E-Voting System

Red Alert

The e-vote system now has been 'sort of' certified. The hardware is physically secure but the software appears to be dud.

These machines are like a cash-register or x-ray machine in nature, it's not a case of ripping out the software and replacing it with a drop-in replacement. The hardware is undocumented outside of the Nedap corporation for proprietary reasons. Bertie is foolish to believe that this is possible and sadly with the limited technical knowledge of much of the electorate means that he will succeed in promoting this belief.

This has shades of the Leyland double-deckers which CIE spent wagon loads of money on fixing by replacing engines, often from new. CIE and the government eventually had to start the Bombardier Project to deal with the issue.

The machines themselves are programmed in C, fair enough, a lot of embedded stuff is. However the count PC is a windows-based job running a Delphi program - not suitable at all! The source code is closed and known only to Nedap.

Do you think it will appear in the next or subsequent election? Should we try and fix it or implement a new system?

I would personally favour the latter, and send the current machines to Bob Mugabe or similar, where the result does not matter. An open source alternative system should be developed with source code that any voter can download and peruse from the web.

EDIT: My sources for any info is the currently running 5-7 live programme.

lostexpectation

well if they are not going to be used for the next election what other vote will they try to reintroduce it on?

I guess they will 'test' the system in the general elction next yr again.

I guess the local elections will be in 2009?

have they renewed the contract with the same people, its hard to lobby for opensource when there no election looming that it will be used in.

and by then we'll have our on HAVA

Red Alert

They will have to keep the FF-supporting lock-up owners in the standard to which they're accustomed for another while.

I'd bet if FF get in again after the general election they'll slip them in for the next round of local elections.

Ruu_Old

I started the thread below not long ago, after I spotted it on rte.ie. Reports back the use of e-voting machines

DublinWriter

Red Alert wrote:

The machines themselves are programmed in C, fair enough, a lot of embedded stuff is. However the count PC is a windows-based job running a Delphi program - not suitable at all! The source code is closed and known only to Nedap.

Excuse me, but do you really have a clue about Delphi?

Secondly, do you know most modern ATMs are actually "dressed up" Windows 2000 Workstations?

It would have been an even worse situation if those voting machines were running embedded firmware in terms of transparency.

I do agree about the lack of availability to the source-code. That's absolute nutz, especially for a function so important as democracy.

Even in a situation were such software is not 'Open Source' , there should still be an Escrow agreement in place allowing for the disclosure of the source code in a audit situation.

Scarier still was the revelation that the results were basically written out unencrypted from voting booths onto CD and physically brought to the count centre. No encryption, no digital signing...madness.

Hotblack Desiato

What's wrong with paper voting anyway?

oscarBravo

Very little.

Bards

ninja900 wrote:

What's wrong with paper voting anyway?

Disabled, Older, those living away from home are unable to vote using the paper method. Hopefully some day we will see not only e-voting replacing the paper system but using E-voting to its fullist potential allowing those who are not able to make it to polling stations vote electronically over the Internet.

People trtansfer funds from bank accounts over the Internet everyday of the week so it should be possible to code a secure enough system. Maybe assigning everyone a Pin code like how the Motor Tax renewal system works.

Just a thought

bonkey

Its not cool and trendy enough for the governments who want to show they're embracing mo-duh-rn technology.

jc

oscarBravo

Bards wrote:

Disabled, Older, those living away from home are unable to vote using the paper method.

Equally true of the proposed electronic system.

Bards wrote:

Hopefully some day we will see not only e-voting replacing the paper system but using E-voting to its fullist potential allowing those who are not able to make it to polling stations vote electronically over the Internet.

Ye gods, we can only hope not.

Bards wrote:

People trtansfer funds from bank accounts over the Internet everyday of the week so it should be possible to code a secure enough system. Maybe assigning everyone a Pin code like how the Motor Tax renewal system works.

This is a misunderstanding worthy of Martin Cullen himself.

How do you propose to secure such a system from voter intimidation/vote buying? How, in other words, do you guarantee a secret ballot?

