 Hello, hello everyone. So I have not much time because I have a really big number of slides So I will go really fast about me. I'm Emmanuel most of the time. I'm writing I'm in a company writing a software called Pasek which has absolutely nothing to do with the company doing gaming We choose the name at the same time. So yeah, that's kind of thing happen. Anyway So if you're interesting in really secure open source software with end-to-end encryption You should check a look. It's in Python. All the source code is there. It's funny Anyway, I'm going to talk to you about something totally unrelated Which is voting. So I'm not an expert in voting in any way, but I talk a lot with researchers And so basically what I understood is when you're using when you're talking about voting system There is multiple property that you have to evaluate For instance, the most common one is the ballot secrecy So you're voting of course your vote must be secret, but there is other things for instance You should not be able to To prove that you voted for somebody because otherwise you could go and ask for and get money From someone else because you voted for the right guy or maybe you could get your leg broken because you voted for the wrong guy Something else is what they call auditability. So basically you need to be able to do The ballot counting and the ballot counting it's better if there is a lot of different party involved for doing the ballot counting All this kind of thing and anyway online voting is I mean the funny thing is all those property. They are not perfect when you do physical voting But it's kind of work. There is issue, but it's okay with online voting. It makes things really really really complicated Basically because here we can see there is a like a little Billy He's a kid and he understands what he's doing just by voting But he put a physical proof of what he want what he wants to vote inside this ballot box But on the other hand there is a server for online voting and nobody has any idea what's going on And at the end of the election you have absolutely no physical proof of what happened So if somebody is not happy with the election, it's pretty hard to tell what you should do Anyway, so in France we have something which is called the Kneel, which is a National Commission of Informatics. I mean it's the translation in Wikipedia. I don't think it's right but anyway, so basically it's the people who deal with with sorry data privacy and So there really is this thing if you're not French speaker This is a really long title, but basically it is some recommendation for online voting so what you should if you want to make a online voting what you should or should not do and Basically what they say is they are not really I don't say it's it's the best idea to do to the online voting for political election and The most important part of this thing. It's it's only a recommendation So basically the Kneel say yeah, you should do that, but if you don't do that, there is no legal implication So basically it means that if you want to make online voting in France there is for what I understand there is no Legal obligation of anything you can just develop your software and it's okay So now we are going to talk about a company which is called Neovot This call is be this company is basically the main actor in in France for online voting So they I guess they got a lot of clients with COVID-19 because plenty of people now want to vote online they work for the university plenty of company, etc and Yeah, sorry there They have Used the software has been used for the political election for the primary party election So that's when I start knowing them So if we talk about the solution the software The main issue with the software is it's a total black box. So there is no documentation or white paper nothing What you see here is basically the only thing on the website which talk A bit about what they do, but it's the only thing you have so it's very few of course you cannot see the source code And as I said, yeah, there is a multiple primary party who hold some primary election and So all those election we are done with Neovot on the internet Yeah, so spoiler alert I voted for the green party and so I got interested in the thing and so I started the The software how it works, etc And so I wanted to write an article I talk about all my finding to Neovot as I consider it wasn't a real finding and Yeah, I just was nagging about the thing that I didn't find anything interesting So anyway, I met in Cablancha, which is a French researcher she works at CNRS and so together with Dora and Juliet we wrote a paper that got a raise last month in in conference in France and so Neovot Don't seem to be really happy about it because they try to to console the talk at the conference with legal action So that didn't work, but yeah Anyway, so I have to to be faster because otherwise you won't see the fun part So I voted for I said for the primary for the green party. So basically how it works you You go on the website You you do some stuff like you choose a password then you go on the website for voting and You use your cell phone with pink code for vote, etc I won't go any detail if you were more interested in these things There is another talk another paper. Sorry about that. It's in French if you don't read French, sorry So at the end of the voting you have this thing which so it says on the last screen which said, oh, you voted So we have a really white screen. So when I took the screenshot, yeah, that's it And so if you don't see there is this weird thing at the middle, which is a bit red orange Which they call Proof of vote and so they said okay, you voted and now there is this proof of vote Keep it it's personal if you want to check that your vote have been Really easy inside the box. Everything is right. You should use that. So okay, but There was not much information about that So I asked me about how it works and they told me that you have to wait for the end of the election And then you will have the stuff so I went for the end of the election and then here's the result screen from the end of the election and You see there is this so they give you a website and they say, okay