Researcher Who Reported E-voting Vulnerability Targeted By Police Raid in Argentina

TrixX writes: Police have raided the home of an Argentinian security professional who discovered and reported several vulnerabilities in the electronic ballot system (Google translation of Spanish original) to be used next week for elections in the city of Buenos Aires. The vulnerabilities (exposed SSL keys and ways to forge ballots with multiple votes) had been reported to the manufacturer of the voting machines, the media, and the public about a week ago. There has been no arrest, but his computers and electronics devices have been impounded (Spanish original). Meanwhile, the information security community in Argentina is trying to get the media to report this notorious attempt to "kill the messenger." Another source (Spanish original).

Not kill the messenger ...

[perpenso]

If the researcher is not being arrested its not "kill the messenger". Impounding his equipment, the "evidence", is just a very rude way of getting his data on vulnerabilities and attacks. They could have asked. Then again perhaps they feared the "evidence" being tampered with, confidential sources and all that sort of thing. Again, rude, but a plausible path if such concerns were warranted.

Re:Not kill the messenger ...

[Trax3001BBS]

So why would the next messenger bring any message?

Because the next messenger would be smart enough to realize that if they have any electronic data more valuable than school assignment, video game save game files, selfies and letters to grandma then they should have offsite backups. Whether your data burns up in a fire, gets destroyed in a flood, gets stolen by non-government agents or impounded by government agents does not really matter; except that in the impounding case you might get it back. Back it up and there is much less to fear.

And perhaps this first messenger has a backup too.

In this case everybody has the information: "As reported Telam a specialist who preferred anonymity, which leaked on the web are "SSL certificates terminals that send data from the schools to the datacenter," which were published "on the site http: / /caba.operaciones.com.ar by poor settings on your servers. "" (translated version).

Re:Not kill the messenger ...

[perpenso]

So why would the next messenger bring any message?

Because the next messenger would be smart enough to realize that if they have any electronic data more valuable than school assignment, video game save game files, selfies and letters to grandma then they should have offsite backups. Whether your data burns up in a fire, gets destroyed in a flood, gets stolen by non-government agents or impounded by government agents does not really matter; except that in the impounding case you might get it back. Back it up and there is much less to fear.

And perhaps this first messenger has a backup too.

In this case everybody has the information: "As reported Telam a specialist who preferred anonymity, which leaked on the web are "SSL certificates terminals that send data from the schools to the datacenter," which were published "on the site http: / /caba.operaciones.com.ar by poor settings on your servers. "" (translated version).

The desired "evidence" may be unreported information. For example things that make otherwise anonymous people less anonymous. Again, the researcher is not necessarily the target.

Can we get some confirmation of this?

Come on, Slashdot editors! Get with it! Fix the fucking summary! It's fucking awful!

Jesus Christ, most of the links are to non-English articles, and the automatic translations are shitty. Like most people here, I don't read Spanish, so I have no idea if the automatic translations are actually accurate and match with what the Spanish articles are saying!

Additionally, I have no idea who is behind these articles. Being unfamiliar with them, I do not know how reliable they are, or what their biases are.

I know I'm not alone. This is a site targeting English-speaking individuals. As we already speak the most relevant language in the world, we have no need for other languages.

Is anyone in the English media covering this? Can we get some confirmation from reputable American, British or Australian news sources, so we can actually understand what the fuck is going on in this case?

That's what happens when...

[Krojack]

You expose a backdoor that the current in-power government was going to use to win the election.

The inherent problem with electronic voting

[Opportunist]

There is one single very dangerous problem with electronic voting: Trust. People have to trust it, because they are unable to test it.

With paper and pen, it's easy. You can nominate anyone to work as an election monitor. The necessary qualification is "being able to find out where the X marks the spot" and "count". That's a skill set available to nearly everyone.

Working as an election monitor to rule out foul play with election machines requires someone to know quite a bit about computers. It's anything BUT simple to rule out foul play.

The danger here isn't even so much that manipulation can take place. And I don't even want to engage in the discussion whether or not these machines can easily be manipulated. The danger is that some populist aiming for the uneducated masses goes and cries foul play when he loses the election. And that's a danger not to some party but to the faith of the population in the whole democratic process. And that inherently is dangerous to democracy altogether.

It's not easy to debunk such claims. With paper, it's easy to go "oh please, count them yourself if you don't believe us. Here's the paper slips, and you can count, can't you?". Now try the same with election machines. Saying "you can do an audit yourself" isn't going to cut it. Why should we trust the computer experts? It's not something just anyone can do.

These machines are a danger to democracy. Nothing less.