Dutch security researcher Sijmen Ruwhof has examined the software used at Dutch polling stations to send election results, and now claims “the average iPad is more secure than the Dutch voting system.” Local television station RTL asked the researcher to examine the security of Dutch voting systems after they heard they used weak SHA1 cryptography in certain parts of the system. Dutch elections have used paper-based voting since 2009, when the government banned electronic voting on security grounds. However, once the vote is cast, election officials will use electronic systems to send manually counted votes from each district. As the vote is counted data is transferred and shared on USB sticks, with the final tally going to the central Electoral Council in a digital file. This means that at multiple points during the result calculation, the data is shared electronically using systems that may not be so secure. The voting software can even be installed on personal devices, Windows XP, and non-current versions of web browsers, the researcher said. You can take a look at the accumulation of security weaknesses identified by the researcher here.
“Anyone with a certain level of IT-security knowledge will tell you that a computer cannot be trusted,” Ruwhof explains.
“Whatever steps you take to secure a computer, it will always be possible to hack it. And against state-sponsored hackers you have almost zero chance.
“To put it bluntly: you can’t protect a computer system against experienced and well-funded state-employed hackers.”