Buenos Aires is currently in the middle of electing its mayor and city council. With a first round that took place on July 5th, and a second round due on July 19th, the election is the first time Argentina’s capital city has used an electronic voting system called Vot.ar, created by local company Magic Software Argentina (MSA). Like many e-voting systems before it, the security and accountability of MSA’s Vot.ar has long been questioned by local computer technicians, lawyers, human rights defenders and Internet users. But instead of addressing the flaws or postponing Vot.ar’s deployment, the Buenos Aires authorities have chosen instead to silence and intimidate critics of the system’s unfixed problems. A local judge demanded ISPs block web pages, and ordered a raid on the home of one technologist, Joaquín Sorianello, who disclosed to MSA a key insecurity in their deployed infrastructure. Even as the election continues with its troubled technology, online information on the problems is legally censored from online readers, and Sorianello’s property remains in limbo.
Vot.ar’s system relies on a paper ballot with an embedded RFID chip. Each voter places one of these ballots into a polling machine and makes a choice on a touch screen. The selection is printed onto the ballot by the machine, and (in theory) also stored on the accompanying RFID chip. The voter drops this completed “e-ballot” into an ordinary ballot box. Totals are tallied from the collected RFID ballots using the same MSA computer, and transmitted from the polling place to a central server, with the e-ballot being kept for auditing and recounts.
Sorianello reached out in late June to MSA to report that the private SSL certificates used in the secure transmission of data between the polling centers and the central servers were publicly accessible. An attacker with access to these certificates could monitor or manipulate the results being sent to the authorities. Another group of independent researchers discovered that with a normal, NFC-ready smartphone, multiple votes for the same candidate could be added to the e-ballot’s embedded RFID chip, invisibly distorting the electronic count.
The authorities’ response was not to investigate and fix these problems, but to cover up the evidence and punish the whistleblowers. On July 3rd, two days before the election, the computer crimes division of Buenos Aires’ Metropolitan Police, under the orders of Judge María Luisa Escrich, raided Sorianelllo’s home. The officers took his computers, e-book reader, and other devices. Sorianello was not present for the raid, but in a telephone conversation with a local newspaper, he pointed out that “if I wanted to do something harmful or hack, I wouldn’t have told the company”.