Saturday, October 30, 2010

Breaking News!

The Washington Post has just published an article by anti-Internet voting extremists Epstein, Simons, and Jefferson. They make the ridiculous claim that the DC hackers did the nation a service. But, the paper also printed my critique, and my suggestion that the hack may have been a conspiracy. Go to
(Copy and paste)
Hearing both sides, folks can decide -- DC hackers: good guys or conspirators?

Friday, October 29, 2010 Dodges Debate on Internet Voting Security!

I tried to balance out this anti-Internet voting propaganda with facts and commonsense, but would have none of that. Apparently, they only want to see one side. I wouldn’t have bothered to disillusion them, but for two reasons I had to persist. One is that the author is a worshipper of St. David Jefferson, and the other is that John Sebes has joined the love fest (he’s an insider on the DC fiasco).

Why won’t any of these True Believers engage me in an intelligent debate? (Do they all share a lack of courage? Sebes has even deleted my efforts to engage him on his blog; right, John?)

So, here is the propaganda piece, and my forbidden reply:

E-voting: How secure is it?

More than half of all states in the U.S. will allow some kind of internet voting this year. But security experts say it's a mistake and puts the nation at risk.

By Joan Goodchild, Senior Editor, October 28, 2010 — CSO —

Election fraud and vote tampering is as old as government. Before the American Revolution, most voting was done by voice. Voters would call out their pick for all to hear, which lead to intimidation and other nefarious tactics by those hoping to impact election results. The creation of the secret ballot was an improvement, but brought with it another host of possible modes of manipulation. In a quote that is now famous in American history, corrupt politician and Tammany Hall leader Boss Tweed often told constituents to 'vote early, and often.'

But surely, by 2010, with technology as sophisticated as it is and elections as regulated as they are, any voting system rolled out these days is no doubt fool-proof and iron-clad in terms of security, right? Not so, say some voting security experts. And, in fact, it's technology that makes new voting systems dangerous.

Back in 1999, David Jefferson, a computer scientist at the Lawrence Livermore National Laboratory and chairman of Verified Voting, an organization that monitors security of election systems, first began examining the issue of electronic voting, specifically internet voting, as technical chairman of a task force set up by the Secretary of State in California. "The original idea was that internet voting was a fine idea, and the only question was how best to deliver this capability to the citizens of California," recalled Jefferson. "The vision was people would be able to vote from home with computers, in their pajamas, or they could vote on the road, from the hotel, or from an Internet café. At any time, from anywhere. But as we studied the issue more carefully, we realized that it was a hopelessly dangerous concept."

The result, said Jefferson, was a report authored by the group advising election officials not to proceed with internet voting, at least not for a very long time. And in the 10-plus years since the report was released, Jefferson says the concept of internet voting has become no more secure.

Yet many states, in an effort to allow military and other overseas citizenry to vote, have opted to adopt it, much to Jefferson's amazement.

According to the Verified Voting, more than 30 states will allow ballots to be cast by email, fax or online this year. "This is a national security issue," said Jefferson, who vehemently opposes internet voting as much today as he did in 1999. "In elections, we are electing the President and the members of Congress who are going to make law and run the government of the United States. But we can expose the election infrastructure to cyber attacks by anybody in the world. That's what we do when we conduct online elections."

Case in point, according to Jefferson, is the recent demonstration by a team of students led by University of Michigan professor Alex Halderman. The group managed to easily hack into an internet-based system for overseas and military voters that the District of Columbia planned to test in the November election. Along the way, the team also found evidence the system had been penetrated by both Iranian and Chinese hackers.

"One of the great fears in an internet election is that you are exposing our votes to manipulation by foreign powers," said Jefferson. "I just consider this to be a major national security risk; a totally unnecessary, needless risk and it's shocking to me that election officials turn away from this. They don't want to hear it, and they certainly don't want to do anything about it." [THEY don’t want to hear it! Ed]

"As we moved to mechanical voting machines a century ago we moved into the era of Dilbert's boss administering technology he didn't understand," said Douglas Jones, an associate professor in the Department of Computer Science at the University of Iowa and a scientific expert serving on the federal Election Assistance Commission's Technical Guidelines Development Committee. "We're still there. We've advanced the technology and Dilbert's boss knows more now than he did a century ago. But he still doesn't know enough to master the system he's running."

