The upcoming local election in Belgium and unsafe electronic voting machines

This morning, the radio news that was playing in my car reported that a group had found that the electronic voting machines that will be used in this weekends local elections are highly vulnerable to exploit.

Why this newsonly comes so close to the elections is beyond me, because it is something that most of us in the security field have known for years.

Worse, we have known this to be true for all these years that we were forced to use exactly those machines to cast our own votes. We knew this all the time while we we closely watching the outcome of the election, for me personally, hoping that the racost party in Flanders (Vlaams Blok/Belang) was not gaining too much.

The topic of the safety of electronic voting systems (EVS) is quite hot in the US currently, with mainly Diebold (the maker of a lot of our local Bancontact ATM machines) being the model of swiss cheese. But most of the current systems suffer from similar flaws.

One of the main objections to EVS is that it does not offer a voter verifyable trail. Meaning that once your vote has been cast, you cannot check how it has been cast (the on screen result cannot be verified by you) and it cannot be recounted because a recount would just be based on the same forged flaws.

The problem with our local systems that is at hand now is the same as diebold faces. The machines run of a floppy disc (Diebold uses a flash card). This floppy disk can be replaced by someone (be it a voter or somewhat in the electoral staff) with modified software. Such software could show a vote that you made for party A on screen as a vote for them, but record it for party B instead.

Although the media are only reporting on this now (2 days before the election), I have personally known that this exploit exists for years now as it is a pretty obvious fact when you just look at the machine in a critical manner.

So, what now? If it was up to me (and it is not), this issue is seriously enough to immediately ban the use of all electronic voting equipment until the machines and software are redesigned to be secure and to offer a voter verifyable audit trail.

To make such machines trustworthy, it would require a lot of things, including trusted hardware and signed binary software. It would also require that voters can inspect the design of the machine, including the source code of the OS.

For this weekends election, it would mean having paper ballots (which are probably not present) because these flaws can never be fixed in any reasonable time to let the elections go ahead (think months to years instead of days or weeks). This means postponing the election.

After all, what sense does it make to vote when a clever guy can just rig the election for his candidate to win.

Links to EVS articles:
http://www.schneier.com/blog/archives/2004/11/the_problem_wit.html
http://www.schneier.com/blog/archives/2006/05/election_machin_1.html
http://www.schneier.com/blog/archives/2005/12/gao_report_on_e.html
http://www.schneier.com/blog/archives/2006/08/open_voting_fou.html

-- EDIT 2006-10-06 10:00 CEST
In a very fun twist, the minister that is responsable for this part of the government is claiming that EVS is totally secure and it would take a large number of people working together to steal an election.

In doing this, he is actually saying that he knows nothing about (electronic) security but he *knows* that this particular technology is secure, even though you can never verify it after the fact.

Depressing, really.