This article was posted at the UK Guardian on Feb. 2, 1012.
Computer security experts have warned that the 2013 Oscars ballot may be vulnerable to a variety of cyber attacks that could falsify the outcome but remain undetected, if the Academy of Motion Picture Arts and Sciences follows through on its decision to switch to internet voting for its members. The Academy announced last week that it would be ditching its current vote-by-mail system and allowing its members to fill out electronic ballots from their home or office computers to make their choices for best picture and the other big Hollywood prizes, starting in 2013. It announced a partnership with Everyone Counts, a California-based company which has developed software for internet elections from Australia to Florida, and boasted it would incorporate “multiple layers of security” and “military-grade encryption techniques” to maintain its reputation for scrupulous honesty in respecting its members’ voting preferences.
The change will be a culture shock for an Academy voting community that tends to skew older and more conservative: indeed, concerns are already surfacing whether all of the Academy voters even have email addresses. And the claims have been met with deep scepticism by a computer scientist community which has grappled for years with the problem of making online elections fully verifiable while maintaining ballot secrecy – in other words, being rigorous about auditing the voting process but still making sure nobody knows who voted for what. So far, nobody has demonstrated that such a thing is possible.
“Everybody would like there to be secure internet voting, but some very smart people have looked at the problem and can’t figure out how to do it,” said David Dill, a professor of computer science at Stanford University and founder of the election transparency group Verified Voting. “The problem arises as soon as you decouple the voter from the recorded vote. If someone casts a ballot for best actor A and the vote is recorded for best actor B, the voter has no way of knowing the ballot has been altered, and the auditor won’t be able to see it either.”
Dill and many other leading computer scientists have listed multiple potential vulnerabilities to internet systems making vote-tampering possible, including denial-of-service attacks, malware, and penetration of the server’s security wall. He reacted with particular alarm to the notion that the Academy’s more than 5,000 voters would cast their ballots from their own computers. “The hardest problem is when you have malicious software on the machine where the vote is cast,” he said. “If that’s the user’s home PC, that’s a huge problem, because lots of people have undetected viruses on their machine. A lot of people are under the control of hackers in eastern Europe, or wherever, and don’t even know it.”
Three years ago – in the wake of a decision by the Democratic party to let overseas voters participate in its presidential primary via internet – Dill issued a formal statement outlining the problems with internet voting, and persuaded 30 of America’s top computer scientists to sign it.
Separately, a group of largely European computer and election experts signed a very similar statement known as the Dagstuhl Accord, which welcomed further research on internet voting but concluded that “no solution … has yet been proposed that provides safeguards adequate against various known threats”.
Peter Ryan, a British professor of Applied Security at the University of Luxembourg who helped convene the Dagstuhl meeting in western Germany and has tried for years to design a safe computer voting system, said he was unimpressed by what he had seen of the Everyone Counts software. “It looks like what they are offering is little more than some fancy crypto on certain links,” he said. “This of course achieves very little … I’m sure that someone with some expertise and motivation could break it.”
Such deep – and relatively well publicised – reservations by the world’s computer experts seemed to come as a surprise to the Academy itself. “I’m not personally aware of that particular dialogue,” the Academy’s chief operating officer, Ric Robertson, said when told of the near-total unanimity of computer experts.