"We don't trust voting machines"

(Now, to keep the conversation on our electoral system going, a guest post from friend-of-the-blog Sasha Ojeda and IT Specialist Sander Plas. Both of them are based in...

maquinas-electorales-de-votacion(Now, to keep the conversation on our electoral system going, a guest post from friend-of-the-blog Sasha Ojeda and IT Specialist Sander Plas. Both of them are based in Amsterdam. Enjoy!)

When we read Juan’s article about the (im)possibility of monitoring the voting process in real time and the many doubts surrounding the subject, we started talking about a similar public discussion that took place in the Netherlands about voting computers and their inherent problems a few years ago. The discussion ended in favor of the manual vote, and the Dutch government subsequently banned the use of voting computers.

Elections in Venezuela have been a major topic for bloggers and news outlets worldwide. The whole process always led to heated debates about the democratic credentials (what?) of the government, corruption and fraud. From the voting walking dead to people casting multiple votes to kicking out the opposition observers from the centros de votación, we’ve seen it all. We also always come back to the issue of the actual voting system. When it comes to the technical side of the story things usually stay pretty vague and discussions start sounding real tin foily real fast. We then are left with a bunch of questions. Are the voting machines part of extensive electoral fraud? Do the voting machines send out information throughout the day? (Will privacy ever become an issue in Venezuela?!) It’s worth exploring…

Radiation

Most electrical appliances send out radio waves and magnetic radiation. Most of these “side effects” go unnoticed. We’re not talking about the kind of ‘intended’ radiation that mobile phones use to communicate, but about the kind of radiation that devices like televisions and computer keyboards emit as a side effect of their intended operation.

In many cases, if interpreted correctly, these side-band electronic-magnetic emissions reveal information about what the device is doing. This is also the case for voting machines. With the right receiver you can easily intercept the signals the machine emits up to a few hundred meters away. Testing done in the Netherlands successfully identified the leaking signals and demonstrated the possibility to interpret those signals. But are Venezuela’s Smartmatic machines just as vulnerable?

We decided to contact Rop Gonggrijp, spokesman for the Dutch activist organization “Wij vertrouwen stemcomputers niet” (Translates to: We don’t trust voting computers), to ask him about what he knows about the Venezuelan situation. Gonggrijp successfully campaigned against the use of voting computers in the Netherlands which led to a general ban in 2006. We asked him about the feasibility of intercepting signals from voting machines in general. Surprisingly he knew a lot about Venezuela and Smartmatic.

Leaks

When researching the leaky voting machines we stumbled upon a Dutch electoral council report about electronic voting. Gonggrijp had told us to look into the fact that the Belgian government had bought Smartmatic voting machines a few years back. From the appendix of that report:

“Smartmatic has provided a solution for the voting computers that will be used in Belgium. The devices will be certified according to NATO standards, reducing the reach of the compromising radiation to 20 meters. However, Smartmatic notes, that the costs double if we want to reduce the radiation distance by 50%. The protection against radiation is therefore a trade-off between costs and benefits.” (translated from Dutch)

This bit is part of the transcripts made during talks with different voting machine suppliers. Apparently it’s pretty much a given that these machines leak radiation, that can compromise a free and fair voting process. The machines leak electromagnetic radiation which means they can be tapped using Van Eck phreaking, compromising ballot secrecy. The Belgian government verified the NATO certification (there are three zone certifications: 8, 20 and 100 meters), that assumes a potential hacker can’t get within a 20 meters range from the voting machine and go unnoticed. The assumption doesn’t really hold up but the fact is tapping and processing the signals isn’t really a viable option for large scale operations.

Gonggrijp told us about the stories he’d heard about the intimidation of voters and polling station personnel, about the “mobilisation” of voters and the mystery surrounding the ownership of Smartmatic. “Don’t vote for the opposition, or else”, he says, and startlingly follows that with “considering the way Smartmatic machines work, it’s not inconceivable to imagine the government in fact knows who voted what”.

Sort of surprised, we obviously asked him to explain. We’ve both never been in Venezuela during elections (ones I was eligible to vote during, anyway) but I thought I had a pretty good idea of how the process plays out: once you enter the station your identity is verified by means of your cedula and your fingerprint, then the voting computer is accessed and you cast your vote which is verified with a printed copy, which is then deposited in the ballot box. It might be naïve but we always thought the two steps were carried out by two physically separated machines.

Think again.

Check out this promotional video starring Smartmatics Electoral Solutions V.P. Eduardo Correia and “the president of the voting machine”:

This video clearly shows that the same device (the remote session activator) that is used to verify a user’s identity, has a button that is used to unlock the actual voting machine. In other words, we know for sure that the two devices can and do communicate throughout the election day.

How do we know for sure that this connection can only be used to unlock the voting machine with the button on the remote session activator, and not to send back information about the votes it processes?  We don’t.

We know the remote session activators have some sort of “on line” connection to (at least) the CNE, because the MUD technicians say so, and because there is no other way to retrieve the personal details of voters from the central database, which is done to verify your fingerprint with your stored personal data.

How do we rule out the possibility that someone (Smartmatic, the government or a crazy hacker) could be using that connection to send other information back to the CNE or some other place during the day? We don’t.

Or that someone could be combining the data from the voting machine with the personal information on the remote session activator, effectively registering not only who voted but what aswell? We don’t.

Rop proposes to helm an international investigation on the workings of Venezuela’s electronic electoral process along with his voting machine-cracking buddies Alex Halderman and Harri Hursti. He jokingly suggested his unpopularity in the US (he was rumoured to be extradited to the US back in 2011 because of his involvement with Wikileaks) is probably considered a redeeming quality in Venezuela.

In all seriousness it all comes down to just that. Without thorough investigation of both the hardware and the software, we simply don’t know what the machines do and don’t communicate. And, even if we could get access to one of the machines, how do we know that the other machines, spread throughout the country, are identical?

We cannot prove that Venezuela’s electoral system is being tampered with, or that it’s physically possible for the machines to send information about the votes back to the remote session activator. This does not mean there is fraud, it means that there could be and that is bad enough. It should be enough reason to distrust the system and it is the reason many countries have chosen to stick to the good ol’ manual vote, and that others have gone as far as banning electronic voting all together. Manual voting (and counting) is a process that every citizen can understand and verify. The paper ballots are identical and thus anonymous, the booth shields you from prying eyes, the ballot box is padlocked and stays closed until the end of the day, leaving little room for (large scale) fraud.

Jimmy Carter made a big mistake endorsing the electoral process in Venezuela but no matter who praises it (or whether the machines have 1 or 100 BIOSes), the whole scheme of things looks like a miniature version of the Venezuelan government: no clear division of power, a complete lack of transparency and lots of propaganda about the one thing it does right: the paper ballots match the electronic votes.

Top