Electoral juries tear up unmarked ballot papers after the legislative elections in Colombia, on March 13 of this year. LUISA GONZALEZ (REUTERS)
At the entrance to one of Gustavo Petro's campaign headquarters, in the La Soledad neighborhood, a group of people line up for a meeting of electoral witnesses.
A man in a green vest and cap appears at the entrance and says that he has come to offer himself to “take care of the votes”.
He is a recycler and has been a witness before with his wife, he says.
This time he wants to do it too.
There are two weeks to go before the first round of the presidential elections and in the campaign of the left-wing candidate, who is leading the polls, they consider that, that of the electoral witnesses, is the great bet to protect themselves from what may happen with the votes.
They hope to summon 200,000 people for this work, 137,000 more than those who gathered for the legislative elections.
But it is not the only one.
“It is also the technical force.
The decision was made to create a technical team that can find the electoral truth through data analytics and database cross-referencing,” explains Gustavo García, director of Electoral Control for the Petro campaign.
It was his learning, he says, after the legislative elections in which they detected the lack of 569,813 votes in the pre-count and which were clarified during the count, which is the one that has legal validity.
Álvaro Echeverry is the lawyer who detected the absence of those votes.
In his office, which is known as the Claims Factory, is the headquarters of operations from which they verified in real time that there were zero votes for the Historical Pact in 29,425 polling stations and warned that something similar was happening in other parties.
"My slogan is that you have to spend the money to get the votes and the other half to take care of them," says this lawyer, who knows the depths of the electoral system, because he worked 26 years in the Registrar's Office and reached the second position of the organization.
A year ago - he tells his office in Bogotá - he convinced Petro of the importance of investing in electoral control and security and put together a team of 3 developers, 5 programmers and 60 people who do data analytics for Ingenial Media.
The night of the elections, they received the files of the tables of the 109,000 voting tables and searched for 5 variables: that there were no parties with a concentration of votes in a given table, that there were no candidates with a concentrated vote within them, that there were no there were parties and candidates with a concentration of votes, participation rates that have no historical character and the examination of the zero tables.
His work allowed to recover the votes and increase the number of seats in Congress for that movement.
Álvaro Echeverry, director of electoral control of the presidential campaign of Gustavo Petro. Gladys Serrano
”In Uribismo they say, why did they find out? Is it that they have contacts with the Registrar?
The answer is no, all parties had the same information.
The answer is because we prepare.
Now, all the parties hired experts”, says the lawyer while showing minutes in which 48 hours before the elections, magistrates of the National Electoral Council warned the Registrar that the pre-count software was not stabilized.
In the campaign of Federico Gutiérrez, second in the polls, they are also looking, through their website, for volunteers to be electoral witnesses and, as this newspaper learned, they also hired a former official from the Registrar's Office to do the same as Echeverry.
But the search for volunteers has already generated problems and infiltrators.
Miguel Ángel del Río, lawyer for convicted congresswoman Aida Merlano, said that they had “infiltrated Federico Gutiérrez's campaign to find evidence of how that campaign buys votes.
EL PAÍS asked the campaign how they are preparing, but at the close they had not responded.
The voices that scream fraud
The fear of electoral fraud has been one of the ghosts most mentioned by political parties on the left and on the right.
Not only after the inconsistencies in the pre-count of the votes last March;
Since 2018, both Petro and former conservative president Andrés Pastrana have been encouraging that possibility.
And it is called a ghost because no one guarantees that he has been able to see it, but everyone believes that it is there.
Digital experts, however, do not dare to make such an important statement that it could even further heat up the country's political environment.
However, several of them do recognize that there are "vulnerabilities" and warn about a lack of transparency.
Karisma, an expert foundation in digital security and social rights, has been monitoring the scrutiny software since 2018. Its findings speak clearly of the risks.
"Our conclusion is that the software is vulnerable, that it has not been designed to be controlled, that an independent audit of the scrutiny system has never been carried out," Pilar Sáenz, a physicist and Coordinator of the Digital Security Laboratory, explained to this newspaper. privacy K+LAB of Karisma Foundation.
"There are many opportunities for improvement in terms of transparency and access to information generated in the electoral process," she says about her observation work.
A complex electoral system
Technology is just one part of the complex Colombian electoral system, which is mixed.
Voting and pre-counting are manual, although a company with disclosure software participates;
but the scrutiny is assisted by a software program that the State contracts with a private company, in this case Indra.
In the first part of the process there is a wide panorama of electoral crimes that Transparency for Colombia has documented and ranges from constraint to the voter, fraud in the registration of identity cards, corruption of the voter known as vote buying, delay in the delivery of documents related to a voting and alteration of electoral results, among others.
Only 111 of the 7,000 alleged electoral crimes from 2014 to 2021 reached formal investigations
But now, amid the country's political polarization, there is added concern about "tech fraud."
