Average iPad better secured than Dutch voting system: cyber security expert

Hilversum vote
Voters show up early to cast their ballots in Hilversum (photo: Gemeente Hilversum / Twitter). A voting station in Hilversum (photo: Gemeente Hilversum / Twitter)

The software used at Dutch polling stations to send election results, is outdated and very vulnerable to hackers and there are not enough rules around where and where the software can be installed, according to security expert Sijmen Ruwhof, who investigated the software on behalf of RTL Nieuws. According to Ruwhof, "the average iPad is more secure than the Dutch voting system".

Dutch voters fill in their election ballot with a pencil. The vote count is also done by hand, but the results are forwarded to a central point with the program Ondersteunende Software Verkiezingen (OSV). The Electoral Council installes that program with a CD-ROM. According to Ruwhof, the biggest problem with this is that the program can be installed on any computer, including on old computers that are not properly protected.

For example, if the program is installed on a old computer using Windows XP, for which Windows stopped security updates in 2014, and that computer is connected to the internet - the Dutch voting system is open to malicious software that can be used to change the results. 

Votes are also stored on unprotected USB sticks at polling stations, which are then taken to a regional point. There the votes are counted and added together using the OSV program. The system also works with figure lists that are processed through an unprotected Excel file. According to Ruwhof, it is almost impossible to verify whether such a file had been tampered with. 

Last week Minister Ronald Plasterk of Home Affairs announced that he ordered an investigation into whether the parliamentary elections in March are vulnerable to manipulation by hackers from other governments. The investigation will look into possible vulnerabilities in the voting process, the people involved in the election and the provision of information, NU.nl reports. Should there be reason to think that the OSV program was tampered with, the paper results can be double checked. 

According to Plaster, there are no indications that other countries tried to influence Dutch elections in the recent past. American specialists warned that with influence operations during the elections, similar to what happened with leaked emails from the Democratic Party during the run up to the American elections. 

Tags: