Voting
| Phase | Process | Sub- Process | Vulnerability/Threat |
|---|---|---|---|
| Election Day | Voting | N/A | Coercion: A citizen is forced or intimidated to vote for a particular party/candidate/option. |
| Election Day | Voting | N/A | Misinformation: Misleading information is provided to voters via dirty campaigns as an attempt to affect their choices during voting. |
| Election Day | Voting | N/A | Misleading ballot papers: Ballot layout is set in such a way that some voters may choose an undesired candidate/party/option. |
| Election Day | Voting | N/A | Vote buying: Money is given to certain voters to vote for a particular option, or just simply for not to vote. |
| Election Day | Voting | N/A | Voter is not sure if his vote has been registered or will be counted |
| Election Day | Voting | N/A | Printed vote receipt shows an option different from the one choosen by the voter: The printed vote should show the option(s) that the voter choose in the electronic voting machine. |
| Election Day | Voting | N/A | Confusing or too complex voting procedure: Regardless of how good were all educational campaigns aimed at voters, the voting procedure is too complex, generating delays and long queues. |
| Election Day | Voting | N/A | Voters cannot cast a null vote: Voters does not have the option to make a null vote, to express that they want to cast their vote, but the do not agree with the existing options. |
| Election Day | Voting | N/A | Polling places are not qualified for handicapped people: Polling places with parking for invalid people, difficult to access polling stations (only stairs, no elevators), no electoral material for handicaped people, therefore handicaped peolple will not be able to cast their vote. |
| Election Day | Voting | N/A | Ballot stuffing: One person submits multiple ballots during a vote. This may take place during the voting procedure itself, or afterwards. |
| Election Day | Voting | N/A | Forgery of the ballot or the vote: An attacker forges the vote carrying the voter’s decision or presents a forged ballot to the voter. This affects the vote, as an unintended decision is represented in the vote. |
| Election Day | Voting | N/A | Chain voting An already voted ballot is given, by the fraud master, to a voter for him to deposit in the urn. The voter secretely takes his corresponding blank ballot out of the polling place and gives it to the fraud master. Such blank ballot is filled and provided by the fraud master to another citizen which in turn must return his corresponding blank ballot to him, building the chain |
| Election Day | Voting | N/A | Altering the vote process: Sabotage of polling places in which there seems to be a clear tendency for a particular party/candidate/option. |
| Election Day | Voting | N/A | Pre-filled ballot boxes: On Election Day, Ballot Boxes arrive with pre-voted Ballots inside. |
| Election Day | Voting | N/A | Boycott: In a polling place where a certain party is heavily popular, voters of another party delay as much as possible the process of voting creating long lines. As a result, this may lead to some people to leave without voting. |
| Election Day | Voting | N/A | Insufficient or wrong electoral material: Voters are unable to cast their votes as there is no enough material deivered to their polling places (or the material delivered is erroneous). |
| Election Day | Voting | N/A | Malicious proxy voters: Helpers for handicap voters do not register the votes as intended. |
| Election Day | Voting | N/A | False absentee material shipped: Citizen may be mailed a false Absentee ballot to be returned to a non-official address. The receiver knows for which this person has voted for. |
| Election Day | Voting | N/A | Voting booths do not guarantee privacy |
| Election Day | Voting | N/A | Confidentiality of the voter’s decision: An attacker gains knowledge of a vote. An attacker discovers the identity of the voter from the vote. |
| Election Day | Voting | N/A | Votes are sequentially stored in voting machines: Voters identity can be revealed using voters registry. |
| Election Day | Voting | N/A | Compromising data trails An attacker gains access to data trails that establish a link between a vote and the voter’s identity. This compromises the voter’s decision. |
| Election Day | Voting | N/A | Electoral officials that exert pressure: Pressure on the voters to vote for a determinate candidate or party, done by the electoral officials. |
| Election Day | Voting | N/A | Denial-of-service against the voting process: An attacker disrupts the voting process or its services; therefore, the availability of the process during the voting period is not ensured. An attacker prevents a voter casting a vote using the e-election system, which affects the voter’s right to vote. Denial of service attacks or system overload delay the transmission of the vote and prevent the vote entering the electronic ballot box before the end of the voting period. |
| Election Day | Voting | N/A | Availability and integrity of votes: An attacker modifies votes, which results in a vote that does not reflect the voter’s decision, or an attacker irrecoverably destroys votes |
| Election Day | Voting | N/A | Manipulation of voting time/period: An attacker compromises the time source of the voting process or alters the recorded time when a vote has been cast, such that either a vote cast outside the voting period is accepted or a vote cast within the voting period is disqualified. This affects the right to vote. |
| Election Day | Voting | N/A | Disclosure of personal data: An attacker reals a voter’s personal data. Application note: different domestic legislation on publication/disclosure of voters’ registers may exist. |