Enter your email address to subscribe to Irregular Times and receive notifications of new posts by email.

Join 240 other subscribers

Irregular Times Newsletters

Click here to subscribe to any or all of our six topical e-mail newsletters:
  1. Social Movement Actions,
  2. Credulity and Faith,
  3. Election News,
  4. This Week in Congress,
  5. Tech Dispatch and
  6. our latest Political Stickers and Such

Contact Us

We can be contacted via retorts@irregulartimes.com

Americans Elect Internet Vote for President? Consider how it worked in DC 2010

Apart from the various considerations of political ideology, influence and process regarding Americans Elect, there’s the simple matter of technology. Americans Elect plans to use all-internet-voting to nominate a presidential candidate and to broker the selection of the actual president in an Electoral College showdown. Will a binding internet vote be pulled off with accuracy and without getting hacked? Or is online voting subject to tampering?

Internet votes can be pulled off. The city of Honolulu managed an internet election for neighborhood councils in 2009. Estonia is often mentioned by internet-voting advocates, although more than 98% of votes cast in Estonia’s 2005 e-vote were old-fashioned paper ballots, and Estonia is a small country that had 9,681 electronic votes to verify that year.

The scale is much larger and the stakes are much higher in an internet election for the President of the United States, the single most powerful position on the planet. And we’re not just talking about a vote to select an Americans Elect nominee, either. In its bylaws, Americans Elect makes plans to hold a second internet vote if the Americans Elect candidate doesn’t win an outright majority of electoral votes, but neither does the Republican or Democratic party candidate. This second vote would decide which major party candidate would receive the electoral votes of Americans Elect. That vote would decide the presidency. All Americans Elect needs to put itself in that position is Election Day victory in one of the fifty states.

So when we evaluate Americans Elect, we should pay close attention to the current state of internet voting. And as Jim Soper points out, recent excursions into internet voting are sobering. The city of Washington, DC planned to start offering an internet vote system for residents of DC living overseas; last fall it launched the enterprise with an invitation for experts to try and hack its security system. Within three days, J. Alex Halderman and a small team from the University of Michigan had won complete control of the DC internet voting system:

D.C. launched the public testbed server on Tuesday, September 28. On Wednesday afternoon, we began to exploit the problem we found to demonstrate a number of attacks:

  • We collected crucial secret data stored on the server, including the database username and password as well as the public key used to encrypt the ballots.
  • We modified all the ballots that had already been cast to contain write-in votes for candidates we selected. (Although the system encrypts voted ballots, we simply discarded the encrypted files and replaced them with different ones that we encrypted using the same key.) We also rigged the system to replace future votes in the same way.
  • We installed a back door that let us view any ballots that voters cast after our attack. This modification recorded the votes, in unencrypted form, together with the names of the voters who cast them, violating ballot secrecy.
  • To show that we had control of the server, we left a “calling card” on the system’s confirmation screen, which voters see after voting. After 15 seconds, the page plays the University of Michigan fight song.

Even though the DC voting system was equipped with surveillance measures to detect an online hack, surveillance alarms didn’t go off and DC didn’t know it had been hacked until, two days after Halderman’s team got in, people started calling in with reports about the Michigan fight song.

Halderman wasn’t the only one trying to hack into the system. Halderman got there first, but teams from the nations of Iran and China were also diligently working on a hack.

This is what went down in DC. What happens when the presidency is the prize? Americans Elect might be able to make it all work, but to win confidence it will have to affirmatively demonstrate that it can.

11 comments to Americans Elect Internet Vote for President? Consider how it worked in DC 2010

  • Tom

    http://www.smirkingchimp.com/thread/weldon-berger/37510/americans-elect-meet-the-politburo-an-idea-whose-time-has-come-again

    (from above) Americans Elect is a new internet-based, plutocrat-powered third party that could well be perfect for our new system of government. The party is now calling for delegates to help determine the issues around which the party’s candidates will be selected. In theory this allows Everybody to participate because You debate among yourselves to determine the party Platform and then You choose a presidential candidate from a pool “certified by an [I]ndependent [C]ommittee to meet a set of standard qualification criteria such as background checks.”

    Who chooses the Independent Committee? I dunno. Maybe another Independent Committee. Or God. Somebody centrist, in any event, so New Testament God rather than Rip Your Lungs Out On A Whim God.

  • Mr. Cook,

    I understand from a previous post of yours, that Americans Elect is possibly in violation of federal election laws from its very inception by using a politics-prohibited non-profit corporation to raise sums of money for openly political purposes. What does Tom Friedman say about this possibility of grossly violating federal election laws, considering his gushing orgasmic column on Americans Elect in today’s N.Y. Times?

    Is the Kahlil Byrd who seems to be the behind-the-scenes fountainhead of Americans Elect the same Kahlil Byrd who has spent many years working ardently for Democratic Party politicians and candidates? If so, then how is American Elect not simply another end-run around the election laws to collect and spend vast sums for partisan politics without having to report to the legal authorities or demonstrate open transparency to the public?

