Argentina Rewards Programmer Who Exposed E-Voting Vulnerabilities With A Complimentary Home Police Raid

from the shoot-all-the-messengers dept

"The truth is amazing, you notify the company that they have a failure in their voting system and the next thing they do is (raid my home) instead of looking for the real culprits..."I'm just a programmer, I'm not a hacker." Sorianello told La Nacion that he contacted the police station in Caballito to corroborate the raid: "They said yes, but they could not tell me why or how it was going to take." He also said he did not receive any call from the company (after having told them about the flaw a week) ago."

"Earlier today, the Argentinian site La Política Online reported that 532 polling stations were unable to transmit their results electronically to the central electoral office, and had to be transported there physically for the 184,000 votes involved to be included in the final result. As the article points out, although this failure won't change the outcome of the election for the head of local government in Buenos Aires, it will make a difference to the allocation of seats in the legislature and community boards."

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

An Argentinian programmer who was trying to doin exposing severe vulnerabilities in the country's e-voting system was rewarded for his actions -- with a police raid on his home. According to Argentinian news outlet La Nación , Joaquín Sorianello informed MSA, the company than makes the Vot.ar e-voting system, that the SSL certificates used by the system to encrypt transmissions between the voting stations and the central election office could be easily downloaded, allowing for potential voting fraud (or just a good old-fashioned DDOS attack).Sorianello, who says he never received a phone call from MSA after reaching out to the company to report the flaw, suddenly found his home being raided by Argentinian police, who seized computers, Kindles, and numerous storage devices (from a Google translation of the source ):Sorianello has pointed out to numerous news outlets that he's a programmer -- not a hacker, and if he had wanted to hack into the systems to cause damage, he certainly wouldn't have informed the company of the flaw first. He's also repeatedly pointed out that it was the protected @FraudeVotar Twitter account that published the core details of the e-voting internals, not him. That apparently didn't matter to the Argentinian legal system.This isn't the first problem facing MSA and its e-voting technology, which is being used in Buenos Aires elections for the first time. Two weeks ago, the source code for the company's Vot.ar technology was leaked to Git.hub . A number of researchers also discovered that a smartphone with NFC capabilities (pretty common at this point) could be used to create a specialized e-ballot, capable of tricking the system into counting a single vote numerous times . And this is all before you realize that in many instances, the technology Argentina is using just doesn't appear to work very well:So not only is MSA's e-voting system completely open to several vectors of fraud and attack, it works so damn well you need toback to the central office to count the tallied votes. Meanwhile, Argentinian locals are claiming that the same Judge that thought it was a good idea to authorize the police raid on Sorianello's home, has also ordered Argentinian ISPs to block many of the websites where details on the e-voting flaws and source code can be found (like justpaste.it). Surely if you stop people from discussing the obvious flaws, the problem magically goes away, right?As we've seen with countless other e-voting scandals of this type, you can't operate a secure, successful e-voting system without trust. And you certainly don't gain the public's trust by shooting as many messengers as possible and playing a futile game of Whac-a-mole censorship with those who point out your system is utterly and painfully flawed. What yousuccessfully accomplish is make it perfectly clear that youthe fact your electoral process can now be rigged.

Filed Under: argentina, arrest, blame the messenger, e-voting, joaquin sorianello, security, vot.ar, vulnerabilities

Companies: msa