India’s e-voting machines cracked

Rop Gonggrijp is someone always worth keeping an eye on. He was instrumental in revealing the problems with the Nedap voting machines used in Ireland and the Netherlands.

How he’s part of a team who have publicly demonstrated serious security flaws with India’s electronic voting machines. Time and time again India has been cited as a good example – but the reality was their systems lacked independent scrutiny. Now that expert scrutiny has been brought to bear, problems have been found.

How many more countries have to make the expensive mistake of rolling out e-voting before we all learn that computers and voting are just not well suited for each other.

Read more, and watch the great video at

Rop’s post explaining some of the back story

VeTA – a new group campaigning against India’s e-voting, welcome!

(via Ed Felten’s Freedom to Tinker)

technology voting

Upcoming events in Brighton & Cambridge

Two events coming up soon which will be of interest to digital rights type people:

  • Debating the Digital Economy Act Thur 29th April
    I’ll be one of the contributors at this debate, organised by Wired Sussex here in Brighton.
  • Internet Voting: Threat or Menace Tue 27th April
    Jeremy Epstein from SRI International is over in the UK and will be giving a talk at Cambridge Uni’s Computer Lab Security Seminar series. I did one of these a few years ago and it was highly enjoyable – the audience were engaged and very generous with their interest.

Electoral Commission Chair re-opens the e-voting question

I’ve just come across a Guardian interview of Jenny Watson, chair of the Electoral Commission, which includes this:

People, she said, should also be allowed to vote online. “There will always be people who will want to vote in person, just as there are people who want postal votes. But you could allow more choice in the system,” she said.

It’s extremely disappointing to hear the Chair of the Electoral Commission, of all people, promoting this kind of view. These kind of facile arguments were being made by Labour ministers 3-4 years ago.

Since then we’ve been on a journey with many MPs, publicly at least, agreeing e-voting is a long way from being ready for consideration, if ever. Most Electoral Commission officers I’ve met have also been taking ever stronger lines against e-voting and e-counting.

I absolutely support the Electoral Commission being more outspoken and pushing more forcefully for reforms that improve the security, accuracy and accessibility of our elections. However I believe, I hope anyway, that Jenny Watson’s comments do not reflect the views of her staff who thus far have been very conscientious (but perhaps too soft-touch) in highlighting the serious risks associated with postal votes, e-counting and e-voting. Online voting being the most risky of all of them!

The risks & challenges of e-voting are laid out in detail in the writings section of this site.


Diebold sell their voting unit to ES&S

This morning we learn that Diebold have sold off their voting-machine business to ES&S, their main competitor. Between them Diebold and ES&S control around two-thirds of the US voting market.

Ever since the bad news about Diebold started rolling in a few years ago, they’ve been trying to ditch their voting unit. Security scares aren’t good for business when your main product is ‘secure’ cash machines and such like.

Having failed to find a seller they renamed their voting unit to ‘Premier Election Solutions’ in the hope that would at least protect them from some of the, ahem, reputational issues. How or why they now managed to get ES&S to purchase the unit know is not clear, but the tiny $5 million price tag must have been attractive.

Diebold expect to book a loss of $45 to 55 million on the deal, not exactly a marvellous return. Both Diebold’s and ES&S’ voting systems units were created by the Urosevich brothers so there’s some kind of closure in this transaction bringing the units together.

ES&S were one of the suppliers in the 2007 UK pilots including South Bucks which had significant problems and delays with their count.

In papers on the 2007 pilots released under the Freedom of Information act to the Open Rights Group, it was clear that the government wanted to avoid using Diebold at all costs because of the negative PR associated with them. If pilots are to happen again (which thankfully I think is unlikely) will ES&S be avoided too thanks to this acquisition?

This deal will represent significant consolidation in the voting market and unhealthy control in one company. I hope the US authorities carefully examine this deal, but if not it will be another signal to the rest of the world not to follow in their foot-steps when it comes to voting.

NY Times Report: “Diebold sells its voting machine unit to competitor”


No hack detected does not mean unhackable

USA Today recently reported that Estonia has passed legislation to allow for mobile phone voting in their 2011 parliamentary elections. This is a very worrying development as Estonia’s previous electronic elections lacked proper scrutiny in my view.


