The 2013 Oscars ballot may be vulnerable to a variety of cyber attacks that could falsify the outcome but remain undetected, if the Academy of Motion Picture Arts and Sciences follows through on its decision to switch to internet voting for its members, experts have warned. The Academy announced last week that it would be ditching its current vote-by-mail system and allowing its members to fill out electronic ballots from their home or office computers to make their choices for best picture and the other big Hollywood prizes, starting in 2013.
It announced a partnership with Everyone Counts, a California-based company which has developed software for internet elections from Australia to Florida, and which boasted it would incorporate “multiple layers of security” and “military-grade encryption techniques” to maintain its reputation for scrupulous honesty in respecting its members’ voting preferences.The ballot change will be a culture shock for an Academy voting community that tends to be older and more conservative, indeed, concerns are already surfacing as to whether all of the Academy voters even have email addresses.
However, Everyone Counts’ security claims have been met with deep scepticism by a computer scientist community, which has grappled for years with the problem of making online elections fully verifiable while maintaining ballot secrecy.In other words, being rigorous about auditing the voting process, but still making sure nobody knows who voted for what. So far, nobody has demonstrated that such a thing is possible.
“Everybody would like there to be secure internet voting, but some very smart people have looked at the problem and can’t figure out how to do it,” the Guardian quoted David Dill, a professor of computer science at Stanford University and founder of the election transparency group Verified Voting as saying.
“The problem arises as soon as you decouple the voter from the recorded vote. If someone casts a ballot for best actor A and the vote is recorded for best actor B, the voter has no way of knowing the ballot has been altered, and the auditor won''t be able to see it either,” he said.Dill and many other leading computer scientists have listed multiple potential vulnerabilities to Internet systems making vote-tampering possible, including denial-of-service attacks, malware, and penetration of the server’s security wall.
He reacted with particular alarm to the notion that the Academy’s more than 5,000 voters would cast their ballots from their own computers.“The hardest problem is when you have malicious software on the machine where the vote is cast.
‘If that’s the user’s home PC, that’s a huge problem, because lots of people have undetected viruses on their machine. A lot of people are under the control of hackers in eastern Europe, or wherever, and don’t even know it,” Dill said.Three years ago, in the wake of a decision by the Democratic party to let overseas voters participate in its presidential primary via internet, Dill issued a formal statement outlining the problems with internet voting, and persuaded 30 of America’s top computer scientists to sign it.
Separately, a group of largely European computer and election experts signed a very similar statement known as the Dagstuhl Accord, which welcomed further research on internet voting but concluded that “no solution … has yet been proposed that provides safeguards adequate against various known threats”.Peter Ryan, a British professor of Applied Security at the University of Luxembourg who helped convene the Dagstuhl meeting in western Germany and has tried for years to design a safe computer voting system, said he was unimpressed by what he had seen of the Everyone Counts software.
“It looks like what they are offering is little more than some fancy crypto on certain links,” he said.“This of course achieves very little … I’m sure that someone with some expertise and motivation could break it,” he said.Such deep, and relatively well publicised, reservations by the world’s computer experts seemed to come as a surprise to the Academy itself.
“I’m not personally aware of that particular dialogue,” Ric Robertson, the Academy’s chief operating officer, said.PriceWaterhouseCoopers has taken responsibility for Oscars voting for many years.Robertson said he and his colleagues had relied principally on the expertise of PriceWaterhouseCoopers, the accountancy firm that for many years has taken responsibility for Oscars ballot management and security.
During an 18-month search for the right partner on computer voting, both the Academy and PwC had also sought “outside help”, Robertson added.Lori Steele, the chief executive of Everyone Counts, argued passionately that the systems her company uses have, by contrast, passed muster with some of the toughest security clients in the world, including government defence and intelligence agencies.“This software is being used for the most mission-critical things in the world,” she said.
“To pretend it’s not good enough for voting does a disservice to the voters … Not using the technology disenfranchises voters and hurts their human rights,’ she said.When pushed, however, Steele did not take issue with the computer scientists about the special problems relating to the secret ballot. Rather, she made the argument that no system is perfect and that computers are inherently more reliable than paper ballots.“Paper is more easily forged and hacked than any computer system,” she added.