could easily see it. After you hit the final confirm the booth would finalize the printout and make a noise so that the election volunteer could collect both the paper and electronic ballot. You were handed the ballot to look it over and give a final confirmation, and then the cartridge with the electronic vote was placed on the table with the officials while the paper ballot was placed in the voting box held by the same.

According to the official I talked to the electronic vote was used for those early election results the media likes, while the computer printed ballot (so no hanging chad crap) was brought to election headquarters by election officials made up of the three major parties (D,R, and Green) and while they watched the ballots would be fed into a machine which counted and showed the results right there on the screen. Any contested votes could be done quickly and easily, and since it had both the human readable vote choices and the computer readable printout checks to see if they matched could be easily done.

Now maybe I'm missing something, but it seemed like a pretty damned close to perfect system to me. The large screen with confirmations made it so even the old and those with sight problems (which BTW they had a separate machine away from the others where a volunteer would read the choices to you if you couldn't see or were disabled and couldn't reach. Nice touch) while having the computer print the ballot in both human readable and machine code got rid of human error without ending up a "black box" with no way for the user to check. Considering we went from the old punch machines with 1 hour plus waits to less than 5 minutes from parking to walking out the door I'd say it was a success. All in all a totally pleasant voting experience that took away the doubts and hassles the old punch machines always gave me.

Re:Security (1)

jimicus (737525) | more than 4 years ago | (#32153212)

Not strictly true. There is such a thing as a 100% secure computer system.

Of course you have to grind it to dust, embed that dust in concrete then throw the concrete off a ship somewhere over the Marianas Trench, by which time it's not a terribly useful computer. But I bet you anything you like you couldn't hack it.

That's not how it works (1)

ArsenneLupin (766289) | more than 4 years ago | (#32153772)

That's not how the line "no system is 100% secure" is usually used.

Usually, it's being trotten out by poor security professionals to justify not bothering because "as no system can be secure, why bother attempting to secure one?"

Ultimate accountability (2, Interesting)

SmallFurryCreature (593017) | more than 4 years ago | (#32152926)

Maybe it is time for a new law: You cheat, you die.

Imagine that a party leader becomes responsible for the actions of the members of his party. Some lowly member cheats, the leader gets a bullet in the head.

Open for abuse to be sure but all our leaders claim we should trust the system so surely they trust it?

It would motivate leaders to motivate their followers not to break the rules. Right now the system does exactly the reverse. As long as the leader isn't proven to have given the direct order in writing, he benefits. Everyone knows Bush cheated, yet he ruled unchallenged for 8 years. So cheating works right? Hard to argue this when the evidence is so clear.

We have come to take democracy for granted, but the recent problems in the UK have shown that such a basic thing as voting is not so simple after all. It is a complex process and without it working flawlessly, our entire system looses its validation. If you wanted to vote, went to vote but weren't allowed to, then how can you then be asked to support the government you didn't vote for?

How can you ask a soldier to die for a leader whose election process he didn't take part in? The entire basis of democracy is your loyalty in exchange for a say. Your money and your life for a vote. We are the subjects of an elected government and must follow its rules because we elected them, yes even if you didn't vote for them. That is the deal. Cheating breaks that deal.

It is hard to argue that people shouldn't go for a nasty dictator type, when the democracy isn't letting them have their say either. If you are not being listened to, you might as well have someone competent in charge instead of the monkey that cheated in a popularity contest.

So lets stick with paper and enforce extreme and rigid rules about how those papers and handled and counted and put severe penalties on anyone who messed with it. And before you say that death is far so serious. Treason still carries a death sentence in many nations, and cheating in elections is treason against nation as a whole.

Re:Ultimate accountability (2, Insightful)

teachmetech (1479795) | more than 4 years ago | (#32153098)

I completely agree with your point.

Re:Ultimate accountability (3, Insightful)

thijsh (910751) | more than 4 years ago | (#32153146)

You promote the death penalty in a situation where it is even more despicable then usual, especially since anyone can see the clear option to cheat by getting your opponent eliminated. Each election has some irregularities (and I assume most are not sanctioned by the candidates themselves) so it would be far too easy to cheat for the other guy while collecting 'evidence'.

Please understand that I think the undermining of the democratic process is a crime which should carry a special sentence, but more along the lines that you can't run for office for X years (like any felon I believe). But the problem is always the same: the cheater won and is now in charge.

