Election Preparation
| Phase | Process | Sub-Process | Vulnerability/Threat |
|---|---|---|---|
| Pre-Election | Election Preparation | Contests | The Citizens do not know clearly the number of Contests to Vote: The citizens don’t know the number of contest to vote in their circumscription |
| Pre-Election | Election Preparation | Jurisdictions | Gerrymandering: Drawing electoral boundaries in order to produce a particular result |
| Pre-Election | Election Preparation | Jurisdictions | Non-Participation of all Stakeholders: Voters, EMBs, political parties, legislative bodies and NGOs do not participate on the creation of rules to delimit the electoral boundaries |
| Pre-Election | Election Preparation | Jurisdictions | Representativeness: The citizens within a jurisdiction share very different “views” on what the local government must do. Hence, there will never be a local government that actually represents all voters. |
| Pre-Election | Election Preparation | Jurisdictions | Unclear Jurisdiction Boundary: Whatever criteria is used to define the boundaries, these are not clear to assign voters to a certain polling place. |
| Pre-Election | Election Preparation | Jurisdictions | Operational and Logistic Problems because Jurisdiction Delimitations: Delimitation is good in terms of all criterias, but in terms of operational considerations, introduces problems (e.g. is too big, hence difficult to manage). |
| Pre-Election | Election Preparation | Jurisdictions | Unequal Voting Strength: Electoral jurisdictions of the same level (e.g. county) have a very unequal representation of voters: Jurisdiction “A” elects one representative with 500.000 registered voters, while Jurisdiction “B” elects one representative with 1.000.000 registered voters… the vote in jurisdiction “A” is twice as strong as in jurisdiction “B”. |
| Pre-Election | Election Preparation | Jurisdictions | Discrimination of Minorities: Minority groups are divided among different electoral jurisdictions in order to minimize the representation they can get. |
| Pre-Election | Election Preparation | Candidate Registration | Misleading Registration of Candidates/Parties: A candidate or party with no slight chance of winning but very similar to another who has, is registered in order to confuse voters. |
| Pre-Election | Election Preparation | Candidate Registration | Impersonating during candidate nominations: An attacker impersonates a proposer nominating a candidate. An attacker impersonates a candidate accepting/declining a nomination. An attacker modifies or deletes the list of candidates. |
| Pre-Election | Election Preparation | Candidate Registration | Burdens or additional bureaucracy are put in place to certain candidates/parties: Registering one candidate/party may be much easier than another. This may be for political reasons, disfranchisement, etc. |
| Pre-Election | Election Preparation | Candidate Registration | Disclosure of list of candidates information: An attacker prematurely gains knowledge of the list of candidates, or parts of it, or the candidate’s decision. Application note: there may be different domestic requirements governing whether a candidate’s decision may be disclosed. |
| Pre-Election | Election Preparation | Candidate Registration | Disclosure of personal data: An attacker reveals voters’ or candidates’ personal data. Application note: different domestic legislation on publication/disclosure of voters’ registers or candidates’ decisions may exist. |
| Pre-Election | Election Preparation | Candidate Registration | All Information regarding candidate/party registration is not made public: It is not transparent for voters to know the circumstances and conditions in which a political candidate or party registered for an election. |
| Pre-Election | Election Preparation | Candidate Registration | Non-Representative Candidate/Parties: There are no candidates/parties that represent considerable large groups of citizens within society. |
| Pre-Election | Election Preparation | Candidate Registration | Malfunction of systems or services in pre-voting stage: A malfunction irrecoverably destroys the list of candidates, or the voters’ register or the services provided by the nomination process or the registration process. Destruction of the voters’ register also affects the right to vote |
| Pre-Election | Election Preparation | Candidate Registration | Denial-of-service against the nomination process: An attacker disrupts the nomination process or its services; therefore the availability of the process during the nomination period is not ensured. An attacker prevents generation of a list of candidates. Disruption of the service also affects the candidate’s ability to make a candidate decision. |
| Pre-Election | Election Preparation | Candidate Registration | Manipulation of nomination period/time: An attacker compromises the time source of the nomination process or alters the recorded time when a nomination occurred in such a way that either persons nominated outside the nomination periods are accepted or those nominated within this eligible timeframe are disqualified. This affects the nomination period, the list of candidates, and the timeliness of the candidate’s decision |
