1. 도서관에서 울린 진동, 그리고 위화감
모든 것은 도서관 열람실, 전공 서적과 씨름하던 고요한 오후에 시작되었습니다. 휴대폰 진동이 울려 확인해보니 ‘학생회 모바일 투표 독려 메시지’였습니다. 보통의 학생이라면 “아, 선거철이구나” 하고 넘겼을 문자였지만, 저는 순간적인 위화감을 느꼈습니다.
“잠깐, 나는 학생회에 내 번호를 알려준 적이 없는데?”
입학할 때 학교 본부에는 개인정보를 제공했지만, 학생회라는 자치기구에 내 연락처를 넘긴다는 동의서에 서명한 기억은 전혀 없었습니다. 시험 기간이라 공부 빼고 다 재밌었던 탓도 있었겠지만(웃음), 이 사소한 의문은 꼬리에 꼬리를 물고 이어졌습니다.
“내 번호를 어떻게 알았지? 그리고 이 투표 링크, 정말 안전한 걸까?”
2. 편집증적인 공학도의 의심
저는 소위 말하는 ‘Tech Guy’입니다. 개인 노트북에도 윈도우 대신 리눅스(Linux)를 깔아 쓰고, 대형 IT 기업의 보안 정책조차 100% 신뢰하지 않는 성향이 있습니다. 카카오톡 감청 논란이 있었을 때, 거대 기업조차 통신 보안 이슈에서 자유롭지 않다는 것을 우리는 목격했습니다.
하물며, 학생회가 외주를 준 이름 모를 영세 업체가 수만 명의 투표 데이터를 다루는 시스템을 만들었습니다. ‘민주주의의 꽃’인 투표 시스템이, 과연 기술적으로 무결하게 관리되고 있을까? 엔지니어로서의 직감이 경고등을 켰습니다.
3. 업체와의 통화: “보안 질문을 하니 고소를 하겠다더라”
의문을 해소하기 위해 투표 시스템 위탁 업체에 전화를 걸었습니다. 업체 측은 예상대로 원론적인 답변만 내놓았습니다. “암호화를 하고 있다”, “관공서나 아파트 전자투표에도 쓰이는 검증된 시스템이다"라는 말이었습니다.
하지만 저는 개발자입니다. “암호화를 한다"는 말 한마디로 넘어갈 수 없었습니다. 구체적인 기술적 질문을 던졌습니다.
- “DB에 저장된 투표 값이 위변조되지 않았다는 무결성은 어떻게 증명합니까?”
- “관리자가 DB를 열어보고 특정 후보의 표를 수정하면 로그가 남나요?”
- “암호화 키(Key)는 단일 키입니까, 아니면 양 후보 측이 나눠 갖는 키 분할(Key Splitting) 방식입니까?”
질문의 수위가 높아지자, 당황한 업체 대표의 목소리가 높아졌습니다. 설명을 해주는 대신 “영업 방해로 고소하겠다”며 화를 내더군요. 역설적으로 그 반응을 보며 확신했습니다.
‘이 시스템, 기술적으로 방어 논리가 전혀 없구나. 보안이 뚫려 있다.’
4. 전문가를 찾아라: 험난했던 팩트체크
제 심증은 확실했지만, 기사는 ‘팩트’와 ‘권위’가 필요했습니다. 학부생 기자의 주장만으로는 힘이 실릴 수 없었으니까요.
교내 사이버국방학과 교수님들께 수차례 연락을 드렸지만, 학내 정치 문제와 엮일 수 있어 부담스러우셨는지 모두 인터뷰를 거절하셨습니다. 난관에 봉착했을 때, 다행히 KAIST 정보보호대학원 김광조 교수님께서 인터뷰에 응해주셨습니다.
