Group Sues To Stop German E-Voting 92
kRemit writes "The German hacker group Chaos Computer Club today sued the German State of Hessen to prevent the use of electronic voting machines (Google translation) in the upcoming elections on January 27. This comes as a follow-up to the Dutch initiative 'We don't trust voting machines,' which succeeded in banning the same type of voting machines in the Netherlands."
Electronic paper voting? (Score:5, Interesting)
There are a lot of smart people asking -- how can we make electronic voting as good as traditional voting with slips of paper? What if that's the wrong question? What if instead, paper voting could be made *better* with the advent of electronic technology?
There was an article a week or so back describing some place printing ballots on demand. What if paper ballots were printed on demand, but the people printing them are the voters? A machine could be hooked up to print a ballot when a voter presses the correct buttons, and would only print out one ballot per voter. The ballots themselves would also have a barcode on them with a code certifying which machine printed them. The printers would count how many ballots were printed, and if that number doesn't match the number counted, that'd signify a problem -- either the machines were tampered with, or the physical ballots.
Now, that'd still make it possible to print excessive ballots from a printer, but then the number of votes wouldn't match the number of voters, and thus, number of votes cast.
To fix that, you could use some kind of public key cryptography system. In order to vote, you are sent a voter registration card, which contains a single-use private key on a 2D-barcode, which in turn is signed by whatever authority compiles the eligible voters list. That private key in turn is used to sign a message that simply says "I voted" and nothing else. That would eliminate the possibility of faking lists of who voted, except if the private key itself was falsified to start with, or if multiple such keys were assigned per person.
But that's okay. Now there are only three possible attack vectors (that I can think of) -- key falsification (only possible if you're part of the authority that issues voter identities), key theft (possible if you rifle through the mail of whoever's identity you want to steal), and vote changing (would require tampering both with voting machines *and* with paper ballots).
The key theft threat can be mitigated by rigorous identity checks -- posession of the proper private key should not be sufficient to vote -- some kind of ID should also be neccessary, and the key falsification threat can be minimized by *very* rigorous inspection of whatever authority issues said keys, and the vote changing scenario is made more difficult than it used to be.
Now, such a system would probably never be implemented due to cost concerns. But it'd probably be better than the paper voting we have today, and it wouldn't break the secret ballot, nor would it make the system less transparent. It'd basically be the old system with a parallell electronic system to ensure whoever counts the paper ballots are honest. There are probably other flaws too, I don't know.
Re:You are ignoring the key issue that led to this (Score:2, Interesting)
Australia uses a similar system for casting votes and counting. Ticking or numbering boxes with a pencil is way different to having a machine punch holes in a paper ballot, and avoids any hanging chads or any of that crap.
As for scalability of counting, in Australia we get the election result on the night (except for seats which are incredibly close) a few hours after polling booths close.
The Real Plot Regarding E Vote Not what you think (Score:1, Interesting)
THE TRUTH may very well be that E - Voting is a threat to the current power structure (they know this) a system that disallows or stops the influence of special interests and or the delusions of individuals on policy making and legislative voting.
E - Voting properly implemented creates Collective Control eliminating the Corrupt Control. A few or singular individuals can be influenced and corrupted, many individuals cannot be corrupted. In other words it does not cost much to corrupt or influence.
Read the Creme Principle the best rises to the top by word of link. http://iamblogging.net/archives/2005/12/the_creme_princ.html [iamblogging.net] In Infinite Play the Movie they caution to not implement Collective Control until the independent subscriber based media (intelligence services for the people) is in place and a major shift in attention is away from the corporate controlled media paid off via advertising to propagate various fictions, or fail to bring to light disruptive to the industries and professions intelligence.
Read It is said that the Corporate Status Quo Media will collapse when the end of disease protocols are released and trillion dollar class actions are brought against medical industrial complex. The media currently depends heavily on Pharmaceutical Company advertising. In other words the Media gets a cut of the drug profits and qualifies as an industry that profit from disease classifying it as one of the Death Industries. This is why they don't promote the knowledge to end disease.
