Sijmen Ruwhof, a security researcher from Holland who has examined the software used at Dutch polling stations to send election results, has claimed that “the average iPad is more secure than the Dutch voting system”, ComputerWorld reports. The researcher was asked to examine the security of Dutch voting systems after the local television station RTL found out that weak SHA1 cryptography was used in certain parts of the system.
The Dutch government banned electronic voting on security grounds in 2009, which is why the elections have been using paper-based voting since then. But once the vote is cast, election officials use electronic systems to send manually counted votes from each district. The counting data is transferred and shared on USB sticks, with the final tally going to the central Electoral Council in a digital file. This clearly shows that the data being shared electronically at multiple points during the result calculation, may not be so secure.
The voting software can even be installed on personal devices, Windows XP, and non-current versions of web browsers, the researcher said. “Anyone with a certain level of IT-security knowledge will tell you that a computer cannot be trusted,” Ruwhof explains. “Whatever steps you take to secure a computer, it will always be possible to hack it. And against state-sponsored hackers you have almost zero chance.”
Just last week Dutch Home Affairs Minister, Ronald Plasterk, ordered an investigation to explore the possibility of its forthcoming March elections being vulnerable to interference. News that the Dutch system is less secure than an iPad will likely fill no one with too much joy.
It must be highlighted that both the Dutch and US voting systems use Windows XP, with neither system appearing to have been designed with security in mind.