Learn, hack!

URL

http://events.ccc.de/congress/2005/fahrplan/attachments/614-slides_evoting.pdf

File name

614-slides_evoting.pdf

File size

336.9 KB

MD5

f217db53e2f75103c6aebcbc5f5844ba

SHA1

21d0c28ae78d8eae95f2e3a8eb0f0b57a8e3920f

The voting machines widely used in Germany's recent elections fail to follow both fundamental democratic principles and German legal requirements. Highlights of a recent Irish report on security issues of these machines will be provided. In this year's September elections of the Bundestag, more than 2 Million voters had to submit their vote using voting machines of the Dutch automation provider, Nedap. The machines, which have been subject to a (non-public) governmental certification process, do neither allow the voter to verify that his vote has been correctly stored, nor do they provide a transparent and auditable vote counting process. While the a specimen of the software has been reviewed as part of the certification process, the software installed on the Nedap machines is at no time subject to any authentication or validation by the German authorities. This is of specific interest, as a recent report of an Irish government commission claims that the implemented security measures mainly follow the concept "security by obscurity", and that two minutes of unauthorized access might be sufficient to replace the installed software.