The article quotes officials who ‘dismissed security concerns’ and stated that the 2007 elections ‘proved secure despite worries’. Nothing was proved secure… nobody was provably caught hacking. That does not mean that the system wasn’t or can’t be hacked. What it means is that either the attack was undetectable OR holes were exploited that time around.


Every system has vulnerabilities, these can be managed, fortified and monitored. When people claim absolute security they either don’t know what they are doing or they are being dishonest. Neither is what you want in people running elections.



UPDATE: Dan Wallach has a good, more technical critique of this news in Estonia.



Links: 6-04-2007

Monitoring Internet voting in Estonia (OSCE/ODIHR)
Monitoring Internet voting in Estonia (Source: OSCE/ODIHR)

  • This photo is from the OSCE/ODIHIR Elections homepage with the caption “Computers at the National Election Commission in Estonia monitor Internet voting traffic during the 2007 parliamentary elections. (OSCE/Henri Snyers)”. It nicely shows how difficult it is to do meaningful observation and scrutiny of an e-vote. The graphs are probably showing something like traffic at various routers or servers. One screen is also showing what looks like CCTV feeds from the data center. These are all ‘interesting’ but not able to provide any assurances about what is happening to the votes – are they recording accurately, is someone changing them, will they be counted correctly?

  • Observing Electronic Voting
    Kåre Vollan has written an excellent paper on observing e-voting which really clearly addresses the problems with e-voting and hence the challenges such technologies pose to observation missions.

  • Voters to receive electronic ballot info
    The Swindon Advertiser tells us about Swindon’s plans for this May’s pilots. They seem very excited about the notion of ‘electronic ballot papers’, in other words kiosks, so that voters can use any polling station in the town. In other words e-voting. (Thanks Glyn)


Microsoft-only Estonian Internet Voting: Troubling Reports (updated)

It’s proving difficult to get first-hand information on the Estonian elections that closed yesterday. As previously reported, Estonia has raced to become the first country to hold a parliamentary election with a legally binding Internet voting channel.


Wired News have filed the most detailed report on Estonian Internet voting. There are some interesting quotes such as a member of Estonia’s National Electoral Commission saying that their goal is to boost participation whilst simultaneously admitting that nobody has proved that e-voting actually can achieve this.


A troubling quote:


“You trust your money with the internet, and you won’t trust your vote? I don’t think so,” said Tarvi Martens, project manager for the country’s e-voting project.



Surely Mr Martens should, of all people, know that e-voting is a fundamentally different problem to e-commerce; very troubling – it’s either ignorance or a he’s being deliberately misleading.


As reported by Wired News the system requires a card reader which much be purchased or received as part of certain banking services. Voting can only be done through Internet Explorer which means that voters must be running Microsoft Windows. This is extraordinary – you can only vote online if running a particular browser and operating system, how democratic is that?


Indeed, according to a BBC News report and FOCUS Information Agency report, only about 3% of eligible voters used e-voting with overall turnout being roughly 30%. EuroNews, in a brief report, contrasts Estonia’s Internet voting with socio-economic problems in the country, indeed is Internet voting the best way to spend tax-payers’ money?


Deutsche Welle has a report on the Estonian elections from a German perspective noting that OSCE “views the on-line development, with skepticism, with many officials doubting the level of protection and security of information.”


In reply to quotes that are generally positive about e-voting, Deutsche Welle have a zinger from the German Ministry of Internal Affairs:


“I-Voting, for judicial and technical reasons, does not do justice to the special requirements of political elections in Germany at the moment,” says Annette Ziesig of the Ministry of Internal Affairs.



Precisely, in fact Internet voting and e-voting in general does not and cannot meet the special requirements of political elections for any country that wants to meet international standards for free and fair elections as set out in the UN and Council of Europe declarations on human rights.


UPDATE: Margus has posted a comment pointing to pages on the Estonian e-voting website which indicate that voting is possible from Windows, Linux and MacOS. It looks like Wired News mis-reported the situation, my reading of the Estonian site is that you can only use Internet Explorer on Windows but Firefox on other platforms is ok.


