Last week we told you about D.C.'s intention of running an insane live experiment on live voters in a live election with an untested, wholly unverifiable, easily-manipulated Internet Voting scheme this November, and about just some of the computer security and election experts who have been desperately trying to warn them against it.
And now we find out that the very short planned pre-election test phase, in which hackers were invited to try to manipulate the system, has been abruptly aborted in the wake of a, um, disturbing (if not wholly unpredictable) development.
The failed system in D.C. was developed with the Open Source Digital Voting Foundation, an outfit that is working with election officials around the country to push Internet Voting everywhere, along with other computerized voting schemes. Simply because a system is "open source" does not mean it's secure, particularly when it relies on concealed vote counting, as all of their e-vote schemes do.
Below, along with our quick list of other recent known e-voting hack events, computer scientist Jeremy Epstein in "The Risks Digest," which describes itself as a "Forum on Risks to the Public in Computers and Related Systems," offers the quick timeline of recent developments in the District of Columbia's plan "against advice from many computer scientists, pursuing a trial of a prototype system for the November election."
The result, as seen below, in this latest assault on citizen-overseeable democracy is, of course, a stunning surprise to absolutely nobody other than perhaps the D.C. election officials interested in this horrific scheme and the profiteers who must have tricked them into believing that it was a secure and/or good idea [emphasis added]...
- Summer 2010: DC announces the pilot, with the open testing period to be in August
- Sep 20: DC releases a network map and requirements document; test server to be available Sep 24-30 [1]
- Sep 24: Common Cause and Verified Voting write to Mary Cheh, chair of the DC Council oversight committee on elections, suggesting that Internet voting appears to violate DC law due to lack of voter-verifiable ballots [2]
- Sep 24: 13 prominent computer scientists and lawyers write to Mary Cheh, pointing out numerous difficulties with the test program [3]
- Sep 24: Test server availability delayed for an undefined time
- Sep 28: Test server available, source code availability announced publicly; test period to run through Oct 06 at 5pm
- Sep 30 morning: After casting a "vote" on the test server, the browser plays the Univ of Michigan fight song
- Oct 01 afternoon: DC takes the test server down, citing "usability issues"
It's unclear when the test period will resume, if it all. It's also not clear at this point the extent of the compromise of the system. While it's true that the DC BoEE can fix whatever problems allowed introduction of the "fight song," it's also clear that this is the tip of the iceberg - we know from 30 years of experience that the "penetrate and patch" method doesn't produce secure systems.
The RISK? Ignoring the advice of computer scientists and charging full steam ahead on a technology project doesn't work!
While we don't have the time today to detail all of the hacks of electronic voting systems used across the country today --- which are already easily manipulated even without relying on the Internet to make matters worse --- here are a few of note from recent years, including one as recently as this past August when "white hat" hackers were able to hack Pac-Man onto a touch-screen voting system without disturbing its supposedly "tamper-evident" seals. (For the record, one of scientists involved with the Pac-Man hack, and a number of others listed below, is J. Alex Halderman, who is now an assistant professor of electric engineering and computer science at Michigan University. Just saying. [Insert fight song here]. )
- Sequoia AVC Edge DRE, 2010, Pac-Man hacked onto machine by scientists from University of Michigan and Princeton University without breaking "tamper-evident" seals.
- Sequoia AVC Advantage DRE, 2009, hacked by computer scientists at UC San Diego, University of Michigan, and Princeton University by swapping out its chips in a matter of minutes, with no access to source code or other "closely guarded technical information."
- Sequoia Edge DRE, 2007, hacked by computer scientists at U.C. Santa Barbara (video release in 2008)
- Diebold, ES&S, Sequoia, and Hart Intercivic systems, 2006 & 2007, Independent tests commissioned by the states of CA, OH, and CO all found they were able to hack every system tested. In seconds.
- Diebold Touch-Screen, Op-Scan Systems, 2007, Physical key to all Diebold voting systems (same one is used for every machine) confirmed by Princeton computer scientists as accurately copied from photo of key posted by Diebold in its own online store.
- Diebold touch-screen system, 2006, hacked by computer scientists at Princeton
- Sequoia tabulator, 2006 accidentally hacked by Michael Shamos in PA (while trying to demonstrate that the system was not hackable)
- Diebold touch-screen system, 2006, hacked by Harri Hursti in Emery County, UT
- Diebold optical-scan system, 2005, hacked by Harri Hursti in Leon County, FL (video)
[Hat-tip to Joyce McCloy's indispensable Voting News!]
UPDATE, 2:24pm PT: Washington Post's Mike DeBonis reports on the hack, says D.C. officials will nix their ill-considered plan for allowing votes to be cast on the Internet --- for now --- and quotes computer scientist Jeremy Epstein (whose coverage we noted above) stating what should be the obvious in regard to the hackers exploiting a security hole in the Internet voting scheme to play the Michigan fight song: "In order to do that, they had to be able to change anything they wanted on the Web site."
Anything. They. Want.
Other than that, let's keep working towards Internet Voting! It's a great idea! Local e-voting has worked out so great, what could possibly go wrong by extending it onto the Internet?!
CORRECTION: As Epstein notes in his comment below, he is not of "The Risks Digest," as we originally described him, but rather, it is "a public forum for computer scientists and others to share risks for over 25 years." Our apologies for the imprecise accreditation there. We've changed "of" to "at" in the story above to correct the record.
UPDATE 10/5/10: As we posited above, University of MI's J. Alex Halderman was, indeed, behind the attack. He fesses up, saying: "Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots." Full details now here...