Harald Welte's blog
   

RSS

Harald's Web
gnumonks.org
hmw-consulting.de
sysmocom.de

Projects
OpenBSC
OsmocomBB
OsmocomTETRA
deDECTed.org
gpl-violations.org
gpl-devices.org
OpenMoko
gnufiish
OpenEZX
OpenBeacon
OpenPCD
librfid
openmrtd
opentom.org
netfilter/iptables

Categories

Archives

Other Bloggers
David Burgess
Zecke
Dieter Spaar
Michael Lauer
Stefan Schmidt
Rusty Russell
David Miller
Martin Pool
Jeremy Kerr
Tim Pritlove (German)
fukami (German)
fefe (German)
Bradley M. Kuhn
Lawrence Lessig
Kalyan Varma

Aggregators
kernelplanet.org
planet.netfilter.org
planet.openezx.org
planet.openmoko.org
planet.foss.in

Ohloh profile for laforge
identi.ca
twitter
flattr
Linked in
Xing

Creative Commons License
Articles on this blog/journal are licensed under a Creative Commons Attribution-NoDerivs 2.5 License.


blosxom


Contact/Impressum

       
Thu, 05 Oct 2006
Nedap voting machines in Europe

The regular reader of this weblog might have noticed that for more than a yearI've had an interest in the use of voting machines in elections, specifically Germany.

While my many other interests and projects have not allowed me to look into this subject as much as I wanted, some of my friends of the Berlin CCC have collected a lot of information on voting machines (German) and also actually had a chance to do some hands-on security research together with our Dutch hacker friends

Yesterday, their joint activities became public. First in a TV show that has been aired in the Netherlands. German media reports are catching up today. Expect some more coverage following-up the CCC press release, such as this one.

Now what was actually discovered? In short,

  • There are many possibilities for manipulations
  • That a proof-of-concept firmware for election manipulation on a Nedap machine has been developed
  • That the Nedap machine can be re-programmed just like any other computer, e.g. to turn it into a chess computer
  • That the Nedap machines actually have spurious emissions that can be used to detect which party / candidate is currently being voted from a range of at least a couple of meters distance by using a small radio receiver with earphones.
  • That any contemporary cell phone or Digital TV set-top-box has employed more security mechanisms than those voting machines. Cryptographically signed boot process? Signed applications? Trusted Computing? Such technologies are only employed for the protection of important data, such as commercial audio and video recordings. Unimportant matters such as democratic and free elections do not require any such secure technology, but use 1980's home computer technology.
  • That the legal requirements on the technology of voting machines in the Netherlands and in Germany do apparently not even come close to identifying (and preventing) the most basic IT security threats.

Therefore, the use of such voting machines must be halted immediately, at least until an independent board of renowned international IT security experts has been drawn to specify new technical requirements on their security, and until all old machines have been upgraded or replaced by such machines that follow those requirements.

Because any reasonable set of security requirements will inevitably lead to machines that are by far more expensive than those currently in use, it becomes even more questionable to build and use them in the first place. Why should a few hours quicker election results ever be worth even only the slightest increase in risk of election manipulations?

[ /politics | permanent link ]

Bollywood Musical in Berlin

Tonight I've been to Bollywood - The Show, a Bollywood musical that is touring through (I guess among other countries) Germany for the next couple of months.

It was truly amazing. First, there is the irony of playing a story that is remotely based on a true story - probably an idealized form of the story of the musicians and choreographer family behind this musical: The Merchant family. Secondly, the number of dancers is actually quite limited, so they need to danca and dance and dance for hours. What is usually done in many takes (with breaks) when shooting the song sequences of a Bollywood movie - those musical dancers have to do it all in one row. One some days even two shows on one day. What an amazing talent and stamina.

It's too sad to learn that such musicals can only exist in the west, since their cost of production is just too expensive for India, plus apparently the lack of a musical culture there.. quite strange, isn't it? I bet a lot of Indian Bollywood fans are definitely sad to lack the opportunity to see this (or another upcoming one, such as the Bharati).

[ /personal/bollywood | permanent link ]