Security risks make web voting impossible
As the sales pitch goes, we ought to have the capability to vote online. After all, it’s the 21st century. We have phones that can watch feature-length films, and there are startups that want to start delivering tacos using unmanned drones.
It’s election season, and that means the blogosphere has picked up its usual penchant for discussing internet voting as a means for increasing voter turnout. On Monday, Edmonton, Canada opened its first pilot testing for absentee internet voting. Here at Whitman, we’re certainly no strangers to the concept: ASWC uses web voting for all of their elections, and it seems to work just fine. But Whitman is a small campus, and swaying an ASWC election seems a trivial prize at best for even a budding hacker. National elections are significantly higher-stakes.
There are a few key problems with web voting. The first is one of voter identification: It is really hard for someone to show up at multiple polling places throughout the country and impersonate multiple people on the same election day. Even within the same state, any sort of voter fraud would take a massive amount of time (and gas money). It’s just not feasible with our current system.
On the Internet, though, those barriers disappear. First, there’s no easy way to identify individuals securely. Email addresses can be spoofed. IP addresses don’t remain constant. Any techniques that have been developed for consistently identifying someone are far too technical for widespread adoption when it comes to something like voting.
Election officials encouraging web voting also have to worry about the security of the voting process itself. Electronic voting machines have a terrible track record of security and reliability, and they are designed to be used for secure, verifiable elections. As I have noted on multiple previous occasions, personal computers are usually far from secure.
If we were to ignore, for a moment, the host of challenges presented on the client side of a web voting equation, we would still be left with a system that is incredibly vulnerable to outside tampering. An illustrative example is that of the University of Michigan’s attack on Washington, D.C.’s absentee voting system in 2010. J. Alex Halderman, a professor at UM’s Ann Arbor campus, broke into the District’s voting system, which they opened to all attackers prior to the actual election.
Halderman and crew were able to determine past and future votes, alter those votes, and see identifiable information about voters. They had complete control over the election system. Perhaps more shocking was that it took people who were supposed to be monitoring the D.C. voting system 36 hours to notice there was something wrong, and they only figured it out then because the system had been reprogrammed to play the UM fight song after a ballot was cast. If the UM hackers hadn’t left a calling card, it seems unlikely they would have been detected.
While they had control over the system, the Michigan hackers noticed that there were computers with IP addresses in Iran, China, India and New Jersey attempting to break into the system as well. While the UM team was able to repel other attackers, their experience shows that an election system would be a hot target for hackers around the globe. Securing a system against threats of that caliber would be exceedingly difficult.
In essence, web voting is destined to remain a pipe dream, possibly in perpetuity. There are just too many issues, and elections are too important to trust to systems that can be broken easily. While paper ballots may seem like a clunky option in this modern age, in many ways, they provide levels of security that electronic voting just can’t match.
Filed under: Opinion