Article: Dutch Hackers Convince Netherlands to Dump Electronic Voting

For source webpage, click here [Reprinted with permission of 2600, the hacker magazine.. Non-techies may wish to skip paragraphs two through six, which detail the author's technical background.] Old-Skool Hacking Not Dead Yet, Graying Dutch Hacker Explains By Bruce Sterling
February 19, 2008 From 2600 magazine, Winter issue - #4, 2007 http://www.2600.com What it means to be a hacker by Rop Gonggrijp My most recent confrontation with what it means to be a hacker started in March of 2006, after I went to vote for the local council of Amsterdam. At the polling station, I had to use a brand-new electronic voting machine that the city was renting from a company called Sdu. In fact, Amsterdam had contracted the entire election as a turnkey service, Sdu was even training the poll-workers. This "voting machine" was in fact a computer with a touch screen running Windows. To make maters worse: inside each computer was a GPRS wireless modem that sent the election results to Sdu, which in turn told the city. I had not been blind to the problems of electronic voting before, but now I was having my face rubbed in it, and it hurt. Perhaps I should quickly introduce myself. My name is Rop Gonggrijp and I'm a dutch national that lives in Amsterdam, The Netherlands. Some of you will know me as I have been mentioned in this magazine as well as been a regular guest on Off the Hook for almost as long as the show exists. I'm one of the main organizers for these Dutch hacker events. Between 1989 and 1993 I published Hack-Tic, a magazine not unlike 2600 except that it was written in Dutch. During the late Hack- Tic years I co-founded XS4ALL, which still is one of the larger ISPs in The Netherlands. I guess I became part of the hacker community sometime during the early 1980s while playing with my fathers 300 baud acoustic modem, although arguably I was hacking before when I was soldering FM- transmitters together with a friend at age 12. But after reading Steven Levy's book 'Hackers, heroes of the computer revolution', I knew what I was and that I was to be part of a global community, even if I could only knew a few other hackers around me. Imagine my relief when I went to Hamburg for the 1988 Chaos Communication Congress to find a few hundred other hackers. After that I was hooked, and by 1989 I was one of the organizers of the first European hacker event: the Galactic Hacker Party. Long and formative years of exploration, mayhem and mischief followed, during which, among many other things, we found and shared many new and interesting ways of making free phone calls. And when we got our hands on the keys to the nuclear bunkers that underlied some subway stations in Amsterdam, we promptly organized tours there for all our friends and their friends. But even behind the greatest mischief was the motivation to educate, to sharpen the minds of fellow hackers and of the population at large. XS4ALL, the Internet provider, was much more a political statement than anything else. The Internet back then would never make any money: way too difficult and freaky for the general population. I left XS4ALL in 1997 and started a computer security consultancy, and then after that a company that builds voice encrypting mobile phones, but I kept going to hacker events and co-organizing our own event every four years. Fast forward to 2006 and the local elections. I was angry because I felt my election had been stolen: there was no way to observe a count, one just had to believe that this wireless-equipped black-box Windows machine was counting honestly. I knew a little bit too much about the risks associated with computer technology to go along with that. I wasn't the only one that was angry: my longtime friend Barry came home from that March 2006 election with the exact same story that I had come home with: trying to reason with poll-workers that clearly felt that only the medically paranoid would distrust such a wonderful shiny box. When we met later that day we vowed to not only get mad, but to do something about it. Which wasn't going to be all that easy. By the time Amsterdam had gotten electronic voting, it was pretty late in the game: Amsterdam (pop. ~750k) was the last city in The Netherlands (pop. 16.5M) to get electronic voting. Some cities were renting the same system as Amsterdam, but the vast majority was using an older system made by a company called Nedap. While I studied the legal requirements for electronic voting, I became even more convinced that all of these 'machines' (that were all in fact computers) needed to go if we were to have transparent and verifiable elections. The regulations treated these systems as if they were indeed mere 'machines': they worried about the amounts of humidity and vibration they could withstand and they made sure nobody would get shocked from touching one. Computer security wasn't even mentioned. But the biggest problem wasn't the lack of security, it was the lack of transparency. We got together a small group of like-minded people and started planning a campaign. There had been previous attempts to raise the question trustworthiness in relation to voting machines, but the ministry of the interior was used to painting the opponents of electronic voting as technophobe luddites. Given that half our group consisted of hi-tech-loving hackers this was an approach that wasn't going to work this time. During the next year and a half we managed to get the attention of the media. (((Believe it or not, this has always been a hacker specialty.))) We claimed that the Nedap 'machines' were computers and not 'dedicated hardware' (as the manufacturer claimed) and that they could just as easily be taught to play chess or lie about election results. The person selling these computers in the Netherlands wrote wonderful long rants on his website, and in reaction to our claim he said he did not believe his 'machines' could play chess. So we caused a true media frenzy when we got hold of a Nedap voting computer and made it play chess. (We also made it lie about election results.) There was a debate in parliament, during which the responsible minister promised to appoint two committees. That next election, an international election observation mission studied the problems with electronic voting in the country which until then had always been the example country for uncontroversial e-Voting. In their report, they advised that this type of voting computers "should be phased out" and the two committees also wrote very harsh reports about how these 'machines' came about and how they should not be used in the future. A lot more happened: we threatened to take the government to court on several occasions, and we even won a case in which the Nedap approval was nullified. But by then the ministry had already decided to throw in the towel, retracting the legislation that allows electronic voting. The next elections in The Netherlands will be held using pencils and paper. (Which is really quite OK since over here we've only got one race per election, so counting by hand isn't all that hard.) One of the things that struck me about this campaign is that in order to win, we've needed almost every hacker-skill imaginable. (((The converse to this interesting statement is that there isn't a single political skill which can't be hackerized.))) Imagine all the stuff you can learn from this magazine, or from going to (or helping organize) a hacker convention. From general skills such as dealing with the media or writing press-releases to social engineering (getting hold of the system), lockpicking (showing the mechanical locks were bogus, the same 1 Euro key was used all over the country), reverse engineering (modifying their 68000 code without access to source) and system administration (website). Having published a hacker magazine and done the ISP, I was no stranger to conflict: at XS4ALL we had had serious issues with the infamous 'church' of Scientology as well as with the German government. Also the international contacts I got from growing up in the hacker community paid off: the hack was very much a Dutch-German project, and we're still working together tightly to also get rid of these same 'machines' in Germany. At certain moments I had the funny feeling that somehow this was the project that I had been in training for all these years. So I guess what I'm saying is that if you are a hacker, if you're going to hacker conventions, if you like figuring stuff out or if you are building your own projects.... Please realize that, possibly by accident, you may also possess some truly powerful skills that can help bring about political change, and that these skills will become more and more important as technology becomes a bigger part of ever more political debates. So if you don't like the news: go out and make some of your own!