Red Alert

Sorry, to the above poster I do indeed have a clue about delphi and ATM machines as i'm practically expert in C, Perl, PHP, Delphi and Visual Basic. And yes BOI's machines amongst others are dressed up 2000 machines (not AIB's).

The trouble with online voting is that your employer/mammy/daddy/cat could exert undue influence on you to vote in a specific way. The polling & personation officers at the polling station ensures that nobody votes as you and that nobody sees your vote.

Bards

oscarBravo wrote:

Equally true of the proposed electronic system. Ye gods, we can only hope not. This is a misunderstanding worthy of Martin Cullen himself.

How do you propose to secure such a system from voter intimidation/vote buying? How, in other words, do you guarantee a secret ballot?

Very same way I transfer funds between bank accounts from home. No intimidation there. More chance of intimidation from polstres up the strret from polling stations.

As far as I am aware my own house has enough privacy.

Even in the paper based system You can get intimidation... Sinn Fein driving people to Polling stations is intimidation/vore buyinig in my mind

Bards

Red Alert wrote:

Sorry, to the above poster I do indeed have a clue about delphi and ATM machines as i'm practically expert in C, Perl, PHP, Delphi and Visual Basic. And yes BOI's machines amongst others are dressed up 2000 machines (not AIB's).

The trouble with online voting is that your employer/mammy/daddy/cat could exert undue influence on you to vote in a specific way. The polling & personation officers at the polling station ensures that nobody votes as you and that nobody sees your vote.

And party political broadcasts/advertisments/media campaigns don't have an influence.

Get Real.. we are influenced by these things every day in our lives except we just don't realise it

Red Alert

And therefore for a reason there's limits on what sort of polling, canvassing, postering etc can be done within and near to a polling station.

Take an elderly person for example who is completely dependent on his/her family to support them so they can live independently. If it was done online they could be coerced by overzealous family members who would offer to do it for them.

Bards

Or by Sinn Fein who offers to drive them to the polling station... .

We are being brainwashed by the media every day. how many people here are convinced E-Voting Was Martin Cullen's Idea.

Well they would all be wrong. Mr Noel Dempsey Introduces E-Voting when he was Minister for the Environment and was used successfully in two elections

Back on topic... On-Line is only an extra option for those who are actually able to use the Internet and who cannot make it to a Polling station

gandalf

To the best of my knowledge some of these systems are indeed based on PC's. Given they have been in storage now for around 2 years and the normal corporate lifespan of a PC is 2 years and the normal warranty on the systems that are used for this contract is 3 years they are about to start costing us a hell of alot more for maintenance. I mean by the time they are used the OS may not be even supported by MS.

E-Voting itself if impliemented properly is a step forward. Having a closed system like this with no tracking is where this has failed totally and shows what a bunch of incompetents this current bunch are.

oscarBravo

Bards wrote:

Very same way I transfer funds between bank accounts from home. No intimidation there. More chance of intimidation from polstres up the strret from polling stations.

As far as I am aware my own house has enough privacy.

Riight. So, because you've never been intimidated into transferring money from your bank account against your will, that's a cast-iron guarantee that no-one else could ever be intimidated or coerced into voting a particular way in their own home? Or, indeed, that they were in the comfort and safety of their own home when they voted?

Bards wrote:

Even in the paper based system You can get intimidation... Sinn Fein driving people to Polling stations is intimidation/vore buyinig in my mind

Here's the point you're missing: even if the local mobsters picked me up in my house and pointed a gun at my head in the back of the car all the way to the polling station, and threatened me with all sorts of recriminations if I didn't vote for
the "right" candidate - I can still cast my vote in perfect secrecy with our current system, and they're none the wiser.

Do you honestly think that can ever be guaranteed with remote voting?

oscarBravo

Bards wrote:

And party political broadcasts/advertisments/media campaigns don't have an influence.

Get Real.. we are influenced by these things every day in our lives except we just don't realise it

I realise it. I take it into account when weighing up the pros and cons of the various candidates. I try to vote in the way that I think is best.

