It’s often been said that Oscar season reflects the broader splendors and dysfunctions of American public life. The Academy of Motion Picture Arts and Sciences’ ideals of scrupulous fair play have been under constant challenge in recent years, on such issues as the promotional pull of A-list stars, the power of big-studio money and negative advertising campaigns designed to undermine the competition.
Now, though, the academy may be committing a blunder of its own making. It recently announced that it would be ditching its current all-mail secret ballot system, and that its more than 5,000 members would be voting through their own computers, starting next year. The academy said the software developed by the San Diego-based computer voting company Everyone Counts would incorporate “multiple layers of security” and “military-grade encryption techniques” to ensure that nothing untoward or underhanded could occur before PricewaterhouseCoopers, its accountancy firm, captured the votes from the Internet ether. Unfortunately, leading computer scientists around the world who have looked at Internet voting systems do not share the academy’s confidence. On the contrary, they say the technology is vulnerable to a variety of cyber attacks — no matter how many layers of encryption there are — and risks producing a fraudulent outcome without anyone necessarily realizing it.
Nothing has demonstrated the danger more starkly, perhaps, than a pilot Internet election in Washington in the fall of 2010, which was comprehensively hacked by a team from the University of Michigan. Election officials had invited the public to test the program, and the team, led by computer scientist J. Alex Halderman, was able not only to change votes undetected but also to see who had voted for whom. Halderman reported seeing attempted hacks from as far away as Iran and China, and took steps to thwart them while election administrators in Washington remained blissfully unaware.
Computer experts on both sides of the Atlantic are unequivocal: There is no known way to have a secret ballot, keeping the voter entirely separate from his or her vote, and also to conduct a meaningful audit ensuring that nothing went awry. David Dill, a computer science professor at Stanford University and the founder of the voting rights group VerifiedVoting.org, said the danger was far more acute when voters use their own computers, which tend to be riddled with malicious software that enables hackers half a world away to manipulate them at will.
“If someone decided to steal the Oscars and snag votes from machines already under their control, it could change the outcome,” Dill explained. And, as goes the academy, so goes the political world. As more and more states disregard the experts and allow Internet voting for overseas and military voters, the risk of foul play in political elections increases.
Four years ago, Dill drafted a statement outlining the dangers of Internet voting — which had just been introduced for the Democratic Party primary season — and got 30 high-profile colleagues to sign it. These included Avi Rubin and Dan Wallach, who led the team in 2003 that exposed deep flaws in the operating software used by Diebold, then one of the leading makers of computer voting terminals. Diebold took a hit to its once-stellar reputation as a maker of ATMs and is no longer in the election software business.
Full Article: Oscar voting by computer invites cyber attacks – latimes.com.