I think the only way to guarantee a cheater free process is by completely making every step of the process transparent. Coincidentally it's the technology currently used to cheat that can be put to use to prevent it. The only problem is there is always one or more black-box-systems between the voter and the results, so there is no way to guarantee it unless we remove every black-box step. Here is my solution to make the process as open as possible:
- Generate a unique key per voter and store on a single offline drive.
- Print voter registration cards with each key used once (we know every voter can vote exactly once).
- Generate a strong encryption certificate that is only valid around election day for HTTPS use.
- Voters can choose to vote at home (but they need a separate online ID) or at a registered voting location (and show their ID), but the process is the same.
- To vote at home you can use the supplied voting live-CD or use your own (it's recommended instead of your default OS), or use the kiosks supplied at voting locations.
- The voting consists of going to the voting website, verifying the origin of the site and after that select a candidate and enter the key to store the vote.
- These votes are stored on the same 'offline' drive that is currently online only with a serial cable connected to the webserver.
- The drive containing the votes as well as the server(s) that serves the website are on public display and the code is all opened to public scrutiny.
- The server should be behind a firewall that specifically looks for any and all attacks (it should be fairly easy if you tightly define only the packets that may get trough), if there is any reason to doubt the results because of a possible breach we will know.
- The results as well as the timeline of the votes is made public from the start, when the voting closes the results are known *immediately*.

Before talking about how insecure the web is please note that this problem is known and well understood, so we have know what to harden the system against attacks... The current voting solutions are much worse in my opinion since there are attack vectors too, but we do not know how many and how bad, and even worse: we have no idea how often these are already exploited. But we do know for a fact that paper elections have been rigged (despite the rules), electronic voting machines have been tampered with and even something as simple as denying people the right to vote (sending people away who stand in line for hours). These non-tech exploits are used regularly and should not be forgotten... I'd say a web-voting is the lesser of two possible evils. Especially since the technical requirements of such a system are known. If fucking soda companies can print unique codes on the inside of the bottles and phone operators use codes for prepaid cards i'd say we should be able to make it work for something important.

I posit that for every argument against such a system slashdot's finest geeks will come up with a solution...

Re:Ultimate accountability (0)

Anonymous Coward | more than 4 years ago | (#32153538)

Slashdot finest responding: Your plan will fail because you fail to account for politicians and lawyers. If there is any technical chance this will ever work we will only hear the exact opposite with some sprinkles of fear-mongering about the interwebs and probably terrorists and pedophiles. Won't someone please think of the children!

Re:Ultimate accountability (1)

houghi (78078) | more than 4 years ago | (#32153678)

I like that unique ID per voter. It can then later be used to, uh, question these people about their choice. Voting from the PC is even better as our, uh, advisors can see that you make no mistakes. You don't have anything to hide, now do you? Also we will be providing the software for the voting.

Voting fraud is a social problem where people are looking for a technical solution. Pen. Paper. Problem solved. 100%? No, but a LOT cheaper and a LOT more secure. Not one point of failure, but so many that cheating is extremely much harder.

Re:Ultimate accountability (1)

Viski (1647721) | more than 4 years ago | (#32153692)

There's (at least) one problem in home voting: How do you make sure that the voter won't be pressured or bought when voting? Of course, in traditional systems there may be some pressure on the voter, but she will always be alone when casting the vote - no one can verify whether she cast the vote as agreed. In the Estonian model [wikipedia.org] this is taken care of by allowing the voter to cast multiple votes, the latest of which will stand. She has also an option to cast a paper vote during preliminary voting period, which will negate the votes cast via Internet. It's not a perfect solution, but a solution nevertheless.

Re:Ultimate accountability (1)

thijsh (910751) | more than 4 years ago | (#32153884)

It's a good solution, that's exactly why you should always be able to vote in a booth... But do you really think there aren't millions of voters that vote what someone told them to vote already? I think when people can vote where they want they can specifically avoid pressure from shady individuals. A re-vote is an interesting solution since it could both be used to increase and decrease security, I wonder how it worked out for the Estonians (they had a couple hundres re-votes, but why?).

Re:Ultimate accountability (0)

Anonymous Coward | more than 4 years ago | (#32154006)

Then someone will make malware that sits, MITM style, on the person's computer, switching the ballot to the desired candidate. If the voter doesn't know that he's voted incorrectly, he won't know that he'll have to invalidate his vote later. As you say, not a perfect solution. Just about the only way to fix that would be to use a security token with a keypad (input number of candidate), but even this could be tricked if the zombie switches the candidate numbers around.

Re:Ultimate accountability (1)

ArsenneLupin (766289) | more than 4 years ago | (#32153826)

Before talking about how insecure the web is ...

The problems with "voting at home" (or "at work") do have nothing to do with the lack of security of the web, but more with the lack of guaranteed privacy.

