University of Michigan professor who hacked DC elections test site testifies
A University of Michigan professor who with his students hacked a prototype D.C. voting website and had it play the school's fight song said today it will be decades, if ever, before voting can be performed safely over the Internet.
J. Alex Halderman, a computer science professor, has been participating in a test of Washington's new "Digital Vote By Mail" system, which was supposed to allow some 900 D.C. overseas voters submit ballots over the Internet.
During the test, which began last week, not only was Halderman's group able to get the site to play the fight song, they also changed cast votes to "evil science fiction robots" and gained access to video cameras monitoring a board of elections data center.
Halderman's hack prompted election officials to take down the system for several days, but it went back up on Tuesday. Halderman said that on Thursday his group changed the password to part of the system to "InternetVotingIsDangerous!" and locked officials out. The test of the system was supposed to end today.
Halderman praised the D.C. Board of Elections & Ethics for conducting the test of the system, which was to be used for the first time in November, but he said the Internet is currently not safe for voting. He cautioned real attackers would not be as obvious as he and his students were.
"Clearly stealthiness was not our main objective. Otherwise we wouldn't have played the fight song," Halderman said. "A real attack might be completely invisible and could have run on undetected much, much longer."
After Halderman's attack, election officials said they would no longer allow ballots to be returned over the Internet as planned in November. Instead, officials plan to allow overseas voters to download their ballots from the Internet and return them by fax, mail or e-mail, which will not be secret. Halderman said that system seemed to be less vulnerable.
Alysoun McLaughlin, the spokeswoman for the board, said officials still hope to implement the Internet ballot casting option for overseas voters in a 2011 election, assuming it is "ready for primetime." She said officials would continue to work on the system.
Councilwoman Mary Cheh, who was overseeing the hearing, asked if city officials should step in and pull the plug on returning ballots over the Internet, to which Halderman said yes. Cheh also noted the fight song the group had the site play after a voter had cast a ballot.
"You're a funny bunch over there," Cheh told Halderman.
"Well, we're a pretty serious bunch, too," Halderman replied.