taint.org: Justin Mason’s Weblog

Mike Culver, Amazon’s “Web Services Evangelist”, will be in Dublin next week to evangelize about the goodness that is Amazon S3, EC2, SQS and so on. It seems he’ll be talking at the following locations:

• in the Auditorium of the Digital Exchange, Crane Street, Dublin 8 on Tuesday October 30th, 3-5pm; here’s a flyer the Amazonites have been passing around. (upcoming.org page)

• according to Damien, later that evening, he’s in the Westin Hotel on Westmoreland St., D2, starting at 7pm; note, it seems you need to book places at this, see Damien’s post.

• and again at the Irish Linux User’s Group on Thursday November 1st at 19:30 in the Irish Computer Society in Dublin (map).

I guess these are all going to be same talk, bar the Q&A ;)

There was some kind of an ICTE get-together mooted for Friday 2nd.

Also, the ILUG annual general meeting is scheduled on the following Saturday, 3rd November, also at the ICS. Gareth Eason notes ‘we’re hoping to start at 3pm sharp, with talks from Dave Wilson (HEAnet), Frank Duignan, John Looney (Google), and others, followed by a relaxing wind-down in the Schoolhouse pub later on.’ (upcoming.org page)

Hopefully I’ll get to at least one of the AWS talks (probably the Digital Exchange one) and the ILUG AGM… busy week!

Tags: amazon, aws, dublin, ec2, icte, ilug, ireland, linux, mike-culver, s3, social, talks

Here’s a press release from ICTE that’s well worth a read if you still trust voting machines:

Concerns expressed by many IT professionals about the security of the e-voting system chosen for use in Ireland were today shown to be well-founded when a group of Dutch IT Specialists, using documentation obtained from the Irish Department of the Environment, demonstrated that the NEDAP e-voting machines could be secretly hacked, made to record inaccurate voting preferences, and could even be secretly reprogrammed to run a chess program.

The recently formed Dutch anti e-voting group, “Wij vertrouwen stemcomputers niet” (We don’t trust voting computers), has revealed on national Dutch television program “EenVandaag” on Nederland 1, that they have successfully hacked the Nedap machines – identical to the machines purchased for use in Ireland in all important respects.

ICTE representative Colm MacCarthaigh, who has seen and examined the compromised Nedap machine in action in Amsterdam, notes “The attack presented by the Dutch group would not need significant modification to run on the Irish systems. The machines use the same construction and components, and differ only in relatively minor aspects such as the presence of extra LEDs to assist voters with the Irish voting system. The machines are so similar that the Dutch group has been using only the technical reference manuals and materials relevant to the Irish machines as a guide, as those are the only materials publicly available.”

Maurice Wessling, of Wij vertrouwen stemcomputers niet, adds “Compromising the system requires replacing only a single component, roughly the size of a stamp, and is impossible to detect just by looking at the machine”.

Both ICTE and Wij vertrouwen stemcomputers niet view this as yet another demonstration that no voting system which lacks a voter-verified audit trail can be trusted. According to ICTE spokesperson Margaret McGaley “Any system which lacks a means for the voter to verify that their vote has been correctly recorded is fundamentally and irreparably flawed”.

Margaret McGaley highlighted that it is the machines themselves that are at risk. “This particular issue is not about the vote counting software, which we already know must be replaced, this is about the machines that the Taoiseach has claimed were ‘validated beyond any question’. We now have proof that these machines can be made to lie about the votes that have been cast on them. It is abundantly clear that these machines would pose a genuine risk to our democracy if used in elections in Ireland.”

ICTE is repeating its call, which reflects the opinions shared by IT expert groups, including the E-voting group of the Irish Computing Society, that any voting system implemented must include a voter-verified audit-trail.

This is a major exploit. Colm’s earlier mail noted

As we knew already, the machines run on m64k processors, and it’s relatively easy to reverse engineer what all of the registers and inputs correspond to. The dutch group were able to successfull assemble code to run on the machine, and even burn it on the very eeprom that comes in the machine.

Since the NEDAP design does not include XBox-style boot-time cryptographic verification of the EEPROM’s contents, undetectable replacement of the operating system is a 2-minute matter of unsticking the trivial ’seals’ on the voting machine’s access panels, popping out an EEPROM chip, and replacing with a modified one, then closing it up again.

Once that’s done, the election is rigged, as WVSN have demonstrated.

Update: here’s their paper describing the attack in detail — well worth a read.

Tags: e-voting, icte, nedap, wvsn

Ireland: There’s been some discussion about ‘an Irish EFF’ recently, reminding me of the old days of Electronic Frontier Ireland in the 1990s.

I was reminded of this by Danny O’Brien’s article in The Guardian, where he notes an interesting point — half of the effectiveness of the EFF in the US, is because they have a few full-time people sitting in an office, answering phone calls. Essentially they act as a human PBX, being the go-to guy connecting journalists to activists and experts.

Now that is something that could really work, and is needed in Ireland, which is in the same boat as the UK in this respect; the journalists don’t know who to ask for a reliable opposing opinion when the BSA, ICT Ireland, or the IRMA put out incorrect statements. It has to be someone who’s always available for a quote at the drop of a hat, over the phone. From experience, this takes dedication — and without getting paid for it, it’s hard to keep the motivation going.

