Netherlands reverts to hand-counted votes to quell security fears The Netherlands has decided its vote-counting software isn't ready for prime time, and will revert to hand-counted votes for its March 15 election. The voteare's security came under question when Dutch security bod Sijmen Ruwhof told local newscaster RTL Nieuws that the average iPad is more secure than the electoral software, …
When flaws like this are reported in the US, the voting machine manufacturers tell everyone not to worry and the press rolls over to get its belly rubbed, nothing to worry about, nothing to see, move along.
The general feeling for years in the West has been, "Yes, but it couldn't happen here" ... and look where we are today.
Having a Dutch partner, and having lived in the Netherlands more than 10 years ago, I know that that they were one of the 1st countries to introduce dedicated electronic voting machines. As all tech familiar commentards here will know, this may not be surprising for a country with one of the first and most extensive electronic infrastructures in the world. Now a return to pencil and paper is suggested because of "security concerns". However, if you have your tinfoil hat at hand, one could also consider an alternative scenario:
More than decade ago, the Netherlands political landscape was rocked significantly by the avalanche like popularity of one of first Dutch successful populists, Pim Fortuyn, resulting political outcry, fear, and confusion with the governing politicians. After the assassination of Fortuyn in 2002, politics in the Netherlands returned to "normal", although the populist heritage of Fortuyn was copied selectively by the more conventional Dutch political parties. With the upcoming elections in March 2017, history seems to repeat itself however, especially now that international examples (popularity of US/ UK/ EU populist politicians/ parties, Brexit) and the (continued) general Dutch populist opinion and mood seem to predict a possible repetition of the 2002 Dutch elections, i.e. a majority victory for the right populist Freedom Party (PVV led by Mr. Wilders, how once upon a time was refused entry of the UK due to his right-wing populist views. How times have changed...).
Now, would it be too-much-tin-foil-hat to be at least surprised that a country, that has been at the forefront of digitalisation, which even suggested to introduce "internet voting", now returns to red pencil, paper, and counting by hand?
I don't think that AC questions or disputes the fact to stop using vulnerable, insecure programs/ machines.
I think he's just surprised by the retrograde move to pen and paper, and is puzzled by reasons for this course of action. The way I read it, moving forward, developing more secure programs/ machines for a country like the Netherlands would perhaps indeed have been less surprising.
@Nattrash,
The way forward ultimately will probably be to develop better software, which should be entirely possible. The thing is our next elections are in March. This year. That is way too short of a timespan to develop new and secure software.
As for voting machines, it's been researched to the ends of the earth and right now no-one can come up with a way that is not open for manipulation in some way.
@imanidiot
I hear what you're saying, and I think in general we agree.
Having said that, I can't help being a twat and point out that your arguments are a bit shaky. I mean, you mention that the Dutch voting machines have been researched extensively. I assume this was done properly and took a considerable amount of time. However, if a "sudden discovery" of the terrible "less than an iPad" security of the voting machines, an election in a couple of months, leaves no other quick fix then pen and paper voting, then you have to ask yourself what people have been doing in the mean time.
It is also suggested that pen and paper voting is not/ less open to manipulation. Well, I think we have historic examples enough there of the contrary. Whether it are for example ballot forms in Africa, inked finger votes in India and Pakistan, or punch cards in the US, there are always creative ways imaginable to reach desired results, and always people who are willing to explore them.
@Nattrash,
This isn't about the voting machines themselves, those were banned from use by a court decision in 2007. Since then the Dutch have voted using paper and pencil methods. To tally and report the final results per district however they used the software now under scrutiny. The software is basically just a glorified spreadsheet that takes the numbers put into it, adds them up per candidate/party and spits out a list of numbers. The same software can then be used in the central office to tally all the individual results together and get a final result. Since this is software no-one but the voting officials used and saw no-one really took notice so far it seems. This software is certainly much less in the public eye than a voting machine would be.
"And makes me wonder why the student that found all these flaws 6 years ago didn't take his findings to the press when the electoral commity didn't respond to his findings."
Who says he didn't? Just because you have a story which can showcase a travesty doesn't automatically mean that the press are interested and will actually use it.
Why do you think online communication like social media and such became so popular for spreading news items?
