How the new electronic vote of the 5 Star Movement works
After the divorce with Rousseau, the movement enlists two companies and their technologies for online voting. First consultations on Skyvote to confirm Giuseppe Conte as leadership
Naples, Italy 5-star party for the 10 years of the 5-star Movement in 2019. In the photo, former Prime Minister Giuseppe Conte (Ipa-Fotogramma) Skyvote. This is the name of the program with which the first electronic vote of the 5 Star Movement led by Giuseppe Conte will take place. The one that will have to sanction the second season of the party founded by Beppe Grillo and Gianroberto Casaleggio, entrusting the reins to the lawyer and former prime minister and giving it a new statute. It will also be the first vote without Rousseau, the platform that has marked the fate of the Movement since 2016.Pentastellates have long indicated Rousseau as the plastic demonstration of their internal democracy. However, in 2019 the Guarantor for the protection of personal data branded it as unsafe and fined the Rousseau Association, chaired by Gianroberto's son, Davide Casaleggio, for 50 thousand euros, because it did not protect users' anonymity nor put them on the safe side. shelter from a possible manipulation of their preferences. In 2020, Wired also discovered a configuration error that allowed voting twice, without the certifier - a Milanese notary - noticing.
With the internal fracture in the Movement - the governist wing under Conte against the movementists - the divorce with Rousseau also took place. The association was demanding overdue dues from parliamentarians for 450 thousand euros (for the Corriere della Sera the deal will be closed at 250 thousand), while the party has the data of its members. Delivered by Rousseau after the diktat of the Privacy Guarantor. At that point, the 5 Star Movement (M5S) by Conte had to look for another digital address where to vote. And he found it in via Caulonia 13, Rome, where Multicast srl is based. A small IT company, active since 2006, which developed the Skyvote electronic voting system. It will not, however, be the only supplier. The Movement has also enlisted Isa srl of Viterbo, which will have the task of managing the platform for the data of the members and the site on which the digital ballot boxes will be hosted.
Luigi Di Maio of the 5 Star Movement (photo Carlo Hermann, Afp, Getty)
A chair for two
The strategy seems to be not to rely on a single technology in order not to end up with flat tires, if relations deteriorate or problems arise . Multicast srl is a micro-enterprise (two employees at the end of 2020), managed by the owner, Giovanni Di Sotto, and by the technical director Roberto Spagna. In 2019 (the last balance sheet filed) it closed with a profit of 2,329 euros against a total production value of over 466 thousand euros. A year earlier, it had budgeted, respectively, a profit of 15 thousand euros and a turnover of 400 thousand euros.Isa, based in Viterbo, has more than thirty years of activity behind it, a twenty employees, over 2.2 million euros in turnover in 2019 (with a profit of almost seven thousand euros). 50% owners are Sandro Aquilanti and Giuliano Proietti. The sole director is Adalberto Caratelli.
Specialized in software for healthcare, especially in Lazio, Isa is among the data processors of the Movement, as stated in the provision of the Privacy Guarantor who ordered Rousseau to sell them . "Being chosen by a political force that since its inception has put digital technologies at the center of its activity, facilitating the participation of citizens in public life, motivates us even more to face the new challenge", declared the company, which has set up the new platform on the software of Odoo, a Belgian group specialized in open source apps for companies, ecommerce, inventories and accounting.
Beppe Grillo, founder of the 5 Star Movement (Alessia Pierdomenico / Bloomberg via Getty Images)
Electronic ballot boxes for all
At least for the vote at the end of June, which will serve to confirm Giuseppe Conte riding the Movement, the 5 Stars will use the Multicast Skyvote program. With an expense “between thirty and fifty thousand euros”, Roberto Spagna, technology manager of the company and 30% shareholder, explains to Wired. "The price - he adds - is exactly what all our customers pay, including many public administrations".Skyvote has been used by various public and private bodies, such as the CISL school union, orders journalists from Lazio and Lombardy, Rai, the Italian football federation, Confcommercio and the Acli. Even one party has already entrusted itself to Multicast: the Pd of Ancona. In February, the company, which claims to have been in the electronic voting sector since 2014, was awarded a three-year tender for one million euros with a partner to manage the IT services of the assemblies of Inarcassa, the social security fund for free architects and engineers professionals.
On 9 October 2019, the Enasarco Foundation, the institution that manages the pension fund of 300 thousand commercial agents and 100 thousand principal companies, signs an agreement with Multicast. The former president, Gianroberto Costa, gives the green light to a € 217,000 contract to manage electronic voting for the renewal of offices. Elections then postponed due to Covid-19, according to the leaders, and the reason for a clash with the Ministry of Labor then ended in front of the TAR. Wired asked the Foundation for information on the choice of this technology, but received no response.
In 2019, the National Psychologists' Welfare Body (Enpap) also announces a tender for electronic voting. If Multicast wins it in November 2020 with an offer of 37 thousand euros, as emerges from the ENPAP documents made public by the body itself.
Giuseppe Conte (Am Pool / Roberto Monaldo / Getty Images)
Promoted yes, but without honors
Among the competitions in which the Roman company participates, there is that for the 2020 elections of the statutory bodies of the multi-category pension and assistance body (Epap). As Wired was able to verify from the minutes of the reserved session, compared to three other competitors, Skyvote has the better, even if from the technical evaluation expressed by the commission it emerges that the platform does not shine in all the requirements. Against a good score on the identification characteristics of the voter (4.5 points out of 6), the continuity of the service, especially in the event of disaster recovery, gets 2 points out of 8. So also the "guarantees of secrecy in the password generation, pairing and printing phases ": 1.25 points out of 5. The system certifications are totally absent - at least in this announcement - for which a 0 out of 6 possible points is scored.Contact from Wired, the body specified that "the evaluations were expressed by a commission of professionals external to the body". And, he adds, "with regard to the functionality of the Skyvote application we can instead confirm the goodness of the same expectation that throughout its use, both in the voting phase and in the scrutiny phase, it did not generate any problems or of a technical nature. nor operational ".