You can verify your your vote going to this website and using this password So the website is here. So it's a different website On the website you put the address of the server you voted on You put the password you push your proof of vote and after that you you hit validate and it crashed Sorry, so yeah, it crashed and in fact it time out and so you have to retry and then retry and then retry and after some time It finally works and so here you have the things so they say everything is fine The green box is a thing. Yeah, your proof of vote proof of vote is working And if you see the result, it's the same that on Wikipedia. It's the official one. So, okay everything fine Yeah, there is one thing funny that I saw when I did that is there is this link for the source code so I click it I got a PHP script which is a source code and So it's really great because it means that you can run the source code the PHP script on your own computer You don't have to trust the website for doing the check. So yeah, good So here is an example. I'm sorry on the code is copyrighted I guess so I cannot show everything but I can show the little extract as a script is like four thousand five hundred lines And so here is the for instance the code for the Error handling for the error we saw So we have the ballot counting the bad counting take a lot of time because there is encryption etc. Whatever So we have this written code is your written code is 98 then you store the stuff on the cache And then you have this written code which is one and your point which in 40 plus written code divided by 1,000 but if your case is 2 3 5 and 6 but not for then your code is 6 your point 28 plus written code Delayed by 1000 and you have a break to which is a piece pre-intriction to say you have to go outside of two loops Okay fine enough so now What does this script do so it go it goes on the website it download two archives It decrypt just archive with the password and then you check your bad But your proof of vote and it comes about okay, so first thing we are going to see is This proof of vote what is made of so here is typically the proof of vote It's a base 64 of something which is encrypted with a yes So symmetric encryption Yeah, that's secretive encryption with hard-coded key. So the key is inside the script I Asked a new vote about that and they say it's fine. There is no security issue because it's not for security. It's for padding So let's talk about padding because you know a yes. It's what they call block encryption So block encryption means you encrypt 32 octet so to two bytes a time And so if your last part is not so he too long. What do you do you do padding? So in Aes there is this thing which is to call pkcs 7 which do the padding so the question is Why not using pkcs 7 instead of using just a yes for doing the padding? It would be much more efficient and they won't look suspicious as the sewing an article it key and anyway, what for because The proof of vote why it should have to be at this site We don't know because there is no documentation and sorry anyway all the data for all the generated the And proof of vote are all the same side. So Get again anyway So what's inside of this proof of vote? It's five shower 512 ashes So each one of them are for one vote. So there is like five votes in this proof of vote So why is it so what is it for that? It's because The idea is what I told you before When you got one proof of vote, you shouldn't be able to show for who you voted for So there is your vote inside the proof of vote and for all the votes So you should not be able to say for who you voted for You know the funny thing is of course, there is no crypto signature, which mean we can We can do funny stuff going to see so anyway the format just really fast as you see on the We have my cursor. Yeah here you have All the the shower ashes you have some random parts the header and so the idea is they do CRC so ridden and see control so they do a checksum and so for doing this checksum they use this this variable this constant which is called paper and the funny thing is they concatenate it and It's PHP. So maybe you don't see but this is a string but this is bytes in fact and so this looks like Exile a single String but it's used directly here as bytes. So that concatenate bytes which only contain exactly a small character It's a bit weird, but I think there's forget something here Anyway, so you have your redundancy control you concatenate with the rest of the thing you do as you a yes And you got your proof of vote. So it's really simple. So of course you can write a fake proof of vote Script. So here is mine because it's a Python conference. So you should see some Python So here you see I just generated a random shower 512 screw ashes And so if you do this you go on the website and it doesn't work. I mean Neovot's website says your proof of vote is wrong. So so far so good I mean, maybe we don't go really far with this but in fact we do Because what we are doing here is we are provided a fake proof of vote and we are checking it against the genuine ballot box But Neovot has no way to know if it's not the other way around maybe we have a genuine a real proof of vote and the ballot box has been tampered and On the two sides, it's always the same check that is done and there is no way to know which one is which So what does it mean is anyone can generate? proof of vote and claim that his proof of vote doesn't check with the ballot box and hence the election was rigged and The other funny thing is anyone with a valid proof of vote who sees an organizer saying oh my proof of vote doesn't work Something is fishy The organizer can tell them you're the one who generate a fake proof of vote You fake news anyway So now for a real case studies Green Party election. There was the person who arrived last he really couldn't believe it So he said this is not right the election might have been rigged and so he went into justice for for this and Yeah, nothing could be proved. So yeah, I just just lost this thing the funny thing is so there is this quote from a Researcher which is called a Chantal anger Which is specialized in electronic voting and So the idea is the electronic voting