Group Sues To Stop German E-Voting

kRemit writes "The German hacker group Chaos Computer Club today sued the German State of Hessen to prevent the use of electronic voting machines (Google translation) in the upcoming elections on January 27. This comes as a follow-up to the Dutch initiative 'We don't trust voting machines,' which succeeded in banning the same type of voting machines in the Netherlands."

Ha!

[ScrewMaster (602015)]

Whoever said hackers couldn't be useful?

Hacker v Cracker

[SillySlashdotName (466702)]

Hackers are frequently useful. Crackers are seldom if ever useful.

Re:

[multisync (218450)]

99% of the general public doesn't get the distinction and probably never will. "Hacker" has gone the way of other fine old words

So I guess we should all just start calling our monitors the "computer" and the box that actually contains the computer the "hard drive," since 99% of the general public thinks that's correct? Oh, and I'm trying to download a program in Excel, when what I really mean is create a spreadsheet?

No thanks. I think I'll just continue to educate people who don't know any better as to what

you can tamper with paper votes

[circletimessquare (444983)]

but it is cumbersome, slow, small in scale, and hard to hide

on the other hand with electronic voting (and to a lesser extent mechanical voting), you have an order of magnitude more attack vectors. you can also do a lot more damage with the slightest of effort, quickly, with a lot of volatility and potential for permanent obfuscation, destruction, or scrambling and outright manipulation. you can cover your tracks well too, and you can quickly survey the landscape and tweak votes in ways that are hard to sniff out later

paper voting is totally transparent to everyone involved. electronic voting is opaque. there is no verification, nothing of substance. nothing to see or touch

electronic voting is probably one of the greatest threats to faith in democracy in the 21st century. not a joke in the least

we need to lose this really bad idea asap

Re:

[corsec67 (627446)]

One thing I expected around the 2004 election was a virus/worm that randomly changed the values in Access databases. Don't change the schema, don't delete rows, just change the values that was in there. Not changing the schema and not deleting stuff would make it relatively unnoticeable for as long as possible.

If it used a 0-day exploit, and had a way to get through NATs (piggy back on a website request or something), then you couldn't trust any tallies or votes done on anything that touched the internet.

Re:

[MorderVonAllem (931645)]

What about the machines that validate the paper votes? (I claim to know nothing about this) But are those computer systems or mechanical systems? If they're computer systems what's to prevent people from hacking them, lack of access?

Re:

[thogard (43403)]

The party that lost will hand count the votes and if their numbers don't match the machine, all votes are recounted.

Re:

[countach (534280)]

Machines that count paper votes can be tested by manually counting a sample. If the sample differs significantly from the mechanical count, you have a problem. You could cheat this way, but not by much.

Re:

[huge (52607)]

If the sample differs significantly from the mechanical count, you have a problem.

If sample differs at all you have a problem. Vote counting shouldn't be a "pretty close approximation", it should be exact. Number of votes need to be exact.

You shouldn't be able to cheat at all in elections. You cannot ignore something because you could only cheat "a little". If it comes to a close call every single vote counts.

Re:

[Dare nMc (468959)]

Machines that count paper votes can be tested by manually counting a sample.

same is true of e-voting. Do you know the path of the results from the paper votes to TV results? History shows their are so many ways found to hack paper ballots, be it creative printing, creative handling, or messing with phone lines used to transmit, or losing a box, or even substituting a box for another (you give the real voters the counterfeit ballots, and boxes. You fill in the real ballots and boxes.)

With e-voting their

Theoretically possible? Yes.

[HiThere (15173)]

Theoretically possible, however, doesn't have much to do with any implementation that I've heard of. More of them seem designed to specifically allow election results to be faked than to produce honest results.

Fundamentally, the problem is that if the mechanism for counting votes is hidden, then the results can't be trusted. It could, potentially, pass every test but when a crucial date rolled around, or a switch was set, it could act in a very different way.

And it's not just the program. Every step of t

Heroes

[ObsessiveMathsFreak (773371)]

Didn't anyone see that Heroes episode? A determined team of black hats could accomplish all that easily enough, and with enough noise in the ballots to make fraud statistically fiendish to detect.

E-vote tampering is not science fiction. It's an inevitable fact.

Scale matters.

[evanbd (210358)]

Quantity has a quality all its own.

Many people seem to have the mistaken impression that electronic voting doesn't change anything fundamental about vote fraud, it just changes how it happens. But, if the change is big enough, it becomes qualitatively different as well.