Jones says elections officials in D.C. deserve a lot of credit for allowing the pilot system to be opened up to public test before actually using it in an election, even if it was done late and exposed serious problems. But he fears these kinds of precautions aren't being taken in smaller municipalities around the country with limited funds.

"The people in the D.C. election office who were administering the servers were people who have a lot of experience administering servers in the closed world of classical elections with no internet connections and no outsiders to deal with," said Jones. "This is evidence that the election office wasn't anywhere near up to administering a machine that was connected to the public internet. And the Washington D.C. people actually have a staff of professionally-trained people who know what they're doing. You can't say that in your typical county. The large, urban counties have resources in their election offices that average county doesn't have."

On-site electronic voting machines also risky
Both security experts also point to electronic voting machines as security risks, too. Electronic machines that allow votes to be cast at precincts without paper became popular after the 2000 U.S. Presidential election, and the now famous "hanging chad" controversy. But even these machines, used in a closed-precinct environment, still make Jefferson uncomfortable because of the possibility of vote tampering.

"The paperless, electronic-voting machines, machines in which there is no paper trail, and no way of auditing those machines, are a major security risk. But there are many election officials, even entire states, that insist they can conduct elections strictly with electronic-voting machines and that there are no security risks with it."

The lack of auditing inherent in many types of these kinds of machines causes controversy regularly. In fact, a conservative watchdog group in Nevada is currently embroiled in an argument with voting machine technicians in one county that are represented by the union SEIU. The group, Americans for Limited Government, wants state officials to intervene and ensure SEIU workers who operate the machines don't skew the results in favor of Senate Majority Leader Harry Reid, the union-endorsed candidate. Issues like this crop up every election season, noted Jefferson. Still, it's internet voting, and it's possible widespread adoption, that keeps him up at night.
"Internet voting is really this year's voting problem and I have to say it's about a thousand-times worse than the security risk of straight electronic voting machines in precincts," he said. [end]


This article is a tad one-sided. The message it conveys is that “some voting security experts,” like David Jefferson and Douglas Jones, have sure-fire knowledge about the insecurity of Internet voting, while all the government officials who are trying it are clueless. Of course, it is not only the local election officials who do not understand, it is all those who have advised them along the way. That includes the experts who set up the systems now being successfully used by West Virginia and Arizona.

Six years ago, the Department of Defense had an Internet voting system ready to be used by a group of 100,000 overseas volunteers. Jefferson was one of the four rouge computer scientists who, with the help of the New York Times, publicized a pack of really scary stories about what a “catastrophe” would occur with Internet voting. One example is, “you are exposing our votes to manipulation by foreign powers,” an old refrain used again in Ms Goodchild’s article. Frightened out of his wits, Assistant Secretary of Defense, Paul Wolfowitz, who was also angling for the presidency of the World Bank, ordered a halt to the program. (He got the job.)

That was in 2004. Since then Internet voting has been tried with repeated success in some provinces in Canada, and in several nations in Europe. Hall and Alvarez write that no security, or other, problems have been reported. (Electronic Elections, page 71.) The voting security experts who built these systems must also be deluded, if Jones and Jefferson are to be believed.

But the repeated success of Internet voting trials around the world seems to belie the cries of “wolf!” that alarmists like Jefferson have made a career on. Their scary stories appear to have no basis in experience, with the sole exception of the recent DC fiasco. (For more details on this see “Scary Stories Fail to Stop Internet Voting” )

Also, Bob Carey, head of the Federal Voting Assistance Program, announced at a recent meeting that the Department of Defense has decided to restore the old SERVE system, with all the updates now available. (Citation given in “Scary Stories”)

Ms Goodchild’s article refers to the DC hack as if it were evidence in favor of the case made by Jefferson et al. But all the facts have yet to be discovered. For instance, the team at Trust the Vote, who built the DC system, have been, like Jefferson, long-time critics of Internet voting. Why did they submit a bid to build the system? Why did the DC officials hire them, as opposed to the companies that built the West Virginia and Arizona systems?

