Hi, welcome back to Securing Digital Democracy. So, in the past few lectures we've gotten to look at some electronic voting machines, DRE's and, and opscan systems, but most of the systems we've looked at, or our focus has been machines that have been used in the United States. In this lecture, I want to step back and broaden our focus and try to look at some of the voting machines and voting machine experiences that other countries have had comparatively, looking at the differences between those machines and the ones in the US, can potentially teach us a lot about the, the potentials and pitfalls of electronic voting. E-voting has been used or trialed in a large number of countries. To name just a few, we have Australia, Belgium, Brazil, Canada, Estonia, Finland, France, Germany, India, Ireland, Israel, Italy, Kazakhstan, the Netherlands, Norway, the Philippines, Romania, Switzerland and the United Kingdom. There're many more than, than I could list today, but for this lecture I want to start by taking a slightly more detailed look at a few of these that I think are particularly revealing. So first I want to talk a bit about the Netherlands, because we've already mentioned just a bit. The Netherlands, up until a few years ago, used these machines nationwide, the Nedap DREs. The Nedap machines were the push button style of DREs, basically the analog to, to lever machines. The interesting thing that happened in the Netherlands was after these were introduced, a group of citizens formed who were adamantly against these machines. And decided to perform their own investigations to figure out what kinds of security problems they might have. And this was a group organized around Rop Gonggrijp who was a self-educated Dutch hacker who we've seen before and we'll see again later in this video. Rop's group showed that these machines, had some pretty terrible security problems. With just a minute of access, they could open up the machine and replace its ROMs and, change its programming to make it cheat. Or to make it play chess. [laugh] They also showed that there were problems where with ballot secrecy that someone with a radio receiver could find out how you voted. Because of these problems and the campaign of these activists, the Netherlands backed away from DRE's and went back to the system they used before, with paper ballots and old-fashioned ballot boxes counted by hand by the citizens. Germany also briefly used Nedap machines, but there was another kind of campaign against the use of DRE voting in Germany. This one took a different course though. Instead of trying to make the case to the citizens and to the legislators that their security was bad, a group fought a case in the courts that eventually made it all the way up to the Federal Constitutional Court of Germany. In a landmark ruling, the Constitutional Court decided that the German Constitution gave citizens a right to understand why their votes were being counted with integrity, without any kind of specialized knowledge. Because the computer voting machines could only be understood by a programmer. Because they didn't have any kind of transparency that would allow voters to verify with their own senses, for instance, that their votes were being counted accurately. The court held in effect that paperless DREs were illegal under German law. So Germany no longer uses DRE voting. And by and large has gone back to paper ballots. The next country I want to talk about is Brazil, which is a deeply fascinating case. Brazil, nationwide, uses paperless DRE electronic voting machines that look like this. Brazil's DREs run on hardware that was created by Diebold. But they've gone through a series of iterations, and today they're running replacement software on the original hardware. The new software is based on Linux and written by programmers working directly for the Brazilian election authorities. Since these are paperless DRE's, they're of course subject to some pretty serious security issues, anyone who can tamper with that software could silently change votes, yet the Brazilian election authorities refused until very recently to allow anyone independent to do security analysis of that software. And this is despite widespread recognition by Brazilian researchers and academics that this kind of paperless voting system is dangerous. In 2012 one of my colleagues, Diego Arronya, who's from the, the University of Brasilia took part in one of the first public tests that the Brazilian elections authorities held. He led a team of investigators who took part in a competition-style evaluation. They had extremely limited access to the machines and the source code. Just a couple of days to look at it. And they would lose points in the competition for having to look at the code or have other, other kinds of access. But despite these limitations, they found some extremely disturbing problems. The main thing that they found was that Because of a problem with the way the machine tried to randomly store votes in a mixed up, shuffled order. They were able to go backwards from the results to figure out how each person voted in order. And coupled with just observing who walks up to the voting machine, the order in which people cast votes this information can be used to reveal everybody's secret ballot. Diego's team, also believes that with publicly available information, they might be able to reveal this information about how people voted in past elections, as