The following three sections from chapters four and five of Election Attitude – How Internet Voting Leads to a Stronger Democracy contain corrections concerning the Open Source Election Technology Foundation (OSET).
District of Columbia (2010)
The District of Columbia Board of Elections and Ethics planned to launch a “Digital Vote by Mail” system during the 2010 General Election for absentee, military and overseas voters. The system was composed of two distinct elements: an online blank ballot distribution system, and a system designed to allow for the return of voted ballots. The ballot return system provided voters with the opportunity to upload voted ballots in PDF format to the Board’s servers via the Internet. The Open Source Digital Voting Foundation, a non-profit R&D organization now called the Open Source Election Technology Foundation (OSET), provided the architectural design and the ballot generation, secure upload, and distribution software for the project.
At the urging of OSET, the Elections Board decided to conduct a six day testing period for members of the public to discover any vulnerabilities the Internet voting system might have. The testing was open to all individuals requesting credentials to participate. During the testing period, J. Alex Halderman, Ph.D., a member of the Verified Voting Board of Advisors, and a group of his Ph.D. students from the University of Michigan, attacked the system and were able to easily gain complete access. The team was able to modify ballots and collect usernames and passwords. Due to the test results, the portion of the system designed to return voted ballots via the Internet was not used in the 2010 General Election.
The failed test was not a failure of Internet voting. It was a failure by the IT department to create a secure voting system as provided for in the system design. The technical implementation failure was glaring. A new network router was installed and powered on without changing the default password, which is usually “admin”, “password”, or just blank. This resulted in making it a trivial exercise for the attackers to break in. Although the attackers did the District of Columbia a service by identifying the vulnerability, the method of reporting the problem is questionable. Rather than quickly and discreetly work with the IT department to fix the problems, the students celebrated the challenge of finding holes in the system by causing the computer of a voting system tester to play the University of Michigan fight song each time the voting system’s integrity failed.
The TrustTheVote Project is sponsored by the Open Source Election Technology (“OSET”) Foundation, a nine-year-old non-profit 501.c.3 election technology research institute. Their project team, mostly former Apple, Mozilla, or Netscape employees, call themselves social entrepreneurs.[i] They are not a think tank or lobbying group. While they urge caution about Internet voting and do not believe it is feasible in the short term, they are working to build an election technology framework which election officials can adapt and deploy.
The TrustTheVote Project Election Technology Framework (“ElectOS™”) is designed to facilitate all aspects of the voting process including registration, voting, and reporting of results. Technology for election officials will enable them to manage elections, register voters, and count ballots. Each of the technology areas within the framework includes one or more applications. The applications are free and can be tailored and deployed by local governments.
Unlike today’s proprietary voting machines, these applications run on non-proprietary off the shelf hardware. The TrustTheVote Project will provide a list of hardware, which meets TrustTheVote Project specifications. Systems integration services are required to meet local regulatory and user experience requirements of each jurisdiction and adapt the open source software to local regulatory requirements where necessary. Current voting machine companies and other qualified companies will be able to provide the systems integration and on-going support of the technology. In my opinion, it is unlikely the current voting systems companies will participate.
The TrustTheVote Project software was deployed in part in May 2016. Virginia is using the Voter Services Portal component of the framework. Sixteen states will participate in an upcoming testing of the VoteStream component for elections reporting. The framework applications use a combination of mobile devices, local servers, and the Internet for parts of the election administration process. It is not used for casting votes. That part is planned for the future.
In an interview with Gregory Miller, Chair of the Open Source Election Technology Foundation, he explained the Project’s vision as having three phases.
- Phase 1 – Election administration apps for online voter registration, election results reporting, poll books, ballot design, generation, and distribution, and election management services.
- Phase 2 – A complete voting system for cast and counting ballots using tablets, printers, and OpScanners with a paper ballot of record.
- Phase 3 – Complete certification of the voting system and a robust repository service for distribution of the open source software and a finished Framework that can support future types of balloting including remote online casting once that is possible, certified, and legal to deploy.
When questioned when Phase 3 will be developed, Miller said, “At least two Presidential election cycles, perhaps three.”[i] The pessimism may in part stem from the Foundation’s experience with TrustTheVote software used by Washington, D.C. in 2010. Mr. Miller and his team have developed a deep understanding of the entire election system process from the user application, through the network, to the backend applications and databases. They believe, and I agree, the user application is the easier part. To have a verifiable, accurate, secure, and reliable voting system requires significant planning at all levels—from the so-called “edge” where ballot casting can take place (e.g., a smartphone or personal digital device) to the “core” (e.g., the data center), where most of the challenges and vulnerabilities to be addressed exist—not just in technology, but process and policy as well.
Miller’s ten-year timeframe seems long, but I agree the changes needed to today’s approach are significant. The challenges are complicated, but in my opinion, solvable.
Breaches of servers connected to the Internet in areas other than the voting process have emerged as a significant security concern. However, in my research, I found no cases of election servers being breached. There was the significant case of the Washington, D.C. voting pilot where the IT department failed to configure a strong password to protect the network router, leaving it plugged in, un-configured, and relying on the default set-up password—actually a simple unforced error. Jake Kouns, co-founder and President of the Open Security Foundation which oversees the operations of the Open Source Vulnerability Database, tracks data breaches in his DatalossDB.org blog. He reported 2015 had an all-time high 3,930 breaches of servers which exposed more than 736 million records. [i] Forty-one percent of the servers and sixty-five percent of the records were in the U.S. None were election servers. Kouns said, “Email addresses, passwords and usernames were exposed in 38% of reported incidents. [i] Passwords were the most sought after data to steal.” Kouns said, “This is especially troubling since a high percentage of users pick a single password and use it on all their accounts both personal and work related.” [i] While weak passwords represent a security risk, there are numerous tools available to create and manage strong passwords.
Clearly, a strong password and 2FA is essential to prevent a brute force attack against one’s online account. However, even with 2FA it is possible to breach a systems’ security if SSL is improperly configured. Hackers understand encryption technology too. There have been a number of high-profile security breaches caused by improperly configured SSL based web servers. For example, a known vulnerability in the older SSL protocol allows hackers to break the encryption which otherwise would protect sensitive data. For this reason, it is imperative for organizations to be vigilant with best practices, such as enforcing the newer TLS protocol and disabling the legacy protocols altogether. Security best practices also include regularly applying security updates to prevent susceptibility to emerging threats when they are discovered.
A study of 2015 breaches was done by the Online Trust Alliance, a Bellevue, Washington charitable organization with the mission to enhance online trust and promote innovation and the vitality of the Internet. Its results were released January, 2016. It reported 91% of the data breaches occurring from January to August of 2015 could have been easily prevented using simple and well established security practices. [i] One of the most important security practices is regularly applying software patches which can stop breaches of servers. As mentioned in chapter 2, this important practice is not followed on many voting machine servers because the voting machine software is out of date and no longer supported. The statistics about server breaches applies to servers connected to the Internet, but not election servers. The concern security experts raise is theoretical. Many of them believe if you had Internet voting, there would need to be election servers connected to the Internet which would create the risk of breaches. I conclude breaches are not to be ignored, but they are manageable if good security practices are followed.
Koshevoy Dmitry, author of a website about rules and tips for creating strong and secure passwords, wrote, “The most common password is the word ‘password’.”[i] A server connected to the Internet must follow strict security policies including the requirement for strong passwords. The physical environment of the server room or datacenter also must be secure and inspected regularly. Employees should be reminded to locate their password information in a different place than a stick-on memo on their PC screen or under their mouse pad.