One observer wrote on Slashdot, not me, that the system seems designed to fail. Could that be true? Was the very construction of the system an insider attack? After a decade of crying “wolf!” without any actual facts to point to, the anti-Internet voting activists needed something tangible. The DC fiasco seems to be just what the doctor ordered.

Since John Sebes has joined the discussion, perhaps he can address some of these questions. (For more on this, including citations, see “Does the DC Fiasco Damn Internet Voting?” )

The Internet voting security debate has been one-sided for far too long, with the alarmist squeaky wheel getting all the attention. would be an excellent spot for an intellectually honest engagement of the issues.

William J. Kelleher, Ph.D.
Fri, 2010-10-29 18:48
"Your comment has been queued for moderation by site administrators and will be published after approval."

Saturday, October 23, 2010

Scary Stories Fail to Stop Internet Voting

Go to for revised version -- free read or download

Tuesday, October 19, 2010

Does the DC Fiasco Damn Internet Voting?

This year the DC Board of Elections had a great idea. DC had a bad reputation for sending absentee ballots out to its voters in the military so late that the poor voter didn’t have time to mail the thing back before the end of the election. (The Pew Center chided DC for this in their 2009 study “No Time to Vote.”)

So DC hired some programmers who said they could set up an Internet voting system. This would enable the overseas voter to request an absentee ballot, vote it, and return it – all in just a few minutes. No more wasted time, or uncertainty about whether your ballot arrived in time or got counted.

But what DC officials apparently did not know is that the guys they hired are long-time anti-Internet voting advocates. After getting the contract, instead of boasting about their success, they posted an apology to their fellow anti-Internet voting groups. You can see this at

Greg Miller posted the apology. You can see him and John Sebes taking part in a panel sponsored by the anti-Internet voting Overseas Voting Foundation, at

Lo and Behold, within 36 hours from the time the DC system went online for testing, a “white hat hacker,” Alex Halderman, University of Michigan computer science prof, lead his class on a real adventure. They hacked the system. In it they found personal voter info, including names, PINs, and passwords. They changed all the votes that had been made, to favor their candidate. They set up the system so that all future votes would favor their candidate. Then they left a calling card: they installed the UM football fight song. The system was supposed to have an intruder detection and alarm function, but it did not work. DC officials only learned about the hack after receiving complaints about the song.

Of course all the anti-Internet voting extremists have had a field day with this event. Brad’s Blog and Verified Voting, for example, are full of triumphal proclamations about the complete and utter failure of Internet voting.

Not only did DC officials hire the guys who built this system, but after it was hacked they invited Halderman and a couple of professional anti-Internet voting extremists to appear before them. After giving Halderman time to crow, one of them submissively asked him if Internet voting could ever be done securely. Yes folks, she asked the fox how to protect the hen house! (See it at, ) Of course, he sagely informed her that it cannot be done.

However, at the same time, West Virginia has had terrific success with its professionally built Internet voting system. Secretary of State Natalie Tennant was so happy with the results of that system in this year’s primaries that she requested the state legislature to expand the program to include more overseas voters. (See )

Tennant reports that the Internet voting participation was twice that of the mail-in voting participation, and that “we received no negative feedback of the pilot program.” (See )

The legislature studied the security issues and performance, and granted Tennant’s request.

Not only that, but at least eight European nations and several provinces in Canada have been conducting Internet voting trials for years without any problems. (See Electronic Elections, Hall and Alvarez, page 71.)

So, what is to be learned from the DC fiasco? First, given the degree of competence shown by DC officials, perhaps their bid for statehood should be put off a bit longer. Second, never hire anti-Internet voting extremists to set up your Internet voting system. Like one wag on Slashdot suggested, this system appears to have been “designed to fail… just to make the [anti-Internet voting] idea shine.” (See comment by “Cylix” at, )

A third lesson is to look at all the facts about Internet voting successes, and not just this one example of all around incompetence (if not designer sabotage).