Bigbro's foray into the scary world of blogging
Colm MacCarthaigh gave us a run down of the e-voting system proposed for use in Ireland. In the only three trials, the only useful statistic measured was the number of people who turned up to vote, Vs the number of votes recorded. Once the information was made available to the public as to how thes trials were run, it was revealed that even those numbers did not match up. In one constituency, 1200 more votes were registered than people turning up, yet in another 600 votes were 'missing', which meant that a systematic error could not be blamed. It transpired, as time went on, that no formal methods had been used to verify the software and that there was even a question about consistent version control. This was unteneable for a 'trusted' computer system.
Eight days after being told he should not spend another cent on a flawed system, the government committee voted, in closed session to spend €42 million of public money on the system - a system without a functional specification, with no committment to passing any tests and with a great deal of secrecy surrounding the entire thing.
In order to raise this issue publicly, the concept of a Voter Verifiable Audit Trail (VVAT) was highlighted. Since, without publishing everyone's vote publicly, it is very difficult to prove that a VVAT matches with the recorded data, this was enough to have the Commission on Electronic Voting founded. Thus far, 172 submissions have been made to the commission, with approximately 8 somewhat in favour and 2 in favour of e-voting.
Today, only one party supports e-voting in Ireland. Dick Roche is adamant that the computer hardware will be used at some point, so it's still in storage. The VVAT issue was specifically precluded from the remit of the commission. Bertie Ahern stood up in the Dail and claimed that although he had read the report, there were no hardware errors with the report. This is despite the report making quite clear that there were over 20 errors found at the time. This includes a rounding error in the distribution of votes, which could result in the wrong candidate being elected. This was discovered within a month, despite having no access to the source code.
So how does Open Source tie in with the lobbying against the flawed e-voting system in Ireland? The vast bulk of the press releases and discussion were held on an open mailing list. Information was verson controlled using tools such as LaTeX, CVS and diff. Many of the security exploits, such as RF emissions from the voting equipment have been known in the wild for a significant time - and were available to groups analysing the equipment. The machines have been comprehensively hacked at this point, including getting chess to run on the hardware.
There's a pending High Court action regarding whether it contravenes the consitution, and a quotation of €20 million from the suppliers to fix the known bugs, but not VVAT. Let's see if any of us see e-voting comes to Ireland in our lifetimes.
Editorial Notes & corrections: The e-voting platform was trialled twice in Ireland, first in 3 constituencies and then in 9. Also, it was a parliamentary committee (rather than a government committee) that voted to spend €42m of public money in closed session. Thanks to Colm for reading my blog entry and providing corrections - and apologies from me for any confusion caused by my limited abilities to type up his excellent presentation at speed.
posted at: 14:14 | path: /technical | permanent link to this entry