Electronic voting behind the scenes
But how does Skyvote work? "The user's vote is encrypted directly on his device and then transmitted to the platform, where it remains protected until the only person with the access key orders the counting of the votes," explains Spain. At that point, he continues, "once the platform has been set up, we generate the encryption keys and deliver them to the responsible person, who we generally define as 'guarantor of the electoral process'". Generally you are a person external to the consultation, such as a notary, and is in charge of managing the consultation and ascertaining its outcome. In the case of the M5S, the party will identify a trusted person to whom to entrust the task.This role was once held by the Milanese notary Valerio Tacchini, close to both Grillo and Casaleggio. Last summer it also certified the consultation which gave the green light to the third term and to alliances with traditional parties. On that occasion, Wired was able to vote twice, using the same document, due to an error in Rousseau's development. Wired cast two votes in favor and two against, so as not to alter the outcome of the consultation, and only disclosed the flaw after it had been fixed.
On the contrary, Skyvote seems to enjoy ample guarantees on its operation, Spain claims: "We regularly carry out product testing activities both when updates are released and when new features are added that are conducted by third parties, in particular by Cnit (National Inter-University Consortium for Telecommunications, ed) of Tor Vergata ". The same goes for the penetration tests, that is the resistance tests of a system to external attacks, also conducted by Cnit "twice a year", adds the technical director.
In any case also Skyvote is proprietary and closed source software like Rousseau, therefore the proper functioning of the program can only be verified by its developers or by authorized persons. In recent months, some groups of M5S subscribers have pushed for the adoption of an open source platform, whose DNA is public and can be inspected by anyone, in search of potential vulnerabilities that could jeopardize the vote. But the appeal fell on deaf ears.
Skyvote
No tracking
With Skyvote the entire consultation process takes place on the user's browser, on which the application to express the preference and then transmit it, encrypted, to the servers. “For us it is a fundamental transparency requirement - Spain points out-. In none of the operations, user activity is tracked, which takes place exclusively locally on their client ".As in the case of some services offered by the public administration, such as the Io app, recently talked a lot about trackers: small software that monitor user behavior and obtain information that can then be used for commercial purposes. In this regard, the Guarantor for the protection of personal data has also recently expressed itself, asking the PagoPa app to suspend some features until it has removed the trackers. Spain assures that on Skyvote there is no type of tracker - it will be easily verifiable by accessing a vote - and that the only information that comes out of the client is the encrypted preference. However, the user experience for the supporters of the Movement must also pass through the infrastructure that will replace Rousseau.
Photo LaPresse - Davide Gentile 30/03/2019 Genoa (Ita) The Rousseau village organized by Casaleggio ASsociati in Piazza Matteotti in Genoa.
A national project
Although with different forms, electronic voting has always been one of the central battles of the 5 Stars. Not only with Rousseau, but also with the active promotion of digital voting as a fundamental tool for participatory and direct democracy.The first concrete step in this direction is represented by the establishment of an ad hoc Commission on electronic voting in the foreign constituency, whose existence was learned thanks to a parliamentary question presented by Forza Italia in September 2020. The director is the president of the Constitutional Affairs Commission Giuseppe Brescia (M5S), who spoke on the matter last June, specifying that "the government has pledged to allocate one million euros to start testing by the end of the year", as reported by Il Sole 24 Ore. The declared objective is to resort to remote voting solutions in favor of non-resident students, who paradoxically can express a preference by mail from abroad but not if they reside in another Italian city.
"The Internal consultations of an organization or body are not comparable to a national election ”, Stefano Zanero, associate professor in computer security at the Politecnico di Milano, comments to Wired. "The Movement's internal initiatives cannot constitute a normalization of electronic voting at a national level, because there is no way to make it truly secure and anonymous", he says.
Despite the numerous attempts made by the party - last August Casaleggio had presented a solution for voting on blockchain called Terminus, which later disappeared from the radar - electronic voting, both face-to-face and remotely, is not convincing even in the rest of Europe, where experimental projects have been shelved. Germany even banned it by law. "Unfortunately, the contradiction is substantial: if we talk about remote voting, there is no way for the voter to ascertain that his preference has been counted without automatically revealing who he voted for, contradicting the principle of voting secrecy which is fundamental to oppose the exchange vote - comments Zanero -. The face-to-face vote, on the other hand, would require the machine used to print the preference on a paper form, a very expensive and complex mechanism to protect, to do what the pencil does: put an X ".
Tech - 1 hour ago
All the ways to get the green pass
adsJSCode ("nativeADV1", [[2,1]], "true", "1", "native", "read-more", "1"); Startup - 6 hours ago
There is a startup that wants to make you pay with a voice on WhatsApp
adsJSCode ("nativeADV2", [[2,1]], "true", " 2 "," native "," read-more "," 2 "); Politics - 21 hours ago
For the first time a court requires to assess whether a person can access assisted suicide
Topics
Blockchain Cybersecurity Gdpr Conte bis Italia Movimento 5 stars Privacy Policy globalData.fldTopic = "Blockchain, Cybersecurity, Gdpr, Conte bis Government, Italy, 5 Star Movement, Politics, Privacy"
This opera is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License .