Argentina Rewards Programmer Who Exposed E-Voting Vulnerabilities With A Complimentary Home Police Raid
from the shoot-all-the-messengers dept
An Argentinian programmer who was trying to do a good thing in exposing severe vulnerabilities in the country's e-voting system was rewarded for his actions -- with a police raid on his home. According to Argentinian news outlet La Nación, Joaquín Sorianello informed MSA, the company than makes the Vot.ar e-voting system, that the SSL certificates used by the system to encrypt transmissions between the voting stations and the central election office could be easily downloaded, allowing for potential voting fraud (or just a good old-fashioned DDOS attack).Sorianello, who says he never received a phone call from MSA after reaching out to the company to report the flaw, suddenly found his home being raided by Argentinian police, who seized computers, Kindles, and numerous storage devices (from a Google translation of the source):
"The truth is amazing, you notify the company that they have a failure in their voting system and the next thing they do is (raid my home) instead of looking for the real culprits..."I'm just a programmer, I'm not a hacker." Sorianello told La Nacion that he contacted the police station in Caballito to corroborate the raid: "They said yes, but they could not tell me why or how it was going to take." He also said he did not receive any call from the company (after having told them about the flaw a week) ago."Sorianello has pointed out to numerous news outlets that he's a programmer -- not a hacker, and if he had wanted to hack into the systems to cause damage, he certainly wouldn't have informed the company of the flaw first. He's also repeatedly pointed out that it was the protected @FraudeVotar Twitter account that published the core details of the e-voting internals, not him. That apparently didn't matter to the Argentinian legal system.
This isn't the first problem facing MSA and its e-voting technology, which is being used in Buenos Aires elections for the first time. Two weeks ago, the source code for the company's Vot.ar technology was leaked to Git.hub. A number of researchers also discovered that a smartphone with NFC capabilities (pretty common at this point) could be used to create a specialized e-ballot, capable of tricking the system into counting a single vote numerous times. And this is all before you realize that in many instances, the technology Argentina is using just doesn't appear to work very well:
"Earlier today, the Argentinian site La Política Online reported that 532 polling stations were unable to transmit their results electronically to the central electoral office, and had to be transported there physically for the 184,000 votes involved to be included in the final result. As the article points out, although this failure won't change the outcome of the election for the head of local government in Buenos Aires, it will make a difference to the allocation of seats in the legislature and community boards."So not only is MSA's e-voting system completely open to several vectors of fraud and attack, it works so damn well you need to physically move the machines back to the central office to count the tallied votes. Meanwhile, Argentinian locals are claiming that the same Judge that thought it was a good idea to authorize the police raid on Sorianello's home, has also ordered Argentinian ISPs to block many of the websites where details on the e-voting flaws and source code can be found (like justpaste.it). Surely if you stop people from discussing the obvious flaws, the problem magically goes away, right?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: argentina, arrest, blame the messenger, e-voting, joaquin sorianello, security, vot.ar, vulnerabilities
Companies: msa
Reader Comments
Subscribe: RSS
View by: Time | Thread
Amirite?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
FTFY
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Both of the very corrupt parties rise to power creating laws that service the political elite.
No matter how much you see or hear Hillary/Bill, Bush, Boehnor/Mitch or Obama talk trash about each other they all have a dark agreement between each other that they will enjoy the power that each party brings into power as the retarded voters like yourself just keep voting.
If they really hated each side all that much a bit more repeals would happen but they don't. At most repeal is only talked about to stoke their bases while in the end nothing actually ever happens except more expansion of the law.
Blacks are still getting gunned down all the same whether a Black man is in charge or not, whether that DemocRat or RePuke is in power or not.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Are you talking about black on black, white on black, black on white, black police on black, or white police on black killing?
At any rate, I fail to see how a black president would change anything about murder rates or why anyone would have an expectation that it would.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Who raises their voices more often demanding minimum sentencing? Who initiated the war on drugs?
Yup, everyone but those with whom you agree are morons and should not be allowed to vote - American Exceptionalism right there.
Tell me again how both parties are the same. It must be true because cops are still gunning down minorities even though the president is part minority.
[ link to this | view in chronology ]
serves him right.
Now we can't rig the election like we were planning.
[ link to this | view in chronology ]
Re: serves him right.
I think his failure was not having enough gold.
[ link to this | view in chronology ]
Re: serves him right.
If it was the government rigging the election, it would certainly explain the wild overreaction to him pointing out that the election security was compromised.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Argentina The US What Is The Difference? A Statist Thug Is A Statist Thug
[ link to this | view in chronology ]
Re: Argentina The US What Is The Difference? A Statist Thug Is A Statist Thug
[ link to this | view in chronology ]
We just pretend our systems are secure.
No need to swat somebody if we can pretend the systems are secure.
[ link to this | view in chronology ]
Priorities
What do you want to bet that one thing the judge hasn't done is to order the flaws fixed.
[ link to this | view in chronology ]
Let's see - ban it and no will use it to break a law
Because we all know that if it's illegal then no one will be able to do it right? Sounds like anti-gun, anti-drug,anti-bullying, etc.. arguments to me - make the "insert bad item of your choice" illegal/hidden and no one will be able to do bad things with it. IE: Don't let anyone expose the flaws in the system, then no one will be able to exploit them for bad things.
[ link to this | view in chronology ]
Seems like the grabblers are at it again.
[ link to this | view in chronology ]
We live amid systemic corruption, and sort of as a whole manage to thrive in it. This means that in order to get a govt contract you need to make powerful friends, and those powerful friends can make you virtually invulnerable to the hurdles the system would otherwise present to john and jane doe with their small business.
MSA is in this regard not even specially evil; they as a company happen to be very good friends with all the right people, and thus can pull shit like this while some shmoe's corruption scandal or someone else's domestic abuse situation or whatever can spend months unattended.
For us, progress happens when excellently connected people happen to have needs that accidentally map with random people's needs. It might be a common thing everywhere, but for some reason or another it just feels much more explicit here than in other places, hence the need to come here and comment.
[ link to this | view in chronology ]
but this will be implemented in your country pretty soon.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]