Buenos Aires raids whistleblower of bugs in election software; ISPs ordered to block several websites
A local judge in Buenos Aires has allegedly ordered a raid on the home of a technologist who had disclosed insecurities and weak spots in the source code of the software which will be used to tally votes in the second round of the Argentine capital's upcoming mayoralty elections.
A blog post from the website of the digital rights group Electronic Frontier Foundation details the actions made by the judge, identified as Maria Luisa Escrich. The group alleges that Escrich ordered the raid on the home of programmer Joaquin Sorianello, resulting in several of Sorianello's personal belongings, such as his computers, e-book reader and other devices being taken.
Escrich also demanded that the country's National Authority for Information and Communication Technology order Argentinean ISPs to block all access to five URLs on the justpaste.it domain, where the information on the software's vulnerabilities were being consolidated.
The government action against Sorianello started back in June when the programmer notified the developer of the electronic voting system Vot.ar, Magic Software Argentina, that the private SSL certificates that are used to transmit data between the polling centers and the central servers were actually publicly accessible and downloadable. This vulnerability means that an attacker could influence the results of the election by sending fake numbers to the central server.
A group of independent researchers also discovered an issue in the system which allegedly lets a special electronic voting ballot to be counted more than once. MSA has denied the validity of these issues.
An added complication to the issue is that the Vot.ar system from MSA is not an entirely digital system. Instead, Vot.ar uses a paper ballot embedded with an RFID chip that gets printed with the voter's choices at the time of voting.
According to Buenos Aires newspaper La Nación, Sorianello has protested about the raid on his home, saying that if he had wanted to hack the system or do some damage, he wouldn't have warned the company about the vulnerabilities.