Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Government Hardware Hacking Security Build

Researchers Demo Hardware Attacks Against India's E-Voting Machines 179

Posted by timothy
from the only-the-good-guys-bother-to-explicate dept.
An anonymous reader writes "India, the world's largest democracy, votes entirely on government-made electronic voting machines that authorities claim are 'tamperproof,' 'infallible,' and 'perfect,' but last week security researchers proved that they can be manipulated to steal elections. A team led by Hari Prasad, Professor J. Alex Halderman, and Rop Gonggrijp released an awesome video that shows off hardware hacks they built. These machines are much simpler than e-voting designs used in the US, but as the research paper explains, this makes attacking the hardware even easier. Halderman's students at the University of Michigan took only about a week to build a replacement display board that lies about the vote totals, and the team also built a pocket-sized device that clips onto the memory chips, with the machine powered on, and rewrites the votes. Clippy says, 'It looks like you're trying to rig an election ...'"
This discussion has been archived. No new comments can be posted.

Researchers Demo Hardware Attacks Against India's E-Voting Machines

Comments Filter:
  • Oh, sorry, "Premier Election Solutions"...

    • Re: (Score:2, Offtopic)

      by Ihmhi (1206036)

      You know, the ATM I use nearly every day is made by Diebold.

      It's an awesome little ATM. I'm nowhere near rich or even financially secure, and the ability to be able to withdraw money by an exact dollar amount ($6 for breakfast? I can take out exactly six bucks FUCK YEAH) is very appealing. The machine has been down exactly once in the three years I've been using my bank and there has never been any problems with it (save for the time it ate my card while I took to long counting the money - my fault, not the

      • Re: (Score:3, Insightful)

        by Eivind (15695)

        There's a much simpler reason.

        The people ordering ATMs, care a great deal more about their correct and secure operation, than the people ordering voting-machines.

        • The people ordering ATMs, care a great deal more about their correct and secure operation, than the people ordering voting-machines.

          Maybe.

          Or maybe they just notice quicker when they get cheated on a daily basis than when it happens once every four years. The fact that the user can verify the ATM transaction probably speeds awareness, as well.

          I think ignorance is more plausible than apathy in this case.

          • Re: (Score:3, Insightful)

            by Eivind (15695)

            Yeah. That too. They care, AND they notice.

            The ATM is supposed to withdraw money from your account, and dispense cash, and ideally do the same amount of both.

            If it withdraws -more- from the account than it dispenses, odds are plenty of account-holders will notice in quick order (not everyone checks, but ENOUGH people do), whereas if it does the oposite, odds are the bank will notice real quickly. (plenty of those who get too much cash from the ATM will talk about it too)

            I'm not convinced politicians univers

          • You also have to figure that e-machines, being used only a couple times a year on average, have to be competitive with paper based systems as far as cost goes, while a ATM Machine has to be competitive with a teller(or three)'s salary spread over most of a decade.

            Oh, and for whatever reason, Diebold didn't use the same people in the effort.

      • by digitig (1056110)
        Well, if the Diebold systems are alleged to be built by Republicans to be rigged for a Republican win, we have to go for your "wrong engineers" theory because they didn't work last time!
    • // to do: insert joke about outsourcing here.

  • by smallfries (601545) on Monday May 10, 2010 @04:24AM (#32152900) Homepage

    ...would register a one-issue party against the use of insecure voting machines. Then win the election. Then fix the problem.

    • by siloko (1133863)
      Yep I guess that's true. But a real 'internet' hacker, with inbuilt faux machismo, would also ferret out anyone who says the voting machines are are 'tamperproof,' 'infallible,' and 'perfect,' and give them a slap. And then another one.
  • Security (Score:5, Insightful)

    by Thanshin (1188877) on Monday May 10, 2010 @04:26AM (#32152914)

    Any security professional, IT or otherwise, who ever says "impossible to break" in any of its forms, should be directly fired.

    No discussion. No explanations. You blabber idiocies about your supposed area of expertise, you're fired.

    • Re:Security (Score:5, Insightful)

      by Anonymous Coward on Monday May 10, 2010 @04:41AM (#32152960)

      I doubt any IT professional would say that. Usually politicians and managers are the ones responsible for this kind of nonsense because they have no clue or just want to sell their product.

