BRAD BLOG: PBS documentary exposes the insecurities of internet voting

February 21, 2012
Ernest A. Canning
news photo

 

Brad Friedman has often compared the task of Election Integrity (EI) advocates to a game of Whac-A-Mole. One moment they expose an "it's the machines transparency, stupid" moment when the 100% unverifiable ES&S iVotronic touchscreens announced that the unemployed and virtually unknown Alvin Greene had somehow defeated the respected circuit judge and former state legislator Vic Rawl in the 2010 South Carolina Senate Democratic Primary. The next moment we learned that DC officials had planned a live experiment to use "an untested and unverifiable Internet Voting scheme on real voters, in a real election…" --- an experiment that Friedman described as "insane."

More than 16 months after that disastrous experiment came to a crashing halt following a spectacular hack, as initially reported by The BRAD BLOG, the PBS News Hour produced a short documentary, Internet Voting: Will Democracy or Hackers Win? [see video above], which touched upon the D.C. Internet Voting Hack.

The now-legendary hack was carried out by a team of white-hat hackers, led by Univ. of MI Computer Science Prof. J. Alex Halderman. Within hours after D.C.'s 2010 Internet Voting scheme was opened to the world for a hack test (just days before it was scheduled to go live for the real thing), Halderman and his team of U. of M. students found and exploited a vulnerability which gave his group almost total control of the server software, allowing them to rewrite every single ballot and even take over command of the security cameras inside the D.C. server room. Team Halderman not only acquired the ability to change votes and install the Univ. of MI fight song to be played at the end of every vote cast, but discovered and thwarted an intrusion attempt by Chinese and Iranian computers.

Disturbingly, the new PBS documentary also reveals that, despite the spectacular failure and warnings from virtually every computer science and security expert, election and Pentagon officials are still pressing forward with what MIT Prof. of Electrical Engineering and Computer Science Ronald L. Rivest describes, as seen in the short PBS report, as an "oxytopian" solution. "'Secure Internet voting,'" Rivest charges, "is a bit like the phrase 'safe cigarettes'"...

The Revolving Door

In some instances, like that of Paul Stenbjorn, the former Executive Director of the D.C. Board of Elections and Ethics who first pushed for the live D.C. Internet vote experiment and was then embarrassed by the D.C. Internet Voting Hack, the persistent effort to damn the science, the scientists and the extraordinary failures to move ahead with Internet Voting anyway, might be explained by the fact that he subsequently became the Director of US Operations at SCYTL, a manufacturer of online voting and election systems.

Stenbjorn's new job underscores the EI advocates' fight against a long revolving door between private e-voting system vendors and the government agencies and election officials who are supposed to provide oversight for those very systems. See, for just one of many examples, our 2009 report: "Disgraceful: Discredited E-Voting Vendor VP Appointed to U.S. EAC Advisory Panel".

Reliance upon technology that does not exist

Where, in the PBS report, West Virginia Secretary of State Natalie Tennant (D) expresses certainty --- with no evidence to back it up --- that there has been "no breach in our votes," U.C. Berkley Computer Science Prof. David Wagner, who examined the SCYTL system, reported that there "is no known way to audit Internet voting."

If there is no way to audit the voting, there is no way to know whether the votes have been "breached" and accurately recorded as per the voters' intent.

Where Stenbjorn advanced the unscientific prediction that a secure system will be developed in the near future, Wagner, in the same report, noted: "It is not technologically feasible today to make Internet Voting safe against attack."

Stenbjorn and Tennant have made it their mission to push for Internet Voting nonetheless.

No security against insider threat

One shortfall of the otherwise excellent PBS report --- which includes interviews with a number of computer scientists The BRAD BLOG has turned to for years for their invaluable expertise on these issues --- is that it only examined the concerns of system security from the perspective of an outsider attack, like the one that occurred in the D.C. Internet Voting Hack.

Even assuming that it were technologically feasible to prevent an outside attack, this does not begin to address the far more immediate threat that, whenever there is a lack of transparency in how votes are counted, there is a risk that the count can be manipulated by insiders with access to any e-voting system, be it Internet, Direct Recording Electronic (usually touchscreen) voting machines or paper-based computer optical scan systems.

As acknowledged by virtually all computer scientists and security experts, and even confirmed by the highly compromised, GOP-operative-created Baker/Carter National Election Reform Commission years ago, the greatest threat to all such electoral systems comes from insiders. As even the phony Baker/Carter commission noted: "There is no reason to trust insiders in the election industry any more than in other industries." Thus, there is almost nothing that can be done to protect against such exploits.

"I follow the vote," CIA Cyber Security Expert Steven Stigall warned officials of the U.S. Elections Assistance Commission (EAC) in a 2009 presentation. "And wherever the vote becomes an electron and touches a computer, that's an opportunity for a malicious actor potentially to...make bad things happen."

Convenience is no substitute for democracy

During the PBS report, Bob Carey, the Director of the Pentagon's Federal Voting Assistance Program not only expresses the unscientific belief that a foolproof Internet Voting system will be developed within five to six years, but he also downplays the risks identified by computer scientists as "unfair to military voters."

The remark brings to mind a similar tactic used by proponents of 100% unverifiable touch-screen voting systems earlier this century, when they attacked critics of such systems as being insensitive to the blind, who, they claimed, needed such systems in order to vote without assistance. Then, opponents of such unverifiable e-voting machines were "unfair to the disabled," now, from the very same playbook, opponents of Internet Voting are "unfair to military voters."

Let's set aside the fact that those overseas military voters can and do vote on paper by absentee ballot, just as they did back in 1968 when I served in Vietnam. One would think that the one thing that would be more disturbing to a member of the U.S. military than the deprivation of his or her right to vote would be the discovery that the vote he or she cast was counted for the candidate he or she voted against!