You must start from a base: no voting system is 100% secure. Neither traditional nor electronic. Ballot stuffing is a practice as old as elections themselves and it refers to one of the multiple techniques used throughout history to tamper with election results: submitting multiple ballots per person.
There is also the personation technique, deceased voters who come back to life for one day to vote; and electoral registration fraud, voters registering illegally in a constituency that does not correspond to them. That is not to speak of the buses that pick up people from the villages to take them to the capital to vote, the party obviously covering the expense.
Electronic voting, the essence of so-called “cyber-democracy”, is not safe from fraud. In fact, there is a perception that it is even less secure, easier to tamper with than methacrylate ballot boxes.
For example, a recent study by researchers Dan Zimmerman and Joe Kiniry analyzes the risks of voting via email, one of the methods already being used in various countries, and advise against using it. And quite a few European countries have gone back on their decision to use online voting, due to the controversy that has arisen.
The Netherlands, pioneer in implementing electronic voting (a legal provision being put in place in 1965), decided to go back to using ballot papers in 2008, two years after the publication of a study that revealed a serious security problem in the system.
In 2009, following a long legal battle, the German Federal Constitutional Court ruled electronic voting unconstitutional, as it considered that it did not allow citizens without technical knowledge to supervise the election process. In the same year, Ireland scrapped the online voting system. Finland halted its program in 2010, after invalidating the results of the first pilot test, which was carried out in 2008.
The United Kingdom carried out more than thirty pilot tests between 2002 and 2007, but none of them returned sufficient guarantees for authorities. The Electoral Commission suspended the implementation of electronic voting in 2008.
In Spain, the surprise political party that was successful in the European elections, Podemos, is using an electronic voting system to make internal decisions. It is called Agora Voting and involves three phases: One, the party’s responsibility is to make sure that the person voting is who they say they are; the second and third, registration and counting of the votes, are the shared responsibility of the so-called “voting authorities” (independent observers who certify that no personal interests contaminate the process). All of the software used is free software and after voting, each voter can check the integrity of the vote using an identifier.
In this case, the largest crack in the system is in the Podemos registration or membership system, which only asks for a national identity card number and phone number. Both of these things, as already proved, can be faked.
To sum up, as Eduardo Robles, cofounder of Agora Voting, said, there is not a big difference between the traditional voting system and the electronic. “Can ballot papers get lost? Of course, but it is very difficult because they are kept guarded. Can ballot boxes be tampered with? Yes.” And the same happens with the virtual ones.
Security mechanisms improve very quickly but so do the techniques used by the attacker. While there is interest in changing the results, ballot stuffing will continue to evolve.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
1 comment