Oct 06 2010
I really respect the work folks like J. Alex Halderman and the other folks at the Freedom to Tinker blog do. We all know there’s a lot of corruption, or at least room for error, in the real world voting infrastructure. It’s understandable, there are a lot of edge cases and special considerations that make subverting the process on purpose or by accident almost a requirement. But we have a lot of checks and balances in place to detect and hopefully prevent the vast majority of the subversion of the voting process. Simply having a physical ballot that has to be counted goes a long way as a detective measure. But as we move quickly towards an online, electronic voting infrastructure, we lose one of the most basic protections of our voting process, that same physical token, the ballot.
And the companies building the various evoting solutions aren’t helping matters any; the majority of these companies espouse how secure their systems are without ever letting an independent third party test them. Indeed, in many cases, they fight tooth and nail if anyone so much as hints that independent testing might be a good idea. Or worse, someone tries to test a voting solution without their explicit permission. And as most people in security know, even if you don’t allow testing by qualified security personnel, any product that is exposed to the Internet is going to get plenty of ‘free testing’ whether you want it to or not.
So I was very pleasantly surprised to see that Washington DC had decided to open up their new ‘Digital Vote by Mail’ pilot project to testing early and a group of researchers had taken them up on the challenge. Not surprisingly, J. Alex Halderman and his crew were able to subvert the system and make it jump through nearly any hoop they wanted. They found a vulnerability in the underlying system that encrypts the pdf ballots that allowed them to create a shell-injection attack and take over. This vulnerability had nothing to do with Adobe, so don’t blame them this time. After that, they could do anything they wanted to the system.
Surprisingly, it looks like the folks at the DC Board of Elections and Ethics believe they have the problem solved; they’re opening the site to testing again until this Friday. They’ve made a the sourcecode available, you can request you’re own testing credentials, you can play with the live application. I have to give them kudos, they’ve done nearly everything I could ask for when it comes to rolling out an eVoting system. About the only thing I wish they’d do is give the testing more time, but at that point I’m just whining about details. I’m hoping they can make it work to give everyone who’s overseas a chance to vote quickly and easily.
One last thought: This solution may be secure by November, but will it remain secure? It’s a computer system, it will require patches, it will have configuration changes made by system administrators. So will they be able to maintain it in a manner that will prevent other vulnerabilities from creeping in? In the long run, I’m almost certain the answer to this question is no, since we have multi-billion dollar companies and governments that can’t effectively secure their own systems. And the bad guys only need to find one hole in the system, as we all know.