Victoria expands Linux e-voting rollout

15

Victoria’s Electoral Commission has flagged plans to expand its use of electronic voting kiosks based on Linux software in the next state election in November this year.

The state first started using the machines in a limited trial during the last state election in 2006. It appears as if the machines were used for voting for the vision-impaired, as well as for military personnel. News of the rollout was broken by Computerworld.

However, in tender documents released last week, the state revealed it would expand its use of the machines. About one hundred kiosks will be deployed to early voting centres (including mobile facilities) around the state as well as in the United Kingdom.

According to the tender documentation, the machines will consist of one in-built 19″ LCD touch-screen, one PC with an Ethernet network port, and an in-built USB smartcard reader. The machine must be able to run Linux, as the commission has requested Linux drivers for the components.

The commission stated it would install Linux on the machines itself, but it remains unclear which exact version of the open source operating system it will use.

The tender documents stated that drivers must be compatible with the “2.6 kernel/Gentoo release of Red Hat Enterprise Linux”. However Red Hat and Gentoo are quite different Linux distributions.

It appears as if Victoria’s previous e-voting system was supplied by Hewlett-Packard, in conjunction with Spanish company Scytl.

The news comes as Linux has not been making headway for desktop use in Australia — even in such limited use as customised and locked down terminals such as e-voting systems require.

One of the last stand-out Linux desktop deployments in Australia was that found at Kennards Hire. However, in December 2009 the plant and equipment company revealed it had migrated its 300 desktop machines running Fedora Linux back to Windows (thin clients) in 2008.

In contrast, the New Zealand government is currently engaged in a pilot to replace Windows PCs with desktops running Linux and open source software. However, Linux remains a force in local server deployments, where it is seen as the main rival operating system to Microsoft Windows.

Image credit: Larry Ewing

15 COMMENTS

  1. This is bad news. When (not if) serious security flaws are found, closed-source promoters will gleefully jump on them and say that only closed-source software should be used for e-voting.

    This will obscure the real problem, which is that e-voting is fundamentally non-securable and should never be used by anyone who actually cares about democratic institutions.

    • Do you think so David? I would assume they would have this environment fairly locked down. And it’s not as if Microsoft has a great reputation for security.

      I agree with you that e-voting is fundamentally non-securable tho — although I’m not sure that paper voting is either.

      • Paper voting is substantially harder to tamper with than e-voting. Where I live (Canada), counting paper votes involves thousands of people and is scrutinized by representatives of each political party. It would be quite difficult to subvert enough counters and scrutineers to materially affect the outcome of an election.

        E-voting can be tampered with stealthily and silently. No-one can see malicious code or malicious network traffic. Anyone who takes control of the e-voting software can manipulate it silently and remotely, and force it to produce whatever results he/she likes. A skilled attacker can hide his/her tracks and make it almost impossible to detect that tampering has taken place.

        In the United States, parties spend about a billion dollars per election. If they could spend half that much to win the election through tampering, that would be pretty tempting. And 500 million dollars is enough to mount a very robust attack against an electronic system.

        • But we vote using pencils… to number candidates…. Tampering just takes a few people with an eraser and another pencil… It’s not like hanging chads or anything.

          • “Tampering just takes a few people with an eraser and another pencil”

            Well, yeah.

            Except those few people have to get into the sealed ballot boxes. They have to convince the people watching them to let them get the boxes and to look the other way while they tamper.

            You really have no idea how real elections are run.

          • There are two kinds of election fraud: retail election fraud, where some number of votes are individually changed; and wholesale election fraud, where a flaw in the system enables a mass changing of votes. Retail election fraud rarely alters the outcomes of elections.

            You are right, voting with pencil on paper, someone could change individual votes, but in Australia ballot boxes are secured with coded tags, which scrutineers watch being applied, and being removed. The count is also scrutinised. The opportunity for mass-alteration of votes is not present. Even a corrupt election official would find it difficult to commit a wholesale fraud.

            E-Voting systems however are incredibly hard to scrutinise, and provide ample opportunities for wholesale fraud, either through an intentional programming flaw, or exploitation of the system.

