Victoria’s Electoral Commission has flagged plans to expand its use of electronic voting kiosks based on Linux software in the next state election in November this year.

The state first started using the machines in a limited trial during the last state election in 2006. It appears as if the machines were used for voting for the vision-impaired, as well as for military personnel. News of the rollout was broken by Computerworld.

However, in tender documents released last week, the state revealed it would expand its use of the machines. About one hundred kiosks will be deployed to early voting centres (including mobile facilities) around the state as well as in the United Kingdom.

According to the tender documentation, the machines will consist of one in-built 19″ LCD touch-screen, one PC with an Ethernet network port, and an in-built USB smartcard reader. The machine must be able to run Linux, as the commission has requested Linux drivers for the components.

The commission stated it would install Linux on the machines itself, but it remains unclear which exact version of the open source operating system it will use.

The tender documents stated that drivers must be compatible with the “2.6 kernel/Gentoo release of Red Hat Enterprise Linux”. However Red Hat and Gentoo are quite different Linux distributions.

It appears as if Victoria’s previous e-voting system was supplied by Hewlett-Packard, in conjunction with Spanish company Scytl.

The news comes as Linux has not been making headway for desktop use in Australia — even in such limited use as customised and locked down terminals such as e-voting systems require.

One of the last stand-out Linux desktop deployments in Australia was that found at Kennards Hire. However, in December 2009 the plant and equipment company revealed it had migrated its 300 desktop machines running Fedora Linux back to Windows (thin clients) in 2008.

In contrast, the New Zealand government is currently engaged in a pilot to replace Windows PCs with desktops running Linux and open source software. However, Linux remains a force in local server deployments, where it is seen as the main rival operating system to Microsoft Windows.

Image credit: Larry Ewing

Related posts:

1. Brisbane wins Linux.conf.au 2011
2. BYO Linux router to the NBN
3. Linux to dominate Australia through T-Box and Android
4. Telstra’s Linux-based T-Box to launch mid-June
5. Linux.conf.au requests 2012 bid proposals

1. David F. Skoll
   Posted 09/03/2010 at 9:18 am | Permalink | Reply

   This is bad news. When (not if) serious security flaws are found, closed-source promoters will gleefully jump on them and say that only closed-source software should be used for e-voting.

   This will obscure the real problem, which is that e-voting is fundamentally non-securable and should never be used by anyone who actually cares about democratic institutions.

   • Renai LeMay
     Posted 09/03/2010 at 9:30 am | Permalink | Reply

     Do you think so David? I would assume they would have this environment fairly locked down. And it’s not as if Microsoft has a great reputation for security.

     I agree with you that e-voting is fundamentally non-securable tho — although I’m not sure that paper voting is either.

     • David F. Skoll
       Posted 10/03/2010 at 1:49 am | Permalink | Reply

       Paper voting is substantially harder to tamper with than e-voting. Where I live (Canada), counting paper votes involves thousands of people and is scrutinized by representatives of each political party. It would be quite difficult to subvert enough counters and scrutineers to materially affect the outcome of an election.

       E-voting can be tampered with stealthily and silently. No-one can see malicious code or malicious network traffic. Anyone who takes control of the e-voting software can manipulate it silently and remotely, and force it to produce whatever results he/she likes. A skilled attacker can hide his/her tracks and make it almost impossible to detect that tampering has taken place.

       In the United States, parties spend about a billion dollars per election. If they could spend half that much to win the election through tampering, that would be pretty tempting. And 500 million dollars is enough to mount a very robust attack against an electronic system.

       • Chris
         Posted 10/03/2010 at 11:16 pm | Permalink | Reply

         But we vote using pencils… to number candidates…. Tampering just takes a few people with an eraser and another pencil… It’s not like hanging chads or anything.

         • David F. Skoll
           Posted 11/03/2010 at 8:37 am | Permalink | Reply

           “Tampering just takes a few people with an eraser and another pencil”

           Well, yeah.

           Except those few people have to get into the sealed ballot boxes. They have to convince the people watching them to let them get the boxes and to look the other way while they tamper.

           You really have no idea how real elections are run.