If you allow voting from work, who guarantees that the manager is not standing behind his employees, making sure that they vote the "right way". Or, at home, that the spouse isn't making similar enforcement. Or at the pub, that a buddy isn't promising a beer in exchange for the "good" vote...

As long as you allow voting away from designated polling stations, you can exclude neither voting under duress nor vote selling.

Re:Ultimate accountability (2, Insightful)

HungryHobo (1314109) | more than 4 years ago | (#32153182)

I agree, vote rigging should be treated as seriously as a crime can be.
I'd add to that- politicians taking bribes should attract similar penalties.

Re:Ultimate accountability (1)

thijsh (910751) | more than 4 years ago | (#32153494)

With great power comes great responsibility, and with great responsibility comes great punishment if you (willingly) fuck up.

This is as it should be, the problem is today most politicians just use their power for their own gains, do not accept any responsibility, and sure as hell are never punished... I do not advocate punishing politicians for mistakes otherwise you would never become a politician anymore, but I would like to see strict rules regarding corruption and that anyone ever caught betraying the people's trust and can never be trusted with any kind of power again... In my opinion this could even extend to the corporate world, since corrupt politicians seem to be able to find a spot in power there as soon as they exit politics (probably part of the payoff of being corrupt).

Re:Ultimate accountability (0)

Anonymous Coward | more than 4 years ago | (#32153186)

[a destrucive critisism] IMO, game theory suggests a minority contingent of bottom-rung cheaters would be immune to prosecution once the 'leader' has been 'dispatched' to the satisfaction of the public and would, therefore corrupt whenever possible.

Re:Ultimate accountability and Moles (1)

findoutmoretoday (1475299) | more than 4 years ago | (#32153256)

<quote><p>Imagine that a party leader becomes responsible for the actions of the members of his party. Some lowly member cheats, the leader gets a bullet in the head.
</quote>

Never cheat on your own data,   always rig your neighbours data.

Re:Ultimate accountability (1)

AlecC (512609) | more than 4 years ago | (#32153472)

Maybe it is time for a new law: You cheat, you die.

Imagine that a party leader becomes responsible for the actions of the members of his party. Some lowly member cheats, the leader gets a bullet in the head.

I join your party under a false name, cheat blatantly and run like hell (hopefully before the cheating is detected). Your leader gets a bullet in the head.

India has a population over a billion. The major parties will have hundreds of thousands of low-level workers. Do you seriously expect any human organisation to keep a hundred thousand people whiter than white?

Put it another way - has any policeman been convicted of corruption in your city? Remember, policemen are selected, trained at length, and continuously supervised. And yet bent coppers still turn up, at a rate of probably a few per thousand. Expecting a hundred thousand election workers to be honest is ridiculous.

Amazing findings (2, Insightful)

gmhowell (26755) | more than 4 years ago | (#32152930)

Amazing work they've done here. They've proven that if you have intrusive access to the hardware, you can screw it up and do deviant shit. How about you post an article when someone can walk into a polling place, hack a machine, and walk out without take a screwdriver or some large, obvious device to a voting machine?

This article, like most of the front page needs "-1, Irrelevant".

Re:Amazing findings (2, Insightful)

tsj5j (1159013) | more than 4 years ago | (#32152942)

Your analysis neglects the basis of comparison, in which case is traditional voting methods on paper.

If you can walk in with a screwdriver to mess up an election with the electronic system but can't do the same to the paper method, then clearly there is some impact to security.

Re:Amazing findings (1)

abigsmurf (919188) | more than 4 years ago | (#32153374)

I can walk in with a handful of paper and rig in an election. I can pour a bottle of ink into a box and spoil all the ballots inside. Paper ballots offer countless ways of affecting votes.

Hardware based attacks that rely on invasive access are stupid in terms of demonstrating 'how vulnerable' an e-voting system is. The assumptions you have to make are stupid; You assume no one will notice someone taking 10 minutes to vote , that they're carrying tools, that they get down on their knees to open the case, that they're oddly noisy for someone voting.

Even assuming you have such incredibly incompetent officials monitoring the voting, you should still prevent this by putting tamper proof seals on the machine's casing.

Re:Amazing findings (3, Insightful)

Anonymous Coward | more than 4 years ago | (#32152952)

the point here is that polling places can rig the machines just fine.

clever in key areas where a specific political party needs more votes to win.

kinda like how with diebold, republicans got overwhelming victories in predominantly democratic voting districts.

Re:Amazing findings (0)

Anonymous Coward | more than 4 years ago | (#32152954)

Amazing work they've done here. They've proven that if you have intrusive access to the hardware, you can screw it up and do deviant shit. How about you post an article when someone can walk into a polling place, hack a machine, and walk out without take a screwdriver or some large, obvious device to a voting machine?

