Citizens try to close the open crisis for the fraud in the primaries of Castilla y León. Two days after discovering 82 false votes, the general secretary of the party, José Manuel Villegas, went out to defend "the robustness and transparency of the system".
ELECTION OF CANDIDATES IN CITIZENS
Accumulated votes as hours passed
How can you know that this system is so safe? Through an external audit, which has never been done. EL PAÍS sent six questions to the party on Thursday about the functioning of its voting procedure. Despite repeated messages, there has been no response. The same party is who create, control and certify the results.
"The complexity of developing an Internet voting system is very high," says David Marcos, a professor at the Instituto de Empresa and a consultant to the Organization of American States for cybersecurity and democratic processes. The remote vote in Cs works like this: an affiliate up to date with payment and more than 6 months old accesses his page. To enter, the user needs his ID and a password.
From there it goes to the page of the corresponding primaries. Choose your candidate, click on "vote", the application asks if you are sure and then creates a PDF that links a code with the person to whom you voted. Cs adds a time stamp from the National Currency and Stamp Factory, but that document only proves that something has happened at an hour, not what has happened. That PDF is on the affiliate's page next to the chosen candidate.
This process has three potential holes that cast doubt on the possibility that someone from within can link the voter with the meaning of their vote:
1. The IP. The IP address is a label that identifies the computer that connects to a network. One of the questions that the party has not answered is how it has known that 82 votes of all those cast in Castilla y León were fraudulent. Some were produced at dawn and others in the morning, but could not be legal? How was it identified that those were precisely the bad guys? One option is the IP. But if so, that would mean that the party can see the IP linked to each vote.
After the fraud of Castilla y León, a candidate in another primary process asked the party's Guarantees Committee to give him the list of votes linked to the IP. The commission responded a day later that they had prepared them, but before sending them the candidate had to sign a confidentiality agreement that has not been accepted at the moment.
There are two possible examples of PI linked to the meaning of the vote. How could Cs then link the IP with the ID of each affiliate, the definitive way of knowing what each one has voted for? For him login. The system administrator knows from which IP each user requests to enter the affiliate page. If he is then able to link IP with the sense of the vote, the circle closes.
2. The administrator. The IP example may even be too sophisticated. There is a simpler way. The system developer has the key to all the doors. The pages of the affiliates before and after the vote are managed by the party. "If the voter can see their vote, the system administrators as well. That does not meet the requirements of the secret vote, "says Eduardo Robles, technical director of nVotes. The administrator not only has access to affiliate pages. You can see the voting process as it develops. "That person knows who is moving around," says Justo Carracedo, retired professor of Computer Engineering at the Polytechnic University of Madrid.
3. The PDF. "None of the actors involved in the process should be able to link a vote with an identifiable voter," says Professor Dimitris A. Gritzalis, an expert on electronic voting. Not even the voter himself. The best way to avoid possible pressure on voters is that there is no evidence to discover the meaning of their vote. But that is precisely what the PDF that remains on the affiliate's page behind a message that says: "Download proof of vote".
4. The hours. Any militant may consult each vote for each candidate, including the time at which it was issued. That lends itself to prying eyes: if I know what time a person voted, I can see the votes cast at that time and, in certain cases, maybe find out their vote.
5. Lack of audit. "You just have to ask a question: who has audited the system?" Says Luis Panizo, professor of Computer Architecture and Technology at the University of León, who emphasizes that the word of the party is not enough to guarantee that it is a process democratic clean. The burden of proof, in this case, is not on those who doubt but on who creates the system.
"There are very few systems that have a minimum of guarantees. This must be left to a company with credibility, "says Marcos. The system that Cs uses today was created in 2014 by Raúl Guillén, a computer scientist who had founded the company Monomio shortly before.
The argument of Cs is that nobody violates the anonymity of the voters. But what you must ensure is that it is not possible.