Argentine police raid programmer who discovered fatal e-voting flaws


Joaquín Sorianello found the defects in MSA, manufacturer of the Vot.ar e-voting system, and the next he heard about it was when the police came to his house, seized every piece of electronic equipment.

The Vot.ar system's cryptographic certificates are easy to extract, creating an easy route to manufacturing fake voting totals or simply overwhelming the service. Vot.ar is set to be used in an upcoming Buenos Aires election. The judge who issued the warrant for Sorianello's equipment has also sent injunctions to ISPs to block information about the insecurities in the voting system.

"The truth is amazing, you notify the company that they have a failure in their voting system and the next thing they do is (raid my home) instead of looking for the real culprits..."I'm just a programmer, I'm not a hacker." Sorianello told La Nacion that he contacted the police station in Caballito to corroborate the raid: "They said yes, but they could not tell me why or how it was going to take." He also said he did not receive any call from the company (after having told them about the flaw a week) ago."

... This isn't the first problem facing MSA and its e-voting technology, which is being used in Buenos Aires elections for the first time. Two weeks ago, the source code for the company's Vot.ar technology was leaked to Git.hub. A number of researchers also discovered that a smartphone with NFC capabilities (pretty common at this point) could be used to create a specialized e-ballot, capable of tricking the system into counting a single vote numerous times. And this is all before you realize that in many instances, the technology Argentina is using just doesn't appear to work very well:


Argentina Rewards Programmer Who Exposed E-Voting Vulnerabilities With A Complimentary Home Police Raid [Karl Bode/Ars Technica]