You are ignoring the key issue that led to this

[Brett Buck (811747)]

Once again, every time this topic comes up, the answer is always *paper ballots*. I feel compelled to point out that the entire reason there are electronic voting machines throughout the USA is because *we had a big problem with paper ballots in Florida*. The problems with paper ballots are almost the sole reason electronic voting is being persued. It's clearly *not* transparent and *not* straightforward - there are STILL people going over the ballots trying to get a different result and people are STILL ar

Re:You are ignoring the key issue that led to this

[by Anonymous Coward]

Whoah there. Not all paper ballot systems are equal. In ireland, people use voting slips that are written on, not ambiguously punched. And hand counted locally, with adversarial counters (i.e. people of all party affiliations checking eachothers' counts). And the voting system is proportional representation, more complicated to count, but they still manage (the american/corporate-affiliated irish government of the time tried to introduce electronic voting the election before last, and failed due to the machines' demonstrable insecurity and unreliability).

Ireland has less people you say? True, but it still has millions, it's about the size of a US state. And these things scale well! They're amenable to hierarchical decomposition! Vote local, count local, subsubtotal, subtotal, total => result.

Human voting is a human process, and computers should stay the fuck out of it. It's incredibly more difficult to bribe _everyone_ involved in a human-counted election than to change a few lines in a closed-source unverified voting machine.

Re:

[Lunzo (1065904)]

Mod parent up (Insightful/Informative).

Australia uses a similar system for casting votes and counting. Ticking or numbering boxes with a pencil is way different to having a machine punch holes in a paper ballot, and avoids any hanging chads or any of that crap.

As for scalability of counting, in Australia we get the election result on the night (except for seats which are incredibly close) a few hours after polling booths close.

Re:

[It'sYerMam (762418)]

As my high school deputy-head said at the time, "Here in England, we just get a big black crayon and mark a big black X," with a neanderthalic demonstration. Keep it simple, stupid!

Re:

[swillden (191260)]

And the voting system is proportional representation, more complicated to count, but they still manage

I'm a fan of paper, but you're wrong to say that the proportional representation system is more complicated to count -- it's simpler. There are more parties, sure, but fewer separate decisions. My ballot (in the US) can have as many as 80 separate choices on it, because we vote for individual positions at the city, county, state and national level all on one ballot. In addition there are city, county and state ballot initiatives as well as retention votes for judges and some other appointed officials.

Re:You are ignoring the key issue that led to this

[chebucto (992517)]

A few points:

- Florida did not simply use paper ballots; it used mechanical voting machines to punch those ballots.
- Paper-punching machines are needlessly complicated, opening them up to unique kinds of disruption. Their performance in Florida may have been deliberately degraded: there are allegations that substandard paper was sent to that state by a voting-machine company for use in the machines (read more here [votetrustusa.org])
- In voting, the simplest is the best: paper + pencil for the voter; trustworthy citizens for the counting. This is what we use in Canada; a country of 30m people, and we are able to announce election results the night of the election. There is universal trust in the voting process - though not, I am sad to say, in politics in general :)

Re:

[dave420 (699308)]

In the Sunderland South constituency in England, in 2001 they counted 30,000 votes in 43 minutes. Each year they try to count them as fast and as accurately as possible, and they apparently do a great job.

Re:

[HiThere (15173)]

Pencil is a bad choice. My preference is bingo markers, but any indelible ink is reasonable. Sharpies are good, but expensive. Bingo markers were specifically designed for the job, and make nice round dots.

Re:

[dangitman (862676)]

No. Florida had very poorly designed ballots that used a bizarre machine to mark them. Most paper ballot systems don't suffer from the problems of Florida, because they are not needlessly complex. What's wrong with a simple voter-writes-with-ink-on-paper system?

Re:

[ajs318 (655362)]

The problem was that in Florida, the ballots were marked by machine, and counted by machine. The crux of the matter was that the machines were not behaving properly.

The way to eliminate the problem of machine unreliability is to mark the ballots by hand and count them by hand.

Re:

[cdrguru (88047)]

Problem in the US is that if we do not have results before midnight Eastern time a winner will be announced anyway, as was done in 2000. Do you really think the country can handle announcing Hillary as the winner at midnight and then at 2:00 AM saying "just kidding, John McCain is really the winner?"

Do you believe the government is in such good control of the news media so see to it that this doesn't happen?

In some countries it takes two weeks to announce the results. How come we can't be patient in the U

Re:

[Entropius (188861)]

I can't handle John McCain being announced the winner no matter *how* it happens.

Sure, he's principled and honest. His principles are just opposite mine.

Re:

[dangitman (862676)]

Uh, why wouldn't this be possible with paper ballots? Even with hand-counting, it's possible to get results within hours. There's also no reason electronic voting wouldn't delay the results, given the uncertainties and numerous problems with the machines. A reliable system like paper is much more likely to get quick and accurate results than an unreliable system.

Re:

[Gideon Fubar (833343)]

Yes, but Germany is in Europe. ;)

NH Primaries Voting Franchise Monopoly

[Doc Ruby (173196)]

NH (and most of the rest of New England) doesn't seem to mind [bbvforums.org] about its own digital voting being in unaccountable private hands, as it wields its totally disproportionate influence on the voting of the entire country.