It bears repeating every time "voting machines" comes up...
The purpose of a democratic election is not to make decisions quickly, or clearly, or consistently - it's a terrible way of doing any of those things. The purpose is to convince the losers that they've lost.
And to that end, the most important aspect of the whole thing is transparency.
If you open-source your platforms, release every line of code and complete circuit diagrams of all hardware and a complete list of system users with access privilege levels... then there may be perhaps half a dozen people in the Netherlands who would have the ability, the time and the willingness to look at all that information and saying with confidence "yes, it's fair". (Of course they may be wrong, or they may be compromised, or they may simply be trolling us. Who knows.)
But if you mark votes on paper with pencils, seal them in boxes, unseal the boxes and count the votes in front of witnesses - then practically all the adult population can understand that, and can see that you're doing it fairly.
There's no comparison. Pencil and paper is several million times better than any voting machine.
@veti: Well said! It is also the case that while some minor fraud can happen in paper-and-pencil -based elections (no system is perfect), "stealing the election" would require a big operation, with large numbers of conspirators in multiple locations that would never go undetected in honestly run elections.
Let's be honest. In IT we put a new system in about every 5 years due to hardware getting too old and the software being unsupported.
How often do we have elections?
Is it worth buying a new IT system for practically every election, or is it simpler, cheaper and probably better to just use a pen and paper?
I have had to do some work around vote counting in the 1990es in a couple of European countries, so let me provide a bit of perspective.
The usual approach used to be not to buy anything. At all. The procedure in the 1990-es was:
1. Grab 20 desktops from a school computer class, library or a suitable company on a one week lease.
2. Boot them off external media, enter the votes as they are counted and dump the vote counts onto remove-able media producing a print receipt including checksums for all data.
3. Collate the votes at CO using a similar setup.
We investigated using networks, etc and discarded it as too complex to set-up for a 3 days election event and disband after that.
The whole thing worked a treat in the DOS days as you could boot your election counting software off a 3 inch floopy together with the OS.
Windows threw a massive spanner into these works by severely limiting what you can do here. You cannot just show up, boot a windows live CD, run the vote counting process and leave. That is a violation of the Microsoft license agreement. Do not even get me started on windows update, connect to the mothership and license enforcement either.
The right way would have been to show MSFT a HUGE three finger salute and switch to something that works fine off live media. I am not mentioning the L word as it is not the only option. Unfortunately, for a huge list of reasons (including vicious lobbying by local MSFT account teams up to government level) this has not happened(*).
Well, now 15 years later (that is when the lobbying efforts, etc started) we reap what we sow. We do not have a non-Windows alternative (or a special license exemption allowance to use Windows for this app and boot any number of copies anywhere for 3 days). So we have to go back to PRE-1990es tech (thank you Billy Boy and Ballmer) to run elections.
> Windows threw a massive spanner into these works by severely limiting what you can do here.
...
> We do not have a non-Windows alternative
There's always FreeDOS, and you can even continue to use your original DOS vote counting software.
It probably has a few thousand lines of code and compiles down to a few tens of kilobytes; very easy to audit.
There's always FreeDOS, and you can even continue to use your original DOS vote counting software.
This cuts in more than one way I am afraid. When you run the counting for an election you also hire on a short term contract thousands of staff, usually local. You cannot rely on central IT support.
If you go out and pick a PFY from the street today he will look at you in disbelief given a trivial DOS error. Ditto for Linux. I am not going to even start on BSD.
So we either have to look back at paper or find another way and hackproof it top to bottom.
You also have the joy of politicians tweaking election law every year one way or another. While usually it is just changing constituency boundaries, you quite often end up having to fix the software. If the software is running using an ancient UI toolkit on DOS there is less and less people, toolchain and libraries to update it. And so on.
If you go out and pick a PFY from the street today he will look at you in disbelief given a trivial DOS error. Ditto for Linux. I am not going to even start on BSD.
If you go the live-{Linux|BSD|FreeDOS} route it should not matter. The media is prepared to boot and then directly start the friendly vote-counting software. The staff is instructed that if it does not do so on a given PC, try another. A list of verified PC models is also supplied. It should be possible to make this setup fool-proof, since there is only one application to run. The users never see the OS, so it does not matter which one it is.
