Countries where open elections occur have often developed arcane rules and processes for casting, collecting, and tabulating votes, in part because counting and managing votes is so time-consuming. But also because different groups, especially those with power, have strongly vested interests not only in the outcome, but also in the process itself.
In the US, for example, Americans voting in the current Presidential election don’t actually vote for Presidential candidates, but for slates of “electors” pledged to support those candidates. In fact, the US President is actually chosen by an Electoral College of 538 individuals, and needs a majority of 270 votes to win, and not by the popular vote of citizens.
Many Americans are completely unaware of this process, nor that once their states’ electoral college members are chosen they don’t actually have to vote for the candidate they were elected to cast their vote for.
But among those who understand the Electoral College process, a growing number feel it’s time for a change to a one person – one vote popular election model. We have the technology, they argue, to put in place an electronic voting system that would allow for a popular vote to take place, and for results to be tabulated immediately.
Not so fast. There are serious security issues surrounding online elections that will need to be sorted out before something like this can become a fully trusted reality anywhere, not just in the US.
Elections have several stages, and each of them carries risks.
And few elections don’t include interested parties with a vested interest in the outcome, whether it’s a local election or a large national election with sweeping international implications, and the motivation to circumvent the law to achieve their objective.
During the campaign season, candidates build huge databases of voters, run internal polls, vet and process policies, messaging, and positions, analyze potential voter feedback, and solicit and manage contributions.
Election campaigns are a goldmine of information for opposing candidates, nation states with a vested interest in election outcomes, hacktivists, and cybercriminals looking to access the personal information of financial supporters.
The security challenge faced by campaigns is sometimes referred to as the “weakest link” model.
While a national campaign may have secured their headquarters (though news of breaches this US election cycle suggest that may not always be the case), local offices that share data with the national organization often do not have the IT staff or skills to ensure they don’t become a point of compromise.
Hackers don’t need to break in through the hardened front door when there are so many potentially soft back doors to choose from, as the hacks that plagued the Democratic National Committee in the US this year demonstrate.
Phishing attempts also spike around campaigns, especially highly polarizing ones like this year’s US Presidential election. Since phishing attacks are a common entry point for breaking into networks, sending out clickbait emails about candidates and hot button issues is a great way to trick a user into clicking a link.
For many countries, the election process itself is subject to a high degree of risk, whether it involves tampering with voting machines, unscrupulous vote counters, or simply hiding the vote tabulation process from oversight and public scrutiny.
But even in the most democratically advanced countries, many electronic voting systems are very outdated and lack even basic security controls.
Of course, this isn’t a new problem. We were talking about this in the US during our last presidential election cycle, with many calling for a technology overhaul.
But even though researchers were able to demonstrat that tampering with the software used by some voting machines is actually quite trivial, four years later nothing has been done.
One (fortunate) problem is that we didn’t see many breaches in the last elections. And like many companies, until there is a major breach or impact on the service we will likely continue to do the bare minimum.
Of course, 75 percent of votes in the US are still cast using paper ballots. In addition, many electronic machines print a ballot so that there’s a paper trail to compare results against.
But in an alarming trend, five states (Georgia, Delaware, Louisiana, South Carolina, and New Jersey) now use electronic voting machines that provide no option for auditing results after a vote is concluded.
The reality is that hiding malware in a voting machine software update is not necessarily a complex engineering challenge. And as threats become more sophisticated, and always-connected electronic voting machines become more widely used, tampering with voting results is a risk that it is pretty easy to predict will increase over time.
Imagine an algorithm that only changes enough votes from candidate A to candidate B to affect the outcome, without being so large as to raise suspicions. Protecting election results from such advanced threats will require increasingly sophisticated security detection and mitigation technologies.
Part of the problem, of course, is the infrastructure itself.
Many of these connected voting systems are installed at schools, city halls, or other local government facilities that rarely have the budget or technical resources to implement the sort of sophisticated security needed to detect sophisticated threats.
Tampering directly with machines is only one challenge, however. Hackers can also potentially intercept traffic between a polling site or electronic voting machine connected over the internet to a database server aggregating votes, or as that aggregated data is forwarded on for live broadcast.
As voting software becomes more sophisticated, and performs such tasks as connecting directly to voter registry databases to automatically validate voters (a task currently done by hand in most locations), or requires a full-time WiFi connection, security challenges will quickly outpace local security measures.
And it’s not just potential voter fraud that’s a problem.
Many experts now claim that some governments are building massive databases on citizens of other countries. This sort of intelligence can help them identify targets of interest, such as foreigners living in one country with families living in their country of origin.
The more information they can collect on such foreign nationals, the easier it is to do things like blackmail them or use family members to coerce them into doing things such as spying.
Voter systems are ideal sources for this sort of nefarious data collection initiative.
These outlined challenges are only compounded when you consider something like national online voting.
In addition to the sorts of challenges already discussed, you can add things like spoofing votes and voters, denial of service attacks, voter phishing sites, fraud, redirecting or intercepting votes, attacks on data centers, and even basic user error.
Given the online registration challenges with the Affordable Care Act (ObamaCare) in the US, creating a secure national online registration and voting system that adequately protects voters while ensuring a tamper-proof election process is still quite a ways away.
For a democracy, the risks have to outweigh issues like efficiency and expediency. Unfortunately, security improvements are usually driven by breaches. But this is a scenario where that kind of status quo process simply carries too high of a cost.
It’s time for government agencies and security professionals to get together to proactively establish policies and security standards that can be followed and enforced – because until that happens, we will continue to have a serious security problem.
What do you think? Has something like this been implemented where you live? How have security issues been addressed? We’d love to hear more.
By Anthony Giandomenico, Senior Security Strategist and Office of the CTO at Fortinet *Originally published by American Security Today on October 25, 2016.