October 2, 2022

Archives for May 2022

A PDF File Is Not Paper, So PDF Ballots Cannot Be Verified

new paper by Henry Herrington, a computer science undergraduate at Princeton University, demonstrates that a hacked PDF ballot can display one set of votes to the voter, but different votes after it’s emailed – or uploaded – to election officials doing the counting.

For overseas voters or voters with disabilities, many states provide “Remote Accessible Vote By Mail,” or RAVBM, a system that allows voters the ability to download and print an absentee ballot, fill it out by hand on paper, and physically mail it back.  Some states use commercial products, while others have developed their own solutions.  In general, this form of RAVBM can be made adequately secure, mainly because the voters make their own marks on the paper.  

In some forms of RAVBM, the voter can fill out the ballot using an app on their computer before printing and mailing it.  This is less secure: if malware on the voter’s computer has “hacked” the voting app, what’s printed out may differ from what the voter indicated on the screen, and voters are not very good at reviewing the printouts and noticing such changes.

The most dangerous form of RAVBM is one that allows electronic ballot return, in which the voter uploads or emails a PDF file. Thirty states allow overseas voters to do electronic ballot return, either by email, fax, or web-portal upload, as shown in Table 5 (pages 34-35) of Herrington’s longer paper, Ballot Acrobatics: Altering Electronic Ballots using Internal PDF Scripting

The danger is that malware on the voter’s computer could send a different PDF file than the one that the voter has viewed and verified.  A hacker who wanted to steal an election could propagate such malware to thousands of voters’ computers.  The malware could alter the operation of the voting app, the PDF viewer, the browser, or the email/upload software.  There is a clear scientific consensus on this: According to “Securing the Vote, Protecting American Democracy,” a 2018 report released by the National Academies of Sciences, Engineering, and Medicine: the internet “should not be used for the return of marked ballots . . . as no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” 

Electronic ballot return is promoted by technology vendors, Democracy Live and  Voatz; and by Nevada, with its own EASE, system, which gives voters “the option of saving the ballot materials as a PDF file and emailing the document as an attachment to the respective county clerk or registrar’s office.” Democracy Live uses OmniBallot, an electronic method of delivering and returning ballots.

In all of these cases, the “final” ballot that the voter reviews is a PDF file.* The election-app vendors are implicitly relying on your intuition that “it’s a document” and we humans think we can read a document. At 8:32 in this Democracy Live promotional video, “this ballot happens to be a document.” Clearly, in the video, it’s a PDF, viewed in a PDF viewer, and from Specter and Halderman (2021) we know it’s a PDF.

It’s dangerous enough that the PDF you view may not be the PDF that’s transmitted to the election administrator.  But even if it were the same PDF file, what you see now is not necessarily what you get later.

A recent article by Herrington, “Altering Electronic Ballots Using PDF Scripting,” contains a live demonstration (on page 2) of a PDF ballot that changes what votes are marked from one minute to the next.  Of course, a real election hacker wouldn’t produce a PDF whose votes change every minute; the voter might notice that. The real threat model is between verification time and vote counting time.  Herrington demonstrates a minute-by-minute change for the convenience of his readers.

A voter might mark a ballot using the EASEVoatz, or Democracy Live app provided by their county election office, then inspect it using a browser or PDF viewer:

Ballot with vote for Emily Stone

By inspecting the ballot, the voter might think they have verified their selection of candidates.  Then they email or upload this PDF ballot, as instructed.

But when the election administrator processes that very same PDF file to count the votes, the filled-in oval has moved from one name to another:

Ballot with vote for Jenny Wagoner

The vote has been hacked!

PDF files are not static; they contain active program software.  If a hacker has infected thousands of voters’ home computers with vote-stealing malware, that malware can corrupt the operation of the official ballot-marking app to produce dynamic PDF files.  

You might think, “my computer probably isn’t hacked, so I’ll take that risk.”  But the real risk is not only your computer.  A hacker can spread the same malware to the computers of thousands of your fellow citizens, and steal their votes in that same election—and the election result can be altered.  That’s not democracy, that’s hackocracy.

