Results Collection
| Phase | Process | Sub- Process | Vulnerability/Threat |
|---|---|---|---|
| Election Day | Results Collection | N/A | Lost ballots or scrutiny acts during the transportation to the result collection center: Results might not arrive to the collection center, due to obstruccions in the way to the center or stollen ballots or scrutiny acts. |
| Election Day | Results Collection | N/A | Intrusion in the results transfer Not authorized people may intrude within the procedure of information transfer to the result collection center. |
| Election Day | Results Collection | N/A | Results collection takes too much time: The result collection process is affected by inopportunes that were not taken into account which affects the rapidity of the counting of the ballots. |
| Election Day | Results Collection | N/A | Time frame to receive results is too short: If the time frame for the results collection is too short, some isolated polling centers may be late handling its results and might be out of the scheduled time. |
| Election Day | Results Collection | N/A | Main process for result collection does not work: If result collection is done electronically and the assinged infraestructure is not working, a contingency plan must exist. The new process to gather the results must be efficient as well to handle the results in the estimated time. |
| Election Day | Results Collection | N/A | The result collection of remote places is not done: The votes coming from difficult to access polling places are not collected therefore their votes are not taken into account. |
| Election Day | Results Collection | N/A | Forgery of system components: An attacker replaces the e-election system, or parts of it, with counterfeit elements or presents false components as genuine system parts. This threatens system integrity, but may also result in arbitrary compromise of assets. Application note: the threat is also vital if in remote e-voting scenarios the attacker redirects the voter to counterfeit systems, such as Internet voting servers that look similar to the original official servers. One example is if the attacker controls the domain name service (DNS) and redirects connections to an official server – for example www.voting.official.at – to a different Internet address. A similar situation can occur if the attacker owns a domain name that is spelled similarly – for example www.voting.oficial.at (note the typo) (Council of Europe) |
| Election Day | Results Collection | N/A | Confidentiality of communicated data from voting stage An attacker gains knowledge of communicated votes. |