[E-voting] Disinformation about Ireland

Catherine Ansbro cansbro at eircom.net
Fri Mar 24 10:42:48 GMT 2006


Pierre Muller wrote:

>I have to speak in a conference organized by the association of French
>large municipalities. This is our first real public event. Nedap
>importer probably funded the conference. It could be adversarial...
>
>I remind that Ireland don't want to use Nedap machines as often as I
>can. I am wondering how to contradict some disinformation :
>1) CEV report is empty : I read it (partially yet), and I found a lot of
>precious information in the appendixes. In this list too. I have the answer.
>  
>
Yes.  I think the CEV report added some wimpy statements to make sure 
the vendor couldn't sue them.  But they comment quite precisely on many 
actual and potential defects and security holes.  And as we all know, 
the most important kinds of testing were never done, and a full range of 
options was never considered.

>2) Ireland didn't use the machines because of political fuss/stuff. What
>would you answer ? When did it really become political
>  
>
My personal viewpoint is that this was never political (objections to 
oppose the government), but the government kept framing it as such.  It 
was more genuinely an objection to the technology itself and to the lack 
of security, lack of testing, lack of transparency, and the real threat 
to Irish democracy.  This was especially ill-advised since we have a 
hand-counting system that works well, and that can be closely 
scrutinised by average citizens who are not IT experts.

>3) I have noticed a weird marketing : they pretend that their machines
>are not computers (easy to contradict: PTB report mentions a 68000
>processor and a 25000 lines source code). This leads to silly
>declarations from municipalities' election staffs: "these machines are
>secure because there are not computers, but only
>mechanical/electrical/electronic devices"  :-D
>
>I noticed something similar from Liberty (US importer) : "our machines
>are secure because they don't contain software, but only firmware".
>  
>
If you look at some of the extraordinary developments in the USA (which 
I haven't been posting for the simple reason there has been too much 
news about it over the last 6 months--but the news is *consistently 
unbelievably BAD* about *ALL* the different electronic voting machines, 
regardless of manufacturer--there are huge problems--technical, 
procedural, lots of signs of possible fraud though of course difficult 
or impossible to prove because of how the machines were designed and 
lack of access to them to investigate)--/*the firmware is a very 
vulnerable point*./  Technical details about this will come out on 
blackboxvoting.org in the next 3-7 days. 

>Anything similar in Ireland ?
>  
>
In Ireland they focused the PR on how easy it is to use, how it would 
make us look "modern", and give faster results.  They repeatedly made 
misleading and outright false statements, such as claiming they had been 
thoroughly tested by 6 independent companies.  (They never mentioned 
that the most important security aspects were not tested, e.g. no 
penetration threat analysis was carried out, and no end-to-end testing 
was done.)

Note that in Ireland former prime minister Albert Reynolds and several 
other prominent political and business figures were on the board of 
directors of the company that owned Sequoia.  (I think from about 1994 
to 1998 approx. when Sequoia was sold.)  I think the internal push for 
electronic voting occurred at the same time, if I remember correctly the 
timelines from some previous news articles.  Please correct any errors 
in my recall.

Because the very architecture (below the software) of the machines in 
the USA is now being revealed to be vulnerable by design, I can't help 
but be very suspicious of Sequoia and what Irish government officials 
may have learned about the "possibilities" that can be delivered with 
electronic voting.  It's also possible that it was a naive and 
well-intended desire to be "up-to-date" and to present to the world an 
impression of a modern, IT-savvy country--however I am increasingly 
cynical that such naivete was the real reason for promoting electronic 
voting.  Also, IT experts raised serious concerns right from the 
beginning, but these concerns were consistently ignored.

Some have also mentioned that it may have been motivated by the FF 
party's desire to avoid overvotes, which typically cost it many votes 
every election because of voters giving FF candidates several #1 votes, 
resulting in a spoiled vote.  If true, there may have been a political 
reason /for the FF-led government/ to insistently push through 
electronic voting.  However, in my experience, the /opposition/ to 
e-voting was /not/ on political grounds at all.  I think ICTE members 
would agree with me in saying that we'd love to make it easier to avoid 
unintentionally spoiled votes, regardless of which party benefits the 
most from this--but not at the expense of transparent, accurate, 
reliable counting of all our votes. 

Some opposers expressed concern that some people might be put off by the 
new-fangled machines, and therefore might not vote.  But most of the 
opposition came about as a result of factual information about the 
risks, problems in the pilot that were concealed at the time, lack of 
testing, and costs being brought to the attention of the media, all 
politicians, and the general public.  There were a lot of lively 
discussions about this topic on the main radio and television current 
events programmes.

Maybe sometime I'll post some of the more recent news from the USA.  In 
a nutshell--the situation is FAR WORSE than any of the most cynical or 
tin-foil-hat folks ever imagined it could be.  The limited 
investigations that have so far taken place, thanks to two election 
officials of integrity in Florida and Utah, has revealed truly shocking 
security vulnerabilities.  The most recent news involves a vulnerability 
that, once a person has 60 seconds access to a machine at any point in 
its lifetime, can affect ALL elections for the lifetime of the machine 
and be almost impossible to detect or remedy, even if the machine is erased.

And the elections that have taken place on these machines have resulted 
in one fiasco after another.  (In the last few months there have been 
horror stories coming out right across the country.  The optical 
scanners are as bad as the touchscreens.  Ironically, in some states 
that have a paper ballot that is scanned, states have actually made it 
/illegal/ to hand-count the paper ballots, even in a recount!  If this 
doesn't raise serious concerns, I don't know what else can.  Even VVAT 
is /useless/ (or worse than useless since it provides a false sense of 
security) if the paper ballots are not kept under carefully documented 
chain of custody and hand-counted with multiple observers.

Sorry for such a long response,

Catherine

>Thanks for your help.
>====
>Just for fun : did anybody notice the "geographical argument" that your
>government recently used (concerning VVAT) ?
>
>"A spokesman said it was aware of the legal requirements of some
>American states but added: “We are closer to Berlin than Boston..."
>
>http://www.timesonline.co.uk/article/0,,2091-2059159,00.html
>
>  
>




More information about the E-voting mailing list