E-voting machines successfully hacked

5 Oct 2006

IT specialists in Holland have hacked the Nedap e-voting machines, the same type of machines purchased by the Irish Government, using only documentation obtained from the Irish Department of the Environment, it has emerged.

The recently formed Dutch anti e-voting group, ‘Wij vertrouwen stemcomputers niet’ (We don’t trust voting computers), revealed on national Dutch television that they have successfully hacked the Nedap machines.

Lobby group Irish Citizens for Trustworthy E-voting (ICTE) has said the development shows that the concerns expressed by many IT professionals in Ireland about the security of the e-voting system chosen for use in Ireland were well-founded.

‘Wij vertrouwen stemcomputers niet’ showed that the e-voting machines could be secretly hacked, made to record inaccurate voting preferences and could even be secretly reprogrammed to run a chess program.

ICTE representative Colm MacCarthaigh, who saw and examined the compromised Nedap machine in Amsterdam, stated: “The attack presented by the Dutch group would not need significant modification to run on the Irish systems. The machines use the same construction and components and differ only in relatively minor aspects such as the presence of extra LEDs to assist voters with the Irish voting system. The machines are so similar that the Dutch group has been using only the technical reference manuals and materials relevant to the Irish machines as a guide, as those are the only materials publicly available.”

Maurice Wessling of ‘Wij vertrouwen stemcomputers niet’ said: “Compromising the system requires replacing only a single component, roughly the size of a stamp, and is impossible to detect just by looking at the machine”.

Both ICTE and the Dutch group have reiterated their view that no voting system should be introduced which lacks a voter-verified audit trail. ICTE spokesperson Margaret McGaley said: “Any system which lacks a means for the voter to verify that their vote has been correctly recorded is fundamentally and irreparably flawed.”

She highlighted the fact that it was the machine itself, and not the vote-counting software, which was compromised. “This particular issue is not about the vote-counting software, which we already know must be replaced; this is about the machines that the Taoiseach has claimed were ‘validated beyond any question’.

“We now have proof that these machines can be made to lie about the votes that have been cast on them. It is abundantly clear that these machines would pose a genuine risk to our democracy if used in elections in Ireland,” she said.

By Niall Byrne