Scandal for electoral software: security gaps endanger democracy in Germany!

Veröffentlicht:

Von:

The Bundestag election will take place in Germany on February 23, 2025. Votegroup's election software from Aachen is criticized for security defects.
The Bundestag election will take place in Germany on February 23, 2025. Votegroup's election software from Aachen is criticized for security defects. (Symbolbild/ANAG)

On January 23, 2025, preparations for the Bundestag election on February 23 will be scheduled in Germany. The choice is carried out with pen, paper and envelopes as usual, but election software is also used. This software is necessary to generate quick reports that form a basis for the preliminary election results. However, the application of the electoral software has learned a lot of criticism in the past. Different quality deficiencies and mistakes have shaken confidence in the systems.

An example of such problems found itself in the election in Saxony in September, when a faulty distribution of seats led to the AfD appeared to be blocked in a blocking minority. Security deficiencies in the election software are another serious problem that was found by researchers. The currently used software does not meet the requirements of the Federal Office for Information Technology (BSI), since the results are not signed and quality is lacking. This software is mainly provided by VOTEGROUP GmbH, a company based in Aachen that supplies more than 90% of the municipalities in Germany.

Die Votegroup GmbH and its products

The Votegegroup has formed itself as the successor to Vote IT GmbH and has had numerous takeovers. Their products include "Elect", "Elect-Was", "IVU-Elect", "Votemanager" and the "election processing system (WAS)". It is noteworthy that 70% of the shares in Votegegroup own the Regio IT, while 20% are at AKDB. These shape the landscape of the municipal IT service providers, which are majority in municipal hands.

The municipalities are able to either buy the election software directly or to obtain IT service providers. This makes profits that flow back to the shareholders. An example of this is the city of Aachen, which in 2022 received a net profit distribution of 713,000 euros. In contrast to the AKDB, which does not work in a profit -oriented manner and remaining its proceeds in the company, this leads to a discussion about the transparency and public availability of the source code of the software.

disclosure and security concerns

The demand for the disclosure of the source code is getting louder. The Chaos Computer Club (CCC) has already pointed out the need to make the election software more transparent and safer. In Berlin, proprietary software is also used, which was discussed by the Senate as part of a printed matter (19/20409). The Senate has emphasized that an open source code has not been a criterion for tenders so far and that contracts for the election software are regularly extended by one year if they are not terminated.

The discussion about election evaluation software now has a longer history that goes back to 2018 and 2020. While transparency and digital sovereignty are considered important factors, the Senate demands that the use of open source software is only funded if the legal framework permits it. Extensive election tests are planned for the upcoming elections, which are carried out in cooperation with the Office for Statistics Berlin-Brandenburg. The Senate has also given the highest priority on information security.

influence on election results

election software plays a central role in transferring and evaluating voices that are sent electronically to the central office of the state election manager. Algorithms used in the software determine the first calculations for distribution of seats that are already published on the election evening. These algorithms are adapted to the current political and legal situation. However, there were also indications of possible arithmetic misunderstandings when changing the algorithms in Saxony.

The security of the election software is of enormous importance. Errors in the software could not only lead to incorrect election results, but also cause political unrest. The Chaos Computer Club also asked about the software used, but he was denied the information. The CCC's requirements include access to software and public access to the associated documentation and training of users in relation to IT security threats.

Details
Quellen