A security flaw in New South Wales’ Internet voting system may have left as many as 66,000 votes vulnerable to interception and manipulation in a recent election, according to security researchers. Despite repeated assurances from the Electoral Commission that all Internet votes are “fully encrypted and safeguarded,” six days into online voting, Michigan Computer Science Professor J. Alex Halderman and University of Melbourne Research Fellow Vanessa Teague discovered a FREAK flaw that could allow an attacker to intercept votes and inject their own code to change those votes, all without leaving any trace of the manipulation. (FREAK stands for Factoring RSA Export Keys and refers to the exploitation of a weakness in the SSL/TLS protocol that allows attackers to force browsers to use weak encryption keys.) But instead of taking the researchers’ message to heart, officials instead attacked the messengers.
The New South Wales (NSW) Internet voting system, iVote, was designed to make it easier for disabled people, residents not in NSW during voting hours, and rural residents 20 kilometers away from a polling location to vote. The problem is that the system was not ready to be one of the biggest online voting experiments in the world. Even before the election, Halderman and Teague warned that the NSW system had not sufficiently addressed potential security concerns.
Sadly, NSW officials seemed more interested in protecting their reputations than the integrity of elections. They sharply criticized Halderman and Teague, rather than commending them, for their discovery of the FREAK attack vulnerability. The Chief Information Officer of the Electoral Commission, Ian Brightwell, claimed Halderman and Teague’s discovery was part of efforts by “well-funded, well-managed anti-internet voting lobby groups,” an apparent reference to our friends at VerifiedVoting.org, where Halderman and Teague are voluntary Advisory Board members.1 Yet at the same time, Brightwell concluded that it was indeed possible that votes were manipulated. Happily, despite criticizing the messengers, the Electoral Commission admitted that there was a FREAK flaw with iVote and scrambled to promptly patch it.
Criticizing Halderman and Teague for identifying security flaws in an Internet voting system is like criticizing your friend for pointing out that the lock on your front door doesn’t work. While moving to Internet voting may sound reasonable to folks who haven't paid any attention to the rampant security problems of the Internet these days, it's just not feasible now. As Verified Voting notes: "Current systems lack auditability; there’s no way to independently confirm their correct functioning and that the outcomes accurately reflect the will of the voters while maintaining voter privacy and the secret ballot." Indeed, the researchers' discovery was not the first indication that New South Wales was not ready for an Internet voting system. Australia’s own Joint Standing Committee on Electoral Matters concluded last year, “Australia is not in a position to introduce any large-scale system of electronic voting in the near future without catastrophically compromising our electoral integrity.”
Perhaps the Electoral Commission lashed out against Halderman and Teague because it has been forced to reckon with the potentially severe consequences of its flawed Internet voting system. Elections, like toothpaste, cannot be put back in the tube; if critical mistakes are made at any point during the voting process, the legitimacy of the entire process may be compromised. The Electoral Commission appears to be nervous that multiple political parties are considering challenging the validity of the election results because of the iVote security flaws.
EFF has long defended the rights of security researchers to give the rest of us bad news so that we can all work toward a more safe and secure digital future. Nowhere is this more important than in voting. Halderman and Teague have our thanks and hopefully, ultimately, they will gain the thanks of the New South Wales election officials.
- 1. Note: Both Verified Voting and Professor Halderman have been EFF clients in the past. EFF Executive Director Cindy Cohn was a member of Verified Voting's Board of Directors for many years and is still an Advisory Board member.