well. Which is especially scary in Brazil, since during the decades of military rule, people, became extremely sensitive to, coercion, and problems like that, so that the secret ballot is prized very highly there. Despite finding these extreme problems that really reflect that the quality of the software in the Brazilian voting machines is ex, extremely suspect, Diego and his team ended up, with a final score in the competition of, something like .004 points out of 400. [laugh] still they won the competition, but this just shows how the, the deck was essentially stacked against them with the rules that the Brazilian election authorities set. Brazil needs much more of this kind of transparent auditing of their systems in order to realize what the true scope of the security problems might be. Brazil is also interesting. Because of they in a sense slipped backwards they added paper ballot a voter verified paper trail to their machines for period of time and then decided to get rid of it because the election authorities cited, cited problems with the logistics and with the reliability and especially claimed there wasn't any evidence of fraud. Now, this is something we might expect that there'd be no evidence of fraud because they only actually installed the paper trail on about half the machines. And if there was software in the machines programmed to cheat, it would just know whether there was a paper trail add-on attached or not, and not cheat in the cases where there was one. So I think Brazil should seriously reevaluate this decision. Unfortunately, the Brazilian courts have ruled that adding a paper trail is unconstitutional in Brazil because it would violate voter's privacy. Now, it's certainly possible to construct a paper trail add-on to a voting machine like this, that provides very poor ballot secrecy. Say one that just records each vote after the next on a continuous cash register tape. But that's not at all necessary. It's also possible to make a paper trail add-on that separates each vote, shuffled inside a ballot box, and that kind of protection would provide strong ballot secrecy. Moving on I'd like to talk about South Africa for a few minutes. South Africa wasn't on the list of countries I mentioned that have adopted electronic voting, but they still used computers in the counting process for one very important election, which was the 1994 election that was won by Nelson Mandela, the first post-apartheid election. According to someone who was involved in the election process in 94. That's Peter Harris, the author of this book that's on, on our list of resources. And Peter Harris took part in that election as essentially the chief, election monitor and observer. And according to Peter Harris, during the process of tabulating the votes, where they took computers and entered in the votes that were coming in from each polling place across the country. Where people were voting with paper ballots and then telephoning in the totals. During the process of tabulating the ballots, they noticed a problem. Someone had hacked in to their computer network and changed the counting process to multiply the votes that were being added to some of the opposition parties. Now this is incredibly scary because it was quite clearly an attempt to disrupt this election process in the a very fragile time in the country's history. It probably wouldn't have been enough to change the results, but in could have could have ruined the election and required them to vote again, potentially resulting in, in rioting and deep suspicion of the whole process. Luckily, the monitors caught that something has changed when they noticed sudden jumps in the number of votes for each of these, these parties. And they found a way to undo the damage and back away from it by, by having people manually retotal the votes. This had the effect of delaying the results for, for multiple days and caused, caused widespread suspicion. But the election officials decided not to explain the nature of the problem to the people because they were afraid it would undermine the confidence in the election system. I wonder how many places, how many times has there been fraud by computer, that election officials have decided not to talk about publicly, because they were worried about just the same thing, undermining public confidence. I think that's part of the reason why more problems like this aren't widely reported. So South Africa was able to recover because they still had the paper ballots, they could just total things by hand. This wouldn't have been possible with DRE voting. The last case I want to talk about is India, which is one of the most fascinating, fascinating examples of electronic voting. India, in there last nationwide election counted more than 400 million votes and almost all of those votes were cast on machines like this, which in India, are called EVMs, for Electronic Voting Machines India uses more than 1.4 million of these machines nationwide. They are manufactured by a pair of government owned companies indigenously programmed in India, and they are designed for very, very different set of constraints than voting machines used say, in the US or Europe. We're going to spend the rest of this lecture focusing on the Indian case. Both because it's so interesting and because I got to take part in the first independent security evaluation of these machines. And, I'll tell you what we found and what happened then in a moment.