As simple as I can say this...

[explosivejared (1186049)]

Hessen, and the rest of the Germany too, listen up! Pardon my German, but... DAS ELEKTRONISCHE WAHLEN IST SCHLECT!! Did you get that? Electronic voting is bad! I don't know how many discussions, lawsuits, and protests that blast e-voting's many shortcomings it is going to take before they become what they should be, landfill fodder.

Seriously, at best they are a waste of money. At worst, and probably most likely, they add all sorts of new vectors for corruption in a process that is inherently corrupt. Listen, most sane people realize that instant election results are not worth the dangers involved with excessive automation of the process. Keep to Occam's razor. The simpler the system the better. Pen and paper are ideal, but a punch card system is a fair choice as well.

All the arguments are hashed and tired. There's no sensible reason to move to electronic voting. It doesn't magically increase turn-out. It's expensive. I needn't go on. However, if anyone on the elections board or whatever decisional authority over elections is reading this, this is a good starting point [schneier.com] for comprehending the e-voting situation as it stands as a piece of the larger issue of elections in general.

SAGEN SIE NICHT ZUM ELEKTRONISCHEN WÄHLEN!!

People know, Politicians not

[saibot834 (1061528)]

I live in Germany and kept track of the voting machine controversy here. The problem is not that people want voting machines, but that politicians want them (properly because they get money from manufacturer or want to be modern or are impressed by them). When hacker groups (like the CCC [www.ccc.de]) prove that voting machine are hackable, those politicians just insist they are not. They don't even try to argue, they just trust the manufacturer so much.
In this case, they want to use voting machines that the CCC has a [heise.de]

English Version Available

[KevinIsOwn (618900)]

Why link to a crappy Google translator version when a reasonably good english version of TFA [www.ccc.de] is available? There are big flags at the top of the article, one for Germany, and one for English. I suppose the submitter didn't realize that funny blue and red flag was for Great Britain and meant English.

Re:

[nem75 (952737)]

There are big flags at the top of the article, one for Germany, and one for English. I suppose the submitter didn't realize that funny blue and red flag was for Great Britain and meant English.

Which just goes to show once again that in web design representing different language versions by flags is a bloody stupid idea.

And yes, this is off topic, but the above can't be pointed out too often, so I'm willing to take that karma hit.

Re:

[It'sYerMam (762418)]

Hey, we had the language first; we get the flag! ;-)

Re:

[ajs318 (655362)]

It's better than what I've often seen: a bunch of links such as
[english] [french] [spanish] [german] [dutch] [japanese]

I confidently predict that at least one AC will not be able to spot what is wrong with this.

Re:

[KevinIsOwn (618900)]

You raise a good point. Instead of blaming the submitter, I now blame the editors!

Electronic paper voting?

[pv2b (231846)]

There's generally not much wrong with paper voting, as long as the process is totally transparent, but there are a few ways you can cheat with paper voting, but generally it's a pretty good system.

There are a lot of smart people asking -- how can we make electronic voting as good as traditional voting with slips of paper? What if that's the wrong question? What if instead, paper voting could be made *better* with the advent of electronic technology?

There was an article a week or so back describing some place printing ballots on demand. What if paper ballots were printed on demand, but the people printing them are the voters? A machine could be hooked up to print a ballot when a voter presses the correct buttons, and would only print out one ballot per voter. The ballots themselves would also have a barcode on them with a code certifying which machine printed them. The printers would count how many ballots were printed, and if that number doesn't match the number counted, that'd signify a problem -- either the machines were tampered with, or the physical ballots.

Now, that'd still make it possible to print excessive ballots from a printer, but then the number of votes wouldn't match the number of voters, and thus, number of votes cast.

To fix that, you could use some kind of public key cryptography system. In order to vote, you are sent a voter registration card, which contains a single-use private key on a 2D-barcode, which in turn is signed by whatever authority compiles the eligible voters list. That private key in turn is used to sign a message that simply says "I voted" and nothing else. That would eliminate the possibility of faking lists of who voted, except if the private key itself was falsified to start with, or if multiple such keys were assigned per person.

But that's okay. Now there are only three possible attack vectors (that I can think of) -- key falsification (only possible if you're part of the authority that issues voter identities), key theft (possible if you rifle through the mail of whoever's identity you want to steal), and vote changing (would require tampering both with voting machines *and* with paper ballots).

The key theft threat can be mitigated by rigorous identity checks -- posession of the proper private key should not be sufficient to vote -- some kind of ID should also be neccessary, and the key falsification threat can be minimized by *very* rigorous inspection of whatever authority issues said keys, and the vote changing scenario is made more difficult than it used to be.

