This is a sad day for technology. I love it when technology enables progress and efficiency in business and society. It saddens me when progress is stopped over security fears. I can certainly appreciate the risk management logic with e-voting,  especially in times of suspected elections influence through hacking. However, I wonder whether the below case is more a question of a poor risk management practice causing a setback to progress.

The Dutch Government has now fully rolled back their evoting program, reverting to a fully manual processing, counting and reporting of voting ballots. In 2008, the Dutch Government had already  banned voting machines over security concerns (“We Do Not Trust Voting Machines” was the motto of a local activist group at the time). Since 2008, computers were just used to process the district vote local results, aggregating them for national result calculation. The software used was essentially a reporting (BI) tool in my understanding.

The reason for the rollback is over security holes and vulnerabilities of the software (“OSV”), amounting to a “critical” risk, because of a lack of transparency (“no final paper audit is performed to see if the analog and digital vote count is the same”).

The vulnerabilities reported on OSV include:

  • Outdated, and insecure, Operating System environments (e.g. Windows XP)
  • Unprotected voting data storage and transfer: “OSV stores results in an unencrypted XML file, and voting results are transferred via unencrypted USB sticks or unencrypted email over the internet.”

It would appear, accordingly to the report from infosecurity-magazine, that a key element of the Dutch Government decision is based on a lack of basic information security hygiene of the solution used to date. I wonder whether a correction of risk management practices would have downgraded enough the overall risk of election result tampering, and whether keeping a technology assisted voting solution would have outweighed the impact (logistics, cost, etc.) of a full revert to manual operations.

Further thoughts on e-voting and radical “de-digitalisation” in e-voting: cyber risks & e-democracy opportunities and Less digital for more security?.

 

 

 

 

 

Advertisements

2 thoughts on “A vote of no-confidence in e-voting

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s