Hackers To The Rescue? Professor J. Alex Halderman (second from right) and his merry band of hackers showed just how vulnerable online voting is to outside interference. According to Halderman, "it’s going to be decades, if ever, before we’re able to vote online securely".
THE JUNIOR WOODCHUCKS GUIDEBOOK was one of the comic-book artist’s, Carl Barks’, most prescient gags. Whenever the hapless Donald Duck’s adventures with his three nephews and his squillionaire Uncle Scrooge went awry, it was to this extraordinarily handy little book that Huey, Dewey and Louie – Woodchucks all – invariably turned. You’ve fallen from a plane without a parachute? Need a quick course in basic Lizard? Want to know how to lull a dragon to sleep? Then - quick! Consult The Junior Woodchuck Guidebook!
For those of you wondering what a Junior Woodchuck might be: they are Carl Barks’ gentle send-up of the American scouting movement. What makes the master comic-book storyteller’s creation of The Junior Woodchucks Guidebook so prescient, however, is that in 2013, nearly 60 years after its first appearance in 1954, practically everyone carries the equivalent of the Woodchucks’ Guidebook in their pocket.
Our smartphones, with their connection to the Internet and its vast, inexhaustible search-engines, can now transform us, just about instantly, into experts on just about everything. Who needs The Junior Woodchucks Guidebook when they’ve got “Google”?
This increasing reliance on the Internet and its wonders is worrying. Carl Barks may have relied upon The Junior Woodchucks Guidebook to get himself and his cartoon creations out of innumerable tight spots, but we would be extremely unwise to do the same.
Writers, dramatists and comic-book storytellers are allowed to bring in a deus ex machina to keep the narrative moving along, but politicians and administrators have no such licence. Though we might be forgiven for thinking otherwise, the conduct of democratic elections is not the stuff of comic-books or classical Greek tragedies.
And yet we are subjected to constant claims from politicians, challenged to “do something” about the declining participation-rate in national and local government elections, that the solution lies “online”.
This is what the Mayor of New Zealand’s largest city, Len Brown, told reporters on Saturday after being re-elected by barley a third of Auckland’s eligible voters:
“We will do online voting next time, there is no doubt about that. I think that maybe postal voting has had its day. People really don’t do much in the way of sending mail anymore.”
Not a good idea, Len, as a moment’s consultation of your electronic Junior Woodchucks Guide would have told you.
According to the Professor of Computer Science specialising in cyber-security at the University of Michigan, J. Alex Halderman, putting the electoral process online would be extremely risky:
“In order to vote online safely, we’re going to have to solve some of the hardest problems in computer security. How do you secure servers against remote attackers? How do you secure people’s home computers against spyware? How do you prevent people from being tricked into visiting the wrong website and giving away their passwords? All of these things are subjects of active research, but it’s probably going to be many, many years until we solve them. That’s why I think it’s going to be decades, if ever, before we’re able to vote online securely.”
And Professor Halderman knows what he’s talking about, because three years ago he and three of his top computer science graduates successfully (and perfectly legally) hacked into an online election pilot set up by the District of Columbia’s Board of Education.
The Board, supremely confident that their online voting system was secure, cockily challenged anyone who thought they could hack into their software to go ahead and give it a try. Professor Halderman’s team more than rose to the challenge. Not only did they successfully hack the Board’s system, but they also made sure that the test election was “won” by “writing in” the fictional robot anti-hero, Bender, from Fox-TV’s animated sci-fi series Futurama. (The runners-up were HAL from 2001 – A Space Odyssey and the Master Control Programme from Tron.)
Those wishing to learn more about Professor Halderman’s slam-dunk demonstration of the dangers of online voting should watch the YouTube video – just search “Hacking the Washington DC Internet voting system”. I would heartily recommend that Mayor Len Brown treat himself to repeated viewings.
And before all the computer geeks out there respond with the example of Estonia: permit me to point out that the Estonian on-line voting system relies upon the fact that every Estonian citizen is required to carry an identity card bearing a unique identity number. Personally, I’m not so sure that New Zealanders are ready for mandatory identification cards. Not after all that passionate debate over the GCSB surveillance legislation. But, I could be wrong.
The other problem with Estonia is this: if the Estonian government decided to elect its own “Bender” – who would know?
Online voting, warns Professor Halderman, is no different from any other system reliant upon computer software. (Novopay? WINZ? ACC?) “Small mistakes” can lead to “huge problems.”
This essay was originally published in The Press of Tuesday, 15 October 2013.