This article, like most of the front page needs "-1, Irrelevant".

@ghmowell: perfectly true. and it's not like these machines are connected to the internet and so can't be hacked that way either. and before anyone talks about the "dangers" of electronic voting should we discuss "chad", "voter list fraud", "booth capturing" and the like?

Re:Amazing findings (2, Insightful)

Thanshin (1188877) | more than 4 years ago | (#32152956)

How about you post an article when someone can walk into a polling place, hack a machine, and walk out without take a screwdriver or some large, obvious device to a voting machine?

So the possibility of bypassing democracy isn't worrying, as long as you put a full body scanner in front of each voting cabin?

Or you could limit the time that can be spent voting, and pray nobody finds a faster hacking method.

1...2...3... BAM! You're out. Vote faster next time.

Re:Amazing findings (1)

jacksonj04 (800021) | more than 4 years ago | (#32153264)

Ask yourself what stops people from opening ballot boxes to mess with the votes? The answer (in the UK at least) is four uniquely serial-numbered ties which have their numbers noted when the box is sent out, and verified when it's opened. Just put all the innards in an epoxy resin, put them in a toughened metal cabinet, lock the door with a key and attach aforementioned ties. A screwdriver won't help you.

Re:Amazing findings (1)

Utopia (149375) | more than 4 years ago | (#32152984)

That was my first thought do. Physical access is needed to break the hardware.

The Researchers just say that the security measures used are low tech and easy to break, but show no demonstration about breaking it in a simulation/real polling situation.
I personally think its hard to pull off in a polling booth.

Second, With the size of India's population I would rather that India continues to use EVMs and switch to paper trail methods -- Please think of the trees.
Using paper is not only is bad for the environment also substantially increases the cost (for support staff to count/manage paper votes, security, transporation etc.)

Re:Amazing findings (1)

Yvanhoe (564877) | more than 4 years ago | (#32153052)

The goal here is to show that one of the thousand of officials who have physical access to a huge quantity of machines before the elections can rig them. You know that when you don't look at them, officials love to stuff voting boxes with ballots. Suspecting they wouldn't do it with electronic machines is just weird.

Re:Amazing findings (1)

TheDarkMaster (1292526) | more than 4 years ago | (#32153470)

And when the responsible for the polling place is the guy with a screwdriver? The cheater can be anyone.

Re:Amazing findings (1)

ap7 (963070) | more than 4 years ago | (#32153748)

This IS relevant. Indian election officials and even the Supreme Court of India seem to earnestly believe that the machines are unhackable. The winning parties always claim EVMs are completely tamper proof. Ofcourse, losing parties claim that tampering exists. So unless solid proof was provided, the parties that lost elections were not going to find people willing to listen to what seem like conspiracy theories.

EVMs in India often lie in sealed storage for a couple of weeks on average after voting before results are declared. The scope for tampering in that period is enormous.

This is just the kind of proof needed to make Election Commission officials and the judicial system understand that tampering is possible so that they can atleast take preventive measures if not eliminate electronic voting completely.

All voting systems are vulnerable... (1)

afc_wimbledon (1052878) | more than 4 years ago | (#32153026)

Paper votes are subject to impersonation, for example, especially if voter turnout is low. During canvassing for the recent UK General Election for example, I became aware of people who were not voting due to absence (and hadn't secured a postal vote). It would have been simple to use those votes if I was so inclined.

The only solutions are transparent voting systems (if electronic, software and hardware must be publicly documented so that flaws are found and fixed - yes, I user Firefox!), plus independent audit trails (say, issue each voter with a receipt that can be checked against the voting record, if they agree).

The inconvenience of paper voting (many hundreds of people couldn't vote in the UK due to various issues related to this, and unexpected voter turnout) will push us towards electronic, probably internet voting whether we like it or not. The real question is not are these systems acceptably fraud resistant, but how to make them so.

Re:All voting systems are vulnerable... (1)

teachmetech (1479795) | more than 4 years ago | (#32153132)

trust me on that. all anti virus software are vulnerable. so many companies breed virus,trojans, they introduce malwares to later sell the software to heal them.

Re:All voting systems are vulnerable... (1)

jacksonj04 (800021) | more than 4 years ago | (#32153240)

In the UK in particular you *cannot* issue a receipt - anything which can be used to match a vote to a voter is illegal. Even signing your name instead of putting a cross renders your ballot spoiled.