      Politicians are generally untouchable, no matter what they say or how bad they screw up. And managers make sure the contract contains some fineprint along the lines of "we guarantee nothing" and "not really impossible to break".

      So yea, nothing you can do about it.

    • by jimicus (737525)

      Not strictly true. There is such a thing as a 100% secure computer system.

      Of course you have to grind it to dust, embed that dust in concrete then throw the concrete off a ship somewhere over the Marianas Trench, by which time it's not a terribly useful computer. But I bet you anything you like you couldn't hack it.

    • That's not how the line "no system is 100% secure" is usually used.

      Usually, it's being trotten out by poor security professionals to justify not bothering because "as no system can be secure, why bother attempting to secure one?"

  • Maybe it is time for a new law: You cheat, you die.

    Imagine that a party leader becomes responsible for the actions of the members of his party. Some lowly member cheats, the leader gets a bullet in the head.

    Open for abuse to be sure but all our leaders claim we should trust the system so surely they trust it?

    It would motivate leaders to motivate their followers not to break the rules. Right now the system does exactly the reverse. As long as the leader isn't proven to have given the direct order in writ

    • Re: (Score:2, Insightful)

      by teachmetech (1479795)
      I completely agree with your point.
    • by thijsh (910751) on Monday May 10, 2010 @05:27AM (#32153146) Journal
      You promote the death penalty in a situation where it is even more despicable then usual, especially since anyone can see the clear option to cheat by getting your opponent eliminated. Each election has some irregularities (and I assume most are not sanctioned by the candidates themselves) so it would be far too easy to cheat for the other guy while collecting 'evidence'.

      Please understand that I think the undermining of the democratic process is a crime which should carry a special sentence, but more along the lines that you can't run for office for X years (like any felon I believe). But the problem is always the same: the cheater won and is now in charge.

      I think the only way to guarantee a cheater free process is by completely making every step of the process transparent. Coincidentally it's the technology currently used to cheat that can be put to use to prevent it. The only problem is there is always one or more black-box-systems between the voter and the results, so there is no way to guarantee it unless we remove every black-box step. Here is my solution to make the process as open as possible:
      - Generate a unique key per voter and store on a single offline drive.
      - Print voter registration cards with each key used once (we know every voter can vote exactly once).
      - Generate a strong encryption certificate that is only valid around election day for HTTPS use.
      - Voters can choose to vote at home (but they need a separate online ID) or at a registered voting location (and show their ID), but the process is the same.
      - To vote at home you can use the supplied voting live-CD or use your own (it's recommended instead of your default OS), or use the kiosks supplied at voting locations.
      - The voting consists of going to the voting website, verifying the origin of the site and after that select a candidate and enter the key to store the vote.
      - These votes are stored on the same 'offline' drive that is currently online only with a serial cable connected to the webserver.
      - The drive containing the votes as well as the server(s) that serves the website are on public display and the code is all opened to public scrutiny.
      - The server should be behind a firewall that specifically looks for any and all attacks (it should be fairly easy if you tightly define only the packets that may get trough), if there is any reason to doubt the results because of a possible breach we will know.
      - The results as well as the timeline of the votes is made public from the start, when the voting closes the results are known *immediately*.

      Before talking about how insecure the web is please note that this problem is known and well understood, so we have know what to harden the system against attacks... The current voting solutions are much worse in my opinion since there are attack vectors too, but we do not know how many and how bad, and even worse: we have no idea how often these are already exploited. But we do know for a fact that paper elections have been rigged (despite the rules), electronic voting machines have been tampered with and even something as simple as denying people the right to vote (sending people away who stand in line for hours). These non-tech exploits are used regularly and should not be forgotten... I'd say a web-voting is the lesser of two possible evils. Especially since the technical requirements of such a system are known. If fucking soda companies can print unique codes on the inside of the bottles and phone operators use codes for prepaid cards i'd say we should be able to make it work for something important.