IrelandOffline have done it pretty well for the telecoms issue; ICTE have done a brilliant job, the best I’ve seen in Europe IMO, of grabbing hold of the e-voting issue to the stage where they own it; but for online privacy, software patenting, and other high-tech-meets-society issues, there’s nobody doing it that successfully.

(Update: added ICTE, slipped my mind! Sorry Colm!)

Tags: danny-obrien, eff, efi, icte, ireland, irma, society

Politics: The massive opposition to e-voting without a VVAT by Irish Citizens for Trustworthy Evoting and others, has clearly got Minister Martin Cullen thoroughly needled.

As John Lambe points out here, in the Dail on Wednesday he stated that ICTE are ‘not experts in this field’, ‘have no expertise or international accreditation’, and best of all, he has resorted to the 21st-century equivalent of calling ICTE ‘reds under the bed’ — they are apparently ‘linked to the anti-globalisation movement’. Here’s a cut and paste from the online transcripts:

Mr. Bernard Allen, FG: Electronic voting is a good idea but this system has been badly thought through and public confidence has been badly shaken by a Government unwilling to listen to anyone but its own so-called experts. The Government has called the introduction of this system a step forward, a point reiterated by the Minister. I submit that it is a retrograde step based on insufficient knowledge on the use of technology. The Minister has a new toy and thought everyone would like it. They do not. The Irish Computer Society said: ‘Any electronic voting system must include a paper-based voter-verified audit trail.’ The Minister in his arrogance recently said these people were cranks and Luddites.

Mr. Bernard Durkan, FG: Are they cranks?

Mr. Martin Cullen, FF: They are linked to the anti-globalisation movement. The Deputy should check them out. They are all the same.

Mr. Allen: It is all a–

Mr. Cullen: If Fine Gael bases its policies on such people, it is no wonder it is in decline.

Mr. Durkan: The people concerned are computer experts.

Mr. Allen: We do not know what the Minister’s policies are and where he stands on any matter.

Mr. Paul Kehoe, FG: The Minister should know more about policy having been a member of more than one party.

Mr. Allen: Irish technology experts have told the Government its system must include a paper-based voter-verified audit trail.

Mr. Cullen: They are not experts in this field.

Mr. Allen: The Minister has made a serious allegation about genuine people–

Mr. Cullen: They are not accredited to anything. They have no expertise or international accreditation.

(Interruptions).

Mr. Michael Ring, FG: Fianna Fáil are experts on everything. They have filled every tribunal in the country.

Mr. Allen: The Minister has come to this House and–

Acting Chairman (Jerry Cowley, Ind): Deputy Allen should direct his comments through the Chair.

Mr. Allen: The Chair should ask the Minister to cease interrupting.

Mr. Cullen: Such comments are pathetic. It is no wonder Fine Gael is in such a disorderly state.

Mr. Ring: Fianna Fáil are the experts.

Acting Chairman: I remind Members that this is not a Committee Stage debate. We are dealing with Second Stage and I ask Deputies to allow Deputy Allen to continue without interruption, please.

Mr. Allen: The Minister has vilified people who cannot protect themselves.

Mr. Durkan: Outside the House.

Mr. Allen: The Minister should withdraw the allegation against–

Mr. Cullen: I have not vilified them. I said they are not accredited–

Mr. Allen: The Minister said they are linked to the anti-globalisation movement and suggested we should check them out.

Mr. Cullen: Yes, they are.

Acting Chairman: Deputy Allen, please continue.

Mr. Allen: The Minister should withdraw that allegation against people who cannot protect themselves.

Mr. Cullen: I will not.

Acting Chairman: Deputy Allen, please continue.

Mr. Durkan: The Minister has cast aspersions on people outside this House. In accordance with Standing Orders–

Mr. Cullen: I think they are proud of their links.

Mr. Durkan: On a point of order, the making of such an allegation is not in accordance with the Standing Orders of this House. Perhaps the Minister would like to comment.

Acting Chairman: The Chair has ruled on that matter.

Mr. Durkan: With respect, the Chair has no authority to rule on this matter. Standing Orders apply.

Acting Chairman: That Chair has ruled on the matter.

Mr. Durkan: No, I am sorry, I do not agree. On a point of order, the Minister has cast aspersions–

Mr. Cullen: I paid them a compliment.

Mr. Durkan: The Minister has cast aspersions on people outside this House.

Mr. Cullen: They will regard my remarks as a compliment, a badge of honour.

Tags: audit, field, government, icte, irish, politics, step, system, technology, trail, voting

eVoting: Are you an academic, or do you know any academics, working in the field of computer science in Ireland? If so, you should consider signing, or collecting signatures, on
this ICTE statement. It’s eminently reasonable — ’since computers are inherently subject to programming and design error, equipment malfunction, and malicious tampering, we join with (the ACM) in recommending that a voter-verified audit trail be one of the essential requirements for deployment of new voting systems.’ (thx for the pointer, Simon!)

Tags: academic, computer, design, equipment, error, evoting, field, icte, programming, science, statement