         • Danielle
           Posted 11/03/2010 at 8:41 am | Permalink | Reply

           There are two kinds of election fraud: retail election fraud, where some number of votes are individually changed; and wholesale election fraud, where a flaw in the system enables a mass changing of votes. Retail election fraud rarely alters the outcomes of elections.

           You are right, voting with pencil on paper, someone could change individual votes, but in Australia ballot boxes are secured with coded tags, which scrutineers watch being applied, and being removed. The count is also scrutinised. The opportunity for mass-alteration of votes is not present. Even a corrupt election official would find it difficult to commit a wholesale fraud.

           E-Voting systems however are incredibly hard to scrutinise, and provide ample opportunities for wholesale fraud, either through an intentional programming flaw, or exploitation of the system.

           In Australia, the (Reps) votes are counted at least twice (and further times if the counts are not close enough), once on election night, and again during the following week. An electronic voting system with a sufficiently complete paper trail (that the voter could verify) would allow for both instantaneous results (and less staff on election day) and a manual second count later in the week. With correct design, such a system could still be secure.

2. By Links 10/3/2010: OpenShot 1.1, MeeGo for Sub-notebooks | Boycott Novell on 09/03/2010 at 11:27 am

   [...] Victoria expands Linux e-voting rollout Victoria’s Electoral Commission has flagged plans to expand its use of electronic voting kiosks based on Linux software in the next state election in November this year. [...]

3. By kristinpowell.com.au on 10/03/2010 at 9:19 pm

   [...] read more [...]

4. By Victorian’s request the freedom to vote Linux | The Open Minded Enterprise on 10/03/2010 at 11:47 pm

   [...] Victorian Electoral Commission has released a tender requesting suppliers for a Linux-compatible eVoting kiosk. Apparently, they will be installing [...]

5. d-_-b
   Posted 11/03/2010 at 2:14 am | Permalink | Reply

   worst part of this idea is linux just got the most exploits to date so call off the voters =)

6. Warren
   Posted 11/03/2010 at 8:36 am | Permalink | Reply

   There is a difference between security flaws and a locked-down system. You can make them tamper proof regardless of the software if it is done right (gaming machines come to mind), but given Victoria’s reputation (miki smart-card travel systems) there are so many levels and ways they can stuff it up, and probably will.
   It’s not that paper is less tamper proof, it’s just that the effect is limited and the change is more identifiable in review. I hope it’s done right, but I am not sure that the current system actually needs any changing.. Is it just business that needs to sell more hardware and contracts or is it actually going to make voting easier, cheaper and result in a better outcome?

7. Andrew
   Posted 11/03/2010 at 11:30 am | Permalink | Reply

   Here’s a novel idea. Paper output which prints for the voter to verify their vote plus a hash which they can keep to verify online if they wish, which has no identifying details. The paper output is dropped into a lock box for physical verification on the day or at later point.

   The local terminals are networked together with a master terminal which will only accept data from pre authorised terminals, no rogue entities can be added without security key and everything is encrypted. Absolutely NO WIRELESS component allowed anywhere near the system. The system could then dial home (old school dial up like EFTPOS) to send data through throughout the day. Heavy statistical analysis on all results based on polling data and previous voting trends for the area to flag dodgy poll booths.

   As for paper count, party representatives regularly request recounts and everything is scrutinised.
   Run the paper system and terminal system in tandem with random audits in perpetuity.

   The biggest cost for the day is then POS rolls which should be made the same size as the most common rolls for retail sales.

   You have the speed and efficiency of an IT solution with the added security of a paper system. The paper system should never be removed as I never trust any human being who seeks power. Especially the sycophants that help them and nod like sheep in the background of press meetings.

8. Adam
   Posted 12/03/2010 at 11:35 pm | Permalink | Reply

   So, like with cash registers, you make the machine print a paper receipt that is given to the voter and an identical copy kept internally. Random spot checks make sure the votes being returned by the machine match what is being recorded on the receipts. People can go home, type in the code on their receipt and check online (or over the phone) that the vote counted matched the one they cast, thus putting their mind at ease that the machine they used wasn’t tampered with and helping build trust in the system.

   I think it’s great they’re using Linux for this, but really the security aspect is irrelevant to the OS. You can never make something 100% secure, but you can make sure that any tampering is detected and reversed before it causes any problems.