2024-11-01, 14:45–15:30 (Europe/Amsterdam), Main stage
The Dutch Electoral Council has gathered a team of nerds who are developing new election software, named Abacus, to support the process of counting votes during Dutch elections. This talk will focus on the security challenges and threats associated with the software itself and the process of determining election results. What can go wrong and what can we do about it?
The Dutch Electoral Council is developing new election software in-house. For security and transparency, voting in the Netherlands still happens on paper and the ballots are still counted by hand, but that doesn't mean that no software is involved at all. Once the ballots are counted for each polling station, a piece of software sums up all the counts and determines the distribution of seats. With the necessary checks and balances in place to ensure the results are trustworthy, of course. As such, it's a interesting piece of software. It's not used very often. There's on average one election per year, during which the software is used for a period of only two weeks. And it doesn't run in the cloud, it runs air-gapped at each of the 342 Dutch municipalities. Last year the Dutch Electoral Council gathered a team of nerds and asked us to help build this new election software: 'Abacus Software voor verkiezingsuitslagen en zetelverdeling', or Abacus for short.
The contrast between the importance of election software and its incidental use makes for interesting security challenges. Our challenge is not to just build an application that runs correctly and securely, but there is also the human factor to take into account. We aim for high usability, making sure the application supports the municipalities as best as possible during the stressful times of running elections, and due to its short usage period it's important that we get it right the first time. This means catching and preventing security threats to the software itself, such as bugs, vulnerabilities, and user errors. On top of that, the physical (paper) trail needs to be protected as well. We will talk about both aspects of security and explain how we strive to make software that follows the core values of the Dutch Electoral Council: delivering trustworthy and verifiable election results with transparency and integrity.
The talk we want to give will start with some background about the Dutch Electoral Council and why we're building the software. We will present a summary of the languages and technologies we're using, and we will explain our reasoning for the choices we've made. As mentioned in the previous paragraph, we will detail what cyber and non-cyber security threats and concerns this project entails, and how we plan to address them. Last but not least, we will present a clickable demo that paints a clear picture of the software and what it aims to do. As we are looking for input on the best way to approach security measures and address threats, along with any other useful input, we would love to be able to present this at Wiccon.
Documentation Specialist
I have a BsC in Computer Science and am a Full-Stack software developer with 6 years of experience. Currently I work at the Kiesraad (Electoral Council) and we are building the new software to support vote counting and help with seat distribution. We primarily code in Typescript (React) and Rust.
In my free time I love watching movies and series and I listen to podcasts all the time. I have a passion for sustainability and train travel and love to hike and scuba dive on holidays.