The District of Columbia’s Board of Elections & Ethics has suspended a program that would have permitted overseas and military voters to cast ballots anonymously over the Internet this coming November. Vulnerabilities, exposed by a team at the University of Michigan, allowed the researchers to access the database username and password and the public key used to encrypt ballots.
But DC BOEE Director of Information Services, Paul Stenbjorn, called it an important lesson and a step towards a transparent and secure voting system.
According to a blog posting Tuesday by University of Michigan professor, Alex Halderman, his team found a flaw that allowed them to change or reveal voters’ ballots. “Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots,” Halderman explained.
DC’s Digital Vote by Mail system was haled by officials as “a first-in-the-nation use of open source technology,” allowing voters to print and mail their ballot, or digitally mark and return their ballot over the Internet, anonymously. As part of the testing period BOEE released the source code through GitHub and encouraged the open source community to dabble.
In a response to the hack, Mr. Stenbjorn said, “When Alex Halderman and his students successfully hacked the system, we learned many valuable lessons about the security issues with the file upload mechanisms used in this software.” But more importantly, Stenbjorn posited, “we achieved a collaborative engagement with the computer science community that was working with elections officials in the early stages of developing a better model for future deployment.”
In an August meeting with the National Institute for Standards and Technology (NIST) on the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) academic participants rebuked all “intermixing of votes and the internet,” Stenbjorn said. “Little progress was made in developing best practices, risk models, or frameworks for collaboration,” so BOEE went their own way.
“Our goal was simple: determine if the application as developed passed muster, and if not, determine better mechanisms for security, transport and usability for future releases. The BOEE may have been the sponsor of this project, but our mission was to make this open source package freely available to all election officials.”
In his explanation of the attack, Professor Halderman said a small vulnerability had big consequences and that a number of other problems with the program indicates the brittle nature of such technology.
“It may someday be possible to build a secure method for submitting ballots over the Internet,” he wrote, “but in the meantime, such systems should be presumed to be vulnerable based on the limitations of today’s security technology.” Halderman concluded by saying a more detailed paper would be forthcoming.
As for Stenbjorn and the BOEE, Halderman’s hack has not seemed to assuage their ambitions. “We will continue this project and hope this interaction will serve as a model for future releases. We will stand up new revisions and invite the computer science community not only to attempt to hack the system, but come develop it with us.”
“Imagine what would be possible if the best minds in the country collaborated on developing robust, open source election software.”
Testing will continue through this Friday.