Tuesday, October 19, 2010

Does the DC Fiasco Damn Internet Voting?

This year the DC Board of Elections had a great idea. DC had a bad reputation for sending absentee ballots out to its voters in the military so late that the poor voter didn’t have time to mail the thing back before the end of the election. (The Pew Center chided DC for this in their 2009 study “No Time to Vote.”)

So DC hired some programmers who said they could set up an Internet voting system. This would enable the overseas voter to request an absentee ballot, vote it, and return it – all in just a few minutes. No more wasted time, or uncertainty about whether your ballot arrived in time or got counted.

But what DC officials apparently did not know is that the guys they hired are long-time anti-Internet voting advocates. After getting the contract, instead of boasting about their success, they posted an apology to their fellow anti-Internet voting groups. You can see this at http://www.trustthevote.org/dc-pilot-project-facts-vs-fictions-osdv-viewpoint

Greg Miller posted the apology. You can see him and John Sebes taking part in a panel sponsored by the anti-Internet voting Overseas Voting Foundation, at
http://www.youtube.com/user/OverseasVote#p/c/71DC2AFC2F476CBB/0/Ne0qiIsvqf8

Lo and Behold, within 36 hours from the time the DC system went online for testing, a “white hat hacker,” Alex Halderman, University of Michigan computer science prof, lead his class on a real adventure. They hacked the system. In it they found personal voter info, including names, PINs, and passwords. They changed all the votes that had been made, to favor their candidate. They set up the system so that all future votes would favor their candidate. Then they left a calling card: they installed the UM football fight song. The system was supposed to have an intruder detection and alarm function, but it did not work. DC officials only learned about the hack after receiving complaints about the song.

Of course all the anti-Internet voting extremists have had a field day with this event. Brad’s Blog and Verified Voting, for example, are full of triumphal proclamations about the complete and utter failure of Internet voting.

Not only did DC officials hire the guys who built this system, but after it was hacked they invited Halderman and a couple of professional anti-Internet voting extremists to appear before them. After giving Halderman time to crow, one of them submissively asked him if Internet voting could ever be done securely. Yes folks, she asked the fox how to protect the hen house! (See it at, http://www.youtube.com/watch?v=LaR7n5PI_aE ) Of course, he sagely informed her that it cannot be done.

However, at the same time, West Virginia has had terrific success with its professionally built Internet voting system. Secretary of State Natalie Tennant was so happy with the results of that system in this year’s primaries that she requested the state legislature to expand the program to include more overseas voters. (See http://www.statejournal.com/story.cfm?func=viewstory&storyid=81145 )

Tennant reports that the Internet voting participation was twice that of the mail-in voting participation, and that “we received no negative feedback of the pilot program.” (See
http://csrc.nist.gov/groups/ST/UOCAVA/2010/PositionPapers/ZICKAFOOSE_WestVirginiaUOCAVA.pdf )

The legislature studied the security issues and performance, and granted Tennant’s request.

Not only that, but at least eight European nations and several provinces in Canada have been conducting Internet voting trials for years without any problems. (See Electronic Elections, Hall and Alvarez, page 71.)

So, what is to be learned from the DC fiasco? First, given the degree of competence shown by DC officials, perhaps their bid for statehood should be put off a bit longer. Second, never hire anti-Internet voting extremists to set up your Internet voting system. Like one wag on Slashdot suggested, this system appears to have been “designed to fail… just to make the [anti-Internet voting] idea shine.” (See comment by “Cylix” at, http://politics.slashdot.org/story/10/10/09/1750214/DC-Internet-Voting-Trial-Attacked-2-Different-Ways#topcomment )

A third lesson is to look at all the facts about Internet voting successes, and not just this one example of all around incompetence (if not designer sabotage).

1 comment:

William J. Kelleher, Ph.D. said...

SULEMAN RESIGNS!
D.C. Board of Elections and Ethics Executive Director Rokey Suleman resigned this week. The DCBOEE has launched a nationwide search to fill the position. No word yet on Suleman’s next moves. http://www.pewcenteronthestates.org/report_detail.aspx?id=85899362494
Rpt 7-28-11