Identity verification device installed at an early voting station. [Photo=Yonhap News] 

The First Gateway to Guaranteeing the Right to Vote Has Collapsed

The essence of the controversy surrounding identity verification for early voting is not a problem with the equipment's performance. The core issue is that failure in identity verification can lead to the infringement of voters' right to vote.

If a vote is processed using someone else's ID, and the actual ID holder later arrives at the polling station only to find they have already voted according to the system records, this is not a mere on-site mistake.

This is an incident where the substantive opportunity to vote, which the state must guarantee, has been preemptively exhausted by the actions of another person.

The starting point of an election is not the vote count, but identity verification.

If the person presenting an ID at the entrance of the polling station cannot be verified as the actual eligible voter, then the subsequent procedures of issuing ballots, casting votes, and depositing them into the ballot box all become unstable.

Identity verification is the very first gateway that ensures a person votes only once, prevents voting under another's name, and guarantees that the actual voter casts their ballot directly according to their own will.

Therefore, this controversy is not a question of 'whether or not it has a fingerprint recognition function.' If the identity verification process failed to prevent voting with someone else's ID, then what has the Election Commission been using for identity verification until now? This question is the crux of the matter.

The Flaw in the Identity Verification Process Revealed by the Daegu Case

The early voting case in Daegu made this flaw a reality.

A voter presented their cousin's ID and completed their vote. When the actual ID holder arrived at the polling station later, they were already recorded in the system as having voted.

The Election Commission explained that they later guaranteed the actual voter's right to vote through administrative measures, but the core issue is not the subsequent action. It is why the identity verification process, from the outset, failed to detect voting with someone else's ID.

Furthermore, in this case, there was a fingerprint input procedure, but the fingerprint did not confirm the person's identity. Despite having their fingerprint taken, identity verification was not achieved. The ID scanning process also failed to distinguish between the ID holder and the actual voter.

Ultimately, the identity verification that operated on-site was not done by a machine, but by the naked eye of a person.

This incident revealed the weakest link in the early voting system.

Early voting offers the convenience of voting anywhere in the country. However, the ability to vote anywhere also means that accurate identity verification must be carried out everywhere.

The greater the convenience, the stricter the identity verification measures should be. Yet, the reality was the opposite.

The Principles of Universal, Equal, and Direct Suffrage Are Also Shaken

Failure in identity verification is an issue of infringing the right to vote.

According to the Constitution, elections are based on the principles of universal, equal, direct, and secret suffrage. If a vote is processed using someone else's ID, and the actual holder arrives at the polling station later to find they have already voted in the system, this first shakes the principle of universal suffrage.

Every citizen with the right to vote must be able to cast a ballot, but if their voting right is preemptively exhausted by another person's actions, their substantive opportunity to vote, which the state must guarantee, has been violated.

The principle of equal suffrage is also shaken.

Equality in elections does not merely refer to the format of distributing one ballot per person; it includes substantive equality, meaning that one person's vote is counted as only one vote's value. If voting under another person's name is possible, some people may effectively vote twice, while others may have their single vote stolen. This undermines the one-person-one-vote principle and the equality of vote value.

The possibility of infringing the principle of direct suffrage is even more apparent.

Direct suffrage means that the voter must cast their vote directly according to their own will. The moment a vote is processed using someone else's ID, that vote is not a direct expression of the ID holder's will. If the identity verification process fails to filter this out, the election management system has failed at the first gateway of direct suffrage.

The relationship with the principle of secret suffrage cannot be taken lightly either.

The core of secret suffrage lies in guaranteeing that it cannot be externally known whom one voted for. Of course, voting with someone else's ID does not immediately imply the disclosure of the cast vote's content.

However, if identity verification and the record of whether one has voted become unstable, the trust in who voted, who could not vote, and under whose name the vote was processed is undermined. The secure voting environment and procedural trust in elections, which secret suffrage presupposes, are inevitably damaged as well.

As such, failures in identity verification lead to issues concerning the constitutional principles of elections.

What we need to examine now is simple: what exactly did the device called an 'identity verification device' by the Election Commission verify?

Fingerprints Are Taken, But Not Used for Identity Verification

At early voting stations, voters present their ID and then place their hand or finger on what is called an 'identity verification device' to record their fingerprint. Seeing this, most citizens believe the machine compares the fingerprint with the ID information to verify their identity.

