Barcelona, April 10, 2014 – Scytl, the worldwide leader in secure online voting and election modernization today announced that its end-to-end security protocols and encryption ensure that none of our online voting implementations are affected by the exposed vulnerability in OpenSSL or attacks similar to the Heartbleed Bug.
Unlike other online voting technology solutions, Scytl does not rely solely on communication channel security or encryption (SSL encryption) but instead, implements full and in-depth end-to-end encryption and security.
- With Scytl Online Voting solutions, votes are encrypted on the client devise where the voting takes place. The moment the vote leaves the client application it is both encrypted and digitally signed. The transmission of the vote in its encrypted and digitally signed format keeps it secure from being “read” in case of any attack on the communication channel. This, unfortunately, is not the case with other online voting technology where the vote is not encrypted until it reaches the voting server, leaving it open with full details on voting options, related user id´s or passwords and vulnerable to communication channel attacks, such as the Heartbleed bug.
- The authentication mechanisms implemented by Scytl are based on key roaming and passwords used to open key containers, passwords that are never sent through the network. This ensures it is not possible to capture passwords if for whatever reason the communication channel encryption is compromised. As above, in case of any attack, it is not possible to obtain passwords as they are not sent through the network (communication channel).
- The communication channel encryption is yet another layer of security of the many implemented in Scytl online voting solutions as an additional safeguard. In this specific case, Scytl does not use the specific library that was affected.
Electoral commissions, governing bodies and private organizations looking for secure, private and auditable online voting, need to ensure that their elections are free from vulnerability from attacks such as the Heartbleed bug with proven end-to-end security protocols and encryption be it voter side or server side.
Scytl is the global leader in secure election management and electronic voting solutions. Specializing in election modernization technologies, Scytl offers the first end-to-end election management and voting platform, providing the highest security and transparency standards currently available. Scytl has capitalized on its more than 18 years of research to develop election-specific cryptographic security technology protected by more than 40 international patents and patent applications, positioning Scytl as the company with the largest patent portfolio of the industry.
Scytl’s solutions have been successfully used in 35 countries throughout the world over the last 10 years, including Canada, the United States, Mexico, Ecuador, France, Norway, Switzerland, Bosnia-Herzegovina, the UAE, India, Iceland and Australia. Scytl is headquartered in Barcelona, Spain with strategic offices the United States, Canada, Brazil, Peru and Greece as well as field offices in the UK, Ukraine, Malaysia, India and Australia. For more information, visit www.scytl.com
Senior Director Marketing Communications, Scytl
+34 934 230 324