[E-voting] Nedap voting machines successfully hacked

Colm MacCarthaigh colm at stdlib.net
Wed Oct 4 17:32:15 IST 2006


Two weeks ago, I went to meet with the Dutch anti e-voting group;

	http://www.wijvertrouwenstemcomputersniet.nl/

(We don't trust voting computers). They rock. With the help of a TV show
there, they managed to get their hands on some Nedap voting machines.
The machines are identical to what Ireland bought, except they lack the
LEDs that we use to show preferences, and they only use one ballot
module per machine, not two like in Ireland. There are some other
differences, like they have no handles that were found to be neccessary
in Ireland (for health and safety reasons), but those are minor things.

Tonight, the group are going public on Dutch television (right now
actually), and it will be up on youtube soon, right now there's a
trailer linked from their site;

	http://www.youtube.com/watch?v=IzN3jWtsykw

As we knew already, the machines run on m64k processors, and it's
relatively easy to reverse engineer what all of the registers and inputs
correspond to. The dutch group were able to successfull assemble code to
run on the machine, and even burn it on the very eeprom that comes in
the machine. They produced two main demonstrations;

	1. A rigged election. "confirm" the checksum, accept votes, but
	   to then misrecord the votes at the end of the day. The code even
	   includes some clever routines to determine if it's being
	   tested. It makes sure the votes were input reasonably 
	   randomly and over the course of a few hours. It would not be
	   detected in any of the routine tests.

	2. A chess program. Apparantly one of the vendors involved 
	   claimed that if voting machines were really computers, he'd
   	   love to see them playing chess. So, they glued a paper chess
	   board to the machines inputs, put magnets on some chess
	   pieces and then compield up some chess libraries to run on
	   the machine. It even detects the moves automatically, and
	   can accurately tell if you've moved the pieces correctly
	   for its own move.

Tha twas two weeks ago, they may well have done even more cool stuff 
since then :-)

>From our point of view, it's important to realise that these things are
basically undetectable, everything looks the same externally. So only
the very dodgy seals are our proection against this. Also having seen it
myself, I have every reason to believe that this is all entirely
compatible with the Irish machines, there are no significant
differences.

I think this is definitely a major opportunity for a press release, both
to help our Dutch friends with some international support and to give us
another opportunity to point out that the conclusions of the CEVs report
actually did suggest many major and costly changes to this completely
untennable system.

I'm going to ring RTE's european affaris correspondent (I have his
mobile) to see if they'll go to the press conference in Amsterdam
tomorrow. I'm just waiting on the location and time details on the
conference itself :-)

Anyway, what say ICTE? time for one more Press release? Tonight is
possibly a good time for it. Anyone willing to be quoted? I'll do up a
first draft anyhoo!

-- 
Colm MacCárthaigh                        Public Key: colm+pgp at stdlib.net



More information about the E-voting mailing list