The “We do not trust voting computers” foundation in The Netherlands have performed a quite superb security analysis of the Nedap voting machines used there.
They lucked into getting their hands on first one then two more voting machines, a major breakthrough of their own. Starting work on August 23rd, 2006 they managed to find and publish numberous flaws by October 6th, 2006. Incredible work but also testament to how poor these systems are.
In a lovely tale of international unintended consequences, the findings of the Irish Independent Commission on Electronic Voting provided a head-start for the researchers as Ireland also has Nedap machines.
A quick summary of the flaws found:
Physical locks on the machines use the same key for all 8,000 machines in The Netherlands. The key for the locks is readily available for purchase at one Euro each, there is only one key made to fit this model lock.
A supposedly restricted maintenance mode has its password hard-coded as the Dutch word for 'secret'.
To demonstrate that the machines are just computers built from standardised components and that they had fully understood the workings, they reprogrammed a machine to play chess.
A program “Nedap PowerFraud” was developed to electronically stuff the ballot memory of a Nedap machine, but only in real elections and not test situations.
TEMPEST or Van Eck phreaking, that is eavesdropping radio signals from the Nedap machines presents convincing opportunities for knowing how users have voted.
It's very interesting that despite all these attacks and a few others mentioned in the report, the Nedap machines actually meet all Dutch regulatory requirements. Of course there is nothing stopping the supplier exceeding those requirements (not likely, I know) but in many senses this report is a devastating critique not of the technology but of the specifications and regulations provided by the Dutch authorities.
You can watch an Irish news report about all this here [Real]
- Full security analysis report [PDF]
- Detailed pictures of the machines used
- Links to oodles of technical data
- English language press coverage of these findings
- Blog entry with some background on the chess!
- Blog entry with more details on the rubbish lock/key used
- YouTube videos of some of the attacks (in Dutch)
Many thanks to Anne-Marie Oostveen for letting me know about this early, but being snowed under this hasn't emerged on here until after it go Slashdotted!