      I posit that for every argument against such a system slashdot's finest geeks will come up with a solution...
      • by houghi (78078)

        I like that unique ID per voter. It can then later be used to, uh, question these people about their choice. Voting from the PC is even better as our, uh, advisors can see that you make no mistakes. You don't have anything to hide, now do you? Also we will be providing the software for the voting.

        Voting fraud is a social problem where people are looking for a technical solution. Pen. Paper. Problem solved. 100%? No, but a LOT cheaper and a LOT more secure. Not one point of failure, but so many that cheating

        • by thijsh (910751)
          People seem to associate unique with traceability, but this is not necessarily the case... There are plenty of techniques to create a one-time code that isn't linked to you personally and can't be traced back (aside from ISPs timing site queries and comparing to vote cast times, but even scenario's like that can be prevented as long as you account for it). You have made a valid point so this should be accounted for, as any possible problem with the system. But you can't honestly tell me you're so paranoid a
          • Re: (Score:3, Interesting)

            by fgouget (925644)

            There are plenty of techniques to create a one-time code that isn't linked to you personally and can't be traced back

            Except all the proposals I have seen call for the unique key being generated by the government (and generally snail mailed to you). So you have no proof that such techniques have been used by the government.

            But you can't honestly tell me you're so paranoid about this that you now vote with gloves on because they might trace the fingerprints on the ballot?

            I don't wear gloves because I help count the votes so my fingerprints are on all the ballots!

            All jokes aside, they don't know which ballot is yours. So they would have to scan the fingerprints on a substantial percentage of the ballots to find out and they would have a hard time doing that in secret. I

      • Before talking about how insecure the web is ...

        The problems with "voting at home" (or "at work") do have nothing to do with the lack of security of the web, but more with the lack of guaranteed privacy.

        If you allow voting from work, who guarantees that the manager is not standing behind his employees, making sure that they vote the "right way". Or, at home, that the spouse isn't making similar enforcement. Or at the pub, that a buddy isn't promising a beer in exchange for the "good" vote...

        As long as you allow voting away from designated polling stati

        • by thijsh (910751)
          What stops people from selling their vote and going to the polling booth to vote? And how do you think it's a good idea to just have a few points where people go to vote, it makes it *very* easy for people to disrupt, influence or plainly destroy votes there. Someone in this thread already pointed out practices like this: http://en.wikipedia.org/wiki/Booth_capturing [wikipedia.org]. To my knowledge polling stations are responsible for all irregularities with voting up until now and most of these irregularities can be preve
          • Re: (Score:3, Insightful)

            by ArsenneLupin (766289)

            What stops people from selling their vote and going to the polling booth to vote?

            Easy: the buyer has no way of verifying that the seller did indeed vote how he promised to vote.

            it makes it *very* easy for people to disrupt, influence or plainly destroy votes there. Someone in this thread already pointed out practices like this: http://en.wikipedia.org/wiki/Booth_capturing [wikipedia.org] [wikipedia.org].

            Such practices are ...hmmm... rather obvious. Meaning, that in a really democratic country, they would lead to instant cancellation of the election, and punishment of the perps.

            If such brute force disruptions are commonplace in India, then security of electronic elections is indeed the least of their worries. Without punishment of obvious abuse, the crooks could just wheel a supercomputer into the polling statio

            • by thijsh (910751)
              Rather obvious yeah, so because it's not obvious to you immediately it does not happen in western countries? Look at the following list of the many means of fraud and tell me they are not used in so called 'true democracies': http://en.wikipedia.org/wiki/Election_fraud [wikipedia.org]

              And here are some examples to the contrary:
              Netherlands - last election there were people instructing others how to vote in the booth (which was strangely allowed by officials present) and they counted over 100 mystery extra votes (this w
              • Rather obvious yeah, so because it's not obvious to you immediately it does not happen in western countries?

                No matter how many times I read that sentence, it doesn't make sense. I suppose it's meant to be a miffed reaction at my astonishment about the non-subtlety of electoral fraud in India? If so, I'm sorry to have offended you.

                Look at the following list of the many means of fraud and tell me they are not used in so called 'true democracies': http://en.wikipedia.org/wiki/Election_fraud [wikipedia.org] [wikipedia.org]

                Why should I tell you something like that? Yes, this is a list of frauds for people who are concerned about stealth and/or plausible deniability. That's why brute force approaches such as just invading the polling station is not included there.

