I just read Doug Chapin’s article on the vote rigging at Cal State San Marcos, and I would add several observations. Had this been a public election conducted via Internet voting, it would have been much more difficult to identify any problem or to capture the perpetrator, Mr. Weaver. Mr. Weaver was captured because he was voting from school-owned computers. This was networked voting but not really Internet voting. The IT staff was able to notice “unusual activity” on those computers, and via remote access they were able to “watch the user cast vote after vote”. But in a public online election people would vote from their own private PCs, and through the Internet, not on a network controlled by the IT staff of election officials. There will likely be no “unusual activity” to notice in real time, and no possibility of “remote access” to allow them to monitor activity on a voter’s computer. Note also that university IT staff were able to monitor him while he was voting, showing that they were able to completely violate voting privacy, something we cannot tolerate in a public election.
In the Cal State San Marcos election votes apparently had to be cast from computers on the university’s own network, and not from just anywhere on the Internet. I infer this because it makes good security sense, and because I cannot think of any other reason Mr. Weaver would cast his phony votes from a university computer rather than from an anonymous place like a public library. If this is correct, it is a huge security advantage not possible in public elections, where the perpetrator could be anywhere in the world. Even if public officials somehow did notice an unusual voting pattern that made them suspicious after the fact that phony votes were cast, there would be no evidence to indicate who it was, and no police on the spot to pick him up red handed.
Even with the restriction to voting on university-managed computers Mr. Weaver could still have gotten away with his crime, but he made several mistakes. He cast hundreds of phony votes one by one, in person, while sitting at the keyboard of the computer. But if he had been a programmer and been a little smarter he would have used one of his captured passwords to log in as someone else, and then (as that person) he could have run a program to automate the casting of all of those phony votes, possibly even from other machines. He could have scheduled the script to run an hour later when he was long gone, and with a random delay between each cast vote so that detection of a suspicious pattern would be less likely. The scheme might still have been caught anyway, but there would have been no technical evidence implicating Mr. Weaver.
Full Article: David Jefferson on College Vote Hack | Election Law Blog.