industry Basically what they say is electronic voting works great because nobody ever say that there is an actual dispute There is issue and why is it so it's simple because there is no way to prove There is something which went wrong So if you have physical evidence of the votes It's much simpler to show something fishy is and if everything happened on the computer So anyway, now we are going to see the voting website. I showed you before so basically it's like every Website so it minified. It's like that. Anyway, so you can earn unminified it and You have all those variable You see that they have weird name that get changed every time you reload the page. Okay, but some of them are not Minified are not really well named they stay there so we can do a bit of Google search and GitHub search and then we find a library which is called asm crypto So it might be the one they use in the website and it is of course Here you can see asm script on one side the code from me about on the other. So it's pretty similar Now for the bad news is asm script all hasn't been modified since September 2020 of who there is no security audit So it doesn't seem the best library to do a really sensitive thing But there is one thing that then add up It's as we will see you've got to use one type of encryption, which is areas Pkss blah blah blah anyway, and this Precise algorithm is not supported by asm crypto the library. So They don't use asm crypto they use an unmerged pull request of asm crypto Yeah, so here is for instance one part of the code. So Same thing you see the new about code the asm crypto pull request and so same code So let's talk a bit about ANSI. So ANSI in France is the people which are Responsible to say what you should and should not do in term of computing security. So they are really really great guy Who give really good advice when they say something you should listen to them And what they say is you must really please use major library library that have written by experts and You use library with security support It's really important because it's really simple to have something which is broken in security in cryptography That you don't know that is broken So anyway, let's talk about the ballot box format As you saw in the in the result page So the website you put it for there is this password that is provided and so with the password you supposed to decrypt the The two archive one is a ballot box and another is ballot key and if you decrypt ballot key on the windows There is an error if you better if you decrypt not ballot key, but ballot box on Linux. There is an error So why is it so? someone knows Little advice tip. Yeah Do you see it? Do you see it? Okay. Yeah, of course. So, yeah The trouble is if you do if you use your archive is a zip format on zip format They don't they don't specify what will be the encoding So if you use a unique code characters the encoding depend of your system if your line looks it will be utf-8 if you're on windows it most likely will be ISO and So, yeah, it's yeah, it's not great Anyway, the PHP script he has to open both archive. So how does it work? They try They try to put encryption on top of it and they try to put the other encryption I mean, sorry the other encoding on top of it and After three try they should be fine enough So, yeah, I wouldn't have done that this way Especially if you control the generation of the archive the reading of the archive Yeah Anyway, so maybe you're thinking like oh, it's not big deal. It's small thing. It's not real security issue So, yeah, but it's not like that I mean, I was talking to you about the knil and their recommendation in their recommendation What they say is it's important for third-party people to be able to read the ballot box It's important for third-party people to write Independent software that could help checking the ballot box and so basically that's what I'm doing and For the presidential election new vote was used by seven hundred thousand voters and basically From what I understand. I'm the only guy working writing a third party tools for this So please can we have like standard format something that make it? simpler for people like me to write things that check Because on the all the work I've done for sorry all the work I've done here on this thing This encoding issue is that's things that took me the most time. So, yeah, it could have been really avoided please Anyway So, yeah, one more thing. I told you first There was no absolutely no source code from the robot and then I told you there is this a little source code you can download And it's because yes since Last time I mean since the Green Party election and since I've sent them the fact that all the the finding I had they removed the possibility to download the code great transparency Anyway, what's in the archive? So there is this first archive which is about key export Which contain RSA key so private key for doing decryption The file is a dot p.m. Which is a standard format for AS key, but it doesn't contain p.m. Key So a little digression. What is p.m. When you want to store? So basically in every say your key your key is a really big number if you want to store it You sort it in a format or in the format So which is called asn1 So, okay, anyway, and this format you encode it inside in a binary format, which is called the year But given this format is binary. It's not really convenient So basically what you do is you put a header you put a footer you do Base64 encoding and here it is you've got your p.m. Key and what you about does is they add another layer of base 64 Encoding because why not and so it makes me a bit more complicated for me for people like me writing supply tools anyway So next thing what's in the archive? You have so this is all the archives about box export one What you have here is a multiple file, which are not really interesting like the name of the election Something like that and you have those two folder each folder is a round of the election So this election there was two rounds. That was there. That's why there is two folder If we have a look at what's inside one of the folder There is this thing which is this file which is called object names which contain the ID