Dr. Barbara Simons visited Winthrop last Wednesday to speak to students about Internet voting. Her presentation was entitled “I Can Bank Online Why Can’t I Vote Online” and discussed the problems faced with online voting.
“What I want to convince you of is that Internet voting should be treated as a National Security issue,” Simons said as she began her lecture.
Simons explained that there are relatively safe ways to use the Internet for voting, but there are also unsafe ways. The safest way is by posting a blank ballot on a website and downloading the blank ballot. Though there are some problems, mainly making sure the ballots are correct, this is the safest way to vote online.
The unsafe ways to vote include sending a voting ballot over the Internet, voting on a website, sending a voting ballot as an email attachment, phone voting that uses the internet, and fax voting. Though these are unsafe, Americans use some of these methods while overseas when sending in their absentee ballots.
In South Carolina, all absentee voters apply for an absentee ballot by mail, e-mail or fax. This includes military and citizens overseas, also known as UOCAVA voters. Non-UOCAVA voters must return their ballots by mail only while UOCAVA voters can return their ballots by mail, e-mail, or fax. If UOCAVA voters do choose to return their ballot by electronic transmission they must sign a waiver giving up their right to a secret ballot.
The want to use Internet voting has been steadily increasing over the years. In the 2012 election, 31 states and Washington, DC allowed the electronic return of voted ballots and there has also been legislation for pilot voting introduced in several states.
“To me, if you are going to do a pilot it’s something you have to check afterwards and see if everything worked right,” Simons said. “But election officials sometimes don’t think in those terms. They think, a pilot: can people use this system? Are they happy with it?”
According to Simons the problem with pilots is that there is no way to know, if it is used for a real election, if it was secure and accurate because ballots are secret. With the secret ballot, election officials can’t check to make sure that the electronic version received through the pilot is the same as what the voter intended because they can’t ask the voter what their vote was.
Because of this, the only way for a pilot to be a true pilot is if it was a fake election. That way, officials could go back and check to make sure everything was correct between the voters and the electronic versions submitted.
So far there is only one pilot Simons knows of that has been a real pilot. It was held in Washington D.C. before the 2010 midterm election. The idea was for Internet voting to be used for UOCAVA voters. Election officials hired a group that develops open source software to develop the software for their election. The developers created the software but said to run a pilot first to test it. Two weeks before the election, the pilot was conducted and was open to anyone from anywhere to vote on it.
When people began to vote on the pilot, something strange started to happen. Fifteen seconds after people cast their ballot, the University of Michigan’s fight song began to play.
E-mails began to circulate about why this song played after every vote. The election officials in Washington D.C. responded to the e-mails by looking into their program. That is when they found out they had been hacked.
“They weren’t looking,” Simons said. “They only found out because of the e-mails. They were so confidant the system was secure they hadn’t been looking.”
The test was suspended later that day and three days later the online voting was canceled. Voters were able to download a blank ballot but they could not return a ballot over the Internet.
Alex Halderman, a University of Michigan professor, and a group of his students, performed the attack on the pilot. Within 36 hours of the system going live, Halderman and his team found an exploited vulnerability that allowed them complete control of the system.
While they were in control they were able to change already cast, as well as future ballots. They were also able to reveal voters secret ballots.
After the attack, Halderman testified at a hearing in D.C. and talked about what his team had learned while they were in the system.
Halderman explained that the D.C. officials had not changed the master password for the network. His team was able to find the password in the manual and the task proved not to be that challenging. They could also watch network operators configure and test the equipment. During the hearing, they brought video footage they had gotten off security cameras that they had complete control over. While in the system, Halderman’s team found probes coming from Iran and China.
There have been attacks on major corporations such as Google, Yahoo, Adobe, Facebook and Apple. Facebook announced that it had traced the hackers back to China, which had infiltrated employee’s laptops. They also believe they were attacked by the same hackers who attacked Apple.
“When Google can’t protect itself, when the FBI can’t protect itself, how do we expect local election officials who are underfunded, understaffed, have little to no access to any kind of computer security expertise, how are they going to protect themselves against being broken into if we allow them to run an election over the Internet?” Simons asked.
Although she lectures about the problems and threats to electronic voting, Simons doesn’t want to scare people away from actually going out and voting on Election Day.
“If you don’t vote, for sure your vote won’t be counted,” Simons said. “There is nothing to be gained from not voting, so please go vote.”