Venezuelan voting machine next to an instructional poster for the July 28 presidential elections. Photo: El Pais.
Many theories have been circulated by the opposition since the evening of July 28 alleging that the electoral system has been fraudulently manipulated to steal the elections from Edmundo González, a right-wing, US-backed candidate supported by Venezuela’s MarĂa Corina Machado. Alba Ciudad interviewed VĂctor Theoktisto, a computer science professor at the prestigious SimĂłn BolĂvar University, regarding the many doubts that have been promulgated regarding the Venezuelan Electoral System.
In Venezuela, the elections of last Sunday, July 28, ended normally. The president of the National Electoral Council, Elvis Amoroso, announced the results at 12:13 a.m. on July 29. Nicolás Maduro obtained 5,150,092 votes (51.20%) and Edmundo González, the main opposition candidate, obtained 4,445,978 votes (44.2%), with 80% of the votes counted.
This announcement would not have been different from so many other elections held in Venezuela, if it were not for two things:
• Amoroso reported that there was a computer attack against the data transmission system, which caused delays in it;
• Throughout the night, the supporters of Edmundo González and MarĂa Corina Machado were publishing photos of voting machine records on social media, claiming that they had won.
The next day, MarĂa Corina Machado and González announced that they had a large number of votes (initially 40% of the total, then 70%, then 80%) and provided their own results, which currently stand at 7,156,462 votes for Edmundo González (67%) and 3,241,461 votes for Nicolás Maduro (30%).
This is not the first time that the opposition has claimed fraud; similar allegations have occurred in almost every major election in Venezuela. But on this occasion, the opposition set up not one, but three websites on which they published 24,000 voting records issued by polling stations.
In Venezuela, elections are automated and each voter votes uses a machine which prints a slip of paper or voting receipt that the voter places in a safekeeping box. The machine keeps track of each vote and, at the end of the voting, the members of the station, accompanied by witnesses from political parties, close the voting process and print a voting record.
The machine is then connected to a tallying center and transmits the results. Copies of the minutes are printed for witnesses from each political party.
The opposition claims that the tally sheets were collected by its witnesses and says it has the tally sheets for 24,000 polling stations (there were 30,026 polling stations in total). Within 48 hours, the paper tally sheets were duly scanned, photographed, and categorized on a website by state, municipality, and polling station, allowing people to review the results. It is even possible to download a CSV spreadsheet with all the data from those 24,000 polling stations, and adding up their results provided the numbers published by MarĂa Corina Machado’s people.
The CNE has never published scanned minutes on its website, but it has been publishing results, polling station by polling station, for almost 20 years. That is to say, after the first results are released, any Venezuelan can enter the CNE website and see the results by state, by municipality, by voting center, and by polling station, and if you are a witness for a political party, you can compare the printed copy of the voting record of that polling station (which you as a witness have in your possession) with the result that the CNE publishes on its website, and both results must match, which provides powerful transparency and reliability to the process.
The publication of results, polling station by polling station, is normally carried out a few hours after the first electoral bulletin is released, so it should be possible to access their website, check if the polling stations have the same results as the voting records printed by the voting machines, and thus verify who is correct.
The problem is that the CNE’s website has been down since before the elections, and it has not been possible to verify this data. The president of the organization, Elvis Amoroso, denounced that they were victims of a computer attack, but did not provide further details.
Faced with these problems, President Nicolás Maduro, who was declared the winner on Monday by the CNE, went to the Supreme Court of Justice on Wednesday, July 30, specifically to the Electoral Chamber, to file an “electoral contentious appeal” and put himself at the disposal to be summoned. He requested that all candidates be summoned as well as the National Electoral Council, and that all necessary legal documents and records be requested, including the voting records. He also offered to bring 100% of the voting records of his party’s witnesses so that they could be reviewed.
On Thursday, the Electoral Chamber summoned the 10 candidates to appear there, and on Friday, nine of the ten candidates showed up. The only one who was absent was Edmundo González, the candidate who made the accusations of fraud.
