Fraudulent votes found in AMS WebVote
4/7/10
Rundown of how to use AMS WebVote ubcvotes.ca/home/voting-info
Background On Febuary 17th, 2010 Mark Latham contacted Isabel Ferreras, the Alma Mater Society of UBC-Vancouver's elections administrator, regarding a suspicious pattern of votes in the recently concluded executive elections. What Mark had noticed, and what was later confirmed by FDR Forensic Data Recovery Inc. was that there were a large number of votes happening just before the end of the election period, and that they all seemed to come from one IP address.
FDR found that there were 731 votes originating from one IP address, 18 of them coming from invalid student numbers. The fraudulent votes came in over the hours just before the elections were cut-off.
FDR stated that these votes did not cause a material impact on the executive election. However, FDR stated that these votes did impact the voter-funded media contest that materially affected the disbursement of media funds, and that these votes may have materially affected the outcome of a referendum question originally held to be affirmative. The AMS report did not specify which question that was.
The Phoenix asked Larry Carson, the VP of Information Security Management for UBC, if this event indicated there may be an exploit in CWL. Carson stated that after an analysis of the CWL system there is no exploit or weakness in CWL, and that the issues were on the AMS servers.
Exploits FDR reported that the exploit that allowed for 731 fraudulent votes to be submitted was due to what is called a hidden form field. When you fill out a form on a web page, each item that you can fill in or make choices on is called a field. Some of these fields are hidden from the users of web browsers, while the web browser will send the contents of the hidden form field along with all the other information. This is used to track your state, or to catch spam bots. In this case, the hidden form field contained the student number of the visiting student, after they were authenticated and authorized to access the page by CWL.
What this means is that once an attacker was verified and authorized by CWL to access the voting page, they could modify this hidden form field at will, and submit votes with student numbers that were not their own. In effect, it was like having their ID checked at the door to the voting area, then being given 731 blank ballots to stuff into the box.
Why this Matters One of the plank issues for USS and S4S this year was the use of WebVote. USS was campaigning for its use, while S4S(the current Student Union) was taking a more cautious approach.
WebVote is likely to be one of the first real electronic voting systems UBC students will see, as municipal, provincial, and federal elections all still use paper ballots, and likely will continue to do so for quite some time.
Good Electronic Voting There are some key elements required for safe, secure, and democratic electronic voting system. One of the first is some unique identifier per citizen. A commonly used one is your social security number. The one that WebVote used was the student number, which was not secret. This leads to a conflict for the organization running an election.
Another requirement is that the vote you make should be stored separately from any identifying information. In this case, the fraudulent votes were discovered because the student number, IP address, and time were linked to each vote. It worked out this time, but it violates the necessary condition of a secret vote remaining secret. In addition, votes need to be stored in such a way that they can't be modified. One proposed system floating out there would write each vote to memory that can't be erased or modified. Another version already in use is a paper-ballot that gets scanned by the computer. However, the computer that counts the ballots can still be hacked.
One of the most important conditions is that whatever system is used, must be 100% open to the voting public. This includes source-code, mechanical designs, etc. Diebold (now known as Premier Election Systems) in the past tried to keep all of this secret, but because the software or machines had flaws, the machines may have been exploited in elections. One notable case was when MIT students were given a Diebold machine, and were able to completely subvert the machine within 10 minutes. In a closed system, these flaws remain hidden, and their existence or not is controlled by the company. If, however, the information is revealed, and analyzed by experts, then the flaws are more likely to be found, disclosed, and fixed. Security through obscurity is not security.
A good voting system will authenticate each voter properly, keep your vote separate from identifiable information, not let your vote be changed after the fact, and be open for analysis, with any issues found promptly and properly fixed.
Add a comment
Comments published on this website are the opinion of the commenter and not the Phoenix Newspaper. The Phoenix reserves the right to withdraw submissions from publication for any reason. Any reason could be material deemed to be sexist, racist, homophobic, or of poor taste or quality.