[E-voting] Current draft

Stan Nangle stan at voyager.ie
Thu Oct 5 00:27:47 IST 2006


> I would suggest an opening paragraph before that.  It starts kind of
> suddenly.
> 
> Keith

Seconded!


 
> NEDAP VOTING MACHINES HACKED
 
> [DRAFT]

Concerns expressed by many IT professionals about the security of the 
eVoting system chosen for use in Ireland were today shown to be well founded 
when a group of Dutch IT Specialists, using documentation obtained from the 
Irish Department of the Environment, demonstrated how the NEDAP eVoting 
machines could be secretly hacked, made to record inaccurate voting 
preferences, and could even be secretly reprogrammed to run a chess 
programme in parallel with the vote recording programme.

Following on from the recently published results of testing conducted by the 
Commission on Electronic Voting, which identified major security problems 
with the vote counting software, this new series of tests, conducted in the 
Netherlands using documentation obtained from the DOEHLG, clearly shows that 
the 7000 voting machines purchased to date by the Irish Government are 
susceptible to being hacked.


The Dutch IT group which conducted the testing have produced a modified 
version of the eVoting software which runs on the voting machine itself that 
is capable of mis-recording votes intentionally.

The results of the testing was revealed on national Dutch television 
program "EenVandaag" on Nederland 1, and showed that they have successfully
> hacked the Nedap machines -- identical to the machines purchased for 
> use in Ireland in all important respects.
> 
> ICTE representative Colm MacCarthaigh, who has seen and examined the
> compromised Nedap machine in action in Amsterdam, notes "The attack
> presented
> by the Dutch group would not need significant modification to run on 
> the Irish systems.  The machines use the same construction and 
> components, and differ only in relatively minor aspects such as the 
> presence of extra LEDs to assist voters with the Irish voting 
> system. The machines are so similar that the Dutch group has been 
> using only the technical reference manuals and materials relevant to 
> the Irish machines as a guide, as those are the only materials 
> publicly available."
> 
> Maurice Wessling, of Wij Vertrouwen Stemcomputers Niet (the Organisation 
which conducted the tests), adds "Compromising the system requires replacing 
only a single component, roughly the size of a stamp, and is impossible to 
detect just by looking at the machine".
> 
> Both ICTE and Wij Vertrouwen Stemcomputers Niet view this as yet another
> demonstration that no voting system which lacks a voter-verified 
> audit trail can be trusted. According to ICTE spokesperson Margaret 
> McGaley "Any system which lacks a means for the voter to verify that 
> their vote has been correctly recorded is fundamentally and 
> irreparably flawed".
> 
> Margaret McGaley highlighted that it is the machines themselves that 
> are at risk. "This particular issue is not about the vote counting 
> software, which we already know must be replaced, this is about the 
> machines that the Taoiseach has claimed were 'validated beyond any 
> question'. We now have proof that these machines can be made to lie 
> about the votes that have been cast on them. It is abundantly clear 
> that these machines would pose a genuine risk to our democracy if 
> used in elections in Ireland."
> 
> [END]
> 
> Links;
> 
> 	Wij vertrouwen stemcomputers niet
> 	http://www.wijvertrouwenstemcomputersniet.nl/
> 
> 	ICTE;
> 	http://evoting.cs.may.ie/
> 
> Contacts;
> 
> Margaret McGaley:
> 
> 	email: mmcgaley at cs.may.ie
> 	phone: 087 755 4023
> 
> Joe McCarthy:
> 
> 	email:	joe.mccarthy at arkaon.com
> 	phone:	086 245 6788
> 
> Colm MacCarthaigh (In Amsterdam):
> 
> 	email: colm at stdlib.net
> 	phone: +31 6 54242980
> 
> [ABOUT ICTE]
> 
> Irish Citizens for Trustworthy E-voting is an independent group of over
> one hundred concerned citizens, IT & Security Practitioners, and 
> Legal Professionals calling for the introduction of a Voter Verified 
> Audit Trail with any E-voting system used in Ireland.
> 
> ICTE has a website available at
> 
> http://evoting.cs.may.ie/
> 
> ICTE's main goals are:
> 
>     * to ensure that any electronic voting system introduced in Ireland
>       meets the following criteria
> 
>         o it includes a Voter Verified Audit Trail (VVAT),
> 	
>         o a booth is used, analogous to the traditional polling booth,
> 
>         o all development uses formal methods,
> 
>         o all source code is open to public scrutiny and audit.
> 
>     * to prevent the use of the Nedap/Powervote system in Irish 
> Elections       until it meets said criteria
> 
>     * to prevent the purchase of any more equipment or software from
>       Nedap/Powervote by the Irish Government unless the system being
>       purchased meets said criteria.
> 
> -- 
> Colm MacCarthaigh                        Public Key: colm+pgp at stdlib.net
> 
> _______________________________________________
> E-voting mailing list
> E-voting at lists.stdlib.net
> http://lists.stdlib.net/mailman/listinfo/e-voting
> http://evoting.cs.may.ie/
------- End of Original Message -------




More information about the E-voting mailing list