마감 시간이 촉박해 대전까지 찾아갈 수 없어 전화 인터뷰를 진행해야 했지만, 교수님께서는 전자투표가 갖춰야 할 3대 기술(키 분할, 비트 위임, 은닉 서명)에 대해 명쾌하게 설명해 주셨습니다. 전문가의 입을 통해 “현재 시스템은 관리자가 마음만 먹으면 결과를 조작할 수 있는 구조”임이 증명되는 순간이었습니다.
5. 기사를 마치며: 기술과 저널리즘 사이에서
이 기사는 기술적 난이도가 있어 일반 학생들이 이해하기 어려울 수 있었습니다. 그래서 길거리에 나가 지나가는 학생들에게 “내 정보가 동의 없이 쓰이는지 알았나?”, “투표가 조작될 수 있다면 어떨 것 같나?“를 물으며 눈높이를 맞췄습니다.
신문사 활동을 하며 수많은 글을 썼지만, 이 기사가 가장 기억에 남습니다. ‘엔지니어의 지식’으로 시스템의 허점을 기술적으로 파헤치고, ‘기자의 펜’으로 그 문제를 공론화하여 학생들의 알 권리를 지켜냈기 때문입니다. 기술이 사회적 신뢰를 담보하지 못할 때 어떤 문제가 발생하는지, 몸소 체험했던 소중한 경험이었습니다.
당시 치열했던 취재의 결과물은 아래 링크에서 확인하실 수 있습니다.
📰 기술적 신뢰성 없는 학생회 모바일 투표 시스템 (고대신문, 2015.11.23)
[English Article] Student Council Mobile Voting System Lacks Technical Reliability
Possibilities of result manipulation and unauthorized use of personal information have been discovered in the electronic (mobile) voting system, which has been introduced to the school’s student council elections for eight years. Since the 41st Anam Student Council election in 2007, the student council has consistently utilized electronic voting. While it simplified voting procedures and counting processes, leading to improved voter turnout, problems have accumulated due to the use of electronic voting without thorough scrutiny.
Use of Personal Information is Mandatory in Electronic Voting
In the engineering college student council election that ended on the 19th, personal information of about 3,000 engineering students—and 20,000 students in the 2014 general student council election—was provided without consent. Company A, which conducted both votes, sent the voting web address to students via text message but did not specify a “Privacy Policy.” The company stated that it received names, student IDs, and mobile phone numbers from the student council and retained them for seven days after voting ended. Even on Company A’s website, the “Privacy Policy” for voters cannot be found; to check it, one must make a “Request for Inspection of Personal Information.”
When asked if they had “consent for personal information processing,” Company A explained, “We receive it right before voting, so there is no problem.” However, this means consent was still not obtained for students who did not vote. Kim A-yeon (Dept. of Korean Language and Literature, ‘12) said, “I didn’t know there was an issue with personal information use in last year’s general election. It is perplexing that personal information was transferred without consent.” Kim Tae-hyun, Chairman of the Engineering College Election Commission, stated, “It was conducted customarily, so we did not recognize it as a problem,” adding, “There were practical difficulties in obtaining consent from 3,000 students.”
Student Council: Not a Subject for Information Provision
According to the Personal Information Protection Act, to provide personal information to a third party, one must notify the recipient of the purpose of use, items provided, retention period, and the right to refuse consent, and then obtain consent. Since the student council is not a school administrative agency, it has been in conflict with the school over securing personal information. The student council bylaws define currently enrolled students as eligible voters. However, the student council does not know the academic records of enrolled students, so it can only conduct voting if it receives the roster from the school. An anonymous college student council president revealed, “The electoral roll is students’ personal information, so we had difficulties receiving it from the school.”
Choi Cheol-ho, a manager at the Information and Computing Center responsible for personal information protection, said, “There is friction between the school and the student council every year over requests for student personal information.” The school authorities obtain consent for personal information use when students enroll. However, the student council is not the subject of the “consent to provision to third parties” intended by the school authorities. Therefore, there are potential legal issues when handing it over to the student council. Manager Choi advised, “If the General Student Council also obtains this consent through the school, the problem could be resolved.”
