Experts: the risk of compromising the elections is from “Information Service”, not from the machines

The IT-expert Atanas Sharkov advised the government on the information security of the machine voting, but ten days ago Prime Minister Stefan Yanev quietly dismissed him. Then he was publicly attacked by GERB. The reason: Sharkov’s stance on transparency and traceability of the processes, which are monopolised by the supplier of the machines “Siela” and the state company “Information Service”. This raises the risks of manipulation and compromising the whole election result.

Sharkov commented that the attacks by GERB against him personally were probably the result of the discoveries he and the caretaker government had made in the CEC. In his words, GERB’s reaction is normal because the party is scared of the facts that are coming to light. The expert made the reservation that he himself is also very worried about what he found in the CEC. He stressed that he has never been part of any political party, but is a principled advocate for transparency and the rule of law as a member of the Justice for All Initiative.

“Information Service” holds both the key and the lock

For IT professionals, several key points are apparent that creates a sense of uncertainty in the election process. The most serious concerns are about the lack of transparency in the counting process, which has been delegated to Information Services. There are currently over 11,000 machines that will produce respectively over 11,000 files with election results in CSV format signed with an electronic signature. These are over 11,000 files containing strict voter information. The insertion of the information from these files (protocols) is automated, but none of the experts, neither inside nor outside the CEC, know exactly how this will be done. There is no guarantee that 2+2 will make 4 and not as many as Mikhail Konstantinov’s staff at Information Service demand.

The file is produced by an encrypted system, but it is problematic that it is then written to a flash drive. There is a serious risk that someone who has access to these files could mix up the information in them or manipulate it, even without changing the number of voters in any particular section. At one point, 105 preferences for candidate X could turn out to be 105 preferences for candidate Y. All the data in this file can be swapped, even arbitrarily, and if the attack is well done, no trace of it will remain.

This is possible because the electronic signatures that protect the files are issued by Information Services. Those who have to process and store the information are the same ones who give the key for its encryption. If desired, their employees could manipulate the information without leaving a trace.

CEC does not have access to the keys

The very system on which the machines are based is open source code. Its security is guaranteed with “keys”. No random person can install software unless the software is signed with a “key”. This is the first level of protection. Without the “key”, there is no way to install, for example during transport hostile software in the machine. The first level of security encrypts all information in the machine. The other keys are in the smart cards issued by Information Services – they are of two types. One is for the voters, the second is for the chairs of the JECs. These keys ensure, for example, that a card cannot be used to vote consecutively. According to experts from the IT sector, these keys in our country are almost “homeless”, because they are currently managed by Smartmatic and Siela. For elections to be transparent and fair and secure, the “keys” must be held by the CEC. To date, Bulgarian society has relied on Smartmatic to protect the electoral process in our country because of the need not to compromise its business.

The fact is that “Siela” also has access to the “keys”, which raises the fear that the PP GERB will also have access to them.

As instructed, the information flashcards and cards will travel together in envelopes after Election Day. Thus, there is a hypothesis that if 5-10 chairmen of CECs are found all over the country, while the data is travelling to some REC, with a deliberate program they will be able to mix up the data in the protocols to compromise the electoral process. So they will give

Reason to request the annulment of the elections

Experts consulted by bird.bg predicted that this would be one of the most likely attacks in the upcoming elections.

Despite the presence of many IT specialists who are competent in this issue and who consulted our team, only Atanas Sharkov, a former expert of the caretaker government in the CEC, stood with his face to comment on the situation and the dangers before the July 11 elections. Sharkov has been working for 25 years on various IT projects. In addition to developing code, he leads or manages them. This is mainly in the areas of digital security and electronic payments.

Sharkov said he ended up in the CEC because the caretaker government was facing a “chasm” in the management of the machine voting process. “As soon as I read the contract for the supply, which was concluded in the winter, of the notorious 9,600 machines, it was clear that this supply was carried out without observing the necessary rules for the supply of complex information systems,” Sharkov said, commenting that this did not look like a contract for the supply of an information system, but rather was a contract for the supply of “mice”. What was missing was specificity – the intellectual rights, the rights related to the use of the system and the possibility of modification without the intervention of the manufacturer were not clearly regulated. It is clear that the system is open source, but the documentation that would lead to the successful operation of this system was completely omitted. “The basic documentation that allows installation, configuration and its modification in order to organise different types of elections is completely omitted.” This is a complete omission of the contracting authority, the expert believes. “For me, this contract is a rather disgraceful creation, which is also a shame for the IT sector in Bulgaria that we have allowed this to happen without the necessary reaction of the community.”