With the CNE (the body constitutionally authorized to provide the results) and the opposition offering two completely different results, it is obvious that one of the two parties is lying. The Venezuelan people are waiting for proof and answers not only to confirm who won the elections but to determine who is lying and causing unrest and chaos in a country that has been under continuous attack by foreign powers for at least 20 years and whose people seem to be denied their right to live in peace.
It is worth remembering that Machado and Edmundo González’s claims of fraud were accompanied by violent protests in several cities across the country on Monday, July 29, and Tuesday, July 30, which left several people dead and dozens injured and damage to numerous institutions and public places. The Venezuelan government has warned that several of the people captured causing violent acts are part of criminal gangs and that many have confessed to having been hired to create chaos and unrest.
President Maduro has said that there is a coup d’Ă©tat underway supported by the United States government. The US secretary of state, Antony Blinken, made statements that were not at all surprising when he provided support to Edmundo González as the alleged winner of the elections.
The Venezuelan electoral system has been described as one of the best and most secure in the world, but whenever such incidents occur, the complexity of the system prevents many people who are not experts in the technical field from understanding how secure it is, and they often spread somewhat crazy theories.
Interviewed with Victor Theoktisto
To answer some of the questions people are asking on the street and on social media from a technical point of view, we interviewed professor Victor Theoktisto.
VĂctor Theoktisto is a professor in the Department of Computing and Information Technology at the prestigious SimĂłn BolĂvar University (USB) and, along with other professors, was part of the expert auditors from said university that the CNE convened in 2021 and 2024 to learn about and provide their opinion on the Venezuelan electoral system. They learned about the system in depth and prepared reports with recommendations.
They were also accompanied by computer science professors from other universities, such as the Central University of Venezuela (UCV), all with a diversity of political positions but with extensive experience in computing and mathematics.
This audit process was also broadcast on a YouTube channel opened by the CNE at that time.
It should be noted that the system was originally developed by the company Smartmatic, and in recent years, the Argentinean company Ex-cle has also been involved. The professors reviewed, line by line, the source code of the system, programmed in the C# language (C-Sharp), both for the fingerprint readers, the voting machines, and the transmission and totaling system of the two CNE headquarters (Plaza Venezuela and Plaza Caracas).
Professor Theoktisto explained that security schemes are “ridiculously over the top,” especially those used for transmission, which include algorithms like SHA-256 and AES in three or four layers, so that if someone wanted to decrypt or modify the information transmitted through them, they would have to use extremely powerful computers for about 400 years.
He therefore explained that there are no reports that the data has been modified or altered during transmission.
At least two attacks
So far, there is talk of two different attacks:
• The attack on the website of the National Electoral Council (where the election results should be published, including the results polling station by polling station).
• The attack on the totaling (counting) system, which for several hours slowed down the loading of information from the electoral machines to the totaling (counting) centers. There are two counting centers: one at the CNE headquarters in Plaza Venezuela and the other at the Plaza Caracas headquarters.
Counting centers
We asked him about the attack on the totaling center and how it could have been carried out, since the center is not connected to the internet. He told us that, so far, neither the CNE nor CANTV have provided details. Therefore, answering that question is falling into the realm of speculation.
Indeed, voting machines transmit votes to the counting centers over a network that is physically separate from the internet and which also has encryption protocols (which codify the information and ensure that it is not modified along the way). They can transmit over dial-up telephone lines, over Movilnet (cellular telephone) lines, or by satellite in the most isolated areas.
Theorizing a bit, Theoktisto recalled that there are “ spoofing ” technologies that allow the transmission cell of a cell phone company to be impersonated so that the phone or mobile device believes that it is connecting to the telephone network when in reality it is connecting to the cell of an enemy who wants to obtain its data. There are also ways to physically intervene in the optical fiber with devices that allow one to be placed “in the middle” between two targets, and dial-up lines and the “dead network” can also be physically intercepted. All of these methods require people within the country or within some institutions. This remains to be investigated and verified by the authorities.
Another theory is that attackers may have made hundreds or thousands of calls to the phone numbers at the counting centers, temporarily tying up the lines and preventing the voting machines from connecting.
However, he told us that even though these techniques had been used, this does not mean that the transmitted data had been altered, due to the protection mechanisms within the system.