Comments from the previous version of this blog:

actually linux and mac are supported.
also firefox for windows
17:55:47 GMT 04-03-2007 margus

Thank you!

I was surprised that the Estonians would make an Internet Explorer only system – thank you for that link. I will update my blog post right now.
20:31:21 GMT 04-03-2007 Jason Kitcat

more clarification

see this post here by someone in the know:
22:36:24 GMT 04-03-2007 rayc

Having actually voted electronically these elections, i find the US-originating critique somewhat annoying.

First of all, every last US critic states they are not familiar with the local system. And they are the experts?
Then there is much talk about the elections not being fair and free.

Which elections are? There have been cases worldwide where people have been told to use their camera phones to take a snapshot of their ballots, etc. If a group wishes to apply pressure to voters such a way is found regardless of the election type.

In the same manner booth voting, mail voting and e-voting all feature some risk of vote tampering. Whether it is by means of accessing voter computers, stealing absentee ballots, buying local votecounting officials or tampering with mailed ballots, it is all possible.

So the critics dislike e-voting because it is as unsafe as the regular one? So let’s dump e-banking as well and pray that the bank branch employee doesn’t forge your signature?
11:56:19 GMT 05-03-2007 Fred

Waving the flag


Thanks for your comment (and thanks to Ray for the link about Estonia).

I am based in the UK and I am a dual British/Canadian citizen, this and many other background details are in the ‘about’ section of this site.

So I’m not a US critic but you’re right, I don’t have on-the-ground knowledge of the Estonian system, hence the first sentence of my blog post saying how difficult it was to get information. Nevertheless I get asked about the Estonian system and governments will use the Estonian experience as justification for their own experiments so I feel it is worthwhile commenting on my blog.

No election is perfect and to my knowledge I have never said so. When criticising e-voting I acknowledge the limitations of our existing paper-based systems and accept that they have room for improvement. While all methods of voting has some risk, the scale of undetectable fraud or error possible with e-voting is far greater than possible with any other method.

One million postal votes could not be stolen undetectably, logistically it’s too hard to move that much paper yet with e-voting those kinds of numbers are logistically entirely plausible. Note that banking is a very different problem to e-voting as it isn’t anonymous.

My criticism of e-voting is that it is much, much more unsafe than regular secret Australian paper ballots. E-voting is also more expensive, complicated, prone to error and less accountable and auditable to citizens.
22:43:50 GMT 05-03-2007 Jason Kitcat


Sir Alistair Graham calls for e-voting pilots to be halted

Today, at the Association of Electoral Administrators conference in Brighton, Sir Alistair Graham, chair of the Committee on Standards in Public Life, has publicly called for the 2007 electoral pilots in the UK to be halted. The Committee recently published their eleventh report which called for major reform of the Electoral Commission and our electoral system, particularly with regard to preventing fraud.

This is a major development – it’s the first time an establishment voice has called for the halt of e-voting pilots. The speech couldn’t be better, Sir Alistair makes every point I would have wanted to, he even notes that the government has been extremely misleading in their use of some figures from Northern Ireland. I’m so pleased!

Sir Alistair and the minister Bridget Prentice MP were on BBC Radio 4’s World at One, Prentice absolutely refused to accept anything Sir Alistair had to say.

Some choice quotes from the text online, delivery may have been different, but really read the whole thing as it’s all SO GOOD:

“Electoral fraud is not a trivial matter. It is an affront to the democratic principle of one-person one vote. Left unchecked it will eventually undermine trust and confidence in the democratic process and by implication the electorate’s consent to the outcome of elections.

“I should like to put this question to you. How does DCA or the Electoral Commission know about the extent of electoral fraud when neither of them have kept any statistics nor have undertaken any research on the issue? Is it that, in their obsession with increasing participation at all costs, they have turned a blind eye to the risks of electoral fraud and its consequences on the integrity of our democratic system?

“The current systems to combat electoral abuse in Great Britain are unsatisfactory already, so to proceed with these pilot schemes, appears ill-timed and betrays confusion over priorities. Unfortunately it appears to come down to the obsession with modernisation as a means of increasing participation at elections.

“In any event the primary responsibility for increasing participation at elections rests squarely with the political parties. Deep-seated voter disengagement will not be solved by tinkering with the mechanics of the electoral system.