That's a little harder to do when someone's watching you vote, and threatening you with physical violence if you don't do it "right".

oscarBravo

Bards wrote:

[e-voting] was used successfully in two elections

How do you know? How does anyone know? Weren't there questions about the total number of votes counted versus the number of votes cast?

yomchi

Bards wrote:

Very same way I transfer funds between bank accounts from home. No intimidation there. More chance of intimidation from polstres up the strret from polling stations.

As far as I am aware my own house has enough privacy.

Even in the paper based system You can get intimidation... Sinn Fein driving people to Polling stations is intimidation/vore buyinig in my mind

My good man, the driving of people to polling booths is a common practice by ALL political parties. Its part of the polling day operation that is established through the use of each parties registered voters, thats the logic behind tactical canvassing.
Why would you find your friends and neighbours being drivin to polling booths intimidating?

On another note, I believe the E voting will be another disaster. Is it true that it will elimate the transfer votes?

Crash

Just out of interest - you mentioned the hardware is undocumented - absolutely nothing has been found out about them? just wondering cus it would interest me to find out what kind of architecture these machines run on - if anyone came across anything it'd be great - thanks!

bonkey

oscarBravo wrote:

Do you honestly think that can ever be guaranteed with remote voting?

Questions like that always remind me of the horrors people predicted would follow the use of "weak" encryption for HTTPS, in terms of CC transactions etc. not being safe.

The banks, predictably, took a different approach - they asked themselves if, on balance, the resultant system was more or less prone to abuse than high-street and/or phone-based transactions. Conclusion: it was less prone to abuse.

Can remote-voting be 100% secure? No, it can't. But thats not the real question. The real question is whether or not remote voting can provide an acceptably secure and functional system, which - on balance - is not statistically likely to produce a significantly different result.

The thought of organised "holding of guns to heads" is simply untenable, so at most we're talking about there being isolated cases. Sure, mom and pop can "convince" granny or junior to vote for their party of choice, but y'know what...thats not likely to actually benefit any single party. Its as likely to happen to FF as it is the PDs as it is the Greens or anyone else. Over a large-enough sample-space, it should balance out.

secondly, lets not be under any illusion that our paper-based system is proofed against all abuse. "Vote early and often" is not something thats just a joke. The graveyard vote also exists. Do we lose sleep over these things? Do we fear that our world will come crashing down because there are imperfections in our system? Do we see people arguing as vociferously about the need to reform the known flaws as against new systems which have potential small-scale flaws we can blow out of proportion?

Or what about the postal votes currently in Ireland? The old, the disabled, those in full-time education....all may be eligible for a postal vote. Whats to stop these votes being corrupted? Why don't we get up in arms and protest that the postal vote must stop now if these are genuine fears?

Indeed, if I wanted to force young Johnny to vote a certain way today, I'd make use of the fact that although no-one can hold a gun to his head whle he votes, they can hold a gun to his (or someone else's) head before and afterwards until and unless he provides proof (a phone-camera comes in handy here) that he voted a certain way.

Jon wrote:

On another note, I believe the E voting will be another disaster. Is it true that it will elimate the transfer votes?

I'm constantly amazed at how people can admit to an ignorance of what is being proposed and a simultaneous belief that they know enough to be able to predict its failure.

Macy

E voting is dead and buried for a while because the electorate have no confidence in it anymore, and rightly given the lack of control in the proposed system.

Cullen takes the blame, as he signed the contracts despite all the questions/issues that were raised before he did, that are also flagged in this report. I don't think alot of us that are opposed to the proposed system aren't opposed to e-voting in general (although the this debacle makes me more sceptical). How Cullen keeps his job is beyond me, but I've been told that FF have no one else from the South East to replace him hence he stays :rolleyes:

I also think it was bizarre that the proposed electronic voting didn't make transfers proportional, but that's kinda irrelevant given the wider issues of this.

Red Alert

the machines themselves i don't think are PC's, they resemble the sort of POS terminal that Penney's or many restaurants use, not quite dumb but not quite a PC. it's also questionable as to whether any part of the system should be running a Microsoft (or uncertified, sealed and audited Linux) operating system.

Martin Cullen has rightly taken a lot of the flak for this system. Aside from whoever introduced it, he has been its main proponent and backer all along since he took over. E-Votinng is now dead in the water - which is a bad thing.