Core Technologies Missed Even by the NEC
There are basic conditions required for electronic voting to have reliability. The three core technologies presented by the National Election Commission (NEC), a constitutional institution of the Republic of Korea, when introducing electronic voting systems are Key Splitting, Bit Commitment, and Blind Signature.
Electronic voting begins by verifying the voter’s identity. Once the identity is verified and the elector votes for a candidate, the result is encrypted and stored on the server. When voting ends and it is time to count, the encrypted results are decrypted to reveal which candidate was elected.
- Key Splitting plays the role of counting votes in the presence of observers at the counting station. Before voting begins, the decryption key is split into several parts and distributed among observers for safekeeping. Upon counting, all split keys must be entered to show the results.
- Bit Commitment ensures that voting results cannot be known until counting. It is like sending a locked box to a recipient; the contents cannot be verified until the key arrives. It is usually used with Key Splitting.
- Blind Signature prevents the ballot from being changed in the middle. Digital signatures are generally used to identify who wrote a document. Adding anonymity to this creates a Blind Signature. It proves that the voting result is not a manipulated value while ensuring that it is impossible to know who voted for whom.
Professor Kim Kwang-jo (KAIST Graduate School of Information Security) explained, “In traditional voting, observers exist from the polling station to the counting. However, this is not possible in electronic voting. Therefore, it is important to increase reliability through open source along with cryptographic technology.”
In fact, the Seoul Central District Prosecutors’ Office announced that ‘K-Voting,’ the electronic voting system introduced by the NEC in August this year, lacked core anti-manipulation technologies (Key Splitting, Blind Signature, Bit Commitment). The NEC’s electronic voting system was operated for 22 months in a state where administrators could manipulate voting results. The company involved in this matter claimed to have applied a security system but did not disclose the source code, citing business secrets. Ultimately, voters have no way of knowing if they are voting safely and transparently in electronic voting where core technologies are missing.
Lack of System Understanding by Election Commission and Campaign HQs
In the electronic voting for the 2014 General Student Council election, Key Splitting technology was not used. Kang Min-gu, the then-Chairman of the Anam Central Election Commission who observed the counting process last year, stated, “On the day of counting, observers from both campaign headquarters gathered in one place, and the Election Commission Chairman at the time entered the key to count the votes.” The representative of Company A, who was in charge of voting, said, “Voting ends the moment the counting key is entered,” but the electronic ballot box was managed with a single key. Professor Kim Kwang-jo explained, “It is dangerous for one person to manage the decryption key without distributing it.” The General Student Council campaign headquarters currently preparing for the election is also unaware of the Key Splitting details. Jang Han-sol (Dept. of German Language and Literature, ‘12) argued, “Although electronic voting has increased voter turnout, if it is a method where results cannot be trusted, the use of electronic voting should be reconsidered.”
Open Source Systems with Transparent Operations
Among electronic voting systems, programs based on open source disclose all operation information. Professor Kim Kwang-jo introduced the Helios Vote system as a “trustworthy electronic election system.” The Helios Vote system (vote.heliosvoting.org) operates as open source and has conducted over 100,000 online votes globally. Since Helios Vote is open source, it is free of licensing fees and accessible to everyone. In addition to Key Splitting, Blind Signature, and Bit Commitment to prevent manipulation, Helios Vote provides a Ballot Tracking function. Ballot Tracking allows voters to verify after counting that their vote has been reflected without disappearing or being manipulated.
The student election electronic voting system, introduced to enhance student voter participation and the convenience of voting and counting, currently carries risks of personal information usage and election manipulation. Kang Min-gu, Chairman of the Anam Central Election Commission, said, “It is difficult to improve all points as the time left until voting is imminent, but we will reflect supplementary measures as much as possible.”
By Reporter Hyunje Jo