E-voting: How secure is it?

Election fraud and vote tampering is as old as government. Before the American Revolution, most voting was done by voice. Voters would call out their pick for all to hear, which lead to intimidation and other nefarious tactics by those hoping to impact election results. The creation of the secret ballot was an improvement, but brought with it another host of possible modes of manipulation. In a quote that is now famous in American history, corrupt politician and Tammany Hall leader Boss Tweed often told constituents to ‘vote early, and often.’

But surely, by 2010, with technology as sophisticated as it is and elections as regulated as they are, any voting system rolled out these days is no doubt fool-proof and iron-clad in terms of security, right? Not so, say some voting security experts. And, in fact, it’s technology that makes new voting systems dangerous.

Also see What if the smart grid has stupid security?

Back in 1999, David Jefferson, a computer scientist at the Lawrence Livermore National Laboratory and chairman of Verified Voting, an organization that monitors security of election systems, first began examining the issue of electronic voting, specifically internet voting, as technical chairman of a task force set up by the Secretary of State in California.

“The original idea was that internet voting was a fine idea, and the only question was how best to deliver this capability to the citizens of California,” recalled Jefferson. “The vision was people would be able to vote from home with computers, in their pajamas, or they could vote on the road, from the hotel, or from an Internet café. At any time, from anywhere. But as we studied the issue more carefully, we realized that it was a hopelessly dangerous concept.”

The result, said Jefferson, was a report authored by the group advising election officials not to proceed with internet voting, at least not for a very long time. And in the 10-plus years since the report was released, Jefferson says the concept of internet voting has become no more secure. Yet many states, in an effort to allow military and other overseas citizenry to vote, have opted to adopt it, much to Jefferson’s amazement. According to the Verified Voting, more than 30 states will allow ballots to be cast by email, fax or online this year.

“This is a national security issue,” said Jefferson, who vehemently opposes internet voting as much today as he did in 1999. “In elections, we are electing the President and the members of Congress who are going to make law and run the government of the United States. But we can expose the election infrastructure to cyber attacks by anybody in the world. That’s what we do when we conduct online elections.”

Case in point, according to Jefferson, is the recent demonstration by a team of students led by University of Michigan professor Alex Halderman. The group managed to easily hack into an internet-based system for overseas and military voters that the District of Columbia planned to test in the November election. Along the way, the team also found evidence the system had been penetrated by both Iranian and Chinese hackers.

“One of the great fears in an internet election is that you are exposing our votes to manipulation by foreign powers,” said Jefferson. “I just consider this to be a major national security risk; a totally unnecessary, needless risk and it’s shocking to me that election officials turn away from this. They don’t want to hear it, and they certainly don’t want to do anything about it.”

“As we moved to mechanical voting machines a century ago we moved into the era of Dilbert’s boss administering technology he didn’t understand,” said Douglas Jones, an associate professor in the Department of Computer Science at the University of Iowa and a scientific expert serving on the federal Election Assistance Commission’s Technical Guidelines Development Committee. “We’re still there. We’ve advanced the technology and Dilbert’s boss knows more now than he did a century ago. But he still doesn’t know enough to master the system he’s running.”

Jones says elections officials in D.C. deserve a lot of credit for allowing the pilot system to be opened up to public test before actually using it in an election, even if it was done late and exposed serious problems. But he fears these kinds of precautions aren’t being taken in smaller municipalities around the country with limited funds.

“The people in the D.C. election office who were administering the servers were people who have a lot of experience administering servers in the closed world of classical elections with no internet connections and no outsiders to deal with,” said Jones.”This is evidence that the election office wasn’t anywhere near up to administering a machine that was connected to the public internet. And the Washington D.C. people actually have a staff of professionally-trained people who know what they’re doing. You can’t say that in your typical county. The large, urban counties have resources in their election offices that average county doesn’t have.”

On-site electronic voting machines also risky

Both security experts also point to electronic voting machines as security risks, too. Electronic machines that allow votes to be cast at precincts without paper became popular after the 2000 U.S. Presidential election, and the now famous “hanging chad” controversy. But even these machines, used in a closed-precinct environment, still make Jefferson uncomfortable because of the possibility of vote tampering.

“The paperless, electronic-voting machines, machines in which there is no paper trail, and no way of auditing those machines, are a major security risk. But there are many election officials, even entire states, that insist they can conduct elections strictly with electronic-voting machines and that there are no security risks with it.”

The lack of auditing inherent in many types of these kinds of machines causes controversy regularly. In fact, a conservative watchdog group in Nevada is currently embroiled in an argument with voting machine technicians in one county that are represented by the union SEIU. The group, Americans for Limited Government, wants state officials to intervene and ensure SEIU workers who operate the machines don’t skew the results in favor of Senate Majority Leader Harry Reid, the union-endorsed candidate. Issues like this crop up every election season, noted Jefferson. Still, it’s internet voting, and it’s possible widespread adoption, that keeps him up at night.

“Internet voting is really this year’s voting problem and I have to say it’s about a thousand-times worse than the security risk of straight electronic voting machines in precincts,” he said.