                The sentence that I liked most was: Harsh p

          • by fgouget (925644)

            What stops people from selling their vote and going to the polling booth to vote?

            What stops them is the lack of a buyer: the potential buyer knows he will have no way to verify you really voted the way he wanted so he won't waste 'money' on trying to outright buy votes (he will instead resort to propaganda).

            And how do you think it's a good idea to just have a few points where people go to vote, it makes it *very* easy for people to disrupt, influence or plainly destroy votes there.

            And centralizing all the votes on one server in one place solves this problem? Sure if you have massive safety and order problems then you will get voter suppression [wikipedia.org]. Note though that such in countries people would typically be lacking the means to vote from home anyway.

            To my knowledge polling stations are responsible for all irregularities with voting up until now

            Irregularitie

            • by thijsh (910751)
              If any serious attempt is ever made *all* the issues raised should be taken seriously and addressed, so any problem thigh might arise should not go ignored. But I get the feeling that for a techie-site there is a strangely high amount of no-can-do people here... You just assume it's not possible no matter what you do.

              I claim it is possible, and any issue can be addressed. No solution will ever be perfect, but if it works good enough that you can verify that the will of the people has been represented with
      • Re: (Score:3, Informative)

        by fgouget (925644)

        Here is my solution to make the process as open as possible:
        [...]
        - To vote at home you can use the supplied voting live-CD or use your own (it's recommended instead of your default OS), or use the kiosks supplied at voting locations.

        Make it possible to vote at home and a lot of people will be coerced to vote a certain way by their spouse / parent (or you're out of this house) / children (elderly people). Make it possible to vote from any computer and companies will nicely provide computers for you, will even help you. You would be free vote the way you wanted and they would not even put you on top of the list for the next round our layoffs if you voted wrong. Vote at the kiosk against the wishes of the above parties and be assured they

        • by thijsh (910751)
          We currently have a flawed system which relies on perfect cooperation of thousands of individuals each one of which can influence the voting process without us knowing it. This has lead to voting fraud not only in third world countries with 'broken election laws' but in all western nations (at least on some local level). The advantage of this system is fraud on a large scale requires the involvement of hundreds of people (but in no way is it made impossible).

          Now examine the new system which relies on tech
          • by fgouget (925644)

            We currently have a flawed system which relies on perfect cooperation of thousands of individuals each one of which can influence the voting process without us knowing it.
            This has lead to voting fraud not only in third world countries with 'broken election laws'

            but in all western nations (at least on some local level).

            In the US you are right, votes can be tampered during transport, probably by a single individual (blame the 'broken election laws'). In France (where we have transparent ballot boxes and where ballots are counted on the spot when the election closes) no single individual can tamper with the voting process. But yes, tell me how to commit fraud in France and not get caught.

            There is a single point of failure, and if that fails you should to be able to detect it.

            How will you know that there has been fraud if candidate A wins with 52% of the

      • by WNight (23683)

        But the problem is always the same: the cheater won and is now in charge.

        Bush hadn't won, and wasn't in charge. But it's easier to give a party of professional crybabies special treatment instead of recounting fucking ballots.

        A recount is never the wrong thing to do - you'll know the liars by who refuses the recount. But instead we listen to their lawyering instead of just threatening to shoot (yes, death penalty - applied by the courts, a mob, or a revolutionary army - appearance of correctness is VERY important here) them until they agree to a recount.

        You promote the death penalty in a situation where it is even more despicable then usual, especially since anyone can see the clear option to cheat by getting your opponent eliminated. Each election has some irregularities (and I assume most are not sanctioned by the candidates themselves) so it would be far too easy to cheat for the other guy while collecting 'evidence'.

        Then don't call yoursel

    • Re: (Score:3, Insightful)

      by HungryHobo (1314109)

      I agree, vote rigging should be treated as seriously as a crime can be.
      I'd add to that- politicians taking bribes should attract similar penalties.

      • by thijsh (910751)
        With great power comes great responsibility, and with great responsibility comes great punishment if you (willingly) fuck up.