            In Australia, the (Reps) votes are counted at least twice (and further times if the counts are not close enough), once on election night, and again during the following week. An electronic voting system with a sufficiently complete paper trail (that the voter could verify) would allow for both instantaneous results (and less staff on election day) and a manual second count later in the week. With correct design, such a system could still be secure.

  2. There is a difference between security flaws and a locked-down system. You can make them tamper proof regardless of the software if it is done right (gaming machines come to mind), but given Victoria’s reputation (miki smart-card travel systems) there are so many levels and ways they can stuff it up, and probably will.
    It’s not that paper is less tamper proof, it’s just that the effect is limited and the change is more identifiable in review. I hope it’s done right, but I am not sure that the current system actually needs any changing.. Is it just business that needs to sell more hardware and contracts or is it actually going to make voting easier, cheaper and result in a better outcome?

  3. So, like with cash registers, you make the machine print a paper receipt that is given to the voter and an identical copy kept internally. Random spot checks make sure the votes being returned by the machine match what is being recorded on the receipts. People can go home, type in the code on their receipt and check online (or over the phone) that the vote counted matched the one they cast, thus putting their mind at ease that the machine they used wasn’t tampered with and helping build trust in the system.

    I think it’s great they’re using Linux for this, but really the security aspect is irrelevant to the OS. You can never make something 100% secure, but you can make sure that any tampering is detected and reversed before it causes any problems.

  4. I met someone who counted the votes from the last election. He was a 16yo student at the time, and mentioned that a huge number of “donkey” ballots were simply blank. Even without an eraser, the opportunity for this bloke to make a serious dent in the results was totally real. Students are almost always poor, and usually the most pollitically motivated subsection of our entire community.
    Among the other interesting things he mentioned was that they treat different kinds of informal votes (eg: empty ballots, versus ballots with abuse written on them versus jokers who’ve added their own things like “Homer Simpson Party” to vote for, versus mistaken voting etc) in different ways. Some get discarded, while others get retained – and again – it’s these students who choose which ones go into the bin, or not. Whether anyone checks these we’ll never know – but I’m sure we’ll be told they’re checked (whether or not they really are).

    It’s hard enough trusting governments, but when they pick possibly the highest-risk individuals I can think of to count the votes, they *really* should **not** be making voters use pencils to vote with.

    Roll on a secure electronic system I say. It can’t possibly be worse than our current pencils on paper system with the risk of trusting thousands of uni students not to change/discard anything improperly.

    • Chris, given this site caters to Linux users from all over the globe I’m not sure if you are referring to the Australian system or another country. For the sake of this article I’ll assume Australian.
      I’m lucky enough to have family who manage voting centres etc at federal and state elections and I think your young uni friend was telling you his understanding of the system.
      Every vote is counted by more than one person, an AEC official and a scrutineer from multiple parties. Every invalid vote can be challenged by a scrutineer and is assessed by set policies. As for the idea that ballots are binned, you are seriously misinformed. Every single voting slip is accounted for and archived for any challenge to numbers that may occur in future, NOTHING is binned.
      Reading between the lines I get the impression you feel these “Uni students” are left leaning and their intentions are to thwart a conservative election victory. The effort required to do this via a pencil is next to impossible. It would require a conspiracy on the level where every single employee of the AEC was involved and determined to ensure the victory of one party. Given that the family members I know working at the AEC are of opposing political ideologies I know this is impossible.
      The fact that each voting centre has scrutineers checking the votes as well, you are suggesting that a scrutineer for one party is happy to give the election to their nemesis.
      Unless you also believe the moon landing is a fraud? That’s a discussion for another forum.
      Don’t take my word for it, call the AEC and apply for work at the next election. It’s a great day and it pays well, you will make some new friends and each election you may progress to a higher role and increase your wage for the day.
      Increase the efficiency definitely, but accept that IT solutions are not error free and far easier to subvert. If it weren’t so, why the need for virus checkers, firewalls and encryption? I can write a patch for any system. You want to win the election by %5 and you want it in Perl, C or how about Fortran. As soon as I finish this Trojan for Linux, OSX and Windows 7 I’ll get right on it.

Comments are closed.