arrow15 Comments
  1. David F. Skoll
    Mar 09 - 9:18 am

    This is bad news. When (not if) serious security flaws are found, closed-source promoters will gleefully jump on them and say that only closed-source software should be used for e-voting.

    This will obscure the real problem, which is that e-voting is fundamentally non-securable and should never be used by anyone who actually cares about democratic institutions.

    • Renai LeMay
      Mar 09 - 9:30 am

      Do you think so David? I would assume they would have this environment fairly locked down. And it’s not as if Microsoft has a great reputation for security.

      I agree with you that e-voting is fundamentally non-securable tho — although I’m not sure that paper voting is either.

      • David F. Skoll
        Mar 10 - 1:49 am

        Paper voting is substantially harder to tamper with than e-voting. Where I live (Canada), counting paper votes involves thousands of people and is scrutinized by representatives of each political party. It would be quite difficult to subvert enough counters and scrutineers to materially affect the outcome of an election.

        E-voting can be tampered with stealthily and silently. No-one can see malicious code or malicious network traffic. Anyone who takes control of the e-voting software can manipulate it silently and remotely, and force it to produce whatever results he/she likes. A skilled attacker can hide his/her tracks and make it almost impossible to detect that tampering has taken place.

        In the United States, parties spend about a billion dollars per election. If they could spend half that much to win the election through tampering, that would be pretty tempting. And 500 million dollars is enough to mount a very robust attack against an electronic system.

        • Chris
          Mar 10 - 11:16 pm

          But we vote using pencils… to number candidates…. Tampering just takes a few people with an eraser and another pencil… It’s not like hanging chads or anything.

          • David F. Skoll
            Mar 11 - 8:37 am

            “Tampering just takes a few people with an eraser and another pencil”

            Well, yeah.

            Except those few people have to get into the sealed ballot boxes. They have to convince the people watching them to let them get the boxes and to look the other way while they tamper.

            You really have no idea how real elections are run.

          • Danielle
            Mar 11 - 8:41 am

            There are two kinds of election fraud: retail election fraud, where some number of votes are individually changed; and wholesale election fraud, where a flaw in the system enables a mass changing of votes. Retail election fraud rarely alters the outcomes of elections.

            You are right, voting with pencil on paper, someone could change individual votes, but in Australia ballot boxes are secured with coded tags, which scrutineers watch being applied, and being removed. The count is also scrutinised. The opportunity for mass-alteration of votes is not present. Even a corrupt election official would find it difficult to commit a wholesale fraud.

            E-Voting systems however are incredibly hard to scrutinise, and provide ample opportunities for wholesale fraud, either through an intentional programming flaw, or exploitation of the system.

            In Australia, the (Reps) votes are counted at least twice (and further times if the counts are not close enough), once on election night, and again during the following week. An electronic voting system with a sufficiently complete paper trail (that the voter could verify) would allow for both instantaneous results (and less staff on election day) and a manual second count later in the week. With correct design, such a system could still be secure.

  2. [...] Victoria expands Linux e-voting rollout Victoria’s Electoral Commission has flagged plans to expand its use of electronic voting kiosks based on Linux software in the next state election in November this year. [...]

  3. [...] Victorian Electoral Commission has released a tender requesting suppliers for a Linux-compatible eVoting kiosk. Apparently, they will be installing [...]

  4. d-_-b
    Mar 11 - 2:14 am

    worst part of this idea is linux just got the most exploits to date so call off the voters =)

  5. Warren
    Mar 11 - 8:36 am

    There is a difference between security flaws and a locked-down system. You can make them tamper proof regardless of the software if it is done right (gaming machines come to mind), but given Victoria’s reputation (miki smart-card travel systems) there are so many levels and ways they can stuff it up, and probably will.
    It’s not that paper is less tamper proof, it’s just that the effect is limited and the change is more identifiable in review. I hope it’s done right, but I am not sure that the current system actually needs any changing.. Is it just business that needs to sell more hardware and contracts or is it actually going to make voting easier, cheaper and result in a better outcome?

  6. Adam
    Mar 12 - 11:35 pm

    So, like with cash registers, you make the machine print a paper receipt that is given to the voter and an identical copy kept internally. Random spot checks make sure the votes being returned by the machine match what is being recorded on the receipts. People can go home, type in the code on their receipt and check online (or over the phone) that the vote counted matched the one they cast, thus putting their mind at ease that the machine they used wasn’t tampered with and helping build trust in the system.