In conclusion:  Mark your ballots on physical paper.   And tell your state and local election officials not to adopt electronic ballot return. For example, you can refer them to this 2020 report of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which says,  “Electronic ballot return is high risk. Electronic ballot return, the digital delivery of a voted ballot back to the election authority, faces significant security risks to voted ballot integrity, voter privacy, and system availability.   There are no compensating controls to manage electronic ballot return risk using current technologies. While many risks associated with electronic ballot return have a physical analog with the risk associated with the mailing of ballots, the comparison can miss that electronic systems provide the opportunity to rapidly affect voting at scale.”

*The use of PDF for this purpose in Democracy Live and Voatz is confirmed by independent peer-reviewed analysis: (1) Specter, Michael, and J. Alex Halderman. “Security analysis of the Democracy Live online voting system.” 30th USENIX Security Symposium (USENIX Security 21), 2021; and (2) Specter, Michael A., James Koppel, and Daniel Weitzner. “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in US Federal Elections.” 29th USENIX Security Symposium (USENIX Security 20), 2020;  and, (3) the use of PDF in EASE is stated in plain language on Nevada’s web site.

ES&S Uses Undergraduate Project to Lobby New York Legislature on Risky Voting Machines

The New York State Legislature is considering a bill that would ban all-in-one voting machines. That is, voting machines that can both print votes on a ballot and scan and count votes from a ballot – all in the same paper path.

This is an important safeguard because such machines, if they are hacked by the installation of fraudulent software, can change or add votes that the voter did not intend and never got a chance to see on paper.

One voting machine company, Elections Systems and Software (ES&S), which makes an all-in-one voting machine, the ExpressVote XL, is lobbying hard against this bill. As part of its lobbying package, ES&S is claiming that “Rochester Institute of Technology researchers found zero attacks” on the ExpressVote XL, based on an article (included in ES&S’s lobbying package) from Rochester Institute of Technology entitled “RIT cybersecurity student researchers put voting machine security to the test.

If this were actually a scientific article, one could critique it as actual science.  But it’s not a scientific paper:  The article is written by Scott Bureau, Senior Communications Specialist, RIT Marketing and Communications in the RIT public relations department. 

The article describes an undergraduate student “capstone project.”  The students were interviewed by ES&S, allowed ES&S to inspect their testing site, and then signed a nondisclosure agreement with ES&S.  The students made up two attack scenarios, then spent 10 days trying to find attacks.  They found some vulnerabilities, but not one that could change votes.

The students made public a one-page poster describing their project. It’s fine for undergraduate student work; capstone projects are a really useful part of engineering education.  But it’s not a scientific paper that describes their methods, the limitations placed upon them by needing permission from ES&S, or, in any detail – their results.

Even so, the students describe enough for me to notice that they missed three of the most important attack scenarios:

  • Hacker intrusion into the ES&S corporate engineering network, stealing cryptographic keys and source code, or altering the software to be installed into all ExpressVote XL machines nationwide in the next software update.
  • Hacker intrusion into the county election administrator’s network, stealing cryptographic keys and allowing manipulation of ballot-definition downloads.
  • Stealing an ExpressVote XL anywhere in the country, not just in New York, and tearing it apart to reverse engineer and steal crypto keys.
  • There may be many other attacks.  That’s why penetration testing can never prove that a computer system is secure: pen-testing only examines the attacks that the pen-testers happen to think of.

These are standard attacks. These are the ones that can be so effective and dangerous that there is good reason for banning such voting machines.    Maybe those Rochester students are aware of such attacks. Maybe not. But it seems unlikely that ES&S would have given permission for such experiments. That’s why respectable academic security researchers don’t restrict their activities to those in the comfort zone of the corporations whose products they are examining.It is irresponsible and misleading of ES&S to characterize an undergraduate student project, conducted under conditions controlled by ES&S, described in a publicity puff-piece written by a public-relations flack, as “RIT researchers found zero attacks.”

Will Web3 Follow in the Footsteps of the AI Hype Cycle?

For many, the global financial crisis of 2008 marked a turning point for trust in established institutions. It is unsurprising that during this same historical time period, Bitcoin, a decentralized cryptocurrency that aspired to operate independent from state manipulation, began gaining traction. Since the birth of Bitcoin, other decentralized technologies have been introduced that enable a broader range of functionalities including decentralized finance (DeFi), non-fungible tokens (NFTs), a wide range of other cryptocurrencies, and decentralized autonomous organizations (DAOs). 

