Professors Give Failing Grades to Electronic Vote Systems
NEWS
KTH researchers have found major security flaws in commercial electronic voting systems used in the U.S. and Norway. They say the most serious weakness is a lack of a certifiable audit trail.
“I can’t understand how electronic voting systems based on questionable security can be in use for general elections,” says Douglas Wikström, associate professor at KTH and a specialist in cryptography and cryptographic protocols.
Wikström and his research colleague, Shahram Khazaei, have studied voting systems supplied by Civitas and Scantegrity, the latter currently in use for elections in the United States. Both systems are based on technologies developed by some of the world’s top cryptographic scientists, including Ronald Rivest at MIT and RSA Laboratories, and David Chaum, a well-known inventor of numerous cryptographic protocols.
“We looked at security and discovered weaknesses that would allow attacks on the system — serious vulnerabilities that could potentially influence the outcome of an election. I contacted the research teams at both CIVITAS and Scantegrity, and they verified that these deficiencies existed,” Wikström says.
Wikström points out that subsequent investigation by Scantegrity showed that these theoretical vulnerabilities had not been exploited in any elections in which its systems were used.
“The problem is that even if the security gaps that we discovered have now been blocked, there’s still no proven security,” Wikström says. “It remains unclear whether the systems are reliable.”
The security problems aren’t unique to the United States; similar issues were found in Norway, where Wikström, Khazaei, and PhD student Björn Terelius analysed a system delivered by the Spanish company Scytl that was used by 54,000 voters last year.
“[In that study] we didn’t find any direct security flaws, but we discovered theoretical weaknesses and these have also been verified by Scytl,” says Wikström.
Given the essential role played by balloting in any democracy, the focus on security is natural. Wikström has some theories about why the U.S and Norway haven’t yet moved toward certifiably secure electronic voting: “The U.S. system is simple to explain and easy to implement, and researchers focussing broadly on security understand how the technology works. On top of that, some of the world’s top cryptologists have given their stamp of approval, and that’s enough for the decision makers. The Norwegian government might have underestimated the importance of security certificates when the Spanish system was purchased,” he says.
For more information: Douglas Wikström; +46-8-790 81 38 or dog@csc.kth.se.