[E-voting] last draft

Colm MacCarthaigh colm at stdlib.net
Thu Oct 5 08:55:18 IST 2006


To be sent in the next hour or so ...

NEDAP VOTING MACHINES HACKED

[DRAFT]

Concerns expressed by many IT professionals about the security of the e-voting
system chosen for use in Ireland were today shown to be well-founded when a
group of Dutch IT Specialists, using documentation obtained from the Irish
Department of the Environment, demonstrated that the NEDAP e-voting machines
could be secretly hacked, made to record inaccurate voting preferences, and
could even be secretly reprogrammed to run a chess program.

The recently formed Dutch anti e-voting group, "Wij vertrouwen stemcomputers
niet" (We don't trust voting computers), has revealed on national Dutch
television program "EenVandaag" on Nederland 1, that they have successfully
hacked the Nedap machines -- identical to the machines purchased for use in
Ireland in all important respects.

ICTE representative Colm MacCarthaigh, who has seen and examined the
compromised Nedap machine in action in Amsterdam, notes "The attack presented
by the Dutch group would not need significant modification to run on the Irish
systems.  The machines use the same construction and components, and differ
only in relatively minor aspects such as the presence of extra LEDs to assist
voters with the Irish voting system. The machines are so similar that the Dutch
group has been using only the technical reference manuals and materials
relevant to the Irish machines as a guide, as those are the only materials
publicly available."

Maurice Wessling, of Wij vertrouwen stemcomputers niet, adds "Compromising the
system requires replacing only a single component, roughly the size of a stamp,
and is impossible to detect just by looking at the machine".

Both ICTE and Wij vertrouwen stemcomputers niet view this as yet another
demonstration that no voting system which lacks a voter-verified audit trail
can be trusted. According to ICTE spokesperson Margaret McGaley "Any system
which lacks a means for the voter to verify that their vote has been correctly
recorded is fundamentally and irreparably flawed".

Margaret McGaley highlighted that it is the machines themselves that are at
risk. "This particular issue is not about the vote counting software, which we
already know must be replaced, this is about the machines that the Taoiseach
has claimed were 'validated beyond any question'. We now have proof that these
machines can be made to lie about the votes that have been cast on them. It is
abundantly clear that these machines would pose a genuine risk to our democracy
if used in elections in Ireland." 

ICTE is repeating its call, which reflects the opinions shared by IT expert
groups, including the E-voting group of the Irish Computing Society, that any
voting system implemented must include a voter-verified audit-trail.

[END]

Links;

	Wij vertrouwen stemcomputers niet
	http://www.wijvertrouwenstemcomputersniet.nl/

	ICTE;
	http://evoting.cs.may.ie/

	Photographs of the hacked voting machine;
	http://flickr.com/photos/colmmacc/sets/72157594312701166/
	
	EenVandaag article (in Dutch):
	http://www.eenvandaag.nl/index.php?module=PX_Story&func=view&cid=2&sid=31156

	Other Dutch coverage:
	http://news.google.nl/news?hl=nl&ned=nl_nl&q=nedap&btnG=Nieuws+zoeken

Contacts;

Margaret McGaley:

	email: mmcgaley at cs.may.ie
	phone: 087 755 4023

Joe McCarthy:

	email:	joe.mccarthy at arkaon.com
	phone:	086 245 6788

Colm MacCarthaigh (In Amsterdam):

	email: colm at stdlib.net
	phone: +31 6 54242980

[ABOUT ICTE]

Irish Citizens for Trustworthy E-voting is an independent group of over
one hundred concerned citizens, IT & Security Practitioners, and Legal
Professionals calling for the introduction of a Voter Verified Audit
Trail with any E-voting system used in Ireland.

ICTE has a website available at

http://evoting.cs.may.ie/

ICTE's main goals are:

    * to ensure that any electronic voting system introduced in Ireland
      meets the following criteria

        o it includes a Voter Verified Audit Trail (VVAT),
	
        o a booth is used, analogous to the traditional polling booth,

        o all development uses formal methods,

        o all source code is open to public scrutiny and audit.

    * to prevent the use of the Nedap/Powervote system in Irish Elections 
      until it meets said criteria

    * to prevent the purchase of any more equipment or software from
      Nedap/Powervote by the Irish Government unless the system being
      purchased meets said criteria.

-- 
Colm MacCárthaigh                        Public Key: colm+pgp at stdlib.net



More information about the E-voting mailing list