D.C. officials should shut down insecure voting website entirely

University of Michigan students hacked a D.C. elections voting website to play the school’s fight song when users cast their ballots. Security experts, meanwhile, have raised serious questions about the lackluster testing the site has undergone. Nevertheless, a board of election officials in Washington, D.C., still plans to make available a scaled-back version of the site for this year’s election.

The website is designed to enable its target 950 users (registered voters residing abroad) to access PDF absentee ballots. Voters identify themselves by name, registration address, and a PIN provided by the board in advance of the election. From there, users can fill out the ballots and send them back digitally or as email attachments; alternatively, voters can also print and send them via fax or snail mail.

[ Also on InfoWorld.com: Pac-Man for president? | Stay ahead of the key tech business news with InfoWorld’s Today’s Headlines: First Look newsletter. ]

Officials on the District of Columbia Board of Elections and Ethics (DCBEE) opened the website to a brief public testing period recently, during which the University of Michigan students launched their successful hack. The attack, according to some computer scientists, reveals serious holes in the website’s architecture.

The board has responded by announcing that users will not be able to access the site to send back their ballots digitally — but they can use the site this year to generate PDF ballots, fill them out, and send them back via email, fax, or snail mail.

The problem here is, the site has been shown to be insecure in an informal testing process and has not undergone any kind of rigorous, transparent, verifiable audit. In fact, before the brief public testing period, a group of concerned citizens — among them prominent computer security experts such as Ronald Rivest — sent a letter to the board calling for independent security testing of the site.

In the letter, dated Sept. 24, the authors opined that the Internet is not suited as safe, secure, or reliable vehicle for electronic voting. “Using current technology, voters cannot validate that their votes are counted as intended, and there are numerous opportunities for bugs and security flaws to interfere with an accurate vote count,” they wrote.

The authors detailed nine concerns about the sort of public testing the BCOEE permitted, including a lack of details as to terms of engagement (what sort of attacks would or would not be tested?); insufficient notice — just three days total — about the test; and a lack of transparency on the testing results.

Evidently, the BCOEE thinks that the site’s only security risk lies in the process of transporting a complete ballot. Without in-depth testing, simply allowing users to generate absentee ballots online could create all sorts of opportunities for hackers to wreak havoc on the democratic process.

For example, a hacker could successfully pose as one or more registered voters, download their ballots, and mail them in. Election officials would be none the wiser. Hackers could also bombard the site with a denial-of-service attack, rendering it inaccessible and thus preventing voters from accessing their ballots. In addition, they could break into the system’s database and tweak the way it generates the ballot a voter would receive, such that certain candidates or measures are excluded or altered. To top it off, hackers might be able to cause the site to divert a user to a different site entirely. They could find a way to hit a user with a drive-by download or to install malicious malware in the PDFs users grab.

Admittedly, the aforementioned scenarios are speculative, but they’re certainly plausible if there’s no security testing to prove otherwise.

Whereas the BCOEE does deserve some credit for attempting to use Internet technology to streamline the voting process and ensure greater participation, officials evidently fail to grasp the magnitude of the potential security risks.

This article, “D.C. officials should shut down insecure voting website entirely,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.