For a political junkie like me, one of my worst security nightmares has come to fruition. A grand jury found that hackers tried to rig Florida’s elections via cyberfraud. According to an AllGov article:
More than 2,500 “phantom requests” for absentee ballots were sent to the Miami-Dade County elections website prior to the state’s August primary, according to law enforcement officials investigating the case. The fraudulent requests for ballots focused on Democratic voters in the 26th Congressional District and Republicans in Florida House districts 103 and 112.
Among my friends and acquaintances, I have been a lone voice against making elections any more computerized than they already are. I’m especially against Internet voting because I know how easy it would be to wreak havoc on the whole election system or, even worse, cause serious damage to millions of networks through a malware attack embedded into the voting site. Technology, I point out, may have come a long way, but some things are better left low tech. Voting is one of those things, in my opinion.
In this case, part of the problem was the lax security measures taken by the Miami-Dade elections department. CNN reported:
According to the report, Miami-Dade's online ballot request system had "very low" security, with no user-specific logins or passwords. A concerned election vendor noted the influx of requests and flagged them, said the report.
Why discuss election cybersecurity now, in an off election year? Support for online voting is only going to increase as we move toward the mid-term elections and the 2016 presidential contest. Voters want reform; they want voting to be easier. I have no doubt that it will be an option in some states by 2016. Now is the time that government officials need to seriously look at not only the pros, but also the cons, of turning to the Internet vote. Logging in to vote or acquire a ballot without any type of protection – not even a user ID and password combination – isn’t acceptable. Elections officials need to realize what they’re up against in terms of cybersecurity. Not only do they need to come up with a way to properly identify voters and prevent voter fraud, how do you keep the system from being hacked? Do you depend on the end user to practice good security? How do you prevent someone from spreading a virus or dumping malware onto unsuspecting voters? SC Magazine also pointed out that you don’t even have to directly hit the computer network to create a problem:
A phishing email scam, for example, that directs absentee voters to bogus sites to request ballots online could substantially impact elections.
It almost makes the fight over voter ID look quaint, doesn’t it?