        This is as it should be, the problem is today most politicians just use their power for their own gains, do not accept any responsibility, and sure as hell are never punished... I do not advocate punishing politicians for mistakes otherwise you would never become a politician anymore, but I would like to see strict rules regarding corruption and that anyone ever caught betraying the
  • Amazing findings (Score:2, Insightful)

    by gmhowell (26755)

    Amazing work they've done here. They've proven that if you have intrusive access to the hardware, you can screw it up and do deviant shit. How about you post an article when someone can walk into a polling place, hack a machine, and walk out without take a screwdriver or some large, obvious device to a voting machine?

    This article, like most of the front page needs "-1, Irrelevant".

    • Re: (Score:2, Insightful)

      by tsj5j (1159013)

      Your analysis neglects the basis of comparison, in which case is traditional voting methods on paper.

      If you can walk in with a screwdriver to mess up an election with the electronic system but can't do the same to the paper method, then clearly there is some impact to security.

      • by abigsmurf (919188)
        I can walk in with a handful of paper and rig in an election. I can pour a bottle of ink into a box and spoil all the ballots inside. Paper ballots offer countless ways of affecting votes.

        Hardware based attacks that rely on invasive access are stupid in terms of demonstrating 'how vulnerable' an e-voting system is. The assumptions you have to make are stupid; You assume no one will notice someone taking 10 minutes to vote , that they're carrying tools, that they get down on their knees to open the case,
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      the point here is that polling places can rig the machines just fine.

      clever in key areas where a specific political party needs more votes to win.

      kinda like how with diebold, republicans got overwhelming victories in predominantly democratic voting districts.

    • Re: (Score:3, Insightful)

      by Thanshin (1188877)

      How about you post an article when someone can walk into a polling place, hack a machine, and walk out without take a screwdriver or some large, obvious device to a voting machine?

      So the possibility of bypassing democracy isn't worrying, as long as you put a full body scanner in front of each voting cabin?

      Or you could limit the time that can be spent voting, and pray nobody finds a faster hacking method.

      1...2...3... BAM! You're out. Vote faster next time.

      • Ask yourself what stops people from opening ballot boxes to mess with the votes? The answer (in the UK at least) is four uniquely serial-numbered ties which have their numbers noted when the box is sent out, and verified when it's opened. Just put all the innards in an epoxy resin, put them in a toughened metal cabinet, lock the door with a key and attach aforementioned ties. A screwdriver won't help you.

    • by Utopia (149375)

      That was my first thought do. Physical access is needed to break the hardware.

      The Researchers just say that the security measures used are low tech and easy to break, but show no demonstration about breaking it in a simulation/real polling situation.
      I personally think its hard to pull off in a polling booth.

      Second, With the size of India's population I would rather that India continues to use EVMs and switch to paper trail methods -- Please think of the trees.
      Using paper is not only is bad for the environme

    • by Yvanhoe (564877)
      The goal here is to show that one of the thousand of officials who have physical access to a huge quantity of machines before the elections can rig them. You know that when you don't look at them, officials love to stuff voting boxes with ballots. Suspecting they wouldn't do it with electronic machines is just weird.
  • Paper votes are subject to impersonation, for example, especially if voter turnout is low. During canvassing for the recent UK General Election for example, I became aware of people who were not voting due to absence (and hadn't secured a postal vote). It would have been simple to use those votes if I was so inclined.

    The only solutions are transparent voting systems (if electronic, software and hardware must be publicly documented so that flaws are found and fixed - yes, I user Firefox!), plus independe
    • In the UK in particular you *cannot* issue a receipt - anything which can be used to match a vote to a voter is illegal. Even signing your name instead of putting a cross renders your ballot spoiled.

      • Re: (Score:3, Interesting)

        That's not strictly true I'm afraid. In the UK the "marked register" (the paper audit of who voted) is marked with the ballot paper number against the voters name. So currently there is an audit trail from the individual to an individual ballot paper, and hence to their vote. It's not available to just anyone, but you can, under certain circumstances, find out how an individual voted, or more importantly how they were recorded as voting in case of fraud. Both individual ballot papers and marked register
        • Ugh yeah, should have clarified that it's anything which on its own identifies a voter with a vote, which a receipt (I'm guessing) would do much as a signed ballot paper does.

