E-voting security researcher J Alex Halderman writes,
India, the world's largest democracy, votes entirely on paperless electronic voting machines. There are an incredible 1.4 million machines in use. Authorities claim they are "tamperproof", "infallible", and "perfect," but they've prevented anyone from doing an independent security analysis by denying access on secrecy and intellectual property grounds. Hari Prasad, Rop Gonggrijp, and I got access to a machine from an anonymous source, and last week we released a research paper and video that demonstrate how they can be manipulated to steal votes.
Election security researchers have largely ignored computer voting in developing nations, but Nepal, Bhutan, Bangladesh, Mauritius, Malaysia, Singapore, Namibia, South Africa and Sri Lanka are using or considering adopting systems like India's. These machines are much simpler than the designs used in the US and Europe, but this makes attacking the hardware even easier. We developed two attacks that can be carried out by dishonest election insiders or other criminals. The first attack is to replace the part of the machine that displays vote totals with a dishonest look-alike component. It adds a hidden microcontroller that intercepts the totals as they're displayed and replaces them with fraudulent results. A hidden Bluetooth radio allows the attacker to signal which candidate should win using a mobile phone. We also made a second device that attaches directly to the memory chips inside the machine and manipulates the votes. This device fits in a shirt pocket and takes only a couple of seconds to change the results or figure out how everyone voted.
I've studied electronic voting machines for years, but I've never had such a strong sense that actual fraud might be taking place. There have been dozens of reports from around India that politicians have been approached by engineers offering to manipulate the machines to steal votes. My Indian coauthor, Hari Prasad, was himself approached by a prominent party and asked to help them with such manipulations! It's just too easy, thanks to the simple design of the machines and the lack of adequate safeguards, and there are probably a million people in India with the necessary electronics skills.
Many people believe that using a simple design makes these machines safer than the complex machines used in the U.S. (which sometimes contain almost a million lines of code), but simple machines are much easier to attack via hardware, and simplifying too much means giving up standard security techniques like strong cryptography. Essentially, you're left with a system that depends entirely on the physical security of the machines, just like paper ballots depend on the security of the ballot box, but with much less transparency than paper voting. What India and other democracies need is a system that's both secure *and* transparent, so that voters can have well-founded confidence their votes count.
Even Simple E-Voting Machines are Insecure
(Thanks, Alex!)
