Voter Registration
| Phase | Process | Sub- Process | Vulnerability/Threat |
|---|---|---|---|
| Pre-Election | Voter Registration | Enrollment | Wrong or incorrect registration: Transcription errors have been entered on the system by the Operator, date fields are ambiguous, mandatory fields are missing, etc. |
| Pre-Election | Voter Registration | Enrollment | False Statement: A person provides false information to be included in the registry (e.g. False age, false address, false nationality, etc.). |
| Pre-Election | Voter Registration | Enrollment | Citizen with impairment are not registered: For political, technical or physical reason, people with certain impairments cannot or have too many difficulties registering, or do not trust the process. |
| Pre-Election | Voter Registration | Enrollment | Duplicate or inconsisting data when is consolidated different enrollment stations: No coordination between different registration efforts, possibly producing inconsiting or duplicate data |
| Pre-Election | Voter Registration | Enrollment | No Overseas Registration: Nationals who live abroad do not have access to the registry |
| Pre-Election | Voter Registration | Enrollment | Impersonation: A person impersonates another for the registry |
| Pre-Election | Voter Registration | Enrollment | Biometric Information not Cauptured: Voter registries do not have a signature (or biometric information) that provides proof of authenticity. |
| Pre-Election | Voter Registration | Enrollment | Operators accessing, modifications and changes in the Voter Registry are not traced: There is no information of whom performed or requested (from a voter’s standpoint) modifications(insertion, update, deletion) to the voter registry. |
| Pre-Election | Voter Registration | Enrollment | Disclosure of authentication data: An attacker gains access to authentication data, enabling the attacker to impersonate a legitimate user (administrator, auditor, authority, candidate, observer, proposer, or voter) of the e-election system. |
| Pre-Election | Voter Registration | Enrollment | No validation of the voter, after a record has been entered or modified, the registered voterhas no means to check by himself if the information has been accurately saved. |
| Pre-Election | Voter Registration | Enrollment | Changes in a voter’s registry (even those requested by the voters themselves or illegal) are not immediately notified to the corresponding voter. |
| Pre-Election | Voter Registration | Enrollment | Denial-of-service against the registration process: An attacker disrupts the registration process or its services; therefore, the availability of the process during the registration period is not ensured. An attacker prevents generation of voters’ registers. This also affects the right to vote. |
| Pre-Election | Voter Registration | Enrollment | Election Day Registration is not allowed. EMB (Election Management Body) must evaluate the advantages and disadvantages of election day voter registration. |
| Pre-Election | Voter Registration | Enrollment | Register voters when not entitled to vote: A person is allowed to register to vote when not entitled to. |
| Pre-Election | Voter Registration | Enrollment | Private Information Leaked Private information of the voter is leaked to an unauthorized third party. |
| Pre-Election | Voter Registration | Depuration | Finding duplicate records within the registry takes “too much” time: making sure that one person is not registered twice, or that one person is impersonating another one takes too much time. |
| Pre-Election | Voter Registration | Depuration | Ghost Voters: There are registriesof person who doesn’t exist or have passed away |
| Pre-Election | Voter Registration | Consolidation | End the Registry Process to Close before the Election Day: The date in which the voter registration process stops before an election must consider enough time to allow for all the dependant and subsequent processes. |
| Pre-Election | Voter Registration | Consolidation | No backup of the registry if by any reason, the data in the registry is damaged or lost, there is no backup. |
| Pre-Election | Voter Registration | Consolidation | Difficulty to generate backups of the registry generating a backup of the registry is very difficult and time consuming. This is particularly true in the case of a paper only registry |
| Pre-Election | Voter Registration | Consolidation | No post-validation by the citizen: at any given point after the consolidated voter registry has been built, citizens are not easily able to validate that the information found about them is accurate. |
| Pre-Election | Voter Registration | Consolidation | Changes in the registry are difficult to identify: if a change in a voter’s registry is made, there is not an easy way to identify that such took place beyond carefully reading each data field of all voter’s registries. |
| Pre-Election | Voter Registration | Consolidation | Total number of registered people is not known there are no public statistics about the number of people in the registry. |
| Pre-Election | Voter Registration | Consolidation | Distribution of voter’s list is not known to the public and political parties voter’s list must be made available to all stakeholders of the electoral process. |
| Pre-Election | Voter Registration | Consolidation | Malfunction of systems or services in pre-voting stage: A malfunction irrecoverably destroys the list of candidates, or the voters’ register or the services provided by the nomination process or the registration process. Destruction of the voters’ register also affects the right to vote |
| Pre-Election | Voter Registration | Consolidation | Manipulation of registry period/time: An attacker compromises the time source of the registration process or alters the recorded time when a registration occurred in such a way that either persons registrated outside the registration periods are accepted or those registrated within this eligible timeframe are disqualified. This affects the registration period, the list of candidates, and the timeliness of the candidate’s decision |