Local police have raided the home of an Argentinian programmer who reported a flaw in an e-voting system that was used this weekend for local elections in Buenos Aires. The police took away all of his devices that could store data. According to a report in the newspaper La Nación, Joaquín Sorianello had told the company MSA, which makes the Vot.ar e-voting system, about the problem after he discovered information on the protected Twitter account @FraudeVotar. This revealed that the SSL certificates used to encrypt transmissions between the voting stations and the central election office could be easily downloaded, potentially allowing fraudulent figures to be sent. Sorianello told La Nación that he was only a programmer, not a hacker: “If I’d wanted to hack [the system], or do some damage, I wouldn’t have warned the company.” He also pointed out that it was the @FraudeVotar account that had published the information, not him. As a result of the police action, he said he was “really scared.”
This is the latest in a series of problems for the e-voting system, which is being used in Buenos Aires local elections for the first time. Two weeks ago, some of the source code for the Vot.ar system was posted on GitHub. The company said it was not secret since it had been submitted to the authorities for auditing.
More recently, a group of researchers discovered a weakness in the system that they said could potentially allow a specially crafted e-voting ballot to be counted more than once (full details in Spanish). However, MSA said this would be almost impossible in practice.
It was just hours after newspapers started reporting on this new problem that the police raided the home of Sorianello, although he was not one of the researchers who made the claim. The police haven’t yet released any information about the raid.