Re:All voting systems are vulnerable... (2, Interesting)

afc_wimbledon (1052878) | more than 4 years ago | (#32153320)

That's not strictly true I'm afraid. In the UK the "marked register" (the paper audit of who voted) is marked with the ballot paper number against the voters name. So currently there is an audit trail from the individual to an individual ballot paper, and hence to their vote. It's not available to just anyone, but you can, under certain circumstances, find out how an individual voted, or more importantly how they were recorded as voting in case of fraud. Both individual ballot papers and marked register are retained after the election. I'm talking about something similar for electronic systems is all.

The problem with electronic systems is they are often floated as the sole solution to all electoral fraud (they're not) or as intrinsically weaker than paper based systems (and I'm arguing they are not that either).

Re:All voting systems are vulnerable... (1)

jacksonj04 (800021) | more than 4 years ago | (#32153380)

Ugh yeah, should have clarified that it's anything which on its own identifies a voter with a vote, which a receipt (I'm guessing) would do much as a signed ballot paper does.

Re:All voting systems are vulnerable... (2, Interesting)

locofungus (179280) | more than 4 years ago | (#32153338)

In the UK in particular you *cannot* issue a receipt - anything which can be used to match a vote to a voter is illegal. Even signing your name instead of putting a cross renders your ballot spoiled.

Except, of course, the recording of the ballot paper number next to your name when you vote.

In the past it would have been difficult to automatically match up every vote with a voter but it certainly wouldn't have been difficult to find out who cast a particular vote. "Who voted communist?"

Nowadays I'd expect that the voter lists with the ballot numbers could be scanned and OCRed and the ballot papers run through an automatic feeder. Of course this needs access to the voter lists and ballot papers so not available to everybody.

http://www.electoralcommission.org.uk/__data/assets/electoral_commission_pdf_file/0018/16056/Ballot_paper_design_finalversion_13051-7979__E__N__S__W__.pdf [electoralc...ion.org.uk]

End of page 25:
Serial numbers

4.4 Anecdotal evidence suggests that at every election
Returning Officers - and more often Presiding Officers
in polling stations - receive a number of complaints or
concerns from electors over the use of serial numbers
on ballot papers. Electors are often concerned that the
number allows identification of how they have voted.

In fact, serial numbers are used specifically to allow for
the tracing of papers cast fraudulently and are checked
only where a claim of fraud is being investigated and a
court order obtained to allow the identification of the ballot
paper as being that of a particular person. Nevertheless,
the regularity of such complaints, although not great, is
thought to have increased in recent years with the increased
use of postal voting. This is an issue also considered in
the Commission's separate review of absent voting.

Tim.

Re:All voting systems are vulnerable... (1)

Asic Eng (193332) | more than 4 years ago | (#32153272)

The inconvenience of paper voting (many hundreds of people couldn't vote in the UK due to various issues related to this, and unexpected voter turnout) will push us towards electronic, probably internet voting whether we like it or not.

Maybe, but why not shift the election to a Sunday (or make election day a public holiday) as a first measure? It might help if voting was spread out more evenly over the course of the day.

everyone should stick to paper (2, Insightful)

circletimessquare (444983) | more than 4 years ago | (#32153318)

even the most technologically advanced societies (some nordic countries want to vote by cell phone!?), for two reasons:

1. attack vectors

of course paper voting is subject to cheats, ballot stuffing, getting lost in transit, etc. its just that paper voting is a simpler process than mechanical or electronic voting, so therefore the numnber of attack vectors for paper voting is orders of magnitude less than mechanical voting... which in turn has orders of magnitude less attack vectors than electronic voting

one well placed dude can, in a few milliseconds, in a statistically invisible way, randomly increase votes for one candidate over the other. and i don't care how well you design electronic voting technologically, its still overseen by corruptible government bureaucrats, for which there is no technological solution

but with paper voting, the cheats you can pull off are only crude, requiring armies of cooperating conspirators... and no conspiracy of sufficient size is airtight. therefore: discoverable. a cheat by one guy or a handful is also statistically discoverable: a truck driver of vote boxes in one precinct can't lose 10,000 votes or introduce 10,000 fake ones without being noticed in an audit. and for every one of these paper balot cheats, there a simply 1,000 such variations, attack vectors, for the more complex electronic voting, and even some new and exotic methodologies. so to guard paper voting is simply an easier, less creative process. you can't outwit the committed bad guy in a complex system, but you can outman him in a crude system

