The Czech Republic is traditionally considered a stable parliamentary democracy with elections that are free and competitive. Nevertheless, there is a part of the electoral process that remains without sufficient public scrutiny and opens the door to abuse or questioning of the results - and that is the digital processing of electoral data, including the dependence on private IT companies and the lack of transparent oversight.
Who processes the election results?
The Czech Statistical Office (CSO) is responsible for collecting and processing official election results in the Czech Republic. It processes the results from the individual precinct election commissions to the final publication. The system works by the commission manually counting the votes and entering the result into software that transmits the data to a central system. However, the system is largely run through external non-public IT contractors - specific names are not commonly known to the public, contracts are not standardly available and there is no public mechanism to check the software code as the calculation process is not open source to be transparent.
Hidden system vulnerability
1. Dependence on private companies. In some phases, the processing of elections is outsourced to private companies that provide application development, infrastructure and server management. While this practice may be technically logical, it creates a potential conflict of interest if any of the vendors come into contact with political actors, lobbyists, or security risk actors.
2. Lack of public scrutiny. Unlike in some Western countries (e.g. Estonia or Switzerland), where election software is open-source and subject to third-party audits, in the Czech Republic the public does not have access even to anonymised datasets in real time, let alone to background checks of IT solutions.
3. Threats from outside. The National Office for Cyber and Information Security (NCIS) has repeatedly warned of increased activity by hacker groups ahead of the elections. Although not yet officially successful, foreign attempts to breach the IT systems of the CSO or the Ministry of the Interior are no exception - DDoS attacks, phishing campaigns and vulnerability scanning are underway.
What are the scenarios?
Although physical ballots and manual counting at the precinct level provide a basic safeguard against tampering, most of the public no longer checks the "transmission phase" where problems can occur such as: data overwriting during entry, then data alteration during transmission to the central database, delays in publication of certain precincts, and finally susceptibility to "miscounting" or party confusion. In a close election, even a few hundred manipulated votes could overturn the result of an entire county - and no one would be able to independently verify this.
Why is there so little talk about it?
The topic of digital election security is not very attractive to the mainstream media - and often lacks political will from parliamentary parties because the system "works" and questioning its robustness can be seen as disrespecting institutions. In addition: some media outlets have personal or business ties to IT solution providers, journalistic technical literacy at the investigative level is often weak, and there is a lack of pressure from the public, who are content to accept that the elections "went as expected"
Is the electoral system manipulable?
There is no direct evidence of targeted manipulation of the Czech elections - but there are a number of structural flaws that could facilitate such manipulation if the will was there. In other words, weaknesses exist - and those who know them can exploit them. And what can the public do about it? It can create pressure for transparency, strongly demand that election software be open-source and auditable, and not least support organizations that monitor public procurement and IT tenders (e.g., Watchdog State, Reconstruction of the State). Yes, electoral scrutiny from below is the most important link in this process. We can get involved in election commissions, document the process of counting and make copies of the protocols.
Citizen data control
We should support real-time publication of anonymised data, e.g. via APIs. In other countries, this allows independent recalculations and modelling. Support for independent media is also key. Share quality investigaion, highlight potential conflicts of interest, and support media that report on issues without censorship. In the Czech electoral system, the problem is not the ballots, but invisible codes, scripts, contracts and algorithms. And once we lose trust in what happens "after the vote is entered into the system", democracy becomes an illusion. It's never too late to do something about it. But the time for digital electoral reform is ticking.
gnews.cz - GH
English 
Czech 
Spanish 
French 
Italian 
Russian 
Chinese 
German