Slashdot Mirror
Researcher Who Reported E-voting Vulnerability Targeted By Police Raid in Argentina
TrixX writes: Police have raided the home of an Argentinian security professional who discovered and reported several vulnerabilities in the electronic ballot system (Google translation of Spanish original) to be used next week for elections in the city of Buenos Aires. The vulnerabilities (exposed SSL keys and ways to forge ballots with multiple votes) had been reported to the manufacturer of the voting machines, the media, and the public about a week ago. There has been no arrest, but his computers and electronics devices have been impounded (Spanish original). Meanwhile, the information security community in Argentina is trying to get the media to report this notorious attempt to "kill the messenger." Another source (Spanish original).
Just FTR, the group organizing this election is the government of the city of Buenos Aires. which is not run by the Kirchner but one of the opposition parties
You expose a backdoor that the current in-power government was going to use to win the election.
There is one single very dangerous problem with electronic voting: Trust. People have to trust it, because they are unable to test it.
With paper and pen, it's easy. You can nominate anyone to work as an election monitor. The necessary qualification is "being able to find out where the X marks the spot" and "count". That's a skill set available to nearly everyone.
Working as an election monitor to rule out foul play with election machines requires someone to know quite a bit about computers. It's anything BUT simple to rule out foul play.
The danger here isn't even so much that manipulation can take place. And I don't even want to engage in the discussion whether or not these machines can easily be manipulated. The danger is that some populist aiming for the uneducated masses goes and cries foul play when he loses the election. And that's a danger not to some party but to the faith of the population in the whole democratic process. And that inherently is dangerous to democracy altogether.
It's not easy to debunk such claims. With paper, it's easy to go "oh please, count them yourself if you don't believe us. Here's the paper slips, and you can count, can't you?". Now try the same with election machines. Saying "you can do an audit yourself" isn't going to cut it. Why should we trust the computer experts? It's not something just anyone can do.
These machines are a danger to democracy. Nothing less.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So why would the next messenger bring any message?
Because the next messenger would be smart enough to realize that if they have any electronic data more valuable than school assignment, video game save game files, selfies and letters to grandma then they should have offsite backups. Whether your data burns up in a fire, gets destroyed in a flood, gets stolen by non-government agents or impounded by government agents does not really matter; except that in the impounding case you might get it back. Back it up and there is much less to fear.
And perhaps this first messenger has a backup too.
In this case everybody has the information: "As reported Telam a specialist who preferred anonymity, which leaked on the web are "SSL certificates terminals that send data from the schools to the datacenter," which were published "on the site http: / /caba.operaciones.com.ar by poor settings on your servers. "" (translated version).
The desired "evidence" may be unreported information. For example things that make otherwise anonymous people less anonymous. Again, the researcher is not necessarily the target.