2. perception

you can have all of the transparent standards for the PROFESSIONALS that you want. but for your average joe blow, the more the voting process is a black box (press keys -> sausage -> president comes out on other end) the more they are susceptible to lose confidence in the process. paper voting simply is a smaller black box. you write on a piece of paper. the papers ate stacked somewhere. some people scan or look at them if there's a problem: its all eminently comprehensible to anyone how the process works. no databases, no tcp/ ip stacks, no authentication, no encryption... no "sausage" parts that the average voter does not understand and therefore does not trust

democracy is only valid as long as it is seen a legitimate representation of the will of the people. put that legitimacy in doubt, and democracy loses all of its strengths. therefore, we should always, forever more, no matter what technological advances we experience, vote simply with paper

the problem here is technophilia: solving a simple problem in an overly complex way simply because you like the technology. electronic voting is a contrived false solution that introduces far more problems than it solves

Re:everyone should stick to paper (1)

afc_wimbledon (1052878) | more than 4 years ago | (#32153396)

I don't disagree, but I'm afraid the X Factor generation will demand a more user friendly way of voting, or they won't bother.

i don't agree with you (1)

circletimessquare (444983) | more than 4 years ago | (#32153474)

if what you say is true, then people can't grasp that sometimes convenience has to be sacrificed. if what you say is true, then X Factor generation is the end of democracy

it is naive to think that technology offers a better way to vote: there is no technological solution to the bribe-able government bureaucrat

therefore, you have to make the voting process as technologically crude as possible, to prevent creative ways to cheat we cannot foresee

its also a matter of trust in the system. i can trust and verify a paper and a pencil with my own eyes. i can't step into the voting booth and "look" at a tcp/ip stack and trust it

electronic voting will be the downfall of democracy

Re:All voting systems are vulnerable... (1)

sznupi (719324) | more than 4 years ago | (#32154070)

Your potential for impersonation stems from the fact that you can't verify with any certainty the identity of people...

Any "inconvenience" with paper voting was due to procedural failings in the UK implementation, not some inherent faults. My (EU) country has also paper voting, and it works extremelly smooth. It's simply scheduled for Sunday, from 8AM to 8PM (and sometimes 10PM), when not only the population has plenty of time to vote but also you have lots of "workforce" available to staff a very dense network of polling stations. I can't remember any voting which took me more than few minutes.

Also, even if you can do e-voting "safe" in technical sense, it inherently can't be trusted. People can't see what's really happening behind the scenes.
In contrast, with paper voting you can verify the procedure at the local level yourself (plus...polling stations are often staffed by people from many competing parties, they keep themselves in check rather fine); with many people doing it in most of the country, you can independently verify the elections.

yaaaa (0)

Anonymous Coward | more than 4 years ago | (#32153046)

I have to wonder just what sort of effect this would have on an AMERICAN election...oh wait, I already know. ;p

Poll rigging this way is unnecessary in India. (4, Funny)

khoonirobo (1316521) | more than 4 years ago | (#32153048)

We are more sophisticated. http://en.wikipedia.org/wiki/Booth_capturing [wikipedia.org]
Perfectly illustrated in http://xkcd.com/538/ [xkcd.com]

Re:Poll rigging this way is unnecessary in India. (1)

thijsh (910751) | more than 4 years ago | (#32153582)

Booth capturing? Do you mean Lincoln could have been re-elected if they just captured Booth by hitting him on the head with a wrench? http://en.wikipedia.org/wiki/John_Wilkes_Booth [wikipedia.org]

Electronic voting machines (1)

Decollete (1637235) | more than 4 years ago | (#32153108)

Today, May 10, the Philippines is holding the presidential, legislative and local elections. It is the first time electronic voting machines are being used. I am wondering if the machines used are similar models as the ones being discussed in this article.

Go to Pot (1)

Linker3000 (626634) | more than 4 years ago | (#32153136)

If they've proved that someone can clip a device over a RAM chip, may I suggest epoxy resin or a potting compound. Pot the entire internals, including the ribbon cable to the display and the display board itself to make the electronics much, much more difficult to reach.

Tampered EVMs may have already been used (1, Troll)

digTro (940778) | more than 4 years ago | (#32153148)

There have been allegations in the past [expressindia.com] that political parties in India have rigged EVMs and I think that is quite likely despite the lack of "evidence". To understand that, you need to know how the voting system works in Indian elections.

The educated elite in India are apathetic to voting. They have no trust in the administrative system and have no hope that the endemic corruption will ever end. So come election time, the people who vote are mostly the poor who hope that some day, the extravagant promises made by the political parties will be kept . Before election day, the voters are bribed with free liquor and food. The women folk are given new clothes. And finally cash is also distributed to bias the voters to chose a particular candidate. The system which issues voter identification cards is broken and sometimes you can find impostors voting on behalf of actual voters.

