April 24, 2014

avatar

Hacking newspapers vs. hacking elections

The past few days have revealed that the New York Times, Wall Street Journal, and Washington Post have all been hacked by Chinese government-affiliated organizations, for the purpose of spying on reporters. The Washington Post says that the attacks were detected over a year ago, and had been going on for at least a year before that. Commercial security products like anti-virus did not detect the malware, which isn’t surprising to anyone who is familiar with signature-based schemes. The attacks on major newspapers were significant enough that Krebs on Security quotes Gunnar Petersen saying it would be “more surprising would be a major newspaper outlet that wasn’t hacked by the Chinese”. (This in turn reminded me of the Nixon enemies list, where being omitted from the list was a sign that one was unimportant, and “Newsman Daniel Schorr and [actor] Paul Newman stated, separately, that inclusion on the list was their greatest accomplishment.”.)

So what does this have to do with voting? The NY Times story appeared on Jan 30. On Jan 29, I testified to the Virginia Senate Committee on Privileges and Elections hearing in opposition to SB 830 and 874. These two bills would require the Virginia State Board of Elections to allow military voters to cast their votes via the Internet. (The Patron (sponsor) of 874 said that it was not internet voting, but rather returning the ballot via electronic format, which is to say by email or web site. I fail to see the a meaningful difference between that an internet voting.)

In my testimony, I explained that internet voting is harder than almost any other kind of activity on the internet including banking – and that the only reason we can do banking and other activity online is because of cross-checks and the willingness to accept a level of fraud that’s not possible with voting.

In response to my testimony, representatives of the State Board of Elections were asked by the senators whether they were confident that the system was secure. The SBE representative assured the senators that the system was secure. Unfortunately I was not permitted to respond to that assertion, and the SBE wasn’t challenged why they believe that they can provide the necessary protection.

I continue to be amazed that elected officials can read constant articles about hacking, and yet readily accept the assurances that there will be no problems with internet voting. If the SBE is so good at stopping attacks, perhaps they should supplement their paltry budget by providing security for banks, Federal government agencies like DOD, and the nation’s leading newspapers!

[Errata 4 Feb 2013: Correct SB 984 to be SB 874.]

Comments

  1. Bob Jonkman says:

    Hi: I’ve just written about e-voting in my blog, http://poliblog.jonkman.ca/blogs/2013/01/28/e-voting-considered-harmful/

    May I republish your article in its entirety? (with appropriate links and credit to you and Freedom To Tinker, of course)

    Thanx,
    –Bob

    • Jeremy Epstein says:

      Bob, please go ahead – thanks for asking. There’s been a number of ill-considered internet voting experiments in Canada, unfortunately. Probably the worst was in Edmonton AB, where there was a “mock election” to select a favorite jelly bean color. Based on that experiment, which disallowed any effort to break the system, the city concluded that the system was secure. I don’t understand how they came to that conclusion – or even to the much simpler conclusion that the apparent winner of the jelly bean contest was actually the selection of the majority of the voters. The only conclusion that I could reasonably draw is that people like internet voting – which we already knew. What we don’t know is how it can be done securely, and that experiment did nothing to further our understanding.

  2. Bob Jonkman says:
  3. Jeremy Epstein says:

    As a follow up to my comment about Edmonton, today the city council voted 11-2 NOT to move forward with internet voting. The Edmonton Journal quotes Coun. Kerry Diotte saying “The fact is, if major banks can be hacked, what’s guaranteeing our voting system wouldn’t be hacked?” (To be precise, the Edmonton Journal notes that the vote was 11-2 against a compromise bill allowing internet voting for shut-ins, but doesn’t say whether there was even a vote on the original effort to make internet voting available to all voters.)

    http://www.edmontonjournal.com/news/edmonton/Edmonton+council+defeats+proposal+Internet+voting+this/7927040/story.html

  4. Tim Arnold says:

    They could always run a scenario on their system like the DC School board tried back in 2010. Hopefully this system will last longer than the 4 hours.

    Thank you for the follow up, I’m glad they showed common sense in their final voting.

    • Jeremy Epstein says:

      Tim, minor correction that the DC scenario was a mockup by the Board of Elections and Ethics for a general election, not run by the School Board. Also the DC system survived a day, not just 4 hours.

      Having said all that, you’re absolutely right that they should do something like that. However, I’m concerned about relying on the “kindness of strangers” to prove the (in)security of voting systems. What happens when this becomes so boring that no white hats are willing to do the pro bono demonstration? I’m concerned that this will be (mis)interpreted as indicating that the systems are secure, when it’s really showing the opposite.

      It occurred to me that the analogy is perpetual motion machines. Physicists aren’t expected to volunteer their time to show that they don’t work; no one takes a perpetual motion machine seriously. Yet the assumption is that computer scientists have to prove that each new voting scheme is insecure – the burden of proof needs to be in the other direction.

  5. Anna says:

    Hi Jeremy,

    I am a student at Virginia Commonwealth University and I followed SB830. I heard you speak at the committee and I was wondering if you could answer a few questions about your thoughts and the impact this bill might have had. We can correspond through email or phone, whichever is easiest for you.

    Thank you for your time and consideration.

    Anna