of each candidate and the name of the candidate So you see here is the second round. So there is a two candidate and the the white vote And after that there is this confirm which is another five which contain the type of election If it's if you have to vote for one person or multiple person and finally there is a More interesting part which is this third file, which is called bad data and it contained one line per vote that happened And we're going to see what it contained So what you see here is there is the first part and the second part is a Shara 512 of the third part. So the second part is the thing we saw in the in the proof of vote The first part it's RSA encrypted and it contains on the right side random things and On the left side it contains the ID of the candidate which has been voted for Now little discretion because I said the thing is encrypted with RSA But you all know of course that you should never do Textbook RSA. So you should not just use RSA. You should always use RSA with padding And so there is different type of padding And basically there is a new Chinese one which is a OIP and PSS and there is the older one which is called because yes one which is used by Neovot and What say and see about this is basically it's obsolete. So you shouldn't use it for newer software Okay, and so how it does it works because yes, you have When you encrypt something with RSA your the thing you encrypt might be the same side of the key So in case here, it's three thousand seven to seventy two bits And so with pkcs one you have a header you have random stuff Which is a cryptographically secure random bytes and you have your message your message is what we saw the funny thing is The thing on the right which is supposed to be random It's not Cryptographically secure. It's just it's much less random that Cryptographically secure thing It's easy to see it's because here you see this is bytes still this is bytes and you see there is only printable characters so basically what they do they get they take Good randomly secure bytes and they do some kind of cooking to turn them into something printable I don't know why they need something printable, but anyway, and so it makes things less less random so basically what they're doing is they're replacing the cryptographically secure random bytes from the pkcs padding by something which is less random I Don't know why they do this, but Not a great idea. I guess But it's not Security issue because pkcs is is well made and there must be at the very least eight Cryptographically secure random bytes, but anyway, it's still weird Oh, I'm already there and now I can start to slow down Because I thought it would be much faster must slower anyway So we are going to to have a bit of fun so the The ballot box we saw there is no signature on it We also saw that they gave us the RSA private key to do the decryption We know all the vote ashes because there are inside The ballot box and there are the one which are used inside the proof of vote so called proof of vote So we can try to to temper with the ballot box Yeah, so first thing we can do is you know, there is this file Which is called object name where we saw with the idea of the candidate and the name of the candidate So really basic thing we can do is just modify this file So we switch the name and we saw what happened And so if we generate a new ballot box and we Provided to the official website that do the check and you use the the proof of vote Regular one you see that everything is considered as valid. So it's fine except as are now It's a wrong candidate. That's a one so it's a really really basic attack, but it works and so The thing is the the very practical thing about this attack is you don't have to be a computing engineer You don't have to do fancy thing You just have to open a zip archive modify two names close the zip archive and that's it You're done. So it's really incredible Incredibly simple to do that if you're a voter It's really hard to see that something wrong went because you have your proof of vote But remember the proof of what doesn't contain only the vote for who you voted for it contains also also votes. So You cannot see that you voted for the wrong person because the idea has been switched I Guess it's not really practical because what Neovot can do is Take this file, which is the file containing The link between the ID and the name of the candidate and they came just to share it and Share it before the election with all the different parties say, okay, this idea is going to be this candidate So if you do that, it's really simple to see that's there a switch that happened I don't know if they either do any check but I suppose they do because There is no documentation about what they do, of course So let's try something a bit more complicated which is Given we have the private key the private RSA key. We also have the public one And so if we have the public RSA key we can do encryption And so we can start encrypting our own new ballot We can generate new about as much as we want So, yeah, we just have your ballot box or archive and we put plenty of new about box just enough So that there is a difference of one vote before between the two candidates and so now the wrong candidate has win So it works again of course this attack is much more visible because The issue as we saw here is the number of ballots has changed because we have generated plenty of new ballots So if you look at all the people that were supposed to vote and all the ballots at the end You see the number is different. So it's really easy to spot It's a funny attack and now for the third attack, there is this file Of course, you saw it. Of course, you were wondering what it was and we're going to talk about this file So the name is extra ashes What does this file do it's simple when the script is checking for the ashes in your proof of vote first thing you do is go inside this file and it removes the The ashes from your proof of vote which are inside this file So basically this fight is saying, okay this prove this ashes. Yeah, don't don't take care Don't care about it. Just just drop it So my guess is why they do this is because When you are the very first person that