I support the idea of e-voting but not the use of this Nedap system. There is enough expertise in this country to develop a simple, functional and secure system (in the words of Theo deRaadt). It should be made using minimal code and a text-only display, making the code exceptionally easy to read. It must be open source and the code downloadable WITH EXPLANATIONS so a non-programmer could follow exactly what's going on.

Bards

bonkey wrote:

Questions like that always remind me of the horrors people predicted would follow the use of "weak" encryption for HTTPS, in terms of CC transactions etc. not being safe.

The banks, predictably, took a different approach - they asked themselves if, on balance, the resultant system was more or less prone to abuse than high-street and/or phone-based transactions. Conclusion: it was less prone to abuse.

Can remote-voting be 100% secure? No, it can't. But thats not the real question. The real question is whether or not remote voting can provide an acceptably secure and functional system, which - on balance - is not statistically likely to produce a significantly different result.

The thought of organised "holding of guns to heads" is simply untenable, so at most we're talking about there being isolated cases. Sure, mom and pop can "convince" granny or junior to vote for their party of choice, but y'know what...thats not likely to actually benefit any single party. Its as likely to happen to FF as it is the PDs as it is the Greens or anyone else. Over a large-enough sample-space, it should balance out.

secondly, lets not be under any illusion that our paper-based system is proofed against all abuse. "Vote early and often" is not something thats just a joke. The graveyard vote also exists. Do we lose sleep over these things? Do we fear that our world will come crashing down because there are imperfections in our system? Do we see people arguing as vociferously about the need to reform the known flaws as against new systems which have potential small-scale flaws we can blow out of proportion?

Or what about the postal votes currently in Ireland? The old, the disabled, those in full-time education....all may be eligible for a postal vote. Whats to stop these votes being corrupted? Why don't we get up in arms and protest that the postal vote must stop now if these are genuine fears?

Indeed, if I wanted to force young Johnny to vote a certain way today, I'd make use of the fact that although no-one can hold a gun to his head whle he votes, they can hold a gun to his (or someone else's) head before and afterwards until and unless he provides proof (a phone-camera comes in handy here) that he voted a certain way.




I'm constantly amazed at how people can admit to an ignorance of what is being proposed and a simultaneous belief that they know enough to be able to predict its failure.

Couldn't agree with you more

bonkey

Red Alert wrote:

It should be made using minimal code and a text-only display, making the code exceptionally easy to read.

Minimal code sounds nice, but minimal to what extent? You need security, reliability, your basic ACID properties etc.

Minimal, in this case, is going to be pretty damned complex.

As for a text-only display....that doesn't particularly gain you anything in readability. You still need a display-manager to turn your text into on-screen text, and unless you're gonna get down-and-dirty with the code for that, you're no better off trust-wise and not much (if any) better off simplicity-wise.

]It must be open source and the code downloadable WITH EXPLANATIONS so a non-programmer could follow exactly what's going on.

There's absolutely no benefit in the latter part of that, and questionable benefit in open-source compared to peer-reviewed code and/or code which is proprietary but available on demand for review and/or code which is not publically available but which has been reviewed by qualified independant experts.

Ther eason there is no benefit in maknig it accessible for non-programmers is as follows:

1) THe non-programmer does not have the ability to judge whether or not the explanations are an accurate description of what is goign on. Thus, all they have is someone else's word that this is how things work.

This is fundamentally no different to what they have in the absence of these comments - someone else's word.

thus, there is no advantage in shouldering the additional cost of such "dumbing down".

Cardinal

Reading this forum I've been wondering how people feel about e-voting as a concept? If there was a system which was sufficiently secure and transparent how would people feel about using this system as opposed to traditional paper voting methods?

Bards

As a concept I think it is a great idea and brings us into the 21st Century

dahamsta

I think people are getting distracted with this whole arm-twisting sideshow. The real issue with remote voting is that millions of home computers worldwide have trojans installed on them, and probably tens of thousands of those will be Irish. These botnets are controlled by individuals or close-knit groups, and getting in touch with these people and getting their help is not difficult. Even ten thousand machines in Ireland could sway an election; even less could sway a local election.

