Leak raises security concerns over Dutch voter help website

AMSTERDAM (Reuters) - A website used by millions of Dutch voters to test their political preferences was quietly keeping a tally of how many were matched with each party, a security researcher who penetrated the site said on Tuesday.

The discovery by researcher Loran Kloeze raised potential privacy concerns and sparked a debate over whether the site was biased. The leaked results showed the Labour Party, a junior party in the governing coalition, received the second most matches even though it is running sixth in opinion polls.

Kloeze said he had also found a rogue data field on the site in which someone had posted an insult, suggesting he was not the only person to have discovered a flaw in its security.

The leak comes at a time of heightened concern over cyber security after U.S. intelligence agencies concluded that Russia used cyberattacks last year to try to sway the outcome of the Nov. 8 election in favor of Donald Trump.

The Dutch government last week decided that all votes in the Netherlands’ March 15 election would be hand-counted, after the intelligence agency warned foreign governments could attempt to influence elections by hacking computer systems.

The “StemWijzer” or “voting compass” site asks potential voters 30 questions and then tells them which party best matches their opinions. An estimated 5 million Dutch took a similar test before the 2012 election, out of a population of 17 million.

Kloeze told Reuters: “They’re keeping a record of all the results. I’m certainly not saying that they are linking them to (users’) IP addresses, I simply have no idea. But if I can find this kind of vulnerability, and there are others, then confidence in the site is undermined.”

Organizers of the site said they had responded to the vulnerability detected by Kloeze as well as the data field entry, and all security issues surrounding the site had been resolved.

Spokeswoman Anita de Jong of the government-subsidized organization ProDemos, which built the site, said it was not intended to provide voting advice, only to educate voters. She said it was wrong to view the leaked results as a kind of popularity poll, as several politicians tried to do.

For instance, individual users often fill in the test multiple times to see how their results change when they change their answers, she said.

She denied an unduly high number of test-takers were being told that their political views aligned closely with Labour.

Labour leader Lodewijk Asscher tweeted that the leak had “exposed the popularity” of his party.

The leaked data showed the party of anti-Islam lawmaker Geert Wilders was getting the highest number of matches. His Party for Freedom is leading in opinion polls, slightly ahead of the conservative VVD party of Prime Minister Mark Rutte. The VVD got the third most matches, according to the leaked data.

The Dutch elections are being closely watched to see whether last year’s trend of anti-establishment votes in Britain and the United States will continue to the Netherlands and later France and Germany, threatening the cohesion of the European Union.

Reporting by Toby Sterling; Editing by Anthony Deutsch and Mark Trevelyan