Finger 79/tcp # frank@ccc.de: Voting Machine Security

Dave G. | October 6th, 2006 | Filed Under: Guests

Login: frank                   Name: Frank Rieger
Directory: /guests/frank       Shell: /bin/ksh
On since Tue Sep 26 21:55:00 CDT from ccc.de
No Mail.
Plan:
----------------------------------
Views expressed by guest bloggers not necessarily those held by 
Matasano Chargen.

One of the things that kept the Chaos Computer Club busy in the last couple of weeks was to take part in the mission of the dutch campaign, “We dont trust voting computers”. I never imagined that building a chess board for a voting computer out of paper and magnetic euro-cent coins might be necessary to preserve the last remains of democracy…

Chess Vote
The reason for playing chess on a Nedap voting computer was that Mr. Groenendaal from Nedap claimed that the Nedap systems are “dedicated special purpose machines” and not ordinary computers and therefore could not be used to play chess. He also used the famous last words spoken by so many companies “Hackers have absolutely no chance”.

Well. A few weeks later the hackers owned the Nedap boxes inside out. We played chess on them, we manipulated votes and we could detect what has been voted from across the street, using compromising (spurious) emissions, aka. TEMPEST. I am particularly happy that we managed to demonstrate a simple TEMPEST attack, as it is the first time (at least as far as I know) that this method was used for a “good” purpose. I do not recall a similar complete and utter defeat of a systems vendor in the last years.

Go and read the technical report paper. It is entertaining and may give you fresh ideas for your own pet projects. The details of the reengineering effort can be found here.

The battle now moves on to the legal department. We showed on the technical side that voting computers are not fulfilling the legal requirements for an election (for Germany and the Netherlands at least). The next step is to convince or, if necessary, force by legal means the government to acknowledge the technical findings and revoke the certification of voting computers.

3 Comments so far

  • Lucas Nelson

    October 6th, 2006 2:20 pm

    A while back I talked with some creators of voting machines. What is truely scary isn’t how bad the machines are, but how awful the current system is. With a margin of error of 4% we haven’t had a real mandate from the people here in the US since Clinton beat Dole in ‘96. (But I digress)

    It seems to me that if we can do electronic banking securely then voting shouldn’t be that hard. Having said this, the current systems out there are a joke. Protecting the hardware with a $5 lock just doesn’t cut it as secure.

    My question to others is this: which is a bigger threat to democracy, low voter turnout or the ability to cast a vote in front of another person? (And hence vote buying) Currently an absentee ballot allows one to reliably sell their vote. But would it be so much worse if we could vote via phone? Would the greater voter turnout offset the ability to relaibly sell votes or not. Just a thought.

  • LonerVamp

    October 6th, 2006 2:57 pm

    I wonder the lawsuits and crap that would happen if this had occurred here in the States. I don’t know what would be the biggest stirring of trouble, evil naughty hackers allowed to attack boxes or that the said boxes were horribly insecure. I’m sure we’d blame it on Doom and violent video games…

    And to yourself and the rest of the contributors who tackled those boxes, excellent work! :)

  • versuchsanstalt.org » Aus anderen Anstalten

    October 10th, 2006 12:47 pm

    […] Heise meldet, dass die Physikalisch-Technische Bundesanstalt sich über die Arbeit und den Bericht der niederländischen Bürgerinitiative “Wir vertrauen Wahlcomputern nicht” sehr freut. Es sollen sogar Ergebnisse der Prüfung aufmerksam und gründlich studieren und in ihre weitere Arbeit einbeziehen. Es lohnt sich, die Presseerklärung der PTB dazu zu lesen. Sätze wie “Dass EPROMs austauschbar sind – auch grundsätzlich durch manipulierte EPROMs – ist nicht überraschend. Das ist bei der Aufstellung des Paketes von Sicherungsmaßnahmen, die übrigens unter Einbeziehung vieler Erfahrungsträger erfolgte, bedacht worden. So wie Wahlgeräte in die Abläufe bei konkreten Wahlen eingebettet sind, sind die Sicherungsmaßnahmen aus den bewährten Maßnahmen bei konventionellen Wahlen heraus weiterentwickelt worden.” lassen mich grübeln. Wie meinen die das? Spricht da schon der innere Hausjurist? Es kann wunderbar manipuliert werden, aber das macht nichts, weil ja wie immer bei Wahlen geschulte Experten dabei sind? Was für Erfahrungsträger sind das - können die die gefälschten EPROMS mit den bloßen Händen auslesen? […]

    • Leave a reply