Monday, April 14, 2014

Internet voting security: a scary tweet that reached 227,391 (even before Heartbleed)

Last month I tweeted a picture of some computer code that was part of an Internet voting system. That picture was re-tweeted so many times it reached more than 220,000 Twitter users. So, that had to be some pretty amazing code, right? Yes, as in amazingly frightening. Take a look, and then read on for a short explanation, and also a long one if you have the time.

A very clever computer scientist, Joe Kiniry, has been concerned about the security of Internet voting applications for some time. Joe is a former Technical University of Denmark professor, now Principal Investigator at Galois. In his research Joe noted this section of code in a program that was actually used for national elections in a European country.

The coder(s) have included a comment reminding themselves that security checks still need to be coded. My tweet suggested that this slide nicely illustrated the question of “what could possibly go wrong?” when it comes to Internet voting. Of course, the best answer to that question is: So much could go wrong you simply cannot use the Internet to elect public officials in a fair, honest, secret ballot!

In fact, there is a massive body of well-researched work showing just how bad the idea of internet voting is. I recommend two readings if you want a crash course in Internet voting:
  1. If I Can Shop and Bank Online, Why Can’t I Vote Online? By David Jefferson, a Computer Scientist at Lawrence Livermore National Laboratory, a member of the Verified Voting Foundation Board, who serves on the board of the California Voter Foundation.
  2. The Computer Technologists' Statement on Internet Voting from a non-partisan non-profit organization that advocates for legislation and regulation that promotes accuracy, transparency and verifiability of elections.
Bear in mind that both of these documents, which in my opinion make a watertight case against using the Internet for voting, were written before three pieces of historic news broke: the Snowden revelations about efforts by NSA and GCHQ to undermine the security and privacy of Internet communications, the Target breach in which a massive American retailer suffered a huge security attack, and the discovery that the Heartbleed coding error "broke" online encryption and was undetected for years.

Scary Internet voting tweet: longer version

The mid-term elections in the U.S. this year will renew interest in electronic voting and Internet voting in particular. So, when my good friend and colleague, Liz Fraumann, who heads Securing Our eCity, invited me to attend the tenth annual meeting of Electronic Verification Network in San Diego last month, I was delighted to get involved.

For a decade now, the folks at EVN have been dedicated to making sure that every vote cast in U.S. elections counts, and they are particularly concerned with electronic voting, where verification can be challenging.

In fact, I was invited to participate in a panel titled “Cyber Security Crossover: Leveraging Cyber Security Best Practices in the Realm of Elections”. Fellow panelists included David Dill, Professor of Computer Science at Stanford University, and Gary Hayslip, the CISO of the City of San Diego. The moderator was Pamela Smith, President of Verified Voting Foundation.

Two points became clear to me during these two days of great content and conversation. First, America is very lucky to have EVN keeping an eye on electronic voting. Second, as one expert put it, when it comes to Internet voting, “there is no way to guarantee that the security, privacy, and transparency requirements for elections can all be met with any practical technology.” Not now and not in the foreseeable future.

Even before Heartbleed, discovery of longstanding flaws in Internet encryption protocols like SSL and TLS served as a stark reminder of the practical impossibility of ensuring secure Internet interactions of the type required for a secret ballot, not to mention the widespread distribution of state-sponsored malware such as that revealed in the Snowden papers.

In 2008, Verified Voting founder and co-panelist, David Dill, organized the creation of a document that spells out the unique nature of secure voting: the Computer Technologists’ Statement on Internet Voting, referenced above. The document warns against “pilot” Internet voting projects, which already exist in some states in the form of email ballot submissions, and describes “the severe challenges that must be met if an Internet voting system is to justify public confidence.”

I was very grateful to have the chance to participate in this tenth anniversary meeting of EVN, and proud that my employer, ESET, was a sponsor. It’s not every day that you get to hang out with esteemed experts who have such noble goals. I will continue to use Twitter to spread the word about the perils of using the Internet for voting. Who knows, I might even pen another 200K tweet. Look for it on @zcobb. Here are two relevant Twitter accounts worth following:



No comments: