Citizens welcomed the introduction and use
of technology. The results were tabulated, processed and reported far more
quickly than if the polls had been counted up in a manual fashion. However, not
all was well. It was revealed by computer programmer Joaquin Sorianello that
the Vot.ar electronic voting system provided by MSA and used in the Buenos
Aires election had
as security flaw. According to the site boing boing, “The Vot.ar system's
cryptographic certificates are easy to extract, creating an easy route to
manufacturing fake voting totals or simply overwhelming the service”.
Despite being “only” a programmer with no
ill will and no intention to hack into the election system for fraudulent
purposes, Joaquin Sorianello was
raided by the local Argentine police. All of his computer equipment and
storage devices were confiscated in the raid after he alerted MSA of the fatal
flaw. The revelation that the SSL certificates were being held on an unsecured
server did not come to light until 10 days after the election had concluded.
"If I wanted to hack or do something
harmful, Sorianello told La
Nacion, “I would not have told the company.”
This latest episode in Argentina clearly
illustrates a powerful lesson for the implementation of electronic voting
technology in a modern democracy. Security cannot be sacrificed in the name of
convenience. It is important for the electoral commissions of the world to work
only with trusted vendors with strong track records for security, transparency,
and privacy.
Technology played a very prominent role in last
year's general election in Brazil and the government there strove to
provide the highest level of security possible with its e-voting efforts.
Similarly, Russian officials were able to stave
off attacks on its e-voting system. While it is impossible to protect
against all attacks from all directions, due diligence must be conducted to
reveal and solve any security flaws in the e-voting infrastructure well ahead
of a general election. Having a strong
audit system in place for before, during and after an election is a good
start.
It may be true that a more complex system
can be more difficult to manage and it may prove to be detrimental to providing
greater universal access for citizens wishing to exercise their democratic
right. However, if the system is not adequately secure, accurate and reliable,
no level of convenience will matter.