      • Re: (Score:3, Interesting)

        by locofungus (179280)

        In the UK in particular you *cannot* issue a receipt - anything which can be used to match a vote to a voter is illegal. Even signing your name instead of putting a cross renders your ballot spoiled.

        Except, of course, the recording of the ballot paper number next to your name when you vote.

        In the past it would have been difficult to automatically match up every vote with a voter but it certainly wouldn't have been difficult to find out who cast a particular vote. "Who voted communist?"

        Nowadays I'd expect th

    • by Asic Eng (193332)
      The inconvenience of paper voting (many hundreds of people couldn't vote in the UK due to various issues related to this, and unexpected voter turnout) will push us towards electronic, probably internet voting whether we like it or not.

      Maybe, but why not shift the election to a Sunday (or make election day a public holiday) as a first measure? It might help if voting was spread out more evenly over the course of the day.

    • even the most technologically advanced societies (some nordic countries want to vote by cell phone!?), for two reasons:

      1. attack vectors

      of course paper voting is subject to cheats, ballot stuffing, getting lost in transit, etc. its just that paper voting is a simpler process than mechanical or electronic voting, so therefore the numnber of attack vectors for paper voting is orders of magnitude less than mechanical voting... which in turn has orders of magnitude less attack vectors than electronic voting

      one

      • I don't disagree, but I'm afraid the X Factor generation will demand a more user friendly way of voting, or they won't bother.
        • if what you say is true, then people can't grasp that sometimes convenience has to be sacrificed. if what you say is true, then X Factor generation is the end of democracy

          it is naive to think that technology offers a better way to vote: there is no technological solution to the bribe-able government bureaucrat

          therefore, you have to make the voting process as technologically crude as possible, to prevent creative ways to cheat we cannot foresee

          its also a matter of trust in the system. i can trust and verify

          • Didn't "the downfall of democracy" start when our ancestors decided it was better to elect people to decide things for us rather than doing it directly? Yes, I know that's not how it came about, but representative democracy *is* a concession to convenience over direct democracy.
            • not even in a small town is it possible

              you WANT representatives, you really do

              in a genuine direct democracy, every little zoning board approval or budgetary line item would require your vote. you would spend all day voting. you wouldn't pay attention to the issues: you wouldn't have TIME to pay attention to the issues. you wouldn't have time to educate yourself on the issues in the amount of time possible before the vote was due. every single vote, in nauseous tedium, would require your research. you wouldn

              • Oh I agree - I was trying to say that all sensible forms of what we call democracy are compromises between "true" democracy and convenience. The trick is to get the balance right!
                • in fact, all of history is a process of perfecting that balance to better and better degrees, raising the bar to even better orders of perfection, and repeating the process, forever, never completely erasing graft and corruption, but getting closer and closer to something resembling acceptability, barely

    • by sznupi (719324)

      Your potential for impersonation stems from the fact that you can't verify with any certainty the identity of people...

      Any "inconvenience" with paper voting was due to procedural failings in the UK implementation, not some inherent faults. My (EU) country has also paper voting, and it works extremelly smooth. It's simply scheduled for Sunday, from 8AM to 8PM (and sometimes 10PM), when not only the population has plenty of time to vote but also you have lots of "workforce" available to staff a very dense net

  • by khoonirobo (1316521) on Monday May 10, 2010 @05:05AM (#32153048)
    We are more sophisticated. http://en.wikipedia.org/wiki/Booth_capturing [wikipedia.org]
    Perfectly illustrated in http://xkcd.com/538/ [xkcd.com]
  • If they've proved that someone can clip a device over a RAM chip, may I suggest epoxy resin or a potting compound. Pot the entire internals, including the ribbon cable to the display and the display board itself to make the electronics much, much more difficult to reach.

  • Our project team includes three Centaurs, design was managed by the Minotaur and the UI was put together by a herd of Unicorns. Debugging was handled by a 500 year old wise Chinese dragon.

    After all, who better than a team of mythical creatures to design a system with a mythical feature-set ?