“There are valid reasons for people to be uneasy.
Not only because in Colombia, in general, there has always been the buying of votes or tamales in exchange for votes, but also because in recent years there has been darkness in the way technology is incorporated into the process," says lawyer Carolina Botero, director of Karisma and an expert in the defense of human rights on the Internet.
The Registrar presents the electoral ballots for the 2022 presidential elections in Colombia. Sebastian Barros (Getty Images)
It is a cocktail with three specific factors.
“Citizens' legitimate doubts about the way in which the National Registrar (Alexander Vega) has made hiring decisions;
two partisan ecosystems (right and left) talking about fraud since 2018;
and the institutionality that fails to calm or explain the gaps,” says Cristina Vélez, from Linterna Verde, an organization that investigates how public opinion is built on social networks.
“The preliminary results seek to give confidence, that on election day people go to sleep peacefully and we don't kill ourselves.
Saying it now is much more important because that trust was what was broken,” adds Sáenz.
The year in which what Vélez calls the “fraud narrative” begins is key.
In 2018, the Christian MIRA party regained three seats in Congress after demonstrating to the Council of State that, in the 2014 legislative elections, "there was manipulation and sabotage of the software that managed the information system for the scrutiny."
Nor was it called fraud in that ruling, but the work done by that party, which for 5 months created a sort of parallel Registrar's Office, bringing together a thousand data entry clerks to review and transcribe the votes of 95,000 polling stations, served as the basis for the way in which parties are preparing for the current elections.
In addition, it created a precedent for the electoral process because it ordered the Registrar's Office to make changes to the current contract.
Vulnerabilities in detail
The contracting of the electoral system in Colombia is full of twists and turns.
However, there are two companies that share the two major parts of the process.
The Temporary Union Disproel (Distribution of Electoral Processes), which has been working on the Colombian elections for 20 years, is in charge of the pre-count (from the polling stations, its employees dictate the data by telephone to a reception center), digitizes and disseminates the information that can be seen on the Registry's website;
and also, through Thomas Greg & Sons, it moves the bags with the votes and the forms, which go to the count.
The other is Indra, a Spanish technology company that has a contract for the disclosure of the pre-count and, in addition, designed the software for the count, whose property is the National Electoral Council.
However, they work interconnected.
“And there are black boxes in both (areas that are not accessible),” explains Stéphane Labarthé, digital security expert at Karisma, who worked at the French Data Protection Agency (CNIL).
Something that the Electoral Observation Mission (MOE) and the Pares Foundation have also denounced: by not accessing the source code of the software they cannot know if all the components work well.
The Registry argues that it cannot give access to it because it is a company that rents that program to the State for 4 years.
None of them has been able to know the results of the software audit carried out by the Registrar because there is a confidentiality clause in the contract, warns the lawyer Juan Pablo Parra.
Graphic of the Karisma Foundation, on the pyramid model of electoral software in Colombia. Karisma Foundation
It is a pyramidal system, which separates the zonal and municipal information from the national and with two different softwares: Disproel's is installed on 2,700 computers, while Indra's is a web application.
“So it's not just knowing the code installed on each of those computers, traceability is also important.
That's one of the vulnerabilities.
An electoral system must guarantee integrity and that in none of the stages will the results be altered”, says Labarthé.
The digital security expert assures that it is necessary to think that in each one of those points of the pyramid the results could be altered.
"It is not only in the forms at the beginning, but in the server databases, in many places an alteration could be thought."
So far no one has said that the system has been attacked, but from different sectors they criticize the lack of transparency and access to the technical details of these systems.
Álvaro Echeverry, of the Petro campaign, says that a “real and effective audit has never been carried out that allows electoral fraud or the different forms of electoral fraud to be foreseen and that allows it to be avoided in time.”
The only solution, affirms the lawyer, is the preparation of the parties. "If no analysis is done, everything dark that happens at a voting table remains dark."
“When I say black box I am not saying fraud, I am saying that in Colombia there is no operating procedure that allows the audit to be done in real time,” he clarifies.
And the Karisma Foundation assures that one of the most worrying issues is that "there are no guarantees in the software that seeks to avoid improper access and modifications from the servers."
In addition to the fact that "the software does not have a system that verifies that the information that comes out of the departmental level of the count is the same that enters at the national level."
With the word fraud everyone is careful.
“When we say the system is vulnerable we are not saying that it was hacked and there is fraud, that it is vulnerable and that there are transparency problems is that we cannot have full confidence in what is happening there”, explains Pilar Sáenz.
That of trust is the core of these presidential elections and that is why the parties continue to assemble their teams for May 29, when the electoral system will be put to the test.
Follow all the international information on
and
, or in
our weekly newsletter
.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/NZ3KWMFSD5GELFE3GLHUROE4FE.jpg)
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/RHYRDMQQ7BG5JOUSKAXBLKE6YE.jpg)
