Tuesday, October 10, 2006

e-voting compromised again

According to this story, the Nedap ES3B can be privacy compromised by eavesdropping on radio emanations. It is not clear from the story whether the machine must be tampered with first, and the manufacter of course insists their machines will be clean.

Transparency is the Achilles heel of e-voting. Building a machine which faithfully records votes is easy. Building a machine which can be seen to faithfully record votes without compromising the secrecy of the ballot is next to impossible.

Making voting software open source would improve this transparency, but even then it is far too easy to run software on a machine that is different from the software it should be running.

We've all heard the stories about Diebold machines in the US being preloaded with votes for Bush. Probably some of the stories are true, but what is even more frightening is that there is no way of knowing.

No election is perfect, and a few votes have always been stolen here or there. But we should beware of automating this fraud, giving a single individual in the right place the power not to steal a few votes, but everybody's vote and a whole election.


Tristan said...


There are mechanisms being developed for a verifiable election machine, but I can't see anyone going for it, its probably too much work or something...

The scary thing about electronic voting is that if you are not /very/ careful then fraud becomes much easier. Like with the internet, the best way to steal money is to steal a little from a lot of accounts, with these machines you can steal votes randomly, but get enough to change close results...

Joe Otten said...

There's the whole "verified voting" movement. That's based on the idea that voting machines should produce paper receipts that can be checked by the voter and counted in the event of a dispute. This is the right idea - the paper is transparent and so should be authoritative. The machine count is just for convenience. There is still the problem of knowing when the paper must be counted of course.

The banking comparison is often made by supporters of e-voting, but it is a bad one. The same problem doesn't exist with banking because knowledge of where money has come from and goes to is permitted. Voting should keep secret who a vote has come from, and that makes the simple auditing that a bank can do impossible.