    • Re: (Score:3, Informative)

      by Thanshin (1188877)

      Our project team includes three Centaurs, design was managed by the Minotaur and the UI was put together by a herd of Unicorns. Debugging was handled by a 500 year old wise Chinese dragon.

      We tried that and it didn't work. The minotaur's design was too convoluted, the UI was pink and invisible, and after receiving hundreds of bug notices we discovered that the dragon had spent months farming gold.

      • >"UI was pink and invisible"

        It was invisible... but it had a colour... oh nervermind, that's actually MORE believable than "it was tamperproof and infallible" !

  • Scale (Score:3, Interesting)

    by brunes69 (86786) <slashdot@NospAm.keirstead.org> on Monday May 10, 2010 @05:47AM (#32153230) Homepage

    The size and scale of India's election makes attempts at manipulating the election at the voting machine level very difficult. Any legit attack would have to be done at the back-end altering massive numbers of votes.

    • if you had paper voting, you'd need an army of conspirators (which by nature of its size would be discovered), and an audit would discover statistical perturbations

      but with electronic voting, you just bribe the right official or two, and one guy with a few milliseconds of access to the database and some crafty code can alter the votes in statistically invisible ways

      • by andy1307 (656570)
        Not true. India did have paper voting. The fraud happened before the vote count. Criminals would simply "capture" polling booths and stuff the ballot boxes.
        • you seem to think i'm saying that paper voting won't have cheating. of course paper voting will have cheating. all voting systems will have some (hopefully low grade) cheating all the time, forever. there's no way around that, there's no technological fix for that

          what i'm asking you to understand is that electronic voting will have cheating too, and the kind of cheating that can go on in electronic voting is far more subtle and dangerous and far more venomous of a threat to the legitimacy of indian democrac

        • by fgouget (925644)

          Not true. India did have paper voting. The fraud happened before the vote count. Criminals would simply "capture" polling booths and stuff the ballot boxes.

          How do the new voting machines help in this regard?

          • In the past they captured the booth, stuffed it, returned it and nobody noticed or corrupt officials used the stuffed ballots anyway.
          • Now instead they have to capture the voting machine, stuff it by pressing the right two buttons as shown on the video, and return it so that nobody notice it was missing or so that corrupt officials use the hacked results anyway.

          Sorry, I fail to see the difference.

          Here's a better solution:

  • The way EVMs reduce rigging is not by any superior technology. It is based on simple accessible technology and elaborate procedures to ensure that poll rigging is minimized to the maximum extent possible. Check this very detailed FAQ by Election Commission of India, specifically Q24 and Q28.

    http://www.indian-elections.com/electionfaqs/electronic-voting-machines.html [indian-elections.com]

  • by jonwil (467024) on Monday May 10, 2010 @06:46AM (#32153490)

    For the hardware you need:
    Touchscreen with graphics chip and touchscreen controler as an input device

    Receipt printer (the kind that has been used in millions of cash registers, ATMs and other devices world wide for a few decades)

    Flash memory chip to hold the machine OS and the config file (which candidates are running etc). This should be the kind that when its in the machine, it cannot be written to and has to be removed to write new software or configs. This would have a difficult-to-duplicate-or-remove sticker applied with the voting machines unique serial number to ensure that it hasn't been swapped for another identical chip containing rigged software.

    Thumb drive or memory card to hold the counted votes. This would also have a difficult-to-duplicate-or-remove sticker applied with the voting machines unique serial number to ensure it isn't substituted with a fake one containing a different result.

    CPU (ARM of some sort would seem to make sense) to control the system with usual support items (power supply, RAM etc)

    Tamper-evident case containing the hardware with more difficult-to-duplicate-or-remove stickers with the voting machines serial number covering the screw holes/case edges/etc to ensure you can tell if its been opened.
    The receipt printer would be located outside of the tamper-resistant part so the roll can be replaced by poling station officials. Should a machine fail for other reasons (i.e. any reason that would require access to the hardware) that machine would be taken offline and not used for the rest of the election.

    Software:
    Linux kernel with drivers for the memory card reader, touchscreen, receipt printer etc. (the kernel would be specifically built for the voting machine with everything that is not required for the device such as networking removed)
    Basic set of libraries (the bare minimum required to make everything work)
    Custom voting machine software.
    All software would be 100% open source.

