DC BOEE Lessons Learned from Digital Vote by Mail Hacking
by Paul Stenbjorn,
Which you would think would have been an objectively bad thing for the BOEE. You’d think wrong.
In August of 2010, the National Institute for Standards and Technology (NIST) conducted a Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) workshop in which the academic computer science community issued a rebuke of all intermixing of votes and the internet. Election administrators were warned, in stark language, not to venture into the deep dark digital woods where perils lurked that were unstoppable and unavoidable.
Fast forward to the last week in September - after delays in launching the public examination period, a hotly contested election on September 14 kept BOEE staff otherwise engaged, we launched the application and invited all comers to test and prod our system. Our goal was simple: determine if the application as developed passed muster, and if not, determine better mechanisms for security, transport and usability for future releases. The BOEE may have been the sponsor of this project, but our mission was to make this open source package freely available to all election officials. We understood the risks of making this package available for testing. But someone had to do it.
When Alex Halderman and his students successfully hacked the system, we learned many valuable lessons about the security issues with the file upload mechanisms used in this software. More importantly, however, we achieved a collaborative engagement with the computer science community that was working with elections officials in the early stages of developing a better model for future deployment. This was our goal at the NIST workshop, and we look forward to continuing this collaboration.
We will continue this project and hope this interaction will serve as a model for future releases. We will stand up new revisions and invite the computer science community not only to attempt to hack the system, but come develop it with us. Imagine what would be possible if the best minds in the country collaborated on developing robust, open source election software.
In response to the hacking of the Digital Vote by Mail public examination software, David Jefferson of Verified Voting stated:
“Let there be no mistake about it: this is a major achievement, and supports in every detail the warnings that security community have been giving about Internet voting for over a decade now. After this there can be no doubt that the burden of proof in the argument over the security of Internet voting systems has definitely shifted to those who claim that the systems can be made secure.”
With all due respect to Mr. Jefferson, the lesson learned is not to be more timid, but more aggressive about solving the problem in exactly the way that we have chosen. Our task is to continue pursuing a robust, secure digital means for overseas voters to cast their ballot rather than resorting to e-mail or fax. As Thomas Edison famously said, “Nearly every man who develops an idea works at it up to the point where it looks impossible, and then gets discouraged. That's not the place to become discouraged.”
The burden of proof will always rest with the election officials to ensure integrity and transparency of all voting systems, but the computer science community has a heavy burden as well. The computer science community needs to understand that this toothpaste is already out of the tube and no volume of warnings can put it back. Voters are currently casting ballots by e-mail and fax. We need to work together to find a better alternative.
Even more, voters expect that there will be a day when online voting will be as simple as paying bills or paying taxes. While there will always be citizens who choose to file their taxes on paper and there will always be voters who wish to visit their local polling place on Election Day, election officials know that voters expect, one day, to cast their ballot from their laptop.
The BOEE’s Digital Vote by Mail application is an open source software package. We released not only the software, but also the design rationale documentation and networking schematics. We gave the hackers the keys to the store. This is critical toward enhancing the integrity of election systems. Were the BOEE to have deployed a commercial digital ballot return system, we may not have been able to discover comparable shortcomings until actual votes were involved. Furthermore, commercial software would not provide the transparency that is so critical to public trust and future technology development. This is a core value of the D.C. Board of Elections and Ethics and the successful hacking of the Digital Vote by Mail system proved that we were right to deploy and test an open source election system.
While the BOEE would prefer to have a system that withstood all scrutiny and testing, we are achieving exactly what we set out to do. We are heartened by the knowledge that the digital ballot delivery system we are deploying will allow overseas and military voters to receive ballots nearly instantaneously. We are also encouraged that the partnerships we have begun to develop through this initiative will continue to build and lead to better voting systems for all voters. The University of Michigan students and faculty deserve credit for accepting this responsibility in constructive hacking, however, we all know that this does not represent the end of digital ballot transport, but a step toward a solution that will be less partisan in its Big 10 affiliations.