Internet voting is just too hackable, say security experts.. { so why is Cambridge using this system?}

By  | February 20, 2017 | 2 Comments | Filed under: uncategorized

SAN FRANCISCO – Three ballot initiatives have been proposed in California to require the state to allow online voting, but security experts and some voting officials say the technology is nowhere near secure enough for something so crucial as the democratic process.

“When people stop me in the supermarket and ask, ‘When am I going to be able to vote on my cell phone?’ I say ‘Pretty soon — in about 20 years,’” said Dana DeBeauvoir, the county clerk for Travis County, Texas.

She was one of three speakers Wednesday in a session on online voting and security issues at Enigma 2016, a computer security conference held in San Francisco.

So much of daily life now happens online, including shopping, banking, communication, that voters naturally wonder why voting can’t too, said J. Alex Halderman, a professor of computer science at the University of Michigan in Ann Arbor, Mich. who researches voting and security.

However, the ongoing litany of breaches, hacks and crashes in those realms are an object lesson in why voting shouldn’t happen there. It’s just too important, he said.

“Imagine the incentives of a rival country to come in and change the outcome of a vote for national leadership. Elections require correct outcomes and true ballot secrecy,” Halderman said.

Thus far, that doesn’t exist. The panelists said while there have been multiple attempts to build verifiable and secure online voting systems over the past 20 years, so far all have proved wanting.

Halderman and his students have hacked several. In 2010, the District of Columbia issued a challenge to see if anyone could hack into a system it was building to allow overseas military to vote via the Internet.

“My students and I couldn’t resist taking them up on it,” he said.

His team managed to subvert the system, change votes and even leave a ‘calling card.’ After voters cast their ballots, their computers would play the University of Michigan fight song.

This past spring, the state of New South Wales in Australia used a new online system called iVote in an election. However, Halderman and computer security experts from Australia’s University of Melbourne broke it within days.

“We were able to insert vote-stealing malware” into the system, Halderman said.

The team immediately disclosed the breach to election officials, but by then more than 66,000 votes had already been cast.

“We don’t have any evidence whether that vulnerability was exploited,” said Vanessa Teague, a professor of computer science and expert on electronic voting at the University of Melbourne in Australia, who was part of the team.

Her experience makes her unequivocal in her evaluation.

“Voting over the Internet is a really bad idea,” she said. “We haven’t yet solved important issues like authentication, dealing with malware, ensuring privacy and allowing voters to verify their votes.”

California measures

Internet voting is an area where people may be excited about a new idea but may not have the technological expertise to properly evaluate it, she said.

“They think, ‘Hey, we can vote in our bunny slippers and it’s going to be great,’” said Pamela Smith with Verified Voting, a non-partisan, non-profit organization that advocates for accuracy, transparency and verifiability of elections.

The impetus behind the California ballot initiatives appears to be the belief that online balloting will mean greater voter participation, Smith said.

Attempts in other countries seem to show that Internet voting only increases turnout negligibly. Efforts in Canada and Switzerland found that it only caused people to vote earlier but didn’t cause more people to actually vote, Smith told USA TODAY in an interview.

She noted the federal government spent a decade and a half and more than $100 million on a demonstration Internet voting project for military personnel overseas that included a program called SERVE, the Secure Electronic Registration and Voting Experiment. It was shut down by the Pentagon over security concerns.

“They just abandoned the effort,” she said.

So far, a risk versus benefit analysis doesn’t come down on the side of Internet voting, Halderman told the audience.

“It’s going to be decades, if ever, before the technology used for security is at the point where online voting can be done with confidence,” he said. “There’s just so much that can go wrong, and the need for it is not nearly so pressing as the risk.”



2 Responses to Internet voting is just too hackable, say security experts.. { so why is Cambridge using this system?}

    Gloria February 21, 2017 at 8:16 am

    Two things caught my eye in this article…the first is in regards to the democratic process, which is something that seems to be disappearing in Cambridge with bad decisions, closed door meetings and always being told that things are already a “done deal” when public information meetings are just starting. The second reflects the issue on “privacy”. Currently, internet voting requires that a person submit personal information and their email tothe city to get a password to access online voting. This would allow anyone to match up the “vote” with a particular individual taking away all “privacy”. So privacy and security are the 2 factors here that are of a huge concern and which is being ignored. If a computer requires an access code and that code was sent out via email, then anyone who can hack email or city records can find out this information and either change the vote or find out who voted for whom. Internet voting is saying goodbye to democracy, security and privacy.

    1. voting officials say the technology is nowhere near secure enough for something so crucial as the democratic process.

    2. “Voting over the Internet is a really bad idea,” she said. “We haven’t yet solved important issues like authentication, dealing with malware, ensuring privacy and allowing voters to verify their votes.”

    Maggie Smith February 21, 2017 at 4:36 pm

    Well said Gloria. And “why is Cambridge using this system” – really – I wonder why – the article above totally explains why – because it can be CONTROLLED. How do you think that Craig got in to the last two terms.
    Time to change so we have a good old fashioned vote – or go to Ranked voting – that is the new easy best fair way. What is so hard to understand about this. Especially after reading all the articles such as this one.
    People in Cambridge – wake up.
    Tonight we are going to see just what your Mayor is going to put one of his own Councillors through. Yes, Mike made a mistake – like the rest of us do – like Pam Wolfe did – but she could have KILLED someone – no apology from her was there.

Leave a Reply

Your email address will not be published. Required fields are marked *