    Before the election, the machines are prepared by loading the correct OS and kernel along with the config file for the machine (containing the names and info for the candidates) onto the operating system chips. The operating system chip and vote counting memory card are loaded into the machine. Then the machines are verified and tested. Once they have been verified, they are sealed up and the tamper-evident stickers applied before they get shipped off to the poling booths.

    When you go to vote, you pick your candidate on the screen by touching their name. Then you have to press "OK" once you are sure you clicked on the right name.

    After your vote is complete, it is recorded in the file on the memory card. Also, a receipt is printed containing a machine readable bar-code corresponding to your vote plus a human readable record. This receipt is then inserted into a ballot box as you depart the polling booth. No part of the machine (receipt included) contains any record of who you are as a voter or any way to associate your vote back to you.

    To count the votes, the memory cards are removed from the machines (after checking that the machine was not tampered with and that the memory card is genuine) and sent to the relavent counting office to be read and counted. Should there be a dispute, either the machine readable bar-code or the human readable record can be used as a way to count the ballots.

    Maybe some of this is overkill (like labeling the chips with stickers to prevent tampering), I dont know. But when you are talking about something as critical to a free society as an election, its important to get it RIGHT.

    My idea would work for any system no matter how many items are on the ballot or how many people are voting (a commonly cited downside of paper systems is that there are too many papers to count and/or too many things being voted on)

    My idea wont prevent tampering (of the kind described in TFA) but it will be immediately obvious when someone has tampered with the hardware in the machine (if it works for telling Microsoft or Dell when someone has opened their PC or XBOX and voided the warranty, it should work for a voting machine, especially since getting close enough to one for long enough to fiddle with it is hard when inside a polling station.

  • I guess when the real problems - massive registration fraud and block voting on the orders of local criminals - are too difficult to deal with, all you've got left is inventing wacky "10 minutes alone with a bag full of hardware" attacks that would work just as well on paper ballots, with a lot less preparation.
  • So, to really steal an election, you would have to build millions of these fake devices and deliver them to the remotest of places(the only way to get to some of which is by using an elephant).
  • by mritunjai (518932) on Monday May 10, 2010 @08:10AM (#32154158) Homepage

    Folks,

    It is important to put the size of elections in India in perspective and how they operate to understand any meaningful amount of fraud or corruption possible.

    The EVMs in question are extremely simple. They only have a breakout panel with 32 buttons (expandable upto 64 buttons with an addon breakout button panel). The machine only ever knows the number of enabled buttons. The names and party symbols are affixed as paper "stickers" on the buttons.

    ---------------------
    [B] S First Last Name
    ---------------------
    [B] S First Last Name
    ------...

    The order and placement of stickers on the buttons changes from constituency to constituency. The machines are sealed/unsealed in presence of at least 3 officials, though in practice, it's no less than a dozen or more, as it's a public affair and often media is present.

    Some numbers (courtesy http://www.indian-elections.com/facts-figures.html [indian-elections.com]):
    Number of EVMs used: 1.023 million
    Max candidates per EVM: 64
    Max candidates in election from one constituency: 35
    Total number of candidates: 5398 (India is a multi-party democracy)
    Number of parties: 220
    Number of registered voters: 675 million

    Cost of '09 elections: Approx $2 billion

    Any 'fraud' analysis needs to take the process and numbers into account. EVMs in India solve a LOT of problems with regard to elections and drastically cut down on time, effort and cost involved. There are a number of places where several miles of journey on the back of mule is needed to reach the polling booths. It's much easier to conduct an electronic poll there rather than carrying several large ballot boxes that could be snatched.

    • by thijsh (910751)
      Informative post! But shouldn't the number of EVM's be either 1 million or 100 million? The site mentions 10.25 lahk = 10.25 * 100000, but I'm afraid the dot is a bit ambiguous here... Or is the dot a decimal sign in both this number and yours (in which case I see you're perfectly correct)? I hate those fucking digit group separators, they always confuse international exchange of information.

"Text processing has made it possible to right-justify any idea, even one which cannot be justified on any other grounds." -- J. Finnegan, USC.

Working...