Now, such a system would probably never be implemented due to cost concerns. But it'd probably be better than the paper voting we have today, and it wouldn't break the secret ballot, nor would it make the system less transparent. It'd basically be the old system with a parallell electronic system to ensure whoever counts the paper ballots are honest. There are probably other flaws too, I don't know. :-)

Re:

[cdrguru (88047)]

There are a couple of problems that need to be solved with paper ballots today. Some of the solutions that have been proposed solve some of them, but most people don't seem to understand that if we can't solve all of them there isn't much point - just let the TV news announce the winner without any voting at all.

The first problem that e-voting is supposed to solve is to get the votes counted quicker. Remmber that in 2000 Gore was announced as the winner first. Do you really think that can be allowed to h

Re:

[ajs318 (655362)]

The fourth problem is probably ADA-compliant voting. This means that handicapped people of all sorts have to be accomodated on request without requiring assistance. If they can talk to a lawyer, they better be able to vote without needing help.

Can someone explain to me why a disabled person can't just take a carer of their own choosing (and therefore whom they trust) in with them to help them vote?

Re:

[ajs318 (655362)]

You don't need half that complication. A simple hand punch (with one of many difficult-to-duplicate patterns), issued at random by the Returning Officer to the polling station on the morning of the election and collected at the close of polling, would be enough. Ballot papers are printed identical, and simply punched on issue. Punched ballot papers are not allowed out of the polling station, except in the ballot box or the "spoiled ballots" envelope, and people who (are supposed to) have voted alread

Re:

[pv2b (231846)]

Wouldn't this violate voter privacy? If the only paper ballot you have matches the actual vote case, you could take a snapshot of it with your cellphone and show to the guys who paid for your vote. A major point with secret ballots is that you do not have a paper trail, so you can lie to anyone instructing you to vote for a certain party.

Excellent point! Hadn't thought about that.

You could take a snapshot with a cell camera today, but there's no way to prove that was the actual vote you cast. If no other ba

John Gruber said it best...

[riscfuture (997873)]

Computer enthusiasts really like computers, so when they say, "No, I don't think it's a good idea to use computers for this," you should probably listen.

GermanE or GermanY?

[TheMiddleRoad (1153113)]

I'm confused.

Re:

[saibot834 (1061528)]

Germany [wiktionary.org] is correct. Germane [wikipedia.org] is a chemical compound.

24c3 lectures

[erlehmann (1045500)]

on the 24th chaos communication congress there were two interesting lectures:

one about electronic voting in the netherlands (english): http://outpost.h3q.com/fnord/24c3-torrents/24c3-2342-en-it_was_a_bad_idea_anyway.mkv.torrent [h3q.com]

another about electronic voting vulnerabilities and the status in germany (german): http://outpost.h3q.com/fnord/24c3-torrents/24c3-2380-de-nedap_wahlcomputer_in_deutschland.mkv.torrent [h3q.com]

Re:The best hackers complain best hackers control.

[Entropius (188861)]

The best hackers don't want to control anything.

Re:

[nonsequitor (893813)]

Mod parent up. CCC is run by anarchy. The anarchists have the best groupware.

Re:

[SanityInAnarchy (655584)]

E - Voting properly implemented creates Collective Control eliminating the Corrupt Control.

I'd like to hear your description of "properly implemented". Remember that you have to reconcile three things: voter verification, accurate counting, and secret ballot. (Pick two.)

And by the way: Poorly implemented, it does just the opposite. Diebold's systems -- excuse me, Premiere Election Systems -- can have the vote compromised by anyone with access to the appropriate excel/Access database. (Might actually just

Re:

[SanityInAnarchy (655584)]

Actually it would still include paper. A paper receipt that cannot be altered, or maybe an email... this receipt is used by the voter to audit the system and check that their votes were properly registered in at least three of the public databases.

Alright, let me get this straight: Are these "public databases" exposed, in full? Are they simply every single vote, and who it was for?

If so, that kills your anonymity/secrecy. It now becomes possible for people to literally and directly buy votes, because they

Re:

[ajs318 (655362)]

"Voter verification" is a non-issue. You can see your name, address and who you voted for on some screen. But that doesn't mean jack shit. You can't be sure that the totals are correct without looking at everybody's vote. But the majority of those people are strangers to you. You don't even know that they exist, let alone how they voted.

Just displaying the person's vote you asked for and a row of "final totals" across the bottom of the screen would probably get past most people -- even if the "final

open source voting machines are intransparent

[erlehmann (1045500)]

even with open source software on the voting machines, there is now way for anyone to tell what the machine exactly does. even computer scientists can only hope that the machine right in front of them has the right software on it. also, if manipulations happen, there can be no recount.

also, the argument actually is about that those machines can be easily manipulated. a public counting process is only to ensure that there is no manipulation, therefore ensuring government legitimacy.

you are wrong.