Given the amount of money that politicians spend on rigging manual voting, tampering EVMs is just good business practice. It is cheaper and you don't need to chase around thousands of voters.

zzz (0)

Anonymous Coward | more than 4 years ago | (#32153150)

It doesn't matter much... All the political parties are the same... "chore chore mastuto bhai"

'tamperproof,' 'infallible,' and 'perfect' (1)

silentcoder (1241496) | more than 4 years ago | (#32153204)

Our project team includes three Centaurs, design was managed by the Minotaur and the UI was put together by a herd of Unicorns. Debugging was handled by a 500 year old wise Chinese dragon.

After all, who better than a team of mythical creatures to design a system with a mythical feature-set ?

Re:'tamperproof,' 'infallible,' and 'perfect' (2, Informative)

Thanshin (1188877) | more than 4 years ago | (#32153282)

Our project team includes three Centaurs, design was managed by the Minotaur and the UI was put together by a herd of Unicorns. Debugging was handled by a 500 year old wise Chinese dragon.

We tried that and it didn't work. The minotaur's design was too convoluted, the UI was pink and invisible, and after receiving hundreds of bug notices we discovered that the dragon had spent months farming gold.

Re:'tamperproof,' 'infallible,' and 'perfect' (1)

silentcoder (1241496) | more than 4 years ago | (#32153424)

>"UI was pink and invisible"

It was invisible... but it had a colour... oh nervermind, that's actually MORE believable than "it was tamperproof and infallible" !

Scale (2, Interesting)

brunes69 (86786) | more than 4 years ago | (#32153230)

The size and scale of India's election makes attempts at manipulating the election at the voting machine level very difficult. Any legit attack would have to be done at the back-end altering massive numbers of votes.

you've defined the weakness, not the strength (1)

circletimessquare (444983) | more than 4 years ago | (#32153576)

if you had paper voting, you'd need an army of conspirators (which by nature of its size would be discovered), and an audit would discover statistical perturbations

but with electronic voting, you just bribe the right official or two, and one guy with a few milliseconds of access to the database and some crafty code can alter the votes in statistically invisible ways

Re:you've defined the weakness, not the strength (1)

andy1307 (656570) | more than 4 years ago | (#32154018)

Not true. India did have paper voting. The fraud happened before the vote count. Criminals would simply "capture" polling booths and stuff the ballot boxes.

Re:Scale (0)

Anonymous Coward | more than 4 years ago | (#32153612)

And further you need physical access to the hardware.
In India, after voting ends, the voting machines are sealed and delivered to a central counting center. At the counting center, the voting machines are inspected by a panel of members representing the candidates participating in the election.
So, either the machines should be tampered before they are delivered to the voting station or during the transfer of the voting machines to the counting centers. In both the cases, the machines are heavily guarded, sealed and inspected. Most often election commission officials video the voting process.

So, these so called hacks are not brilliant. Any hardware engineer who is given physical access can "hack" these.

The problem in Indian elections is not manipulation of voting machines, but the corruption of the voter by purchasing their votes through paying money, especially to the poor and illiterate masses.

EVM: Simple tech & tamper resistent procedures (2, Informative)

Sivaraj (34067) | more than 4 years ago | (#32153254)

The way EVMs reduce rigging is not by any superior technology. It is based on simple accessible technology and elaborate procedures to ensure that poll rigging is minimized to the maximum extent possible. Check this very detailed FAQ by Election Commission of India, specifically Q24 and Q28.

http://www.indian-elections.com/electionfaqs/electronic-voting-machines.html [indian-elections.com]

Despite all this, e-voting is on track (1)

alfredos (1694270) | more than 4 years ago | (#32153266)

It will still take a couple iterations, but like so many other things before, electronic voting will eventually be safer, faster and more convenient than traditional paper-based voting.

Most of us IT guys here can sure name a couple solutions to avoid the current hack and throw a few ideas for a truly 99% tamperproof system - hardware sensors, certificate-based encryption of RAM memory and storage, you name it. All these things, or similar, will eventually happen. It is unfortunate that the governments that quite bravely dare lead the path are as usual spending too much money in too unsatisfactory a solution at the moment but that is still only v0.1. When we are at v1.0, barring a few small and pintoresque bugs that reverse polling results or somesuch (and which we will be so happy to comment on /.), the days of tons of paper and boxes moving around will begin a slow but steady decline, like the long queues in the bank or in your local tax office/IRS equivalent.

Re:Despite all this, e-voting is on track (1)

Jaime2 (824950) | more than 4 years ago | (#32153592)

It will never get any iterations as long as the current iteration is declared perfect and no one is allowed to examine the code. That's the problem with electronic voting -- the people in charge of securing it consistently undermine its security by choosing black boxes over white boxes. For all we know, the tampering features already built into the device are only v0.1 quality and in a few iteration, elections will be able to be sold much more efficiently.