Sharkov believes that it is difficult to give a clear answer whether the CEC is capable of implementing a secure electoral process for 11 July. According to him, a series of mistakes have been made in commissioning the development of the system over the last 7 years. The process has been managed formally on the one hand and absolutely non-transparently on the other. There was a lack of baseline documentation for the architecture of this system because the need for this code to be researched and audited by many specialists was neglected. According to him, there is no specialist who within 2 days or 3 days is able to study the system in detail. Now, for the first time, a public software audit is set to be carried out by representatives of the various parties, industry organisations, BAS, etc., “but in three days this is an absolutely impossible process.”

Under the GERB government neither the IT community nor individual experts had access to the machine code, which is against the standards of publicity and transparency. Getting access to open source code was the hardest part of Sharkov’s job:

“We got it, but we got it in an abnormal way”

Individual pieces of code have been provided over time by Smartmatic, but not in their entirety. This code should have been obtained by the Bulgarian state a long, long time ago, at the very first elections when these machines were used.

“This source code allows us to evaluate the quality of the technology on the one hand and its security on the other.”

However, this evaluation clearly did not happen. At the moment, only the manufacturer of the machines has the full know-how to change their software, which is a problem:

“We continue to be dependent on the manufacturer of the software in question, not Ciela as a supplier, but the company Smartmatic. There is a lot of controversy about what this supplier is, but they are a company that has worked all over the world and all over Europe. I think they have the know-how, but for what reasons it has not happened (to be transferred) in Bulgaria, I cannot judge. The interesting thing is that we are one of their biggest clients, but their project in Bulgaria is not announced on their website, for example their project in Albania or Belgium is announced, but the Bulgarian project is not.”

CEC are hostages

Even though we already have the open source code, our country does not have the documentation on the development of the product and is not able to modify it for its needs, which is the idea of using open source. When the contract was awarded, it was more than logical that such a condition, for assistance from the manufacturer in adapting the technology to local legal requirements, for example, should have been included in the contract. However, this has somehow been overlooked. “This is the first time the current CEC has started negotiations in this direction with the manufacturer.”

Sharkov is convinced that the problem is primarily at the legislative level and “the CEC are a hostage in this process”. According to him, there is a lack of knowledge at the political level, but there is probably an intention to discredit this process. When the digitisation of the electoral process was launched, it should have been based on trust and transparency, Sharkov said. He stressed that the technology of the machines is rather old-fashioned, first generation, Windows 10 development level and reported as the most serious problem the fact that the information from the machines is uploaded on flash drives that go to “Information Service”. The threat is not only in foreign software, he is sure:

“The process itself in Information Services is quite undocumented and untested. Administrative capacity is lacking.”

Government experts were not allowed to inspect the operations and security levels at Information Services. In the machines part, Sharkov expressed that he was calm, but in practice there was no unified system to protect the whole process and the system relied on cryptography. The omission is that the CEC has never had the IT expertise and potential to manage such a system, probably because no real efforts have been made to digitise the electoral process.

Meanwhile, the CEC announced that the July 11 elections will be held with the software installed on the machines for the previous elections under the government of Boyko Borissov. And for a real audit, as it turned out, there is no time.

UPDATE: The position of Information Service published after the article was published can be seen here.

***

За да научавате преди всички за нови разследвания, инсталирайте си нашето мобилно приложение:

Щом сте стигнали дотук, вероятно вече си задавате въпроса как се финансира този журналистически проект.

От създаването си BIRD се финансираше от подаяния в нашето журналистическо чекмедже.
Но на чекмеджето му мина времето. Даже прокуратурата затвори онова Чекмедже, знаете кое…
Нашето финансиране влиза в крак с епохата. Фондонабиращата ни кампания вече се казва

#МятайСБЪРД

Дарявай за BIRD и мятай павета в блатото с корумпирани политици и други тарикати.
Те тайно премятат пари от твоя джоб в своя. Те размятат безнаказано лукса си пред очите на всички. Няма кой да ги накаже ако се надяваш на държавата.
Мятай, за да ги накажеш ти. Да дариш за разследващите журналисти е гаранция, че гадостите, с които силните на деня те замерят, ще им се върнат.
Можеш да метнеш веднъж, за да ти олекне!
Но по-добре е да мяташ редовно всеки месец и да се чувстваш трайно удовлетворен.
А най-добре е да доведеш приятели и да мятаме редовно заедно в екип. С мощен залп!
*За кръстник на новата ни фондонабираща кампания избрахме другарката Ваня. Благодарим й за вдъхновението!