| Pre-Election | Election Preparation | Candidate Registration | Candidate Picture/Party Logo do not Follow the same condition accross the Registry: Some candidate pictures have a yellow background, others have a white background… some have a closeup picture, in others is a full body picture… the resolution of the logo from one party is considerably lower than another one, etc. |
| Pre-Election | Election Preparation | Candidate Registration | For every Registry, there is no official authorization mark from the candidate/party: Registries do not have a signature (or biometric information) that provides proof of authenticity. |
| Pre-Election | Election Preparation | Candidate Registration | No trace of agent: There is no information of whom performed registration of a candidate/party. |
| Pre-Election | Election Preparation | Candidate Registration | No inmediate Validation by the Candidate/Party: After candidate/party registration is performed, the registered candidate/party is not allowed to check by itself if the information has been accurately registered. |
| Pre-Election | Election Preparation | Candidate Registration | Wrong or incorrect registration: Insuficient Quality of the data entered by the operator Transcription errors have been entered on the system, date fields are ambiguous, mandatory fields are missing, etc. |
| Pre-Election | Election Preparation | Candidate Registration | A recipt of successful registry is not given to the candidate/party No receipt that proves a successfully completed registration operation is given. This also applies for candidate/party driven modifications in the registry as well. |
| Pre-Election | Election Preparation | Candidate Registration | Changes in the registry are not notified Changes in a registry are not immediately notified to the corresponding candidate/party. |
| Pre-Election | Election Preparation | Candidate Registration | False Statement Register A candidate/party has the right to register, but makes false statements to gain certain advantages. |
| Pre-Election | Election Preparation | Candidate Registration | Registering when not entitled: A candidate/party is allowed to register when not entitled to. |
| Pre-Election | Election Preparation | Candidate Registration | Ilegal changes in the registry: A registry is modified without consent of the corresponding candidate/party. |
| Pre-Election | Election Preparation | Candidate Registration | Finding duplicate records within the registry takes “too much” time: Making sure that one candidate/party is not registered twice, or that one candidate/party is impersonating another one takes too much time. |
| Pre-Election | Election Preparation | Candidate Registration | Data consolidation from different sources: Candidate/Party registration takes place at different stations throughout a determined geographic area. The data from all stations must be consolidated into one central repository. |
| Pre-Election | Election Preparation | Candidate Registration | No backup of the registry: If by any reason, the data in the registry is damaged or lost, there is no backup. |
| Pre-Election | Election Preparation | Candidate Registration | Difficulty to generate backups of the registry: Generating a backup of the registry is very difficult and time consuming. This is particularly true in the case of a paper only registry. |
| Pre-Election | Election Preparation | Candidate Registration | Changes in the registry are difficult to identify: If a change in a candidate’s/party’s registry is made, there is not an easy way to identify that such took place beyond carefully reading each data field of all registries. |
| Pre-Election | Election Preparation | Candidate Registration | No post-validation by the candidate/party: At any given point after the consolidated registry has been built, candidates/parties are not easily able to validate that the information registered about them is accurate. |
| Pre-Election | Election Preparation | Pollworkers Management | Wrong or incorrect registration: Insuficient Quality of the data entered by the operator Transcription errors have been entered on the system, date fields are ambiguous, mandatory fields are missing, etc. |
| Pre-Election | Election Preparation | Pollworkers Management | False Statement: A person provides false information to be included in the registry (e.g. False age, false address, false nationality, etc.). |
| Pre-Election | Election Preparation | Pollworkers Management | Impersonation: A person impersonates another for the registry |
| Pre-Election | Election Preparation | Pollworkers Management | Biometric Information not Cauptured: Pollworker registries do not have a signature (or biometric information) that provides proof of authenticity. |
| Pre-Election | Election Preparation | Pollworkers Management | No trace of transaction and operators accessing the registry. There is no information of whom performed or requested (from a pollworker’s standpoint) modifications(insertion, update, deletion) to the pollworker registry. |