It should be remembered that these are speculations and theories; officials have not yet issued any report, and there are surely experts in the field at the moment, carrying out forensic investigations.
CNE website
Regarding the National Electoral Council’s website, professor Theoktisto explained that starting a few days before the elections, the website received denial of service attacks (DDoS, in which an attacker coordinates hundreds or thousands of computers on the internet to send traffic and requests to a certain web page; the web page becomes very busy trying to serve all these requests, and it is impossible to serve users who legitimately want to access the web page, instead showing them an error message).
He explained that the CNE website was hit by several types of DDoS attacks (there are about 25 different types of DDoS in total), “at a volume that we simply cannot combat in the country,” and that some of the attackers were inside the country.
The USB professor pointed out that part of the attack carried out from abroad had the Republic of North Macedonia as its final exit point, but “we know that this was only a bridge for VPNs from other places,” meaning that the attackers were probably in another country, but they used VPN networks or took over computers in North Macedonia to carry out the attack.
“An attack was expected, but not so massive,” he explained. The professor believes that “there is necessarily a government actor,” that is, an enemy government, that participated in the attack or that several private bot services were also hired to carry out this attack against the CNE website.
In the face of these attacks, the CNE has decided to simply take down or shut down its website entirely. This has prevented, among other things, the CNE from publishing the results polling station by polling station.
We asked him why the CNE has not considered publishing these results in other ways (for example, distributing a spreadsheet with the results among journalists and media outlets, signed electronically to guarantee their provenance), but Professor Theoktisto told us that he does not know the reasons.
Why doesn’t the PSUV publish its voting records?
Another very common question that people ask is: If MarĂa Corina Machado’s people have published 24,000 voting records (9,000 according to Jorge RodrĂguez), why doesn’t the PSUV publish its voting records in the same way, to defend its numbers and results? It should be remembered that the PSUV has done this on other occasions, such as in 2013.
A PSUV person, an expert in legal matters but who asked us not to share his name, shared with us this information:
He explained that the PSUV had witnesses at all the polling stations in the country (which are about 30,000) and, therefore, has all the voting records. On the other hand, Edmundo González’s people had witnesses only at 30-35% percent of all the polling stations (Vente Venezuela‘s people say they have the minutes of 80% of the polling stations, about 24,000, but Jorge RodrĂguez, in a press conference last Friday, said that they only had 9,000 voting records).
The PSUV suspects that they are falsifying the minutes, a claim that, in fact, Jorge RodrĂguez and Diosdado Cabello have made publicly in recent days.
So, as we were told privately, the PSUV will go to the Electoral Chamber of the Supreme Court of Justice (TSJ), will hand over all the records, and will wait for the opposition to do the same. Then, the TSJ, using the authentication mechanisms of the CNE, will determine who has the true records.
It is feared that if the PSUV publishes the voting records on a website without the TSJ first certifying them as valid, the opposition could take them (particularly those they do not have) and use them to assemble or falsify minutes (make facsimiles), thereby creating media noise or sowing doubts.
The fact that Edmundo González did not appear before the Electoral Chamber last Friday has many people thinking. If you have the evidence, why doesn’t he challenge the elections before the proper institution? Will the opposition be willing to have their electoral records verified?
On the other hand, Professor Theoktisto did remind us that, legally speaking, the record that has legal validity is the electronic record transmitted by the voting machine to the totaling center. “The record, by law, is the digital package, duly signed electronically with the different encryption schemes used both to safeguard the security and authenticity of the data, as well as the transmission.”
The first record that is printed, placed in an envelope and sent to the CNE is also important, although this is a physical or paper backup of the electronic record. The copies that the political parties have are safeguards, and have no legal basis unless there is a challenge to the election.
Can the voting records be falsified?
Someone who has access to a printer identical to those used by the voting machines and who obtains the same type of special paper (with anti-counterfeiting mechanisms, CNE markings, and protections) could print a record that is apparently identical to those of the voting machines, adding their own data. They can even generate their own QR code, which is not difficult.
The difference is that each record has a code or “hash” printed at the bottom, which is unique for each record of each polling station.
