Washington’s first trial attempt to use an internet voting system was hacked and rendered completely inaccurate by a group of three University of Michigan researchers during a mock election that was held to test the e-voting system in 2010, according to a report.
In a paper presented at the Conference on Financial Cryptography and Data Security last month, the researchers detailed their ability to to gain root access to the election server within 48 hours. While they had access, the researchers were able to change all the results and individual ballots used in the mock election.
"We successfully changed every vote and revealed almost every secret ballot," the researchers wrote in their report. "Election officials did not detect our intrustion for nearly two business days — and might have remained unaware for far longer had we not deliberately left a prominent clue."
Both Switzerland and Estonia have already adopted similar online voting systems for their national elections. A number of other countries are forging ahead with e-voting systems as well. As of 2010, 19 US states used some form of internet voting with at least 12 other states considering them. Washington, DC, the most enthusiastic among other US districts and states considering e-voting systems, ran a test in September and October of 2010 to test the system's viability.
But, clearly, it failed to ensure even a basic level of security.
“We provide a case study of the security of an internet voting system that, absent our participation, might have been deployed in real elections. Though some prior investigations have analyzed the security of proposed internet voting systems by reviewing their designs or source code, this is the ﬁrst instance of which we are aware where researchers have been permitted to attempt attacks on such a system in a realistic deployment intended for use in a general election,” the researchers wrote.
The researchers carefully detail how they were able to gain root access to the election server in hopes of helping e-voting developers make future systems more secure. However, the researchers also stated that their successful penetration of the server’s security measures demonstrates the high risks of vulnerability involved with any kind of e-voting.
“[We] caution against the position of many venders and election officials who claim that the technology can readily be made safe,” the researchers warned.