Reza Curtmola, computer science professor and co-director of NJIT's Cybersecurity Research Center
I usually tell them that I’m not concerned about a large-scale attack in which the bad guys will hack into the voting systems remotely and be able to influence the outcome of the voting. This is simply not possible because the large majority of the voting systems are not connected to the internet.
However, I try to raise awareness that the voting systems we use today are far from perfect and, in fact, are quite exposed to a whole range of problems that stem from the poor design and proprietary nature of the software running on them—and the lack of contingency plans in case fraud does occur.
Much of the voting in the U.S. is done using ATM-style direct recording electronic voting machines. Many computer security experts agree that electronic voting is not ready for prime time. E-voting systems are poorly designed and have no way to detect or recover from fraud.
In 2004, researchers revealed severe security flaws in voting machines produced by Diebold. Voters could cast multiple ballots with no traceability; workers at poll stations can modify the votes and can even violate voter privacy. Programmers that work for voting machine vendors could embed backdoors into the software because it is proprietary.
With e-voting, voters have no way of knowing that their ballot has been correctly counted and no assurance that their vote won’t be changed later. The process is not transparent. So how can voters trust a system that has no accountability?
The U.S. government has funded several initiatives to improve voting security. However, each state uses different voting standards and security procedures. This nonuniformity makes it even harder to analyze the process as a whole.
The Department of Homeland Security recently said the government is considering classifying voting systems as part of the nation’s “critical infrastructure.” This is a step in the right direction.
Another step in the right direction is to ensure we have a way to audit the voting process.
Currently, many states that use electronic voting don’t have a reliable way to recount ballots. Experts agree that the best way to enable auditing is to have a voter-verified paper trail. This can be achieved by using a hybrid system in which the voting terminal is electronic and, say, has a touch screen to allow the voter to make their selection. Next, the terminal prints a paper ballot that contains the voter’s selection. The voter then submits the ballot to be optically scanned for quick counting. In this model, the paper ballots can be counted manually if need be. You can start by taking a small random sample of the ballots and compare them to the scanned results. If they match, you have an overwhelming probability that the votes have been recorded correctly. If they don’t match, you might have a problem and you can proceed with a manual count of all the ballots.
A well-known principle in computer security is that the security of a system is only as strong as its weakest link. That principle, applied in the context of the U.S. presidential election, means that a smart adversary can focus on select counties in key battlegrounds states that lack verified paper ballots. From a defender’s point of view, a good strategy is to allocate additional resources to ensure that voting in those counties is not tampered with.
And as for a contingency plan? Frankly, we don’t have a detailed and tested strategy in place to deal with a catastrophe at the polls on Election Day.
Security still remains an afterthought when new technologies are implemented, instead of being considered in the original design. Perhaps what we need is a debacle in this upcoming election in order to generate the political will to improve the voting system once and for all.
Reza Curtmola is an associate professor in the computer science department at the Ying Wu College of Computing at New Jersey Institute of Technology (NJIT), where he’s training the next generation of cybersecurity experts through the NJIT Secure Computing Initiative funded by the National Science Foundation. Curtmola also co-directs NJIT’s Cybersecurity Research Center, which engages in a variety of high-profile, externally funded research projects, including a DARPA-funded initiative that focuses on the security of the software supply chain and seeks to build a framework that offers insight and guarantees about the various phases of software development. Such a framework could be used to improve the transparency of software used in e-voting machines.