Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Who Reported E-voting Vulnerability Targeted By Police Raid in Argentina

Posted by Soulskill on from the stay-safe dept.

TrixX writes: Police have raided the home of an Argentinian security professional who discovered and reported several vulnerabilities in the electronic ballot system (Google translation of Spanish original) to be used next week for elections in the city of Buenos Aires. The vulnerabilities (exposed SSL keys and ways to forge ballots with multiple votes) had been reported to the manufacturer of the voting machines, the media, and the public about a week ago. There has been no arrest, but his computers and electronics devices have been impounded (Spanish original). Meanwhile, the information security community in Argentina is trying to get the media to report this notorious attempt to "kill the messenger." Another source (Spanish original).

4 of 116 comments (clear)

  1. Estonia evoting by Anonymous Coward · · Score: 2, Interesting

    Estonia also uses e-voting as an option, using an ID card. Basically software is opes source and anybody can check for backdoor, plus there is independent checking committee.

    Bottom line of this is that it is much more difficult to fraud in e-voting than in ordinary voting with paper.

    Interestingly the biggest critic of e-voting is our opposition party who relies heavily on russian and old people vote, basically less educated is the target group, they have raised hell after hell, and yet no one has yet to produce any attack vector that is not fundamentally in it already - al la guy holds a gun into your head and forces you to vote x or malware that steals your pins and votes x.

    Basically the bottom line is that if you trust banking and your money, because if anybody cracks it, it is the first thing to go after. you should trust e-voting as long as there is independent oversight and source is open.

  2. Re:The inherent problem with electronic voting by Opportunist · · Score: 3, Interesting

    But any party involved can (at least in my country, and pretty much all civilized countries I know of) nominate election observers that can easily identify whether everything's running correctly without any kind of special knowledge. They can easily tell whether the ballot is properly sealed, they can easily tell whether people step into the voting booth alone. They can easily find out whether the choice is free of influence. They can be present when the ballot seal is broken (actually, over here people are essentially locked in 'til the paper slips are counted, collected and sealed again, nothing going in or out in between) and when the paper slips are counted.

    It's pretty hard to manipulate anything in such an environment. It's easy to see whether someone tries to manipulate results since it takes little more than eyes to detect foul play.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Re:The inherent problem with electronic voting by Guillermito · · Score: 3, Interesting

    The system used in Argentina has a paper trail. When a vote is casted the machine saves the voter's choice to an RFID chip inside the ballot and at the same time the same information is printed as human-readable text on the ballot. The voter can use a separate machine to read the RFID and verify that the information printed matches the information stored.

    The votes are counted at each polling station primarily using a RFID reader, but each political party can designate monitors to oversee the process. In case of doubts the votes can be re-counted using the printed information. When everyone present agrees on the totals, the results are sent to a central location where they are aggregated. Results from each polling station are made available online so each party can verify that the totals add up correctly.

    As a final step, 5% of the polling stations are randomly selected the week after the election and votes are manually re-counted using the paper trail. This is done in the presence of monitors from the different parties. This is the second time this system is used. The first time the audit of the 5% of the polling stations showed no differences.

    I think there is a bit of exaggeration on these reports since even if the software is vulnerable, the system as a whole can be verified. The police raids can be explained since some of these "researchers" made available a list of all the employees of the company supplying the voting machines including phone numbers and addresses in an attempt to prove the incompetence of that company

  4. Re:The inherent problem with electronic voting by Anonymous Coward · · Score: 2, Interesting

    The officials at the voting table sign the envelopes. Whenever they sign envelopes, they must sign a batch of them with the same pen and with the same amount of signatures (one official, two officials, three officials, etc), so that it's not possible to identify a specific voter by the signatures on their envelope (I think there's a minimum of 8 or so).

    This is how the vote in Argentina has worked for many many years. This doesn't mean that it's impossible to fraud it. Voting table officials need to be careful of always looking when an envelope is put in the voting box, that it contains the signatures. If it doesn't, the person may take the signed envelope away and use it to create a chain of bought votes (i.e. give the signed closed envelope with the selected candidate already inside to someone voting at the same table, and ask them to give them back an open signed envelope on their way back in exchange for money).

    With this new system, there's no envelope because all voting ballots look basically the same, they are just folded so that the printed name of the person receiving the vote is not visible. This prevents the old type of buying votes, but there's already a video of how it's still possible to do the same via using a device that verifies that the information in the RFID matches what you want the voters to vote (this could be a full smartphone or a device that does just that).

    The good thing about this system is that it can still be counted by reading the information on the ballots. But we need to hope that everybody looks at what the machine printed on their ballot before folding it AND that the table officials actually verify that what the RFID machine says is the same as what their manual counting says...

    The RFID part baffles me. A QR or good old bar code would have been enough for speeding up counting. Why an RFID? It adds significant costs to the whole equipment needed, for no apparent gain (at least to me). My only explanation is that the business selling the RFID equiment and supplies to the city government has cut some kind of 'deal' to make them choose this...