The hash is generated from a large amount of data, such as the voting center code, the polling station number, the votes of each candidate, and the time at which the voting center closed, as well as certain cryptographic keys of the machine, created previously. In addition, a random number is created, whose seed is formed with state variables of the machine (temperature of the components, fan speed, CPU frequency status, among others). As a result, the hash code uses unique values ​​that are impossible to duplicate.
This data is fed into an algorithm or “hash function” that generates a code. This hash function is a “one-way algorithm,” meaning that entering the same data will generate the same hash code, but there is no way to “go back” from the hash code and obtain the original data. Mathematically, there is no way to obtain the hash code, “decode” it, and determine the polling station, the closing time, or the votes for a candidate.
Professor Theoktisto reminds us: “Even if you put in the same data (polling center, number of votes, etc.) you will not get the same hash” because of the security variables used to create the random number, the professor explained. Thus, the hash is unique and impossible to duplicate, mathematically speaking.
If two voting records are to be shown for the same polling station, each with different data, the authentic voting records will be the one that has the same hash stored in the electronic minute.
Where are the voting records?
The minutes are not only stored electronically on the servers of the counting centres. Theoktisto reminded us that the content and memory of the voting machines cannot be erased for a number of days after the vote for legal reasons; that, in addition, the data of each machine and its results are also stored on a pendrive (USB memory stick) with due encryption; that the CNE also has a printed copy of the voting records; and that, once the machines and the electoral material leave the voting centers, they are sealed, taped, and stored in the CNE warehouses.
There are so many security measures that there is no way to carry out what some have insinuated: that supposedly, at this moment, a group of people are secretly manipulating the machines to reprint the records with numbers that suit the government.
Jorge RodrĂguez Presents Evidence Refuting Opposition Claims About Voting Records
Key is generated in parts
One of the reasons why this cannot be carried out is because all the voting machines and the counting system work with a key that is generated in portions or parts. These parts are held separately by the different political parties, the CNE itself, the Ex-cle company, and other participants. Each participant has a fragment or piece of the key and does not know the fragments of the others. With this key, the electronic signatures are generated, and if, for some reason, the process had to be repeated, the electronic signature must be generated again. For this, the presence of all the actors is required. They must re-enter all the portions of their key.
With the information provided to us by Professor Theoktisto, we were able to understand that, in the unlikely event that the CNE, on its own, wanted to commit fraud and tried to repeat the process (for example, to generate falsified minutes with false numbers), they would have to do so with a new or different key, which would generate electronic signatures totally different from those already held by the witnesses of the political parties and that would leave traces and evidence everywhere.
However, the professor warns us that the opposition also has precedents in putting on shows, and that it is very likely that they will not want to recognize the Electoral Chamber of the TSJ, as can be seen after Edmundo González did not appear this Friday at the TSJ summon.
“The opposition must challenge the decision before the Supreme Court, not in public opinion or in the international media,” the professor said.
Rerun elections?
We also asked Professor Theoktisto whether repeating the elections would be a viable solution; he reminded us that in all the polling stations, the physical votes are also kept sealed and that, in fact, a citizen audit (with the presence of voters) was already carried out in 54% of the tables on the evening of 28 July. A vote-by-vote audit would have to be carried out in the remaining 46% or even, in a very extreme case, repeating it in 100% of the tables, but he does not see the need to repeat the electoral process.
(Alba Ciudad) by Luigino Bracci
Translation: Orinoco Tribune
OT/JRE/SL
Luigino Bracci
He is passionate about computer science since he was about 14 years old, at that age “a man gave me a small computer that he had bought in the eighties, of those that were connected to a television and had to be programmed to work (a Sinclair ZX81 ), and I really liked it.” On his political inclination, his parents were a great influence. “They were people of very humble origins, both emigrants, dissatisfied with injustice and inequality. But they were not militants of the left. I had many other influences, classmates in HS whose parents were on the left, as well as several teachers who were trained in the Pedagogical and gave us classes at a time as conflictive as it was the presidency of CAP and the military insurrection of Chávez ” He enrolled in the UCV and in 2006 he graduated in Computing, a career that he complements with popular communication in the digital field.
