Computer security experts have warned that the 2013 Oscars ballot may be vulnerable to a variety of cyber attacks that could falsify the outcome but remain undetected, if the Academy of Motion Picture Arts and Sciences follows through on its decision to switch to internet voting for its members. The Academy announced last week that it would be ditching its current vote-by-mail system and allowing its members to fill out electronic ballots from their home or office computers to make their choices for best picture and the other big Hollywood prizes, starting in 2013. It announced a partnership with Everyone Counts, a California-based company which has developed software for internet elections from Australia to Florida, and boasted it would incorporate “multiple layers of security” and “military-grade encryption techniques” to maintain its reputation for scrupulous honesty in respecting its members’ voting preferences.
The change will be a culture shock for an Academy voting community that tends to skew older and more conservative: indeed, concerns are already surfacing whether all of the Academy voters even have email addresses. And the claims have been met with deep scepticism by a computer scientist community which has grappled for years with the problem of making online elections fully verifiable while maintaining ballot secrecy – in other words, being rigorous about auditing the voting process but still making sure nobody knows who voted for what. So far, nobody has demonstrated that such a thing is possible.
“Everybody would like there to be secure internet voting, but some very smart people have looked at the problem and can’t figure out how to do it,” said David Dill, a professor of computer science at Stanford University and founder of the election transparency group Verified Voting. “The problem arises as soon as you decouple the voter from the recorded vote. If someone casts a ballot for best actor A and the vote is recorded for best actor B, the voter has no way of knowing the ballot has been altered, and the auditor won’t be able to see it either.”
Dill and many other leading computer scientists have listed multiple potential vulnerabilities to internet systems making vote-tampering possible, including denial-of-service attacks, malware, and penetration of the server’s security wall. He reacted with particular alarm to the notion that the Academy’s more than 5,000 voters would cast their ballots from their own computers. “The hardest problem is when you have malicious software on the machine where the vote is cast,” he said. “If that’s the user’s home PC, that’s a huge problem, because lots of people have undetected viruses on their machine. A lot of people are under the control of hackers in eastern Europe, or wherever, and don’t even know it.”