Americans Elect Internet Vote for President? Consider how it worked in DC 2010
Apart from the various considerations of political ideology, influence and process regarding Americans Elect, there’s the simple matter of technology. Americans Elect plans to use all-internet-voting to nominate a presidential candidate and to broker the selection of the actual president in an Electoral College showdown. Will a binding internet vote be pulled off with accuracy and without getting hacked? Or is online voting subject to tampering?
Internet votes can be pulled off. The city of Honolulu managed an internet election for neighborhood councils in 2009. Estonia is often mentioned by internet-voting advocates, although more than 98% of votes cast in Estonia’s 2005 e-vote were old-fashioned paper ballots, and Estonia is a small country that had 9,681 electronic votes to verify that year.
The scale is much larger and the stakes are much higher in an internet election for the President of the United States, the single most powerful position on the planet. And we’re not just talking about a vote to select an Americans Elect nominee, either. In its bylaws, Americans Elect makes plans to hold a second internet vote if the Americans Elect candidate doesn’t win an outright majority of electoral votes, but neither does the Republican or Democratic party candidate. This second vote would decide which major party candidate would receive the electoral votes of Americans Elect. That vote would decide the presidency. All Americans Elect needs to put itself in that position is Election Day victory in one of the fifty states.
So when we evaluate Americans Elect, we should pay close attention to the current state of internet voting. And as Jim Soper points out, recent excursions into internet voting are sobering. The city of Washington, DC planned to start offering an internet vote system for residents of DC living overseas; last fall it launched the enterprise with an invitation for experts to try and hack its security system. Within three days, J. Alex Halderman and a small team from the University of Michigan had won complete control of the DC internet voting system:
D.C. launched the public testbed server on Tuesday, September 28. On Wednesday afternoon, we began to exploit the problem we found to demonstrate a number of attacks:
- We collected crucial secret data stored on the server, including the database username and password as well as the public key used to encrypt the ballots.
- We modified all the ballots that had already been cast to contain write-in votes for candidates we selected. (Although the system encrypts voted ballots, we simply discarded the encrypted files and replaced them with different ones that we encrypted using the same key.) We also rigged the system to replace future votes in the same way.
- We installed a back door that let us view any ballots that voters cast after our attack. This modification recorded the votes, in unencrypted form, together with the names of the voters who cast them, violating ballot secrecy.
- To show that we had control of the server, we left a “calling card” on the system’s confirmation screen, which voters see after voting. After 15 seconds, the page plays the University of Michigan fight song.
Even though the DC voting system was equipped with surveillance measures to detect an online hack, surveillance alarms didn’t go off and DC didn’t know it had been hacked until, two days after Halderman’s team got in, people started calling in with reports about the Michigan fight song.
Halderman wasn’t the only one trying to hack into the system. Halderman got there first, but teams from the nations of Iran and China were also diligently working on a hack.
This is what went down in DC. What happens when the presidency is the prize? Americans Elect might be able to make it all work, but to win confidence it will have to affirmatively demonstrate that it can.