Someone (0)

Anonymous Coward | more than 4 years ago | (#32153422)

Last year when I voted, there were no security cameras and we weren't even frisked before voting. I went inside the booth and placed my vote. So if someone really wanted to do this, he could. It's probably only the big cities that have surveillance cameras. The place where I live (small village in south India), the voting was done in a government school building last year. In a country as corrupt as this one, you could probably even pay a small amount of money and go in as the last person to vote and do whatever you want to the device without raising any suspicion.

How to build a good voting machine (2, Interesting)

jonwil (467024) | more than 4 years ago | (#32153490)

For the hardware you need:
Touchscreen with graphics chip and touchscreen controler as an input device

Receipt printer (the kind that has been used in millions of cash registers, ATMs and other devices world wide for a few decades)

Flash memory chip to hold the machine OS and the config file (which candidates are running etc). This should be the kind that when its in the machine, it cannot be written to and has to be removed to write new software or configs. This would have a difficult-to-duplicate-or-remove sticker applied with the voting machines unique serial number to ensure that it hasn't been swapped for another identical chip containing rigged software.

Thumb drive or memory card to hold the counted votes. This would also have a difficult-to-duplicate-or-remove sticker applied with the voting machines unique serial number to ensure it isn't substituted with a fake one containing a different result.

CPU (ARM of some sort would seem to make sense) to control the system with usual support items (power supply, RAM etc)

Tamper-evident case containing the hardware with more difficult-to-duplicate-or-remove stickers with the voting machines serial number covering the screw holes/case edges/etc to ensure you can tell if its been opened.
The receipt printer would be located outside of the tamper-resistant part so the roll can be replaced by poling station officials. Should a machine fail for other reasons (i.e. any reason that would require access to the hardware) that machine would be taken offline and not used for the rest of the election.

Software:
Linux kernel with drivers for the memory card reader, touchscreen, receipt printer etc. (the kernel would be specifically built for the voting machine with everything that is not required for the device such as networking removed)
Basic set of libraries (the bare minimum required to make everything work)
Custom voting machine software.
All software would be 100% open source.

Before the election, the machines are prepared by loading the correct OS and kernel along with the config file for the machine (containing the names and info for the candidates) onto the operating system chips. The operating system chip and vote counting memory card are loaded into the machine. Then the machines are verified and tested. Once they have been verified, they are sealed up and the tamper-evident stickers applied before they get shipped off to the poling booths.

When you go to vote, you pick your candidate on the screen by touching their name. Then you have to press "OK" once you are sure you clicked on the right name.

After your vote is complete, it is recorded in the file on the memory card. Also, a receipt is printed containing a machine readable bar-code corresponding to your vote plus a human readable record. This receipt is then inserted into a ballot box as you depart the polling booth. No part of the machine (receipt included) contains any record of who you are as a voter or any way to associate your vote back to you.

To count the votes, the memory cards are removed from the machines (after checking that the machine was not tampered with and that the memory card is genuine) and sent to the relavent counting office to be read and counted. Should there be a dispute, either the machine readable bar-code or the human readable record can be used as a way to count the ballots.

Maybe some of this is overkill (like labeling the chips with stickers to prevent tampering), I dont know. But when you are talking about something as critical to a free society as an election, its important to get it RIGHT.

My idea would work for any system no matter how many items are on the ballot or how many people are voting (a commonly cited downside of paper systems is that there are too many papers to count and/or too many things being voted on)

My idea wont prevent tampering (of the kind described in TFA) but it will be immediately obvious when someone has tampered with the hardware in the machine (if it works for telling Microsoft or Dell when someone has opened their PC or XBOX and voided the warranty, it should work for a voting machine, especially since getting close enough to one for long enough to fiddle with it is hard when inside a polling station.

So you think it matters? (1)

Gothmolly (148874) | more than 4 years ago | (#32153648)

If you still think it really matters who you vote for, then bury your head back in the sand, consume, breed, work, and die.

Oh deary deary me (0)

Anonymous Coward | more than 4 years ago | (#32153852)

Jolly bloody bugger, what is going the flipping heck on here old chappie?

Aw, bless them (1)

Rogerborg (306625) | more than 4 years ago | (#32153968)

I guess when the real problems - massive registration fraud and block voting on the orders of local criminals - are too difficult to deal with, all you've got left is inventing wacky "10 minutes alone with a bag full of hardware" attacks that would work just as well on paper ballots, with a lot less preparation.

Meaningless (1)

andy1307 (656570) | more than 4 years ago | (#32154000)

So, to really steal an election, you would have to build millions of these fake devices and deliver them to the remotest of places(the only way to get to some of which is by using an elephant).
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?