Last active
August 29, 2015 14:24
-
-
Save sebadoom/f0eedcba2f39e3e07a1c to your computer and use it in GitHub Desktop.
e-voting summary in Buenos Aires
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Broad summary: | |
- Elections are on Sunday 5th, July. | |
- This is the first time an e-voting system is used in Buenos Aires city. | |
- Researchers and IT professionals had been warning about potential issues with the way the system works (short summary at the end). | |
- Government officials have said on-record that the machines are only "printers with no memory". There is video evidence that the machines are in fact standard PCs running Ubuntu. USB and VGA ports are located behind a lid on the side. See videos here: https://storify.com/mis2centavos/el-sistema-de-voto-electronico-usado-en-caba | |
- Code got leaked about a week ago. Flaws were found. Code: https://github.com/prometheus-ar/vot.ar | |
- SSL certs got dumped due to security flaws (update: they were publicly available through a public HTTP server, no password; wget was used to download them, see https://twitter.com/prometheus_ar/status/617341165592014848). These certs are used after the election to send the result of each e-voting machine to the main computing center where all votes are summed up. This happened about a week ago. This was reported in the local media: http://www.telam.com.ar/notas/201506/110512-a-diez-dias-de-los-comicios-portenos-descubren-filtraciones-de-seguridad-en-el-sistema-de-voto-electronico.html (I can translate this ASAP if you need it). | |
- A twitter user: @_joac sent this report (SSL certs getting leaked) to the head of development at MSA (Magic Software Argentina), the company that got the contract for the e-voting system (there was no bidding or public offering to pick the company, BTW). | |
- On Saturday 4th, July a group of researchers published another vulnerability deemed "MultiVoto" (multi-vote, search for #MultiVoto on Twitter). Report: https://docs.google.com/document/d/1aH6kvoLR8O1qWOpEz89FAB2xFcBNB-QqHgZpXxg0vGE/preview?sle=true I can provide details on each of the people signing the report, and a full translation by request. For instance, Francisco Amato is CEO of a security firm: https://twitter.com/famato (Infobyte LLC). The MultiVoto flaw essentially allows for creating a specially crafted e-voting ballot that is counted more than once by the machine (essentially adding more than one vote to the count). As the ballots work with an RFID tag, the ballot can be crafted with any NFC enabled phone. The researchers claim they have PoC code that does this. The report got published right after midday on Saturday. A shitstorm ensued on Twitter and some newspapers published short stories about the matter: http://www.lanacion.com.ar/1807352-denuncian-un-agujero-de-seguridad | |
- Later on Saturday, a couple of hours after the report was published, @_joac got a search and seizure warrant in his home. All electronic equipment was seized. @_joac was not one of the people who signed the report. The community of researchers got naturally upset, as @_joac only reported what they had already found before. Article with quotes from @_joac: http://www.telam.com.ar/notas/201507/111442-allanamiento-voto-electronico.html | |
The warrant was carried out during the night. Local law requires warrants to be performed during the day except on special cases (the judge must provide a good reason for doing otherwise). There are questions as to what exactly was the rationale for performing the warrant during the night. | |
Another article: http://www.clarin.com/policiales/Voto-electronico-allanaron-domicilio-irregularidades_0_1387661308.html | |
Update: the court order carried the name of a second target for the search and seizure warrant. There have been no public reports on the identity of the second person. | |
Update: the court order identified 2 IP addresses that were used to download (or list, this is still unclear) the SSL certs from the public, unprotected HTTP server in which they were hosted. | |
- Extra detail: the system was named "Electronic Single Ballot" system (Boleta Única Electrónica, BUE) by the executive branch of the city of Buenos Aires. This was done as a measure to avoid going through the local legislative branch as local regulations require that any "electronic voting system" go through the Buenos Aires City Legislature. This is considered by many suspicious. There has been a big government push to get people to call this "Boleta Única Electrónica" rather than "Voto Electrónico" (electronic vote). The PRO (the current party in power in Buenos Aires) has set up posts throughout the city to "educate" people about this. Many are now repeating that this is not an e-voting system. | |
- There were security audits by a local University. None of these flaws were reported. Some speculate that the report was doctored. | |
The way the system works: | |
1) You get the ballot from the local authority at the designated place for you to vote. | |
2) The ballot carries a printed number which lets the authority know that this is in fact the ballot that was handed to you before using the e-voting machine (to prevent ballot swaps). | |
3) This number is printed in way that by the time you get the ballot in your hands, half of it (horizontally) is kept by the authority. The other half stays in the ballot. | |
4) You get to the machine (which is in an open space, yeah, Van Eck phreaking), place the ballot near it and pick your vote. The vote gets set in the RFID tag of the ballot. At the same time, the ballot is thermal-printed with your choice. There are doubts about the security measures implemented in the ballots to protect it from long-range RFID readers. | |
5) You fold the ballot and take it back to the authority. The authority checks that the ballot id is right (with half the number the he or she kept). At that time, you are requested to cut the id completely from the ballot. | |
6) You insert the ballot in the ballot box. | |
After the voting process is complete, authorities read the RFID tags of each ballot in the ballot box. The numbers are added up locally by the machine, and a piece of paper is printed with the count. At the same time, a technician is tasked with sending the count through a secure channel (SSL certs) to the main computing center. | |
**************************************************** | |
- Post election update: there are still missing counts from several machines. There is no official response on what is going on with the missing counts. | |
- Post election update: as the SSL certs were potentially compromised, a last minute action was implemented to take the counts physically to the main computing center. Update: counts were sent by taxi (!!). I am still looking for reputable sources for this piece of information. | |
- A court order is now out ordering a block to justpaste.it: https://twitter.com/beabusaniche/status/618198533531914241 | |
Article on La Nación: http://www.lanacion.com.ar/1808195-ordenan-impedir-el-acceso-a-un-sitio-con-informacion-sobre-el-sistema-de-voto-electronico-porteno |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment