digitalization
IT expert: online general meetings with a security risk
Before the new government enables permanent digital general meetings as announced, important questions must be clarified from the point of view of an IT security expert from KIT. Photo: Uli Deck / dpa
© dpa-infocom GmbH
In the pandemic, a lot became possible virtually that was previously only conceivable in analog form. Company general meetings should remain digital even after the pandemic. However, this could involve risks.
Before the new government enables permanent digital general meetings, as announced, important questions must be clarified from the point of view of an IT security expert.
The online voting systems previously used for voting have weak points and are not certified by the Federal Office for Information Security (BSI), explained Professor Melanie Volkamer from the Karlsruhe Institute of Technology (KIT) on Tuesday. “So far, there are no clear requirements for the security of these systems and what assumptions about the operational environment and the attacker authority are acceptable.” The BSI would have to develop these first.
Wrong assumptions
For example, the systems used were based on the assumption that neither the end devices of the voters nor the election server would be manipulated, said the researcher. “However, these assumptions seem unrealistic if you look at media reports on cyber attacks or the BSI management report.” Volkamer heads the research group Secuso – Security, Usability, Society at Karlsruhe University.
General meetings of companies, for example, serve the purpose of bringing the management board, supervisory board and owners together to pass resolutions. Due to the corona pandemic, companies are allowed to do this online until the end of August 2022 without prior changes to the statutes. One of the questions asked was whether the digital format would restrict shareholders’ ability to ask questions.
Thought as a permanent alternative
After an online meeting in the summer, the justice ministers of the federal states spoke out in favor of making the virtual variant possible on a permanent basis as an equal alternative to the face-to-face meeting. In their coalition agreement, the SPD, the Greens and the FDP now write: “We enable permanent online general meetings while maintaining unrestricted shareholders’ rights.”
KIT scientist Volkamer also questions whether the notarial certification of the digital general meeting, which is mandatory for listed stock corporations, is possible: “Notaries can only carry out their task with regard to voting and elections if they can distinguish between a manipulated and a non-manipulated result . ” To do this, however, a technology is needed that really makes it possible to check who is voting and that the vote also corresponds to the wishes of the voter.