UG voting system sensitive to fraud

Don’t share your direct WebElect link

UG voting system sensitive to fraud

Student party De Vrije Student warns that it’s all too easy to commit voter fraud in the university elections. The direct URL to students’ personal voting page on WebElect can theoretically be used by anyone in possession of the link.
9 June om 15:58 uur.
Laatst gewijzigd op 22 November 2020
om 16:20 uur.
June 9 at 15:58 PM.
Last modified on November 22, 2020
at 16:20 PM.
Avatar photo

Door Giulia Fabrizi

9 June om 15:58 uur.
Laatst gewijzigd op 22 November 2020
om 16:20 uur.
Avatar photo

By Giulia Fabrizi

June 9 at 15:58 PM.
Last modified on November 22, 2020
at 16:20 PM.
Avatar photo

Giulia Fabrizi

Van uit de hand gelopen studentenfeestjes tot bezette universiteitsgebouwen en van kamertekorten tot dreigende bezuinigingen: Giulia houdt al het nieuws in de gaten. Ze praat graag met de mensen die het aangaat, schrijft erover en begeleidt freelancers bij het maken van nieuwsartikelen. Eerder werkte ze als stadsredacteur Groningen en gemeenteverslaggever Haren voor Dagblad van het Noorden.

Students have been able to vote online in the election for the university council and the various faculty councils since Monday. All students received an email with a link to the voting system WebElect. After clicking ‘vote now’, students have to select their university and log in using their student number and password.

It’s very straightforward. But sharing the direct link to the WebElect online environment is a problem, since that URL contains both a student’s number and their password, bypassing the login screen. If you copy the link and share it with someone, that person can access your private voting page.

Computer program

The solution seems simple: just don’t share your personal link with anyone. But David Jan Meijer with De Vrije Student says there’s a bigger issue at play: ‘Since I now know what students’ usernames and passwords look like, I could write a computer program that gives me access to all the students’ login information for WebElect. Then I’d be able vote for every student who hasn’t done so yet.’

Meijer had noticed the issue when the students up for election filled out their candidate lists a few weeks ago, and he contacted WebElect. ‘After a few difficult conversations, they said they wouldn’t be able to fix it before the elections. I haven’t been able to reach them since.’

Deliberate choice

The university acknowledges the issue. ‘If a student copies the link and shares it with a friend, that friend does indeed have access to the first person’s private voting page’, a spokesperson writes. ‘It would be better it this wasn’t the case, even if someone made a deliberate choice to share the URL.’

Once a student has voted, this vote can’t be changed. The page then says the option to vote no longer exists. It’s also not shown which party and which person the student voted for.

Dutch

09 June 2020 | 22-11-2020, 16:20
Array

De spelregels voor reageren: blijf on topic, geen herhalingen, geen URLs, geen haatspraak en beledigingen. / The rules for commenting: stay on topic, don't repeat yourself, no URLs, no hate speech or insults.

guest

0 Reacties
Most Voted
Newest Oldest
Inline Feedbacks
View all comments