However, the actual structure is different. The fingerprint input on early voting identity verification devices is not a biometric authentication process that compares against resident registration fingerprint information. It is closer to a recording process to note the fact that a ballot has been received.

Under the Public Official Election Act, early voters must present proof of identity, have it verified, then press their thumbprint electronically or sign, and receive their ballots.

Even from the wording of the law, the thumbprint or signature is a procedure following identity verification. It is not a procedure for identity verification itself, but a procedure to confirm the receipt of the ballot.

The Election Commission has also explained in the past that the fingerprinting at early voting stations was not for verifying identity using biometric information, but for recording that the elector had received the ballot.

Therefore, while the scene of voters placing their fingerprints may appear to be a symbolic procedure for identity verification, it does not actually perform the function of identity verification.

The procedure that citizens understood as identity verification and the procedure that the Election Commission actually operated were different. This gap is the starting point of distrust.

Is It an 'Identity Verification Device' or an 'ID Information Recognition Device'?

The very name 'identity verification device' is problematic.

The identity verification devices in operation are, contrary to their name, not fingerprint-based identity verification equipment. Nor can they be considered devices that scan ID photos and compare them computationally with the face of the person present.

The currently known function is at the level of reading the textual information on the ID to link it to the integrated voter list lookup and ballot issuance procedures. In essence, this device is closer to an ID information recognition device or an ID scanner than an identity verification device.

Reading the inscribed information on an ID, such as name, date of birth, and resident registration number, is a completely different function from computationally comparing the person in the ID photo with the face of the person present.

The former is information input for list lookup, while the latter is a procedure for verifying actual identity. If the identity verification device does not perform the latter function, actual identity verification is still left to the visual judgment of the election officials.

The fact that the Election Commission scans ID information does not mean it constitutes identity verification.

Confirming whether the information on the ID exists in the voter list is a separate issue from verifying whether the person holding that ID is the actual holder.

The Daegu case demonstrated precisely this difference. There was a person on the list, but it was not screened whether the person present was that ID holder.

The Reality of Fingerprint Input Was Unknown to the Media and the National Assembly Too

The very articles reporting the Daegu case illustrate how little this issue was widely known.

The headline "Identity Not Verified Despite Fingerprint" is not just a simple event title. It is a sentence that shows how the public and the media have perceived the fingerprint input procedure at early voting stations as performing an identity verification function.

If it had been widely shared in society that fingerprint input was not identity verification from the start, such a headline would have been difficult to formulate.

The problem is more serious if this issue was not sufficiently shared even during National Assembly inquiries and budget review processes. If the National Assembly, which is supposed to monitor the electoral system and review the budget, was mistaken about the actual function of the identity verification device, then the introduction of equipment worth tens of billions of won and the operation of the early voting system have been packaged under the single label of 'identity verification device.'

The public believed identity was verified because they placed their fingerprints. The National Assembly accepted the name 'identity verification device' at face value. The media only addressed the fact that fingerprint input was not biometric authentication as a key issue after the actual incident occurred.

The problem is not a reporter's error. The problem is the system and the naming that allowed for such an error.

Voter Rolls Based on Resident Registration, Identity Verification Left to Visual Inspection

The Election Commission has consistently explained that direct linkage with the Ministry of the Interior and Safety's resident registration network is technically difficult. However, this explanation also needs to be precisely examined.

Connecting the Ministry of the Interior and Safety's resident registration fingerprint network directly to terminals at all early voting stations to compare the fingerprints of all voters in real-time is a matter requiring legal and security review. This is because fingerprints, once leaked, are biometric information that cannot be changed like a password.

However, this does not mean there are no ways to strengthen identity verification.

Furthermore, the voter rolls themselves are already compiled based on resident registration data. The head of a district, city, or county surveys eligible voters registered in their jurisdiction to compile the voter rolls, and a copy of this electronic data is sent to the relevant Election Commission. The Minister of the Interior and Safety can also process and provide necessary information, such as resident registration numbers, to support the compilation of voter rolls. The Election Commission is already utilizing resident registration-based information in the stage of creating and operating the eligible voter list.

So the question becomes simple.

While the voter rolls are received based on resident registration information, why was a resident registration-based verification system not put in place at the stage of verifying whether the person presenting an ID at the polling station is the actual holder?

