A potential security vulnerability identified on the Electoral Register website has led to the introduction of eID authentication for access to voter information.

The Electoral Register contains details such as names, surnames, identity or eResidence card numbers and addresses of registered voters. Until August, this data was available as open source.

The Electoral Commission, which manages the register, said the vulnerability was found during a routine security assessment on its portal in late 2023.

“In response to this finding, the Electoral Commission promptly authorised introducing enhanced security measures to address the vulnerabilities discovered within the portal. Among these measures was the incorporation of eID authentication,” a spokesperson said.

A reader informed Times of Malta in August about the changes to the login process. According to the Electoral Commission, the security updates, including eID (electoral identification) authentication, were fully in place by August 2024.

However, the commission has not clarified whether users who log in with their eID will have their movements on the website tracked.

The introduction of eID authentication occurred around the time of an ID card racket scandal, in which former MP Jason Azzopardi alleged that around 18,000 identity cards had been fraudulently issued since 2015. Azzopardi claimed marriage certificates and other documents were fabricated by officials from the government agency Identità.

The scandal is currently under judicial inquiry after a court upheld Azzopardi’s request to investigate the matter. Allegations suggest systemic fraud involving government officials, which could have national security implications.

However, the Electoral Commission stressed that its new security measures were unrelated to Azzopardi’s claims.

“The commission is an autonomous entity from Identità,” the spokesperson said, distancing itself from the scandal.

The commission clarified that the timing of the security upgrade was purely coincidental, emphasising that the eID measures were implemented as a response to internal assessments rather than external allegations.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.