This past summer, when Aleksander Essex attended a conference in Washington, D.C., he managed to snag a decertified American electronic voting machine, thanks to a colleague at the National Science Foundation.
Most recently, the machine was used in last year’s mid-term elections in the State of Virginia. Today, Essex uses the touch-screen, Windows computer to play Super Mario Bros.
“I got the machine, took it home, tried to get it into Windows safe mode. It’s running Windows XP, unpatched, circa 2000, and had a Wi-Fi card on it that the Virginia team could access in the parking lot. The password was something like ‘12345,’” said the Western Engineering professor, whose focus is software engineering in topics such as cyber security and applied cryptography.
Essex tried all kinds of stuff to ‘hack’ the machine. He wanted to boot up Linux, but was having a hard time because the hardware was so old. Initially, he thought, they must have the machine locked down tight. Then, he spoke to a couple of colleagues who also had one of the machines.
“One said to me, ‘Uh, just do Ctrl+Alt+Delete. Plug in a keyboard, do that and boom,’” he laughed.
Essex did just that. The task manager popped up, he closed the voting application and was able to run whatever he wanted. Like Mario Bros.
“Most of these machines were on their way to the scrap pile after a security review earlier this year uncovered major vulnerabilities, and they were decommissioned,” added Essex, who recently became editor in chief of the Journal of Election Technology and Systems.
“The moral of the story is, computers make bad voting machines. The reason is, computers are designed to run anything – to do anything. It all comes down to using a computer that can do anything to do one specific thing, while relying on it not to do anything else.”
And that’s the message he wants you to take away.
As frustrated as you may have been – perhaps when you waited an hour to vote at advance polls in this month’s federal election – the system Canada has is secure. It’s also not as inefficient as you may think, Essex stressed. But above all, electronic voting and online voting are not a reliable solution to the nation’s frustrations at the polls.
And there’s no telling when they will be sufficiently reliable.
“If you go around the world and look at how people vote, we have the simplest, cleanest and easiest to administer system I have ever seen in my work in voting for the last 10 years. In Australia, they have to rank all of the choices of candidates on the ballot; there are dozens of candidates, and if you don’t rank each one, your ballot is spoiled,” he explained.
“With regard to advance polls, (the long wait) won’t be there on Election Day. The government staffs polling place based on turnout in the last election. The real bottleneck to voting is the registration process; they have to validate your identity. So, if you did electronic voting at the polls, it wouldn’t speed things up, because it’s the registration that takes time.”
Moving the process online only complicates even more, Essex said. Online voting opens up the security discussion to any and every possible threat applicable in the Internet age.
“You owe it to the voters you will be serving to realize it is possible the outcome of your election could be modified, and it could be modified in an undetectable way. If I was an election official, I would lie awake at night wondering if the result I got was really the result the people had intended,” he noted.
“Anyone can be anywhere in the world, trying to attack your election – and you may or may not know. It’s one of the hardest and most nasty cyber security problems that exists – how to make Internet voting secure.”
For now, we cannot escape the fact we have yet to figure out how to make online voting sufficiently robust, he explained.
“When it comes to voting technology – the paper ballot seems old school, and it is. But what we have in Canada is, honest to goodness, the best voting system. If you want to trade that for other conveniences, that may be is a discussion to have, but it’s got to be an honest discussion about how we would be trading some of those assurances.”