    Are these people in Americans Elect simply a group of two or three ‘slick’ stockbrokers and Wall Street hedge fund managers trying to use the tax and election laws to “build their book” of billionaire clients, all in the name of ‘reforming’ the American political system?

    With my warmest regards,
    Don Kirk

  • Fred Silverman

    Harnessing the Internet for elections operations is not just a logical direction (it’s there, so let’s use it), but an intelligent one (distributed, disparate communications, counting lots of discrete events, cost efficiency). Of course, the rub is in building it to work and be trustworthy. This needs tech approaches and skill far more typically found at IBM, Google, Amazon, MIT, Michigan and other cells of imagination and talent than at your local or state Board of Elections. I’d suggest (and expect not be the first) an Interstate Compact or NIST to fund a design competition for universities and corporations to create provable working systems? A prize to the winners. Certifiable systems for the states, counties and cities. Maybe even a tv documentary (Discovery? HBO?). Phase I is creating systems. Phase II is exposing them to cross community hack testing. Phase III is rating them for operational efficiency and effectiveness, implementation requirements, and voter features. Phase IV is the rubber chicken prize award dinner! Let the brainiacs help solve the problem instead of just show us we have it. One impediment to Internet utiization is that the Nation’s 10,000 boards of elections are not computer and network literate enough to correctly specify their own requirements. Another is the patchquilt of election law that has to be accomodated in any working system, let alone hardened security. And too few, or maybe none, of our computer and network geeks speak the essentially foreign, dialect-ridden language that is election operations. Internet game on? It could and should happen, but maybe not today.

    • The brainiacs cannot keep out of Google, the CIA, the Pentagon, or banks, which loose billions every year but do not talk publicly about it. They have already said that no solution is even on the horizon ( http://www.countedascast.com/issues/internet.php ). You have 3 fundamental problems to start with.
      1) The Internet was designed from the bottom up to survive nuclear war, not hack attacks, which did not exist in the 60s. For it to be modestly secure, you would have to build a new Internet, from scratch, with security built into the foundation.
      2) There is currently no reasonable way to protect against insider threats. Nobody should trust any system built by communist Chinese, the Russian mafiosi, or Wall Street banksters. Even management will not be able to 100% control what the programmers are putting into the many layers of software involved. There is too much to check.
      3) Good engineering uses redundancy, and has recovery options. With our current elections, it’s paper. With paper ballots, we can check the count, and when something goes wrong, and it will, we can recount the paper. Internet voting has no software independent redundancy. As far as recovery is concerned, there is none. When the system fails, you have to hold a new election. In the US, this is not an option.

      • Fred Silverman

        Thank you for your comments, Jim. Your history of the Internet is not just incomplete, but off base. The raw capability sought was that computer systems, despite entirely incompatible internal languages, needed to admit and control messaging and file transfers transparently, thus the term inter-networking, from which the contraction “internet” evolved. Packet switching, of course, was a fundamental security feature that provided some armageddon resistance. Once TCP/IP proved equal to both parts of the inter-networking challenge, security tools were added to encrypt the content of packets and put data caches behind firewalls to keep out intruders, or what we call hackers today. Is there still work to be done? Apparently. In fact, it is a constant requirement for anyone with anything of value to protect. Contrary to the many news stories everyone likes to cite about hacked sites, there are hardened implementations that exist and work using the Internet, just not in the news. Turning back to elections, the heart of a security model for internet use requires that traffic be both unalterable and better yet opaque in transit, verifiable at both origins and destinations, be fundamentally distributed, and for collection or counting nodes to be intruder resistant. Every system designer understands that an anti-hack effort is a constant requirement, not a singular design event, at no matter the level of the system. The idea that because you can’t build something that can never fail, Internet facilitated voting is impossible altogether is both a weak assumption and a weak conclusion, no matter how emphatically stated. If “never fail” was the criteria, we wouldn’t be able to vote at all, since no election system meets that test. We agree that a trustworthy Internet alternative hasn’t been done here in the US yet, though Switzerland is pretty happy with their Internet-based implementation. We seem to not agree that it will not or cannot happen. My original point is that we should encourage and facilitate experimentation and trial to get one or more good implementations. Saying no way never moves anything to a better place.

  • Hi Jim Cook! Dude, there is more to the story than what Mr. Soper says. Why are international banks and corporations so rich? In part because hackers cannot steal their money. Its always the same problem w/ the anti-Internet voting extremists — they BELIEVE, but they have to ignore contrary facts to do so. Security technology exists. Internet voting exists all over the world. Mark Crispin Miller invited Jim Soper to debate me on Internet voting, but where’s Jim? At, http://bit.ly/nwspUI
    William J. Kelleher, Ph.D.
    Internetvoting@gmail.com
    YouTube: WJKPhD
    Twitter: wjkno1

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>