The Ministry of the Interior has tacitly reversed important security measures around the elections. This is shown by research by RTL Nieuws. The result is therefore not safe, according to IT experts.
These measures were taken last year, after RTL News research showed that the software with which votes are added was full of leaks. Hackers have the opportunity to influence the election results due to the unsafe software.
Former Minister of the Interior Ronald Plasterk came into action. Everything that happened around the counting of votes had to be in the presence of at least two people and all the votes were added not only with the computer, but also manually. The current minister Kajsa Ollongren is now reviewing these measures
The idea behind this decision is that the new version of the software is sufficiently secure against hackers and that two people are always involved in the input of numbers of votes. Moreover, the computer with the counting software is no longer allowed to be connected to the Internet, which was allowed during the Ukraine referendum in 2016.
Software not safe
Experts who researched the new software at the request of RTL News say that safety is out of the question. "It is still badly protected software," says independent expert and ethical hacker Sijmen Ruwhof. He found more than 50 security problems (.pdf), of which a 'criticism' and ten with a 'high risk'.
Ruwhof thinks it is unbelievable that malicious parties can fill in the number of votes in the database of the software. "The software believes everything: there is no integrity check, no fraud detection and no intrusion detection: the election software is fine."
That's how it works:
Research reporter Koen de Regt explains what's wrong with the voting software.
"Some progress has been made compared to last year," says ethical hacker Ger Schinkel. "But more could have happened, it is disappointing, the program uses obsolete Java software, while Java knows that if you are a cheese, you do not keep it up to date." According to Schinkel, Fox-IT's recommendations have not been adequately followed.
Dutch best-known hacker and founder of XS4all Rop Gonggrijp thinks it is 'shocking' that is relied on unsafe software. "10 years ago we have already shown that you can not rely on voting computers. 10 years later the weather happens. The errors are still not fixed. It has no urgency. That really matters to me, "says Gonggrijp
and that computers with the software are not allowed to be connected to the Internet, does not matter for the danger, says safety expert Arjen Kamphuis. "We have been in the 21st elections for half a year, and a smart attacker can also hack all the community computers a month in advance if they are still on the internet."
The Electoral Council recognizes the vulnerabilities, but is still convinced that the current software and measures are sufficient to organize safe and reliable elections. "We have to do this with this software and if municipalities adhere to the guidelines, the risks are limited," says secretary-director Melle Bakker of the Electoral Council in a reaction (.doc).
Moreover, municipalities have been asked to to publish results online. "Attentive citizens or candidates can still call in after the elections," says Bakker. He understands the deletion of the manual calculation of the result. "That went dramatically during the previous election, but sometimes it had to be repeated four times, because errors were always made."
Because manual counting leads to extra errors, according to a ministry spokesman afterwards thus made possible. People who want to check the results will be given the opportunity to request documents and files after the elections. There are still at least two persons present when entering the numbers.
Fox-IT does not want to give an opinion on the measures taken. "We made recommendations last year and it's up to the customer what it does with it," says a spokesperson.
More on rtlnieuws.nl:
Column Bart van den Berg: Uninvited guests