E-voting in French election requires out-of-date Java plugin, blocked by Firefox

France is trying e-voting for the first time in the upcoming legislative elections, for French voters residing outside of the country (one million voters), and it’s defective to an amazing extent — even by e-voting standards.

It requires the Java plug-in. Not only that, but it doesn’t even work with the latest version 1.7 of it, and requires the outdated version 1.6, which of course is blocked by Firefox for security reasons.

As a result, the French government (still same link) is going as far as asking voters to use another browser!

Only the Oracle version of Java is supported. OpenJDK is explicitly unsupported.

Update: It seems that Firefox doesn’t block the newest revisions of Java 1.6 (only 1.6.30 and below are blocked). Assuming that’s correct, the French government’s message asking users to switch to a different browser is unfounded.

9 Responses to “E-voting in French election requires out-of-date Java plugin, blocked by Firefox”

  1. Jesper Kristensen says:

    At least the French only have to deal with that every few years when there is an election. In Denmark we have to deal with things like that whenever we use our home banking or log in to any government website.

  2. AV says:

    java 6 isn’t outdated, using the latest release (6 update 32) should be fine

  3. I’m pretty sure that some consulting company was paid good money to develop this abomination. And now they are trying to save face by giving people ridiculous advices on how to work around their shortcomings. And the worst of it – they likely chose Java to try security by obscurity.

  4. @AV: That’s something that their developers apparently missed. They clearly recognized that old Java versions have security issues which is why Firefox blocklisted them (they say that explicitly). But they don’t recommend updating to Java 6 update 32. Neither do they recommend temporarily enabling the plugin manually (it’s a soft block so this is possible). They go for the worst possible solution: keep the insecure Java version and use a different browser that isn’t as concerned about user’s security (their recommendations also include outdated Firefox versions which have enough issues of their own). I’m sure that French tax payers are “happy” with how their money is being spent.

  5. AV says:

    @wladimir: I was referring to the blog post, where it’s written like java 6 is insicure and 7 is secure.

  6. Dan says:

    Yes, it’s not 1.6 in general that is blocked by Firefox, but 1.6.x, where x < 31 (I believe).

  7. Hub says:

    When I complained to whoever is in charge I got a reply telling me that whoever did the security validation approved it.

    *sigh*

    The French Pirate Party is all over it.

  8. Simon says:

    Yeah, not surprising that they don’t support Java 7. It’s only in the last few months that Oracle started encouraging non-developers to use it, so Java 6 is what people actually have installed.

  9. Hub says:

    Also I have to add, it is the same company that had the failing NDP leadership voting system.

Leave a Reply