The software in question is the official system used by Dutch municipalities for tallying the total number of votes after collecting them from individual voting stations. This used to be done with some sort of Excel template, and this has been in the news before for being a pretty iffy way of going about things, after which this particular software was created. So you could say this was quite a serious leak. Elections are coming up in November, so the timing of this is pretty good too.
According to the NOS (a Dutch news organisation), security audits had been done, but the audits did not include the installer. Future audits will include it. This points out the flaw of trusting too much on audits, and not taking a wider picture approach where the entire software development process is audited.
I’m quite surprised that there is an official system for doing this. In a paper election, each candidate (or their party) can provide monitors who watch the count. I’d expect an open electronic system to use multiple, independently developed, systems for this and require that they agree within the margin of error for an election to be certified.
The counting of votes is done at the individual voting stations, and the general public has the right to witness this counting. This system is used for adding up those totals from the stations so that they can be reported “up the chain”, which AFAIK doesn’t happen in public view.
So if I want to attack a Dutch election, this looks like the best place to do it. Having two independent implementations of the aggregation would help a lot there because I’d have to compromise both. Allowing parties to provide their own aggregation software would also help, because then if they disagree with the official tallies you can introduce an audit.
Electronic vote counting seems like such a dangerous and irresponsible thing to do, especially for countries that do not produce their own silicon. I can’t believe that it’s such a widespread practice, given the obvious dangers that are well-known for decades already. It’s so much harder to fake entire paper trails at scale.
The software in question is the official system used by Dutch municipalities for tallying the total number of votes after collecting them from individual voting stations. This used to be done with some sort of Excel template, and this has been in the news before for being a pretty iffy way of going about things, after which this particular software was created. So you could say this was quite a serious leak. Elections are coming up in November, so the timing of this is pretty good too.
According to the NOS (a Dutch news organisation), security audits had been done, but the audits did not include the installer. Future audits will include it. This points out the flaw of trusting too much on audits, and not taking a wider picture approach where the entire software development process is audited.
I’m quite surprised that there is an official system for doing this. In a paper election, each candidate (or their party) can provide monitors who watch the count. I’d expect an open electronic system to use multiple, independently developed, systems for this and require that they agree within the margin of error for an election to be certified.
The counting of votes is done at the individual voting stations, and the general public has the right to witness this counting. This system is used for adding up those totals from the stations so that they can be reported “up the chain”, which AFAIK doesn’t happen in public view.
So if I want to attack a Dutch election, this looks like the best place to do it. Having two independent implementations of the aggregation would help a lot there because I’d have to compromise both. Allowing parties to provide their own aggregation software would also help, because then if they disagree with the official tallies you can introduce an audit.
Electronic vote counting seems like such a dangerous and irresponsible thing to do, especially for countries that do not produce their own silicon. I can’t believe that it’s such a widespread practice, given the obvious dangers that are well-known for decades already. It’s so much harder to fake entire paper trails at scale.