Achtung! German election tabulation software 'insecure' Software used in Germany for vote counting is insecure, according to research by the Chaos Computer Club (CCC). The white-hat hackers found multiple vulnerabilities and security holes in German national voting software. The findings were released by the group on Thursday, just weeks before the upcoming vote on September 24 to …
Including a Logo that's clearly Word-Art, and claims like having a "non-indexed database".
It uses HTTP to upload the data to a central server... where there's a PHP script taking the data. It uses password protection, but those credentials are test/test or gast/test, or test2/test2...
This is the homepage, BTW
https://www.wahlinfo.de/
What I'd like to know is how this came to be accepted for public use. I mean, this is from the same government that once sponsored the development of GPG, so what went wrong?
I suspect that someone's nuts will be on the line for this, and rightly so.
"Software used in Germany for vote counting is insecure"
There, that's better.
Show me one product that has been independently verified as secure, contains Open Source code that has been vetted and is regularly pitted against white hats to ensure safety, and I might eventually come around to thinking that it could be used.
Until that day, I will remain steadfast in my belief that paper ballots and a time-tested procedure will beat a frakkin' database any day. As far as voters are concerned, that is. For scumbags, multinational corporations and corrupt officials, the database is clearly a better bet.
This.
It's not Ludditism to acknowledge that technology isn't always the answer. There's no hackable network stack on an electro-mechanical optical scanner, no program logic to exploit and corrupt, and it's easy to verify the correct operation of the machine. It will absolutely take longer to tally votes, but that's part of the trade-off. Security is pain, and sometimes it's worth it.
I may well be repeating myself, but the system used decades back in Denmark (at least):
- Paper ballots are counted at the polling stations, just after polling closes, with members of the parties present and participating.
- The results from every polling station is published in national newspapers + ministry of interior homepage.
Simple and difficult to hack. No SW needed (but you can use Excel (or LibreOffice) if you fancy.)
@Stork, same in Finland, but sounds a bit the same in Germany too as this story claims "For what it's worth, Germany still relies on manual counting for final tallies: electronic systems, for now, are used mainly for predictions and exit polls.".
As for decades, a century by now in Finland and for longer in Denmark I would think, that must go for the UK too.
Quite frankly I know too much about programming to let it anywhere near our voting systems.
We have a general election in New Zealand on 23rd September. It's all paper ballots stuffed into ballot-boxes the old-fashioned way. No buggy software. There are suggestions that we should go electronic to rope in those potential voters who can't move more than their thumbs. However, there's a lot of resistance on the grounds that electronic voting is insecure/hackable etc etc. I'll put my by now geriatric hand up to join the resistance.
Show me one product that has been independently verified as secure, contains Open Source code that has been vetted and is regularly pitted against white hats to ensure safety, and I might eventually come around to thinking that it could be used.
For a start you need an assurance process in place that combines transparency with accountability all the way down the delivery chain, and there are simply too many politicians in that mix for that to ever work.
I've been following the work of Rebecca Mercuri for years (I reckon for more than a decade by now) and yes, voting software is still the final frontier because of a number of conflicting demands and the profound allergy of suppliers of transparency..
It's specialized and I'll bet not cheap so how was it purchased?
Was there a competitive tender, released through the EUJ?
Was security even an issue?
Was this the best of the offered alternatives? IOW were the competitors even more s**t?
Because if this is the bar to exceed it does not look too high to do so.
Wheather or not that makes any competitor good enough to do the job (not just better than this) is another matter.
That's an pretty old piece of software, lurking around since about 30 years, and never certified by anybody. Many of those local public servants down at individual county level supposed to have the voting offices under their control just didn't care about replacing it, rather they kept it running time over time. No central rule from the BSI (Germany's IT security agency) or any other top level government organization, probably that could have been seen as interfering with local government's freedom to do their own thing. By the way, a good number of local governments did upgrade to something more recent and supposedly better, but Wahl-PC is still the most used software for uploading voting results in Germany.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
