Feels like ancient history at this point, but it was only 17 months ago that a group of computer science experts at the University of Michigan brought the city’s brief dalliance with Internet voting to an ignominious halt.
Professor J. Alex Halderman and his grad students managed to infiltrate an online voting test bed set up by the Board of Elections and Ethics weeks before it was to be deployed for the use of overseas absentee voters. The hack, done at the board’s invitation, included Halderman’s team gaining access to cameras monitoring the BOEE server room (seen above), embedding an audio clip of the Michigan fight song into a board Web page and changing the winner in one race to Bender, cartoon robot of “Futurama” fame. It took officials 36 hours to discover anything was amiss.
The Michiganders’ exploits are now immortalized in an academic paper presented last week at the Financial Cryptography and Data Security conference on the Caribbean island of Bonaire.
The authors use the hack to throw cold water on the idea that secure, reliable online voting could ever exist on the Internet as we now know it:
The D.C. BOEE should be commended for running a public test of their system. Their trial was a step in the right direction toward transparency in voting technology and one of the first of its kind. Nonetheless, we reiterate that adversarial testing of Internet voting applications is not necessary to show that they are likely to be weak.
Our experience with the D.C. pilot system demonstrates one of the key dangers in many Internet voting designs: one small mistake in the configuration or implementation of the central voting servers or their surrounding network infrastructure can easily undermine the legitimacy of the entire election. ... Securing Internet voting in practice will require significant fundamental advances in computer security, and we urge Internet voting proponents to reconsider deployment until and unless major breakthroughs are achieved.