April 15 General Elections and QR Code

KCPAC 2020 ROK-USA Conference

4.15 General Election Analysis

Grand Hyatt Hotel, Seoul, South Korea

QR codes were used in early voting in the 2020, April 15 general elections held in South Korea.  QR codes were printed on the ballot papers, and serial numbers that could contain personal, private information is akin to the country giving up on democracy.  We will discuss the issues surrounding the use of QR codes in the general elections. 

1) There has been a steady increase in the amount of data that could be contained in a QR code, since 2014.

The National Election Commission (NEC) of South Korea revised laws in 2014 to allow for the use of barcodes on early voting ballot paper; in the first elections held after the laws were revised, the NEC used QR codes.  In the first year in 2014, the NEC chose the Error Correction Level (ECL) of QR codes to LOW, in order to put in as much data as possible, and this space was at a 41-number sequence; the actual amount of data used was at the 33-number space.  However starting from the 2016 elections to now, the QR codes have been upgraded to version 2, and the ECL level is still maintained at LOW.  As a result, the QR codes used in the April 15 elections had enough data space to include a 77-number sequence, and the actual space claimed to have been used is at the 31-number sequence. 

2) Is it legal to use QR codes?


The NEC has claimed that the QR codes are 2-dimensional barcodes, and in a ruling that came out of a 2017 lawsuit, the Supreme Court of South Korea stated that “there are no violations of regulations” regarding the NEC’s actions.  This is why the NEC continues to claim that the use of QR codes does not violate the Public Official Election Act. 

However, Article 151, Chapter 6 of the Act says that barcodes are horizontal lines containing information, thus prohibiting the use of QR codes, and the Glossary of Communications and Technology states that 2-dimensional barcodes can be encrypted, so anyone with the intent, can put in encrypted data in the QR codes on the ballot papers. 

Public Official Election Act, Article 151, Chapter 6

Notwithstanding paragraphs (1) and (5), the Gu/Si/Gun election commission shall instruct the official in charge of advance polling management to produce ballot papers to be distributed at advance polling stations with a ballot paper printer at advance polling stations. In such cases, the serial numbers printed on the ballot papers shall be marked in the form of bar code (referring to a code marked in the shape of a bar for recognition by computer), and such bar code may contain the name of election, the name of constituency, and the name of the competent election commission. <Newly Inserted by Act No. 12267, Jan. 17, 2014>

 Another problem with the QR codes being printed on the early voting ballots is the existence of a 31-number QR code on the ballot paper.  The 31-number sequence contains information such as the election name, the election voting district, the jurisdictional NEC office, and a serial number. 

The serial number at the end of the 31 number sequence that contains information about the voter, and who he or she voted for, being printed on the ballot paper via a QR code, is a clear violation of the principle of secrecy in voting.  According to the Public Officiel Election Law’s Article 158, Chapter 3, in case of an outside-jurisdiction early voting, the last digits of the 31-number sequence are not to be removed and along with the envelope to mail the ballot, is issued to the voter.  This signifies that the early voting ballot papers would be made with the ability to tear off or take off the serial number. 

Public Official Election Act, Article 158, Chapter 3

The official in charge of advance polling management shall print ballot papers for the relevant election with a ballot paper printer, affix his/her seal on the blank for “official in charge of advance polling management”, and give a ballot paper to an elector without cutting off the serial number, along with an envelope for return.

Using the PPT slides to further explain, the early voting ballot papers used in the April 15 elections (A) have QR codes that are 31 numbers long, including the serial numbers at the end that enable officials to track who the individual voter is.  Therefore, in the early voting ballot paper, the proper method should be to have the election name, the election district, and the jurisdictional NEC office information in a barcode format, and the last digits (the serial number) should be, just like the ballot papers used on election day – printed outside a perforated line and only teared off when handed off to the voter (B). 

3) During the ballot counting, there is clearly a leaking of personal information of voters when the ballot papers are passed through the electronic ballot counting machines and scanned, and stored on USB flash drives.  

As stated above, on the early voting ballot papers, there are QR codes; on the QR code itself, there is information that can identify the voter, via the serial number. When this ballot paper is passed through the electronic ballot counting machine (separator), the information contains which candidate the voter voted for.  The scanning of, and the storing of such information of who the voter voted for, is a publicly illegal act.  The most important aspect of an election in a democracy – the privacy and secrecy of who the voter voted for, is directly violated.

4) Excuses from the NEC regarding use of the QR codes.

The NEC claims that the reasons for using QR codes are because they are:  1) Effective in fighting counterfeiting; 2) Superior in stability and recovery of data; 3) Easier to use than to print a 31-number sequence on a 10cm width (3.0 inches) ballot paper. 

Regarding these excuses from the NEC:  1) There is no need to deal with counterfeit-prevention on election day, but only for early voting ballot papers?  Does that mean that the early voting system is that much at risk of counterfeiting?  This is a question that must be asked, and answered, and in the lawsuit that has been filed if there is a recount that is done, there must be an analysis of the QR code that is supposedly effective in fighting counterfeiting, we cannot stress this enough. 

2) If the reason for using AR codes is because of its superior data retention in case of damage, then why did the NEC set the recovery rate (ECL) at LOW, instead of HIGH?  This too must be answered. 

* When the recovery rate is set to LOW, a QR code can be recovered at 7% in case of damage, but when it is set to HIGH, even if 30% of the code is damaged, data recovery is possible. 

3) When the 31-number sequence in a barcode (that is also contained in the QR code) is printed on the ballot paper, it only measures 5.6 cm (2.2 inches), so as you can see on the PPT slide, there is plenty of space on the ballot paper to accommodate the full length barcode. 

So, the NEC’s explanation on the reasons why they must use a QR code instead of a barcode, at the risk of breaking laws, is not justified. 

5) The cause for concern regarding encrypted data in the QR codes via steganography. 

The biggest concern in using QR codes is the fact that it can be encrypted.  The Glossary of Communications and Technology states that QR codes can be encrypted, and many scientific papers have analyzed and explained also that encrypted data can be inserted into QR codes.  Furthermore, the Japanese company Denso Wave also sells its proprietary product called the SQRC (Security QR code), which has wide commercial applications. 

SQRC (Security QR code) can have open information, as well as encrypted information put into the code, and the open information can be read by all regular QR code scanners.  However, the private/encrypted information can only be read if the scanner has the encryption key inputted beforehand into the scanner.  Therefore, the NEC claims that the QR codes used only have the 31-number information, and even if encrypted, private information is included in the QR code, if there is no special scanner available, or if the encryption key is not known, there is no way to find out if the particular QR code indeed has encrypted/private information.  That is why the use of QR codes on ballot papers must be prohibited.  In South Korea, it is illegal for regular citizens to possess firearms.  It is not only a crime to pull the trigger and kill someone, but the reason why unlicensed people having firearms is illegal is because as long as one possesses a firearm, there is increased possibility in using that firearm and shooting someone. 

The task before us now is to find out whether the QR codes used in this most recent, 21st general elections have encrypted/private information contained in them.  We can turn to white hat hackers to find out if QR codes used on the early voting ballot papers have steganographic technology used, and in the case that encrypted data is discovered, we must then find out what type of encrypted, private information was stored – this is the task that we must see through to the end, and with this I conclude my presentation. 

LEAVE A REPLY

Please enter your comment!
Please enter your name here

latest Article