The European Parliaments emergency systems to hold meetings and cast votes during the coronavirus outbreak has flaws and is vulnerable to manipulation, its vice president responsible for information technologies told POLITICO in an interview.
Parliaments emergency measures, passed in March, helped make some urgent calls on how to help stop the spread of the coronavirus across the Continent.
“Its obvious that the situation is unprecedented … Parliament had to come up with a temporary solution,” said Marcel Kolaja, a member of the Czech Pirate Party and Greens group, who oversees the institutions IT, digital and telecom policy.
But, he said, that system needs changing at the latest by the summer in order to boost security and confidentiality of communication.
The system now in place included having members of the European Parliament vote over email, which Kolaja called “a huge space for manipulation” and that relies on MEPs having to go check the voting record to make sure their ballot was registered correctly.
The crisis is also pushing some members to use online chat apps and videoconferencing tools that are based outside of the EU.
According to Kolaja, “we need to understand that if you have a provider of such service that is based in a different jurisdiction, laws of the establishment of that company apply. We need to make sure that no information leaks through that platform.”
How do you evaluate the security of how Parliament is now working, during this lockdown period?
Suddenly Parliament was in a situation where MEPs were pretty much all in their home countries. It also became apparent that there is an imminent need to vote on critical measures when it comes to mitigating the impact of the pandemic.
Parliament had to very quickly come up with a temporary solution how to work. The Bureau [of members overseeing the institutions internal workings] decided for a temporary system on voting via email.
We should use a remote e-voting system only in situations like this, only for urgent matters.
I personally insisted that the decision of the Bureau needed to have a clear sunset clause. Thats why it ends end-July.
Would you consider the email voting system secure?
The system we currently have can be very much improved.
MEPs have to print their ballot, sign and scan it and send it back over email, where there is a huge space for manipulation. The guarantee that the vote was not manipulated basically lies in procedural measures: MEPs have to verify that their vote has been correctly registered.
We should deploy a system to make it possible to digitally sign the vote by the MEP. Parliament services are working on such a solution.
How are you holding your virtual meetings?
The Parliament is very specific [in its needs]. Thats because of security and confidentiality of information. However, its also because of the specificities of how Parliament works [like] when the chair gives the floor to a member and when theres a specific order of the meeting that we must follow. The Parliaments official meetings also need to be translated and interpreted into several languages.
In the end, you find out that theres not too many tools on the market that fulfill your needs. Parliament decided to go for a solution provided as a service. The system is called Interactio.
I think it has a lot of room for improvements. One is that [MEPs] are required to use Apple products, iPhones or iPads. We should remove that barrier … to be able to work with open-source software so that we are not locked into one particular technology of one particular company.
Secondly, in the long run I believe the Parliament should be using a system that is fully hosted in-house.
Has Parliament advised its members on the use of videoconferencing application Zoom, which has come under fire for its cybersecurity flaws?
There have been concerns raised and information shared that using Zoom imposes certain security threats.
We need to understand that if you have a provider of such service that is based in a different jurisdiction, laws of the establishment of that company apply. We need to make sure that no information leaks through that platform.
If its a platform established in the country where the company has the obliRead More – Source