Recently, the local election board in Washington D.C. developed an online voting systems so that its residents who are abroad or serving in the military would be able to vote online. This would improve the efficiency of the elections, so that the board would not need to mail ballots abroad and then have to wait for the ballots to be returned by mail. Given the security concerns around the need for integrity of data concerning elections, the board made the decision to publish its source code and server setup information to the public, thereby allowing the public to test the system for vulnerabilities.
While the majority of the feedback the board received were from Mac users with usability concerns, by the end of the week, a group of University of Michigan students had hacked the server, modifying the site to play the school's fight song. This prompted the board to take down the online voting capabilities. The replacement: downloadable ballots that are to be printed out and mailed back to the board. At least they've managed to cut down their postage costs.
This hack sheds light on the issue of computer security as more areas move toward electronic voting. In addition, this public vulnerability test could come back to haunt the Washington DC board later. If they decide to bring online voting back (as they claim they will for 2011) and the voting system is based on the code they released, attackers could be able to determine other vulnerabilities from the code that were not identified in this trial. Furthermore, posting downloadable ballots may not be a fully appropriate solution without additional safeguards put in place server-side, as an attacker could modify the files that are downloaded - for example, removing or adding candidates to the ballot.
Source: http://www.washingtontimes.com/news/2010/oct/5/students-hack-dc-online-voting-system/
Thursday, October 7, 2010
Subscribe to:
Post Comments (Atom)
Posts
It seems obvious to me that there would be security issues with a voting system that takes place solely over the internet, but this blog also brings to mind the potential security issues with all types of electronic voting. Electronic voting technology includes punched cards, specialized voting kiosks, optical scan voting systems, and voting via telephones, computer networks, and internet. The benefit to electronic voting is very large, including increasing efficiency and productivity, no risk of not having enough ballots at any given location, and decreasing the cost because there is not need to print millions of ballots. Although it can be argued that the extra cost of running the electronic voting systems is greatly than the money saved from not having to print extreme amounts of ballots, the main concern that I initially have is about the security of the system. "A fundamental challenge with any voting machine is assuring the votes were recorded as cast and tabulated as recorded." The most common electronic system is a direct-recording electronic (DRE) system, and some researches from the National Institute of Standards and Technology find fault in the DRE's "inability to provide for independent audits of its electronic records," leading to a difficulty in error and fraud detection. Some of the technologies that pose a solution to this include cryptography, paper verification, audio verification, and dual recording systems.
ReplyDeleteIt is not only the software that poses as a security threat but the also the hardware. With so many different voters having access (usually privately) with voting machines, it is important to ensure that the hardware is not at risk of tampering. There are review methods and testing procedure that can detect fraudulent code and/or hardware. Also a verifiable paper trail can help to prevent insertion of foreign hardware and software. In many cases security seals are used to detect tampering, however testing has revealed that these seals can be easily defeated. Many experts suggest that is it best to release the voting software to the public for inspection.
In conclusion, electronic voting security is something that should be taken very seriously. Studies show that in the 2000 U.S. Presidential election the outcome could have been changed had only two votes from each precinct been changed. The consequence for a small error of security breach in the system can be very drastic, so there needs to be absolute confidence in any electronic voting system that is implemented. At this point in time I do not believe that we have that absolute confidence, but it is something to strive for considering electronic voting would significantly increase the efficiency of the voting process.
http://votingmachines.procon.org/
http://en.wikipedia.org/wiki/Electronic_voting#Direct-recording_electronic_.28DRE.29_voting_system
The idea of online voting has obvious benefits as it makes access to elections easier for voters. With that said there are also inherent issues with the online voting system. The Washington Post article unveils the Board of Election and Ethics attempt to test its online voting system by permitting American citizens to find faults with the systems. While it seems with some information provided by officials aided several University of Michigan students in hacking the system, I do not think it is reason to give up on the online voting. Currently, the Board has resorted to permitting voters to download ballads, fill them out, and then send them back which cuts cost of postage for absentee voting. I am impressed the Board of Elections & Ethics publicly tested the system before running it in the 2011 elections. I propose that they utilize more trial and error runs of the system until it can be perfected. While the idea of online voting seems frightening because of the risks of insecurity and tampering with elections I think the Board can find a way to properly protect the information and monitor the process so that this more efficient and less costly means of voting can be implemented.
ReplyDelete