The District of Columbia's plan to use a previously untried internet voting system for absentee ballots cast overseas has been raising red flags for a while. But now the ability of a team of computer experts to easily take over the system and reprogram it to play the University of Michigan fight song whenever a vote is cast has caused the whole scheme to be called off.
As blogger Brad Friedman reported on Monday, "The very short planned pre-election test phase, in which hackers were invited to try to manipulate the system, has been abruptly aborted in the wake of a, um, disturbing (if not wholly unpredictable) development,"
Initial accounts of the hack had passed it off lightly. The Asssociated Press story described it merely as "University of Michigan students hacked a prototype D.C. elections voting site and programmed it to play their fight song."
By the next day, Friedman had confirmed that "J. Alex Halderman, asst. professor of electronic engineering and computer science at the [University of Michigan], was, indeed, at the heart of the hack."
But the exploit -- which Boing Boing described as "Alex Halderman's totally epic hack of the DC internet voting system pilot program" -- turns out to have been far more serious and far-reaching.
As Halderman himself explains at his blog, Freedom to Tinker, "Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots."
"We collected crucial secret data stored on the server, including the database username and password as well as the public key used to encrypt the ballots," Halderman continues. "We modified all the ballots that had already been cast to contain write-in votes for candidates we selected. ... We also rigged the system to replace future votes in the same way. We installed a back door that let us view any ballots that voters cast after our attack. This modification recorded the votes, in unencrypted form, together with the names of the voters who cast them, violating ballot secrecy."
Following the hack, DC Board of Elections chief technology officer Paul Stenbjorn acknowledged that "the integrity of the system had been violated." He went on to say that "we've closed the hole they opened, but we want to put it though more robust testing. ... This is an abundance-of-caution sort of thing."
Halderman, however, appeared skeptical that more robust testing was the answer. "The specific vulnerability that we exploited is simple to fix," he noted at his blog, "but it will be vastly more difficult to make the system secure. We've found a number of other problems in the system, and everything we've seen suggests that the design is brittle: one small mistake can completely compromise its security. "
"Sounds like this Internet Voting thing for overseas and military voters," commented Friedman, "is as brilliantly thought out and executed as the electronic voting and concealed vote counting that nearly the entirety of the nation is currently saddled with at local polling places. Halderman, as we also noted yesterday, was also behind hacking Pac-Man onto a Sequoia touch-screen voting machine last August, as well as on the Princeton team which initially hacked Diebold's touch screen system with a vote-flipping virus back in 2006."