“So in relation to the elections this May I am calling for the pilots to be put on hold. It is a matter of serious concern that we are experimenting with insecure methods of voting when the current registration and absent voting procedures are so insecure. In relation to the checking of absent votes in May there should be a guarantee of 100% checking.

“As the integrity of the electoral system in Great Britain is being damaged through increased incidents and perception of electoral fraud why are we not replicating the measures used successfully in Northern Ireland in Great Britain too?”

Full text of the speech (thanks Glyn)


Links to news coverage…

BBC News Polling experiments ‘high risk’

Yorkshire Post Why ringing the electoral changes failed to dent voter apathy Dump e-voting to stop fraud, Labour warned ‘Modern’ voting offers opportunities for fraud


Estonia takes the Internet voting national election medal

The other competitors have fallen by the wayside leaving Estonia to take the medal when they cross the finishing line with their March 4th elections. These elections will be the world’s first national parliamentary elections conducted with an Internet voting channel. Their rush to implement this technology is driven by a desire to create positive press around the technological advancement of Estonia to attract inward investment. I can see no other reason expressed in the reports to justify this rapid introduction.


My previous analysis of the Estonian system showed that it wasn’t too bad and they’d been admirably open compared to other countries implementing e-voting. Nevertheless there are weaknesses in the system which could be manipulated by insiders and voters can’t be sure their votes are stored and counted as intended.


The Organisation for Security and Co-operation in Europe (OSCE) will be sending a mission to observe the Estonian elections but do “…not intend to carry out a systematic or comprehensive observation of the voting, counting and tabulation on election day.” Of course observing a computer in a server room isn’t go to do much good anyway. I wonder what the Estonian candidates think?


CNET report
Monsters & Critics report



Minister claims e-voting could boost turnout and secret ballot is individual’s responsibility

BBC Radio 4’s Westminster Hour broadcast a 7-minute piece on the 2007 e-voting pilots (page / RealAudio).

The Minister responsible for the pilots at the Department for Constitutional Affairs, Bridget Prentice, was quoted several times. And I’m afraid what she had to say is cause for concern. Regarding multi-channel voting she said:

“Flexibility is very important for a number of reasons I think it might encourage, for example, those groups of people who have been less inclined to vote young people, for example, who are much more at one with new technology compared to someone like me.”

It is so deeply disappointing to hear this young-people-turnout-boost argument trotted out again. Fortunately Professor Lawrence Pratchett is quoted speaking some sense pointing out that the previous pilots showed that affluent middle-aged people were those most likely to vote online.

Let’s address this turnout issue once more:

  • The 2003 pilots saw an average decrease in turnout across all the e-voting pilots. It was -2.8% on average for kiosk pilots and -0.71% for the remote e-voting pilots. (Details)
  • Lest it is forgotten, the very first line of the chapter on e-voting in the government’s “In the service of democracy” consultation paper was:

    Electronic voting will not solve the problem of low turnout in elections.

  • The reasons for low turnout are complex, but convenience is bottom of those reasons (My article on this).
  • The Independent Commission on Alternative Voting Methods, chaired by Professor Stephen Coleman wrote in their report that:

    Whatever the arguments for and against making it easier for people to vote, we are convinced that culture is more important than convenience and that politics is a greater motive for voting than procedures […] We cannot be sure that all those who cite inconvenience as their reason for non-voting are telling the whole truth; maybe it is easier to blame voting procedures than to admit to inertia or apathy. (pp5-6)

  • The Government commissioned report into e-voting, led by Professor Pratchett, reported that:

    Unprompted, the majority of participants in the focus groups did not identify dissatisfaction with the current polling system, or the inconvenience of polling stations, as the primary reason for abstention. Rather, reasons for voter turnout are concentrated more upon cognitive explanations: those around civic duty, information, scepticism and political efficacy. This finding dispels any suggestion that there is great public demand for e-voting and casts doubt upon whether it would radically change voter turnout. (Source pp34-35)

  • The Electoral Reform Society’s 2004 study into turnout “Turning out of turning off”, which argues that a belief that politics works is a key indicator of whether someone will vote, states:

    [W]hile e-voting might for some be even more convenient than postal voting […] and it has the advantage of not being susceptible to postal delays and errors, it is not more secure. […] But the main downside of e-voting is that the recent pilots have not produced any evidence that it produces significant increases in turnout […] if there are no benefits, what reason is there for taking the risks? (Source pp22-23)

  • Dr Rebecca Mercuri wrote for the October 2002 issue of IEEE Spectrum that:
  • The lure of increased voter participation seems to be the primary motivation for deploying Internet voting systems, although actual elections have demonstrated that such improvement may be relatively insignificant. For example, last March, in local UK elections where online balloting was available, some districts saw a modest (1-5 percent) increase in voter turnout, while others did poorly. David Allen, a proponent of e-voting and spokesman for the St. Albans Labour party, was quoted as saying: ‘We were extremely disappointed with the results, turnout was worse than last year.’ […] An observer of voting technology once remarked: ‘If you think technology can solve our voting problems, then you don’t understand the problems and you don’t understand the technology.’ (Source)

  • Professor Doug Jones notes (from the US) that:
  • Voter apathy owes more to Watergate and Monica Lewinsky, to campaigns based on sound bites, and to congressional deadlock than to the technology we use for voting. It is unlikely that a change in voting technology will significantly change voter attitudes. (Source)

  • Professor Lorrie Faith Cranor writes:
  • One of the primary motivations that has been given for remote Internet voting is the possibility of increased voter turnout. The idea of voting at home in ones pajamas seems to be appealing to many. However, little evidence exists to suggest that the availability of remote Internet voting would succeed in bringing substantial increases in voter turnout. (Source)

  • Gimpel and Schuknecht’s paper “Political Participation and the Accessibility of the Ballot Box” showed that those with distant polling stations people were more likely to vote than those with closer polling stations in suburban areas (Source). This indicates the complexity of how ‘convenience’ affects turnout.

Back to Westminster Hour. The minister did acknowledge that people with disabilities could benefit from e-voting, but didn’t address how disabled people given remote e-voting credentials could be forced or manipulated. Thankfully Prof. Pratchett raised the important matter of the secret ballot and how e-voting compromises voter privacy. In response the minister argued that voters must take some repsonsibility for the secrecy of their ballot:

“I think the individual elector has to make the decision about where and when they vote just as when you’re standing at the hole in the wall and you’re tapping in your PIN number you must sure that there isn’t someone is looking over your shoulder; you should be taking the responsibility in making sure your ballot is secret too.”

This is totally and utterly absurd. Of course e-voting is nothing like financial transactions and if someone sees your PIN you can always change it, whereas I wouldn’t want to change my vote because someone saw it. Ms Prentice must think that it’s your fault if you get mugged – we shouldn’t use our iPods or wear our nice watches in public lest we tempt criminals. There is an important philosophical distinction also – a mugging or shoulder-surfing an ATM user only affects the individual. Voting is a societal act, the manipulation of my vote has the potential to affect society and not just me. The secret ballot doesn’t just protect the voter from threats and reprisals but it is a fundamental building block in keeping our elections honest.

It took over 50 years of hard campaigning to get the secret ballot in the UK and often there were times when it looked like all hope was lost. When it became law with the 1872 Ballot Act there was a sunset clause, the secret paper ballot didn’t become permanent until 1882. But now a Minister, who admits to not be “at one” with technology, is happy to push the responsibility for the secret ballot onto voters. It’s outrageous.

Let us not forget that the Human Rights Act guarantees our right to a secret ballot and hence the government commissioned legal analysis believes that postal and remote electronic voting are illegal (Source).

It’s vital to recall that electronic voting allows for fraud and error to occur on unprecedented scales never before possible. Digital votes are exponentially easier to copy and change than paper ballots.

The minister ends the radio piece by assuring listeners that the Government has been watching the e-voting situation in the USA and Netherlands very carefully to learn the lessons. We shall see, many of us will be watching the pilots more carefully than the Minister might like.

Reporter John Beesley packed a diverse set of voices in the Westminster Hour piece including a good quote from Russell Michaels, co-director of Hacking Democracy – it’s all well worth a listen (page / RealAudio).