| Pre-Election | Election Preparation | Pollworkers Management | No validation of the pollworker, after a record has been entered or modified, the registered voterhas no means to check by himself if the information has been accurately saved. |
| Pre-Election | Election Preparation | Pollworkers Management | Private Information Leaked Private information of the pollworker is leaked to an unauthorized third party. |
| Pre-Election | Election Preparation | Pollworkers Management | Changes in the registry are not notified to the poll worker: Changes in a registry are not immediately notified to the corresponding poll worker. |
| Pre-Election | Election Preparation | Pollworkers Management | Changes in the registry are difficult to identify: If a change in a poll worker’s registry is made, there is not an easy way to identify that such took place beyond carefully reading each data field of all registries. |
| Pre-Election | Election Preparation | Pollworkers Management | Finding duplicate records within the registry takes “too much” time: Making sure that one poll worker is not registered twice, or that one person is impersonating another poll worker takes too much time. |
| Pre-Election | Election Preparation | Pollworkers Management | No post-validation by the poll worker: At any given point after the consolidated registry has been built, poll workers are not easily able to validate that the information registered about them is accurate. |
| Pre-Election | Election Preparation | Pollworkers Management | No backup of the registry: If by any reason, the data in the registry is damaged or lost, there is no backup. |
| Pre-Election | Election Preparation | Pollworkers Management | Difficulty to generate backups of the registry: Generating a backup of the registry is very difficult and time consuming. This is particularly true in the case of a paper only registry. |
| Pre-Election | Election Preparation | Pollworkers Management | Unequal poll worker hiring: Poll workers meant to work on a particular jurisdiction, but leaving on another one. |
| Pre-Election | Election Preparation | Pollworkers Management | Poll workers do not guarantee an impartial work during the election: Having poll workers with a questionable conduct, or with a strong conflict of interest. |
| Pre-Election | Election Preparation | Pollworkers Management | Not enough poll workers in a polling place when one or more do not attend: If one or more poll workers do not attend to their duties on the set dates, there are not enough poll workers to do the job. |
| Pre-Election | Election Preparation | Ballot Generation | Identifying for which elections a particular person is eligible to vote: Depending on the legislation, a person who registers may be allowed to vote for all possible elections (president, parliament, mayor, etc.) or for only a subset of these. The registry must make sure that such identification is made, and that the proper voter’s list is made available for each electoral event. |
| Pre-Election | Election Preparation | Ballot Generation | Last minute modifications: If a candidate quits, it is need remove his candidature of the ballot |
| Pre-Election | Election Preparation | Ballot Generation | Outdated information on ballots: Ballots to be deployed in the field, contain information that is not up to date, since there has been modifications in the candidate/party list after they were generated or deployed. |
| Pre-Election | Election Preparation | Ballot Generation | Order on the ballot doesn’t follow clear and previously notified rules: The order in which a candidate/party appears on the ballot is not according to previously notified rules, or such rules are designed to favor a political group. |
| Pre-Election | Election Preparation | Ballot Generation | Candidates location in the ballot paper are distributed lawlessly: Candidates are distrubuted anarchically to favor determinate candidates. |
| Pre-Election | Election Preparation | Candidate Registration | The threat arises if the list of candidates is required in the voting stage, for example to generate the ballot. If the ballot is generated from a forged or modified list of candidates, the vote and the voter’s decision are affected, as a forged ballot is generated |
| Pre-Election | Election Preparation | Platform readiness | The plataform to perform the election is not ready or is corrupted |
| Pre-Election | Election Preparation | Platform readiness | Hacking of the e-election or e-referendum system: An attacker, internal or external, interacts with the e-election or e-referendum system, its interfaces or parts of it to exploit vulnerabilities. This may arbitrarily compromise security and affects all assets. Application note: hacking usually refers to external attackers trying to break into the system. However, an attacker has been defined as internal and external, and an authenticated user such as an administrator acting beyond its legitimate role may also exploit vulnerabilities. |