Until 25 October, SPD members can vote by ballot or online for their favorites for the future SPD leadership. That all members can give their opinion over the net, is announced in a companion video as "premiere" - but with the ballot a controversial procedure is used.
In a blog post has Christopher Lauer, ex-pirate politician and ex-SPD member, now made aware of the problem and demanded that the SPD "should turn off the voting computer and send the registered members there absentee voting documents."
Lauer puts forward five arguments against online voting:
- Members registering for the poll will receive a link via email to a page where they must enter their SPD membership number and date of birth to receive a pin code for the e-voting. According to Lauer, however, any person who has access to the dates of birth and membership numbers of SPD members can authenticate themselves to the system, say, any leader of an SPD local chapter.
- Apparently, the system allows only one e-mail address to be provided for different SPD members. It is thus incomprehensible whether a single person votes for all voters - if, for example, all family members are SPD members and use a common e-mail account.
- The vote was also incomprehensible: "The system shows me that I have voted for candidate 1, but I know whether the system actually counted my vote for candidate 1?" Lauer writes: "No."
- Lauer also emphasizes that the process, like all online methods, is susceptible to phishing, ie attempts to access access data. In addition, an online database that stores the voting results is a potential target for hacker attacks.
- And finally, the former party member emphasizes that even the SPD itself could not understand the result of their online vote, since the encryption could not trace who votes. Thus, the SPD could rely only on the ultimately generated vote result.
The Chaos Computer Club has repeatedly pointed out the weaknesses of voting computers in recent years and rejects "cyber voting" in principle. "Elections should be free, secret and generally comprehensible, but making them both secret and comprehensible is not feasible with a computer," says Linus Neumann, hacker and spokesman for the Chaos Computer Club (CCC), SPIEGEL. "Either the votes are secret, but then the conclusion of the result is incomprehensible - or the conclusion of the result is comprehensible and the votes are no longer secret." Voters could not trust the system because they could not understand it and understand it.
Vulnerabilities in tests in Switzerland
In the past few months in Switzerland, there has always been anger about a voting system developed by the Swiss postal service of the Spanish e-voting world market leader Scytl - whose software is also used by the SPD. Also in other countries like Ecuador it came to breakdowns with Scytl systems.
"As the republic magazine recently showed, Scytl is not even able to perform so-called e-counting correctly, that is, paper sheets electronically supported count," says Hernâni Marques, speaker and board member of the Swiss CCC, the SPIEGEL. In the European elections in May, numerous votes were cast in Spain on right-wing rather than left-wing parties. "As far as online voting is concerned, Scytl has completely failed and shown to have no idea of the underlying mechanisms," says Marques.
At the end of February, Swiss Post, which implements the electoral system in Switzerland together with Scytl, asked hackers and security researchers to test the source code of the e-voting system during a penetration test. Canadian crypto researcher Sarah Jamie Lewis and her team uncovered vulnerabilities that could allow potential attackers to change voices unnoticed. At that time, Lewis warned of the danger of central manipulation by insiders - for example, that "the Swiss Post can prove that it has not manipulated an election, even if it has done so".
For voting inappropriate
The system of Scytl was "not suitable for a party question, let alone for an official election, as was intended in Switzerland," criticized Hernâni Marques of the Swiss CCC. "The mistakes are so serious that the parliamentary elections in Switzerland take place for the first time in many years without Internet voting." The procedure is currently suspended - in 2020, a new e-voting system will be presented. A Swiss popular initiative calls for e-voting experiments to be put on ice longer.
Marques generally considers it irresponsible to allow online voting with private, potentially insecure devices and any browser on e-voting websites.
The SPD wants to continue to allow its members despite the concerns about the online election process to cast their vote over the net. On SPIEGEL inquiry it is said by the SPD that "100 percent security" can not be guaranteed at any ballot, either online or offline. Already in the past year, however, the SPD members living abroad had voted online with the help of Scytl on joining the Grand Coalition. "I am sure that we will once again experience a smooth and secure voting procedure with Scytl," said a SPD spokesman.
The vote of the vote is to be announced on October 26th. In Berlin, the Federal Party Congress of the SPD will meet between 6 and 8 December. He should formally elect the winner of the membership decision to the SPD leadership.