SCYTL compromises credibility of the voting technology industry


Executives from Scytl admited problems in the automitized scrutiny system used in Ecuador. Photo: today

Starting with the first entries of this blog some 4 years ago, we have called for the implementation of technologies that improve how elections are conducted. We do this based on our full conviction that e-voting, and the adoption of other technologies, represent the present and the future of safer and more transparent voting.

Now well, this certainty is not just an act of faith. It is grounded on our following of successful electoral projects around the globe, which have proven more efficient thanks to the application of technology.

We understand that carrying out an election is a mission-critical project, i.e. it implies coordinating thousands of variables and tasks that have to work perfectly during a very brief period of time. A civil registration project, for instance, opens up a window of possibilities (and time) that a single-day election does not. Hence, we admit that e-voting being a young industry, failures may happen. For this same reason, this blog has not been silent when a provider makes a mistake. Why? Because every blunder must be the object of a thorough analysis to turn it into a nurturing experience. However, when the same provider has a history of failures, and its mistakes cause discouragement and distress to a population, these should not be just mentioned, but denounced.

Scytl’s latest project was in Ecuador, where the company was awarded a multimillion contract in 2013 for the vote processing, automated tally and publication of electoral results for the country’s sectional elections, which took place on February 23rd 2014. Eight days after Election Day, Scytl stated there were problems in the system and delays in the processing of the electoral records. Authorities of the National Electoral Council, unable to announce official results, asked the media not to declare any candidate as a winner, and notified that in case of a total failure by the company an adequate judicial procedure would ensue, declaring the company to be a “defaulted contractor” and asking for monetary compensation.

The Spanish multinational company has publicly accepted their faults in Ecuador, something which did not happen in either the United States or Canada. Osman Loaiza, Scytl’s Operations Director, commented on “a failure they [the technicians] had when staring the process on Election Day, which set us back for a while until we could process the electoral records”, while publicly accepting that the system developed by his company for Ecuador was the source of the delay.

But failures of this company date from years ago. In 2008, the Florida State Department commissioned a review of the Internet voting system developed by the Spanish company Scytl. The team was made up by independent experts from Florida State University. In their report, despite of what they considered to be an advance in the use of encryption and of robust components, three vulnerabilities were found: voters could not even cast their votes within the system; electoral results that did not accurately reflect the voters’ will; and the disclosure of confidential election, i.e. the voter’s choices.

In 2010, the same Internet voting system provided by Scytl and implemented in Washington (US) was hacked; and during the Republican primaries in South Carolina in that same year, there were several reports of irregularities related to the Spanish company’s system. Moreover, the most questioned aspect was the fact that the electoral authorities admittedly could determine who a citizen had voted for.

In 2012, in Canada, an online attack delayed the results for the New Democratic party and prevented several delegates from casting their votes. Scytl explained that the attack was directed at the party’s website, and that their system was never compromised. However, analysts recommended clients to protect the URL of the website where the votes were going to be cast; it was precisely this what that Canadian party had failed to do, and Scytl did not warn them either.  “I’m not going to say it’s a rookie mistake, but it’s something that if you’re expecting a lot of people to watch an event or be involved in an event, it’s only those people that are involved in it that you want to actually participate … And it’s always been a rule that we have that we don’t allow the client to put a link on their website to the voting system because anyone who knows they’re having an election would simply visit their site and then pick up that information from there”, explained Intelivote’s Dean Smith.

That same year, during the most contended elections in the recent history of the United States, the number of absentee ballot requests by the military was strangely lower than in the 2008 elections. The US Department of Defense, which had employed Scytl since 2010, was subjected to strong criticism due to reports that showed an exponential decrease in members of the military that had received their proper absentee ballot requests. Scytl was the provider for the majority of states in that election.

Although some variables may always be compromised during an election, it is important for the provider of any voting system to know how to deal adequately with each incident that may arise. This is not about every single voting machine working perfectly; when deploying thousands voting machines, the laws of probability state that some of them can and will malfunction. However, when serious or massive incidents affect an election as a whole, the industry must take notice and work to ensure that similar incidents are not repeated. The vote is something too precious to be trusted to irresponsible, inexperienced hands.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s