The computer security environment isn't appropriate for this sort of thing right now, and it won't be for another ten years if Windows Vista is anything to go by (Windows Vista = Wndows XP+1 = Windows 2000+1 = Windows NT+1). Arguing for remote voting is just plain silly in light of that, and a waste of everyone's time. Whether people would have their arms twisted or not is neither here nor there.

adam

oscarBravo

bonkey wrote:

Questions like that always remind me of the horrors people predicted would follow the use of "weak" encryption for HTTPS, in terms of CC transactions etc. not being safe.

The banks, predictably, took a different approach - they asked themselves if, on balance, the resultant system was more or less prone to abuse than high-street and/or phone-based transactions. Conclusion: it was less prone to abuse.

Right, but that's a completely different issue. Yes, there are parallels, but the most important issue - what's actually at stake - is not one of them.

The fundamental difference between electronic voting and electronic pretty-much-anything-else is the absolute requirement for privacy. Whether you're talking about a credit card payment on online banking transaction secured by TLS, you're still looking at a scenario where the potential victim can check a paper trail and become aware of any fraud. Our constitution requires that such not be the case in an election. Therefore the need for secrecy and accuracy at the point of recording the vote is critical.

bonkey wrote:

Can remote-voting be 100% secure? No, it can't. But thats not the real question. The real question is whether or not remote voting can provide an acceptably secure and functional system, which - on balance - is not statistically likely to produce a significantly different result.

That's the question if your only concern is the broad statistical outline of the result. If you're concerned that your vote accurately reflects your intentions, then the question changes.

bonkey wrote:

The thought of organised "holding of guns to heads" is simply untenable, so at most we're talking about there being isolated cases. Sure, mom and pop can "convince" granny or junior to vote for their party of choice, but y'know what...thats not likely to actually benefit any single party. Its as likely to happen to FF as it is the PDs as it is the Greens or anyone else. Over a large-enough sample-space, it should balance out.

I'm not as convinced that large-scale coercion is unlikely, should widespread remote voting become possible. Even leaving that aside for a moment, it's not safe to assume that coercion is zero-sum. The only safe assumption should be that if coercion is possible, it will happen, and that therefore opportunities for coercion should be strictly limited.

bonkey wrote:

secondly, lets not be under any illusion that our paper-based system is proofed against all abuse. "Vote early and often" is not something thats just a joke. The graveyard vote also exists. Do we lose sleep over these things? Do we fear that our world will come crashing down because there are imperfections in our system? Do we see people arguing as vociferously about the need to reform the known flaws as against new systems which have potential small-scale flaws we can blow out of proportion?

I agree completely that our voting system has potential flaws. I would argue that a fraction of the effort and expense that has been put into developing a crap e-voting system could have been used to fix the flaws in the current system.

Most of those flaws are to do with the quality of the electoral register, which the electronic system does nothing to address. In fact, the flaws that exist would be much more open to exploitation should remote voting become a possibility.

bonkey wrote:

Or what about the postal votes currently in Ireland? The old, the disabled, those in full-time education....all may be eligible for a postal vote. Whats to stop these votes being corrupted? Why don't we get up in arms and protest that the postal vote must stop now if these are genuine fears?

I have always had reservations about postal voting, but as I understand it a postal vote is very difficult to get. I wasn't aware that the categories you listed were eligible; I thought that only police and armed forces and certain others could vote by post. I'm open to correction.

bonkey wrote:

Indeed, if I wanted to force young Johnny to vote a certain way today, I'd make use of the fact that although no-one can hold a gun to his head whle he votes, they can hold a gun to his (or someone else's) head before and afterwards until and unless he provides proof (a phone-camera comes in handy here) that he voted a certain way.

A phone-camera is a recent threat model that's been introduced to the security of our existing system. Rather than shrug it off and resignedly accept that voting security is impossible, I'd rather see precautions taken to tackle such threats.

OT: the C S Lewis quote in your sig has been one of my favourites ever since I first read Dawn Treader about 25 years ago.

oscarBravo

Bards wrote:

As a concept I think it is a great idea and brings us into the 21st Century

I've been in the 21st Century for several years now. Where have you been?