go to vote On the Neovot server, there is no other vote But Neovot server has to send you back your the five ash The five ashes to generate the proof of vote And so what the Neovot server does is it generate four random ashes Stores them in extra ashes and so return you the ashes Anyway, so the funny thing is now what can we do is Generate fake ballots like we do in the second attack. We put the fake ballots inside the file With all the ballots, but now we have too much ballots inside the file So we remove some of the of the genuine Ballot from the ballot box for the data file And all those All those ballots that have been removed you can take their ashes And you put the ashes inside the extra ashes that CSV file. I mean there was 24 There was 24 ashes in extra ashes Now there is something like 5000 or 10,000. What's the difference? Who knows But the good thing is now you you totally Change the result of the election. So everything's fine. Now Still you have a difference of two votes between the first and the second one And uh, yeah, everything is fine because you have the right name or vote You have checked everything everybody has a valid proof of vote Everything appear like it should but the only difference is you have too much ashes in extra ashes But nobody knows what this file does. So Who can say it's wrong or right to have 57 or 24 anyway Yeah, so as I said All the votes all the proof of vote have valid If you are an organizer, you you just cannot Know that if this attack if this attack happened, you cannot have any way to to check So, yeah If you wonder of course, uh, given our I give those information to neovot they answered They say that All my attack are not I'm not adding the official neovot server Of course, I'm doing this stuff on local on my computer. I write my scripts And so they said It's misleading what I'm saying because uh, I could not change the result of the election because I could only change a file on my computer and the only source of truth is The archive which is on the the website on the voting website, which is hosted by neovot So I'm totally agree with them on this What does it mean is as long as you trust the archive that is on the neovot server Then the transparency script that you should run not to trust neovot is working fine Fair enough Yeah, so, uh, I have time we can say What we saw today. So there is this string versus byte Just mismanagement that remember us when we were doing python 2 but Hey 2021 2022 now Anyway, there is this encoding issues. There is this, uh, symmetric encryption used as padding stuff Uh, this random, uh bytes which are not cryptographically secure random bytes, but which are added for god knows why The use of legacy padding Of course, my favorite one the use of asm crypto full request for doing cryptography uh and the fact that We saw that when you do, uh, the The ballot box is a proof of vote checking on the website the website crashes But why it crashes? It's because you have a lot a lot a lot of erasar decryption to do And uh, it's costly, but what it means if if you are in an election like, uh, What is what I show an election with like 100,000 people if you have one people that want to check his vote The website is already done So it's like People they are Supposed I mean you you give them to to say, uh, you should check your your vote, but if they try to do it Uh, things are crashing if you are not working great Uh, for instance in uh in the green parties They were talking about this proof of vote and where you can uh do the check for the next election for the The left wing party Primary party election They didn't talk at all about this voting proof the fact the fact you can check on the website So when you end up voting, they say oh, you can uh, check your vote at the end with this thing And after that at the end of the election, they don't give any information where you can do the check And nobody seems to complain because nobody understand, uh, how online voting works so It's not really great for from us. Yeah Uh, so anyway, if you're curious and you want to see uh Mickey Mouse Win the election you can trade yourself I have put everything on github So you can just download the box. Try change the thing. You can check against the the real Verify website As you can see I had to change the password from the original archive because I couldn't in python put The right password with all this encoding weirdness And it's because the zip module in python doesn't support encrypted archive anyway So I talked to you about the cnrs publication in in algotel If you're french-speaking, it's great But if you're an english speaker, it's not great But don't worry. There is a new conference coming which is in austria And uh, there is a paper and this paper is in english and if you want to to write the Anomalyze the pre-print you can it's still done by uh, anchor Which I've done an incredible job on this So if you're austrian you should check it And I think I'm done Yeah, thank you very much amalia for this very interesting talk And it's always great to see that somebody looks at the security and then it's just surprised and presents this to us Because normally you would just trust these systems Or just expect them to be trustworthy without having to check it yourself. We have time for some questions So it's other questions from the audience if you have a question about the security of the Uh online voting you can get quickly to the microphone here in front And ask a question and I see somebody already coming so Hello, please ask your question Hi, thank you for the very informative talk. I was just interested. Did you manage to gain interest for some like interested actors like from the I don't know. I don't want to say government but people who are in charge actually of making such systems Uh, yeah, so as I told you, uh from From what I understand from a legal point of view, uh What neovot is doing is fine. I mean, uh, they cannot be Don't quote of me on this because I'm basically the man in the street when I'm seeing that but what I understand is They cannot be a suit or anything for what they're doing. I guess, uh, but Anyway, uh, I think my finding are interesting So, uh, I send them to