In 2010, the District of Columbia decided to test its online absentee voter system. So officials held a mock election and challenged the public to do their best to hack it. It was an invitation that Alex Halderman, a computer-security expert at the University of Michigan, couldn’t resist. “It’s not every day that you’re invited to hack into government computers without going to jail,” he says. In less than 48 hours, Halderman and his students gained complete control of the system and rigged it to play the Michigan fight song each time a vote was cast. The students were ecstatic, but Halderman, who has a long history of exposing cybersecurity weaknesses, takes a more sober view. “This is the foundation of democracy we’re talking about,” he says.
Since then, Halderman has been working with governments that allow e-voting to make those systems more secure. At the request of a government whistleblower, he took part in the first independent examination of India’s electronic voting system. “India’s machines were fairly easy to tamper with,” Halderman says. This past year, he and his students replicated the system in Estonia, where 25 percent of votes are cast online, in their laboratory. They were able to introduce malware onto voters’ computers and tamper with the server that produces the official count, proof that elections could be fixed.
Recently, Halderman has been developing software that exploits digital vulnerabilities for a different reason: It would allow citizens of countries like China and Iran to bypass government censors and access blocked sites. He released the newest version, called TapDance, last year and is talking with the U.S. Department of State about working together to further advance it. The Internet can be leveraged to strengthen democracy, Halderman says. But to do so, “we’re going to have to solve some of the hardest problems in computer security.”