    I think it’s great they’re using Linux for this, but really the security aspect is irrelevant to the OS. You can never make something 100% secure, but you can make sure that any tampering is detected and reversed before it causes any problems.

  7. Chris
    Aug 12 - 2:21 pm

    I met someone who counted the votes from the last election. He was a 16yo student at the time, and mentioned that a huge number of “donkey” ballots were simply blank. Even without an eraser, the opportunity for this bloke to make a serious dent in the results was totally real. Students are almost always poor, and usually the most pollitically motivated subsection of our entire community.
    Among the other interesting things he mentioned was that they treat different kinds of informal votes (eg: empty ballots, versus ballots with abuse written on them versus jokers who’ve added their own things like “Homer Simpson Party” to vote for, versus mistaken voting etc) in different ways. Some get discarded, while others get retained – and again – it’s these students who choose which ones go into the bin, or not. Whether anyone checks these we’ll never know – but I’m sure we’ll be told they’re checked (whether or not they really are).

    It’s hard enough trusting governments, but when they pick possibly the highest-risk individuals I can think of to count the votes, they *really* should **not** be making voters use pencils to vote with.

    Roll on a secure electronic system I say. It can’t possibly be worse than our current pencils on paper system with the risk of trusting thousands of uni students not to change/discard anything improperly.

    • Andrew
      Aug 12 - 10:59 pm

      Chris, given this site caters to Linux users from all over the globe I’m not sure if you are referring to the Australian system or another country. For the sake of this article I’ll assume Australian.
      I’m lucky enough to have family who manage voting centres etc at federal and state elections and I think your young uni friend was telling you his understanding of the system.
      Every vote is counted by more than one person, an AEC official and a scrutineer from multiple parties. Every invalid vote can be challenged by a scrutineer and is assessed by set policies. As for the idea that ballots are binned, you are seriously misinformed. Every single voting slip is accounted for and archived for any challenge to numbers that may occur in future, NOTHING is binned.
      Reading between the lines I get the impression you feel these “Uni students” are left leaning and their intentions are to thwart a conservative election victory. The effort required to do this via a pencil is next to impossible. It would require a conspiracy on the level where every single employee of the AEC was involved and determined to ensure the victory of one party. Given that the family members I know working at the AEC are of opposing political ideologies I know this is impossible.
      The fact that each voting centre has scrutineers checking the votes as well, you are suggesting that a scrutineer for one party is happy to give the election to their nemesis.
      Unless you also believe the moon landing is a fraud? That’s a discussion for another forum.
      Don’t take my word for it, call the AEC and apply for work at the next election. It’s a great day and it pays well, you will make some new friends and each election you may progress to a higher role and increase your wage for the day.
      Increase the efficiency definitely, but accept that IT solutions are not error free and far easier to subvert. If it weren’t so, why the need for virus checkers, firewalls and encryption? I can write a patch for any system. You want to win the election by %5 and you want it in Perl, C or how about Fortran. As soon as I finish this Trojan for Linux, OSX and Windows 7 I’ll get right on it.

  8. kristinpowell.com.au
    Mar 10 - 9:19 pm

    [...] read more [...]

  9. Andrew
    Mar 11 - 11:30 am

    Here’s a novel idea. Paper output which prints for the voter to verify their vote plus a hash which they can keep to verify online if they wish, which has no identifying details. The paper output is dropped into a lock box for physical verification on the day or at later point.

    The local terminals are networked together with a master terminal which will only accept data from pre authorised terminals, no rogue entities can be added without security key and everything is encrypted. Absolutely NO WIRELESS component allowed anywhere near the system. The system could then dial home (old school dial up like EFTPOS) to send data through throughout the day. Heavy statistical analysis on all results based on polling data and previous voting trends for the area to flag dodgy poll booths.

    As for paper count, party representatives regularly request recounts and everything is scrutinised.
    Run the paper system and terminal system in tandem with random audits in perpetuity.

    The biggest cost for the day is then POS rolls which should be made the same size as the most common rolls for retail sales.

    You have the speed and efficiency of an IT solution with the added security of a paper system. The paper system should never be removed as I never trust any human being who seeks power. Especially the sycophants that help them and nod like sheep in the background of press meetings.

Mobile Theme