Hacker infiltration ends D.C. online voting trial

Last week, the D.C. Board of Elections and Ethics opened a new Internet-based voting system for a weeklong test period, inviting computer experts from all corners to prod its vulnerabilities in the spirit of "give it your best shot." Well, the hackers gave it their best shot -- and midday Friday, the trial period was suspended, with the board citing "usability issues brought to our attention."

Here's one of those issues: After casting a vote, according to test observers, the Web site played " Hail to The Victors" -- the University of Michigan fight song.

"The integrity of the system had been violated," said Paul Stenbjorn, the board's chief technology officer.

Stenbjorn said a Michigan professor whom the board has been working with on the project had "unleashed his students" during the test period, and one succeeded in infiltrating the system.

The fight song is a symptom of deeper vulnerabilities, says Jeremy Epstein, a computer scientist working with the Common Cause good-government nonprofit on online voting issues. "In order to do that, they had to be able to change anything they wanted on the Web site," Epstein said.

Because of the hack, Stenbjorn said Monday, a portion of the Internet voting pilot -- which was expected to be rolled out this month -- is being temporarily scrapped.

The program, called "digital vote by mail," is intended to allow military or overseas voters to cast secure absentee ballots without having to worry whether the mail would get them back to elections officials before final counting. Those voters, about 900 of them, still will be able to receive blank ballots via the Internet for the Nov. 2 general election, but they will not be allowed to submit their completed ballots via the DVM system, Stenbjorn says. Instead, they'll have to put them in the mail or send them unsecured via e-mail or fax.

The security hole that allowed the playing of the fight song has been identified, Stenbjorn said, but it raised deeper concerns about the system's vulnerabilities. "We've closed the hole they opened, but we want to put it though more robust testing," he said. "I don't want there to be any doubt. ... This is an abundance-of-caution sort of thing."

Last week, Common Cause and a group of computer scientists and election-law experts warned city officials that the Internet voting trial posed an unacceptable security risk that "imperils the overall accuracy of every election on the ballot." But board officials said the system provides security and privacy upgrades over a method of Internet voting that's already legal: filling out a paper ballot, then scanning it and attaching it to an e-mail.

Stenbjorn says he hopes that the Web-voting system's security vulnerabilities will be addressed in time for a D.C. Council special election expected next spring. The board has spent about $300,000 in federal grant money on the project.

A D.C. Council hearing on elections issues, which will include the Internet voting test, is set for Friday.

UPDATE, 5:30 P.M. Verified Voting, another nonprofit concerned with election integrity, has released a statement that "applauds" BOEE's decision to cancel the digital vote return. The release details the hack: "The test pilot was apparently attacked successfully shortly after it began by a team of academic experts led by Prof. J. Alex Halderman at the University of Michigan. The attack caused the University of Michigan fight song to be played for test voters when they completed the balloting process." The group promises "[f]ull details of the hack and its impact on submitted test ballots ... in the coming days."

The group also identifies a separate issue, which it calls a "very serious vote loss problem that caused voters to inadvertently return blank ballots while believing that they had submitted complete ballots." This affected users of "at least two widely used computer/browser configurations." Stenbjorn said Monday that the problem had been identified as affecting certain browsers using the Macintosh operating system, which do not support inline PDF forms. Mac users, he said, can download the file and open it in a standalone PDF reader instead.

CORRECTION, 10/7: The Michigan fight song is "The Victors," not "Hail to the Victors." Mea maxima culpa.