In IT we put a new system in about every 5 years due to hardware getting too old and the software being unsupported.
Ah. Ahahah. Ahahahah. Snicker. The architects will get new systems to dicker with every couple of years, and in the odd case a not-totally-bonkers design happens to come out, that particular model will be found to be EOL and the whole circus needs to be restarted. The actual production systems, already years out of service with OS and software a decade old, will then obviously need to be kept going (using spit and baling wire) for another cycle.
In particular with PR, it is a major logistic task to stuff ballot boxes.
AFAIR, the way it used to be done in Denmark (and it sounds like NL worked similarly) you have reps of the political parties + public sector employees counting votes at the polling station, starting as soon as the polls close.
Results are then aggregated (phoned in) to county and national level and 4 hours after polls close you have 90% or so counted.
Results from every bloody polling station are published (used to be in national newspapers) so if you were there, you can see if the numbers match up.
Difficult to make a meaningful fix to that I think
Yep, bang on there, in GB its pencil and paper, if you've ever wondered why pencils the one and only reason in modern time is pencils will work reliably for 20 years+ subject to leads breaking down etc, cant say that for a ball point and the expense of replacement every 4+ years etc.
As for security of counting it dosnt get more open and transparent than a sports hall full of oversight from all intrested parties all grimly determined to keep beady eyes alert.
Its the Postal paper votes that get abused again and again, postal votes were introduced/encouraged to prop up the slow decline (which continues despite all efforts, Australia has the right approach) of personal attendance at polling stations and the gradual decline in % turnouts unsurprising really as no matter who you vote for things never seem to change much.... until. better stop there dont want to get all populist and current affairsy
I always wondered if the British government has a warehouse filled with 'just a bit too short' pencils and manky lengths of string.
The British system of casting and counting votes works pretty damned well, the only improvement that could be made cheaply would be to replace the black metal ballot boxes with transparent ones to act as a reassurance against ballot stuffing.
It hasn't been metal boxes for a while now, its black plastic crates these days.
As a Presiding Officer clear boxes would be a boon as people could see you weren't fiddling things but given the bat shit crazy conspiracy theories you get from some voters no system is perfect.
I was personally accused of gerrymandering an election by moving a polling station across a road from one church hall to another (and I mean literally across the road all of about 50 feet).
That the church hall we used to use had been condemned and was scheduled for demolition was all a smokescreen to prevent people voting as they had 'always' used the previous hall.
"(This is a Joke. I hope...)"
Yes, fortunately it is.
Fox-IT do a lot of government security projects, including for the Dutch MoD. In 2015 they were acquired by the NCC Group and apparently the Dutch government are now looking at options to force them to split off the section which does government security work here.
https://www.nrc.nl/nieuws/2017/01/24/overheid-eist-invloed-bij-cyberbeveiliger-fox-it-6382806-a1542772
Don't forget the Diebold (with a big republican booster CEO) machines supplied to Ohio and other states that some claim swung Ohio and the 2004 election to Bush. The suspicion goes both ways.
In order to protect against potential fraud or simple mistakes, ALL votes should leave a human readable paper ballot to allow hand recounts - which should be MANDATORY in 2% of precincts that are randomly selected as a sanity check, which trigger a full hand recount if they are off by more than a tiny margin.
So, the machine prints a paper trail. A copy of that trail can go to the voter, but unless the voter then puts that paper copy in a box somewhere to be counted later during your sanity check, how do they know that the machine has printed the same result on the paper that is going to be recounted?
Once you're printing a paper copy and then putting it in a box, all you've done is created a really fucking expensive way of marking things on a piece of paper. Which we can already do with a pencil.
No no no, the voter DOES NOT keep the paper copy! The machine prints out your paper ballot, which you can see and verify it didn't mark the box for candidate A when you selected candidate B on the screen, and you put that in a scanner that reads it to produce the initial. Same as if you filled in the little circles with a #2 pencil, it is just a hopefully more foolproof way of producing that since you don't have to worry about people using X's instead of filling in the circles properly, etc. (and because the generation after the millennials might not know how to operate a pencil ;))
If you take the paper copy with you, too bad, your vote will not get counted in the initial count OR the recount.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