This is not a matter of technical impossibility, but a matter of system design. What the Election Commission should be saying is not "linking is difficult," but "because linking is difficult, what alternative verification system has been put in place."

The Contradiction Between 'Unhackable' and 'Difficult to Link'

Moreover, the Election Commission has strongly refuted the possibility of hacking its election management computer network. It has also repeatedly explained that manipulating election results is impossible.

Therefore, the logic that even a one-time verification token method cannot be considered due to security risks does not add up.

If the Election Commission's network is so secure that it's unhackable, then it should be possible to consider a method where the Ministry of the Interior and Safety retains the original data and only verifies the eligibility of the voter on election day in a limited manner.

Conversely, if even such a method is risky, then the existing claim that the Election Commission's computer network is unhackable must be re-examined. The standards should not differ when the Election Commission says, "The computer network is secure," and when it says, "Linking for identity verification is risky."

If it claims to be secure, that security must be applied to strengthening identity verification. If it claims to be risky, that risk must be honestly explained for the entire election management computer network.

This is not a call for the Election Commission to permanently store copies of resident registration fingerprint data. In fact, such an approach requires caution from a biometric data protection perspective.

There are several possible methods.

> A method where the Ministry of the Interior and Safety retains the original data and only sends back match/no-match results to the Election Commission.

> A method using an encrypted one-time verification token that is immediately discarded afterward.

> A method combining mobile ID QR verification with resident registration card authenticity checks.

> A method where cases of manual entry are automatically flagged for audit.

> A method of implementing a two-person verification procedure for cases involving family members with similar appearances and addresses.

The Issue Is Not the Introduction of Fingerprints, But the Absence of Alternative Verification

The problem is not about insisting on the mandatory introduction of fingerprints.

The problem is that a device that does not verify identity using fingerprints is called an 'identity verification device,' and actual identity verification has been left to the visual comparison by on-site staff.

If a fingerprint input device is installed, its name is 'identity verification device,' and its actual function is limited to recognizing ID textual information and looking up the voter roll, then misunderstandings are inevitable.

What the Election Commission should have explained to the public and the National Assembly is clear: fingerprint input is not identity verification. Identity verification is the visual comparison of the ID photo with the face. The device merely supports ID information recognition, voter list lookup, and ballot issuance procedures.

However, if this explanation was not sufficiently provided, the term 'identity verification device' becomes an expression that gave the public a false sense of security.

Early voting was introduced to enhance convenience.

However, convenience cannot replace trust.

If a system allows voting anywhere in the country, it must also have safeguards to prevent voting under someone else's name anywhere in the country.

It is unconvincing to say that resident registration-based verification is difficult at the identity verification stage when the voter rolls are compiled based on resident registration information.

Questions the Election Commission Must Answer

Technical difficulties are not excuses, but the starting point for an obligation to improve.

> If direct linkage with the Ministry of the Interior and Safety's network is difficult, has the one-time token method been considered?

> Has a method of verifying only the match status without using the original fingerprint data been considered?

> Mobile ID QR verification, resident registration card authenticity check,

> Manual entry audit logs,

> Has a two-person verification procedure been prepared?

If it cannot answer these questions, the Election Commission's explanation will not be a technical explanation but merely an excuse to cover up inadequate identity verification.

The credibility of an election is not only shattered at the vote counting hall. It can be shaken at the entrance of the polling station, at the very first stage of presenting an ID and undergoing identity verification.

If identity is not verified even after taking a fingerprint, it is not an identity verification device. It is impossible to demand trust from the public with a device whose name differs from its actual function.

An identity verification device that fails to prevent voting with someone else's ID is not simply a faulty device. It is a device that has collapsed the first gateway to guaranteeing the right to vote.

If the Election Commission knew of this structure and allowed it to persist, it is a grave failure in election management that undermines the principles of universal, equal, and direct suffrage and even the procedural trust that secret suffrage presupposes.

The Election Commission must disclose the actual functions and limitations of the early voting identity verification device to the public. If fingerprint input is not identity verification, it must be disclosed as such.

If the identity verification device is merely an ID information recognition device, its name must be corrected. And above all, alternative verification systems to prevent voting with someone else's ID must be immediately established.

Failure in identity verification is not a device problem but a problem of infringing the right to vote.