In recent years, there has been increasing interest in the use of online and mobile technology to add to voting procedures. At the same time, cyber security experts point out that paper voting is the only secure voting tool.
Now, MIT researchers are raising another concern: They say they have discovered security vulnerabilities in a voting application used during the 2018 elections in West Virginia. The application's security analysis, called Voatz, identifies a number of vulnerabilities, including the ability for hackers to change, stop, or expose how an individual user was voted. In addition, the researchers found that the use of Voatz by an outside partner to identify and verify voters poses potential privacy concerns for users.
Following the disclosure of these security vulnerabilities, the researchers disclosed their findings to the Department of Cyber Security and Infrastructure (CISA) of the Ministry of Homeland Security. The researchers worked with the Boston University / MIT Technology Law team and CISA electoral security officials to ensure that election executives and the software partner were aware of the findings before the investigation was published. This included preparing written summaries of the findings and direct discussions with affected electoral officials about calls organized by CISA.
In addition to being used in the 2018 elections in West Virginia, the application was used in elections in Denver, Oregon, and Utah, as well as in the 2016 Massachusetts and Utah Democratic Conventions.
The findings underscore the need for transparency in the design of voting systems, according to researchers.
"We all have an interest in increasing access to the vote to get more votes, but in order to maintain confidence in our electoral system, we must ensure that voting systems meet high technical and operational security standards before they are implemented," he says. Weitzner. "We cannot experiment with our democracy."
"The view of security experts is that secure elections online are not possible today," Koppel adds. "The rationale is that application weaknesses can give the opponent an unjustified influence in an election and today's software is unstable enough that the existence of unknown exploitable vulnerabilities is a very high risk."
Capture the results
The researchers originally inspired Voatz's security analysis based on Specter's research with Ronald Rivest, a professor at the MIT Institute. Neha Narula, Director of the MIT Digital Law Initiative, exploring the feasibility of using systems blockchain in the elections. According to researchers, Voatz claims to use a blockchain to ensure security, but has not released any source code or public documentation of how its system works.
Specter, who teaches a self-taught course at MIT founded by Koppel and focuses on reverse engineering software, outlined the idea of applying Voatz reverse engineering in an effort to better understand how his system worked. To ensure that they do not interfere with pending elections or expose user files, Specter and Koppel reversed the application and then created a model of the Voatz server.
They found that an opponent with remote access to the device could change or discover a user's vote and that the server, if tampered with, could easily change those votes. "The application protocol does not appear to attempt to verify [authentic votes] via blockchain," Specter explains.
“We found that your ISP or someone close to you if you are in unencrypted Wi-Fi, could track how you voted in certain election configurations. The most aggressive malware could possibly detect how you're going to vote and then stop the connection based on that alone. "
In addition to detecting vulnerabilities through the Voatz voting process, Specter and Koppel have found that the application poses problems for users' privacy. As the application uses an external provider for voter ID verification, a third party may have access to the voter's photo, driver's license data or other forms of identification if the provider's platform is not secure.
Need for greater transparency
Specter and Koppel state that their conclusions point to the need for transparency in the administration of elections in order to ensure the integrity of the electoral process. At present, they note that the electoral process in states using paper ballots is designed to be transparent and that citizens and representatives of political parties have the opportunity to observe the voting process.
On the contrary, Koppel notes that “Voatz's implementation and infrastructure were completely closed infrastructures. We could only access the application itself. ”
“I think this type of analysis is extremely important. There is currently an effort to make voting more accessible by using online and mobile voting systems. The problem here is that sometimes these systems are not made by people who have experience in maintaining the security of voting systems, "says Matthew Green, an associate professor at the Johns Hopkins Information Security Institute. In the case of Voatz, he adds, "It seems like there were a lot of good intentions here, but the result lacks key features that will protect a voter and the integrity of the election."
Looking ahead, researchers warn that software developers need to prove that their systems are as safe as paper.
"The biggest issue is transparency," says Specter. "When you have a part of the election that is opaque, not visible, not public and has some kind of proprietary element, that part of the system is inherently suspicious and needs to be checked."