Flaws found in European voting machines

IDG News Service - Dutch researchers have found flaws in electronic voting systems used in the Netherlands, Germany and France.

A paper published Friday (PDF file) describes flaws in the Nedap / Groenendaal ES3B voting machine, used by 90% of voters in the Netherlands. It was written by a team of e-voting researchers, led by Rop Gonggrijp and Willem-Jan Hengeveld.

The paper is hosted on the Web site of the group "Wij vertrouwen stemcomputers niet" (or "We don't trust voting computers") which bills itself as a "coalition of citizens concerned about the use of voting computers during Dutch elections."

The report, based on a month-long investigation into machines that were obtained from municipalities in the Netherlands, describes some serious vulnerabilities in the systems, which are also used in Germany and France, according to the report's authors.

"Anyone, when given brief access to the devices at any time before the election, can gain complete and virtually undetectable control over the election results," the report states.

The ES3B is jointly developed by NV Nederlandsche Apparatenfabriek (Nedap) and software developer Groenendaal.

The report uncovered flaws that are "strikingly similar" to those discovered in Diebold Election Systems Inc.'s touch-screen voting machine, said Edward Felten, the director of Princeton University's Center for Information Technology Policy, in a blog posting. "The N/G machines all seem to be opened by the same key, which is easily bought on the Internet -- just like the Diebold machines."

The Dutch researchers also describe how the ES3B's radio emanations could be monitored to find out how voters were casting their electronic ballots.

Felten and other Princeton researchers released a similar report last month on Diebold's AccuVote-TS, in which they claimed to be able to install vote-altering software on Diebold's machines in less than a minute.

Diebold disputes the Princeton findings, but Felten said this latest research further underscores the idea that the technical challenges behind e-voting are "very difficult or even infeasible to address."

Nedap could not be reached for comment late Friday, but in a note on its Web site, the voting machine maker said it was much more difficult to manipulate votes from machines than those on paper ballots.

Still, the company admitted that its products are not perfect. "Is manipulation possible with the Nedap voting machine?" the note asks.

The answer: "Everything can be manipulated."