These types of technologies constitute what is sometimes referred to as “web3.” In contrast to web2, our current version of the web, which relies heavily on centralized platforms and corporate intermediaries–think Facebook’s social network or Amazon’s webshop–web3 promises to redistribute power and agency back into the hands of users through decentralized peer-to-peer technology. Although web3 has garnered fervent support and equally fervent critique, it is undeniable that cryptocurrencies and other decentralized technologies have captured the mainstream imagination. 

What is less clear is whether the goals and practices of emerging businesses in the web3 sector align with, or stand in conflict with, the ideologies of web3’s most enthusiastic supporters. Organizational sociology has long established that organizations’ external rhetoric, which is shaped by a field’s perception of what is culturally and socially legitimate, may not fully align with their internal rhetoric or day-to-day practices. Continuing in this tradition, in a recent study, my colleague at Princeton’s Center for Information Technology Policy, researcher Elizabeth Watkins, and I sought to understand how people working at artificial intelligence (AI) startups think about, build, and publicly discuss their technology. We conducted interviews with 23 individuals working at early-stage AI startups across a variety of industry domains including healthcare, agriculture, business intelligence, and others. We asked them about how their AI works as well as about the pressures they face as they try to grow their companies.

In our interviews, the most prevalent theme we observed was that startup founders and employees felt they needed to hype up their AI to potential investors and clients. Widespread narratives about the transformative potential of AI have led non-AI savvy stakeholders to have unrealistic expectations about what AI can do– expectations that AI startups must contend with to gain market adoption. Some, for instance, have resorted to presenting artificially inflated estimates of their models’ performance to satisfy the demands of investors or clients that don’t really understand how models work or how they should be evaluated. From the perspective of the startup entrepreneurs we interviewed, if other AI startups promise the moon, it is difficult for their companies to compete if all they promise is a moon-shaped rock, especially if potential clients and investors cannot tell the difference. At the same time, these startup entrepreneurs did not actually buy into the hype themselves. Afterall, as AI practitioners, they know as well as any other tech skeptic what the limitations of AI are. 

In our AI startups study, several participants likened the hype surrounding AI to the hype that also surrounds blockchain, the backbone that undergirds decentralized technology. Yet unlike AI companies who hope to disrupt existing modes of performing tasks, hardline web3 evangelists see decentralized technology as a mechanism for disrupting the existing social, political, and economic order. That kind of disruption would take place on an entirely different scale than AI companies attempting to make tedious or boring tasks a little more automatic. But are web3 businesses actually hoping to effect the same kind of wide sweeping societal change web3 evangelists are hoping for?

In a study I’m kicking off with Johannes Lenhard, an anthropologist at the University of Cambridge who studies venture capital investors, we aim to understand where the ideological rubber of web3 meets the often unforgiving road to commercial success. We will interview entrepreneurs working at web3 businesses and investors working at investment firms with a focus on web3. Through these interviews, we aim to understand what their ideological visions of web3 are and the extent to which they have been able to realize those visions into real-world technology and business practices. 

As a preliminary glimpse into these questions, I did a quick and dirty analysis* of content from the blogs that Andreessen Horowitz (a16z), a prominent venture capital firm, posted about the companies in their web3 portfolio (top image). In order to get insight into the rhetoric of the companies themselves, I also looked at content from the landing pages of several of a16z’s web3 portfolio companies (bottom image). Visualization of the most frequently used terms of both data sources are below where bigger words are those that are used more frequently.

Word cloud from a16z’s blog posts

Word cloud from portfolio companies’ landing pages

Although this analysis is by no means scientific, it suggests that whereas companies’ external rhetoric emphasizes technical components, investors’ external rhetoric emphasizes vision. 

We don’t yet know whether we will observe these kinds of trends in our new study, but we hope to gain deeper empirical insights into both the public facing discourse of web3 stakeholder groups as well as into the rhetoric they use internally to shape their own self-perception and practices. Will blockchain shepherd in a newer, more democratic version of the web? A borderless society? Decentralized governance by algorithms? Or will it instead deliver only a few interesting widgets and business as usual? We’ll report back when we find out!

Interested in hearing more about the study or participating? Send me an email at .

*analysis performed on March 9th, 2022