The reason I suspect it is an artificial issue is that electronic voting can be secure. I can certainly design a voting system that will work, using architecture and methods I have already developed. I think others have as well.
I think we could do the secure E-secure voting system for 250K or even maybe open source. Diebold got $10's of millions for an MS Access database? I could of done it for the taxpayers for $25,000.
Re:Electronic paper voting? (Score:1, Interesting)
Two of your suggestions are open to this kind of attack:
1) On-demand printing of ballots with barcode: you could make steps to create a nice system whereby no audit trail could be used to identify a voter but no system is foolproof and an important factor is not just having a transparent system but a system that is also seen as transparent by the bulk of the electors (ie. some technological or procedural system that is mathematically 100% provably correct will not neccesarliy be seen as transparent by the electors, in fact it will probably seem more opaque therefore further disenfranching them and re-enforcing this stupid idea that we in the west have developed that technology is a silver bullet).
Let's say that you respond by saying "OK no barcode, no identifying marks of any kind".
Problem is that it is very easy to create various kinds of invisible, one-off watermarks in a on-demand printing scenario.
2) One-time-pad style voting tickets for registration of voters: could potentially suffer from the same problem as above...and they can also be lost/stolen/etc. thus preventing electors from participating.
Note that I'm not saying that your ideas aren't worth consideration but _any_ change should be considered carefully and all possible attack scenarios should be factored in.
Ultimately though I think the following post from the day before yesterday's thread on "Western-Style Voting 'A Loser'" sums it up best it really follows the old addage "don't fix what ain't broken", to wit: http://slashdot.org/comments.pl?sid=407430&cid=21931166 [slashdot.org]
Now of course....I agree that from the outside the system in the USA seems awfully broke (I'm an Australian) but throwing technological solutions at the problem only seems to make things worse...afterall aren't "hanging chads" an artefact from introducing (1900's) technology.
ps. sometimes I wonder if the slashdot captcha generator is self-aware...for this posting it came up as "nonsense"
Re:The Real Plot Regarding E Vote Not what you thi (Score:3, Interesting)
I'd like to hear your description of "properly implemented". Remember that you have to reconcile three things: voter verification, accurate counting, and secret ballot. (Pick two.)
And by the way: Poorly implemented, it does just the opposite. Diebold's systems -- excuse me, Premiere Election Systems -- can have the vote compromised by anyone with access to the appropriate excel/Access database. (Might actually just be Excel.) That means there are a lot of people who are literally only a few keystrokes away from changing the vote.
I have tried, and I haven't been able to come up with anything that is better than paper, in any way.
Re:you can tamper with paper votes (Score:3, Interesting)
same is true of e-voting. Do you know the path of the results from the paper votes to TV results? History shows their are so many ways found to hack paper ballots, be it creative printing, creative handling, or messing with phone lines used to transmit, or losing a box, or even substituting a box for another (you give the real voters the counterfeit ballots, and boxes. You fill in the real ballots and boxes.)
With e-voting their has to be so many more avenues to detect cheating if done correctly. For example, you could contract out a dozen completely independent server implementations, they all should agree to the vote (which is impossible with paper) You let people choose a key, and send them a Public encryption string, they encrypt their private string along with their votes. That way a concerned voter could have a piece of their ballot packet that is verify-able, without the "sell-able vote" privacy issue.
What you probably can't do with a E-Voting machine is make my Grandparents feel like their vote is being counted. (or even much of slashdot apparently) Now I can't make up the whole system in a slashdot post, other than to say it is theoretically possible to have no dead trees, and fully verifiable results, and manually counted samples is easy (example you would choose trusted individuals who re-use their keys, and re-check their voting results from multiple locations. and by trusted, I just mean trusted to not change their vote to make the system look bad.)
Now by e-voting, I don't mean using your same windows PC, that 10% are own3d a hundred times over, that part I don't know. But those smarter than me will find something, be it a usb addon...