neovot so they can react and after that because they didn't react I send also them to the knil I told to you about and the nc. So the guy which are responsible to say what you should and should and do In security, uh, so now they know They do something or not. It's what they want Uh, and anyway, we are doing a publication with the with the cnrs with anchor So, uh, that's the most we can do Thank you. Thank you very much. The next question, please Hi, thanks for the interesting talk. Uh, I just wanted to ask a simple question What is your background? What did you study to be able to understand all of this? Uh, so I'm mostly doing, uh software development And what I do is what I show you on the very first slide that you should go check Anyway, uh, so it's like I'm using crypto, but I'm not a mathematician I'm not developing crypto. I stay as far away as I can from crypto because I'm just Want to have a well thought api like if you do crypto, you should use the Lip sodium if you know it, it's basically the good way to do crypto And so I'm just a regular computing engineer. I'm just curious and uh, so you you saw On the pie on the on the page when you check the the votes there was you can download the source code So you get triggers you download your reader card you say, um, I could And then you just follow the flow of the script and and you see what happened and the sad thing about that is are they so Now they removed the download the source code So imagine if they're from the beginning haven't put this download source code Uh, I would not be here talking about this. They could get away with it I mean that All the all the things that's uh inside this conference Nobody we could know because everything is closed Thanks Oh next question, please Hello, thanks for the talk. It was really cool to see that. Uh, I'm french too, so I can relate Do you know of any trustworthy state of the art system that could Be trusted by government and citizens from online voting and which is hopefully open source and transparent and everything Yeah basically, I mean basically, uh, when you're talking about online voting you already I mean you already too far If you want to do voting, uh, I mean there is two ways to do voting. There is one way which is Uh, you care about secrecy and then you have to do physical voting and the other thing is you don't care about secrecy I mean it's possible. Uh, if you if you're voting for something that is not really important You can say okay, let's vote and we can all be clear about it We just raise a hand or we vote online on the poll software or anything I mean, it's uh, it's a legitimate use case and at least It's really clear that the thing is open If you do online voting, it's like of a grayish thing So for instance, I was talking about one researcher Chantal Unger, she she does a lot of research on this thing and what he understood. She told me I understood that so I'm not an expert Is When there is a switch People were using physical Physical voting and then the switch for online or electronic voting People are not voting the same there is more people voting before that when you have to do something physical Maybe people are lazy. They don't go there. They are more people voting Most of the time it's because even if it's electronic voting people have to go to the company to vote So of course you don't say oh no, I'm not going I'm going to have a cigarette. No you go with everybody And the other thing is When they vote they vote differently because when you are in a company and you have You have your political opinion. So you want to vote for something But you know the the election is held by the company and you don't know how much you can trust the computer The software the etc etc and start you start by going a bit like Yeah, yeah, maybe it's just easier to to temper a bit what I think and Be sure I won't lose my job something like that So yeah, if you want to do good voting, just do physical voting Okay, we have time for one quick more question. Please ask the question. Hi. Great talk. Thanks Quick question. I'm a data engineer. So in my job, I have access to really big databases I see your personal data and my company trusts me not to do anything illegal with it. Yeah, or else I go to jail How much do you trust the newer vote developers? To you know respect an election and not skew the votes Is there any way to know that the current people who ran for the election did not did or did not actually win? Yeah, your question is kind of the The complot theory or something like that I would say that As long as there is no proof You don't have to You don't want to put a shadow and say yeah, they may be doing the maybe not. No, I mean What I believe is they're honest They they don't want to to temper the the election and it would be really foolish to do that Of course, because it's not I mean they are making money with this software So they don't want to to kill the milking cow So I'm pretty sure they are doing an honest job. They don't try to change thing or anything, but It's not I mean there is so many layers so many different people who can do something. I mean if tomorrow There is a I don't know insert a big country with hackers That understand that there is this software which is more and more used for do for doing voting Maybe it's interesting to put enough energy in the hacking this thing and they go inside the server and They they understand how to rewrite the zip archive with these encoding issues To change the vote about box and now they've changed the election and no one can know anything about it Or maybe later on you realize that oh this election there was a hacking things and maybe the election the result has changed And what can you do or maybe there is nothing that happened? I mean everything is fine, but just you have a like a donald trump. He has said the election is rigged And uh, how can you prove the election is not rigged given everything is done on a computer? You don't have a lot of physical evidence so Even if every day everybody is perfectly honest. It's still an issue Thank you. Okay. Thank you very much for all the questions and thanks again for the talk So let's have another round of applause for for emanio