Single E-Ballot has come under scrutiny

elecciones-argentina21The July 5 provincial elections that took place in Argentina put the Single E-Ballot (BUE) under the spotlight. Although the ballot showed some positive aspects related to its performance, such as a fair acceptance from citizens and improved vote processing times, certain flaws were also detected that merit analysis in detail

Just 48 hours before the elections, a group of experts issued a document revealing that the e-ballot provided by Magic Software Argentina (MSA) could be “altered to add repeated votes for a single candidate on a single ballot.”

Aside from this accusation, an IT technician’s house was searched. The technician had revealed how the leakage of part of the source code of the electoral software (another irregular situation that took place before the process) could lead to altered results. Joaquín Sorianello explained that “the SSL certificates of the terminals sending data from schools (polling places) to data centers” had been leaked. These (leaked certificates) “might be used to send false tallying results.”

Instead of taking measures to enhance security, the authorities cornered the technician. The court that issued the search warrant against Sorianello waited until two days after the election to issue a ruling that required “blocking parts of the website, where the e-voting security system leaks were published.”

Uncertainty remains high in the wake of the election. While some candidates admitted that the e-ballot system did not work well across the city, civil organizations reported that “serious” problems arose. At least 532 polling places were left untallied due to transmission issues.

Besides, Beatriz Busaniche, from the Vía Libre Foundation, stated that “all institutional safeguards failed” in MSA’s implementation of electronic ballots.

Busaniche said that several irregular situations were evidenced toward the end of the electoral event: numerical inconsistencies, the fact that Horacio Rodríguez Larreta, one of the candidates, declared himself a winner despite having no official information, or equipment failures.

Although the authorities came to the defense of the e-ballot used in Buenos Aires and acknowledged the complications, they blamed their inaction on the lack of formal complaints filed before the electoral body. After a hearing with political groups, Electoral Secretary of the Court of Justice Alejandra Tadei stated that “none of them made any observation whatsoever about the election.”

Despite the fact that automation is a step forward, Buenos Aires needs to keep looking for sounder alternatives to guarantee more efficient elections without compromising the security and legitimacy of the votes.

E-vote is not a game

Two english professors reprogrammed a voting machine to run a game Pac-Man Source: Youtube

Last August ran the news that professors Alex Halderman of the University of Michigan and Ariel J. Feldman of Princeton University, succeeded in running a game of Pac-Man in a Sequoia voting machine. The experiment, done on a machine that was offered at auction and it was no longer used for counting votes, led them to display their “experiment” as proof of the insecurity that display some of the equipment used to automate the electoral process.

The reprogrammed machine was purchased at an auction of equipment manufactured in 1995. Photo: Blogcdn

The researchers said the security stamps of the machines were not violated to access the memory card. They first removed some bolts to access the inside of the machine, then removed the memory card and connected it to a computer. Then they modified the boot program and proceeded to install a version of Pac-Man in the machine.

The publication of this information caused some concern on us. Because of this, we interviewed Eduardo Correia, Smartmatic’s Vicepresident of Electoral Solutions, who explained that this experiment was made with a machine of an american company made in 1995.

Correia said that in a well designed automated voting system, the software cannot be altered. He also said, without the intention of neither discrediting the academics nor defending the the competition, that these experiments do not run in real situations. He explained that it is not the same to alter a machine’s software that no longer has the protection mechanisms, than to alter a machine the very day of an election, in a real environment.

According to the electoral technology expert, the experiment made by the academics, does not imply that there is a possibility to alter the electoral results: “The systems though which the results travel are safer than the electronic transactions banking channels”.

Correia explained that each and every one of the entities that interact in the electoral infrastructure have ensured their digital identity. “All information that is exchanged with the totalizing servers is protected by algorithms that are even used in the U.S. to protect government information.”

He added that for example in Venezuela, when the votes are counted and the results are transmitted, this information comes to the totalization room of the National Electoral Council, and stored in database systems. “All of this is made in an automated manner, with highly reliable security mechanisms”.

Correia said that if any element of the software is modified, the whole system would collapse. This is the reason why he reiterates that, “when making such tests, they should be done in a controlled environment similar to an election, so the results can really have a scientific nature.”