About the DC Internet vote hack, Dr. David Jefferson says “Let there be no mistake about it: this is a major achievement, and supports in every detail the warnings that security community have been giving about Internet voting for over a decade now.”..The U. of Michigan team changed cast ballots to write-ins like HAL 900…
Verified Voting applauds the decision of the District of Columbia Board of Elections and Ethics to suspend their plan to offer overseas voters the dangerous option of returning their voted ballots by a “digital vote by mail” Internet voting system. The District’s plans to continue other Internet-based ballot return methods (including email and fax) for the District’s military and civilian overseas voters still raise concerns among voting security experts. DC election officials made the decision after inviting technology experts to hack the Board’s prototype voting system during a trial period. The test pilot was apparently attacked successfully shortly after it began by a team of academic experts led by Prof. J. Alex Halderman at the University of Michigan.
The attack caused the University of Michigan fight song to be played for test voters when they completed the balloting process. Full details of the hack and its impact on submitted test ballots are expected to become available in the coming days. In addition to the Michigan team’s breach of the voting system, Verified Voting’s Board Chair Dr.David Jefferson documented a very serious vote loss problem that caused voters to inadvertently return blank ballots while believing that they had submitted complete ballots. The disenfranchising bug was noted in at least two widely used computer/browser configurations. It is possible that the same problem would affect voters trying to use email or some fax systems to return voted ballots.
University of Michigan Prof. Alex Halderman has now released some details about his successful attack on the District of Columbia’s proposed Internet voting system which has been under test for the last week. (See www.freedom-to-tinker.com.) It is now clear that Halderman and his team were able to completely subvert the entire DC Internet voting system remotely, gaining complete control over it and substituting fake votes of their choice for the votes that were actually cast by the test voters. What is worse, they did so without the officials even noticing for several days. Let there be no mistake about it: this is a major achievement, and supports in every detail the warnings that security community have been giving about Internet voting for over a decade now. After this there can be no doubt that the burden of proof in the argument over the security of Internet voting systems has definitely shifted to those who claim that the systems can be made secure.