Avi Rubin has spent the past decade researching the security of electronic voting. On Friday he will testify before a Congressional committee to discuss potential threats to a remote voting process being considered to protect staffers and elected officials from COVID-19.
Image caption: Avi Rubin, technical director of the Johns Hopkins Information Security Institute
"While my work has focused on public elections where I strongly oppose Internet voting, the remote voting contemplated by this committee is very different," Rubin wrote in written testimony to the Committee on House Administration. "It is possible to design, build, and deploy a reasonably safe and secure remote voting capability for House members."
Rubin, technical director of the Johns Hopkins Information Security Institute, was invited to testify by the House's Democratic majority alongside two other computer science professors and two industry experts. House Republicans have invited former GOP House Speaker Newt Gingrich to testify. The 1 p.m. hearing will be livestreamed Friday from the Committee on House Administration's website.
Any system designed for internet voting would have to meet several general requirements, Rubin wrote. It would have to allow members to securely cast votes on their computers, mobile devices, or tablets, and it would have to be able to tabulate and display final votes in a publicly accessible online portal in real time. Immediacy is essential because "some votes lead directly to procedures that are immediately enacted," he wrote.
Rubin identified four threat models for Congress to consider.
Attackers such as nations with significant resources could forge votes by compromising a House member's computer, phone, or tablet. They could also forge a member's communications about legislative proposals without ever compromising those devices. In addition, attackers could disrupt the part of the system that receives and tabulates votes to record them incorrectly, or to launch a denial of service that could prevent members from voting.
"The first three can be addressed with standard security practices, including using encrypted channels such as those used in banking and e-commerce, and two-factor authorization," Rubin wrote. "The denial of service attack is more challenging."
Still, Rubin concluded, "technology is available today to make it possible for members to vote on bills remotely over the internet. However, care must be taken to employ proper procedures and audit to ensure that tampering is not occurring, and backup procedures should be considered in the event that the system is unavailable at a critical time."
A House report on the issue published in March stated that "implementing remote voting would raise serious security, logistical, and constitutional challenges."
"A rule change of this magnitude would also be one of the biggest rules changes in the last century, in one of the most critical institutions in our country," the report stated. "Remote testing—in addition to facing logistical and security challenges—is untested constitutionally and there is no precedent for it use in Congress."
Image caption: Avi Rubin explains how hackers are compromising cars, smartphones and medical devices at TEDxMidAtlantic.
During the 1918 influenza pandemic the House "did not adopt a method of remote voting—by telegraph or correspondence," the House report stated. Instead, members used the "unanimous consent" process to pass legislation without having a physical quorum present.
The same process could be used today, but just one member could scuttle it by objecting. A recent Brookings Institution report detailed the multitude of competing views for and against remote voting that will make it difficult to pass legislation anytime soon.
The current in-person process uses a closed, electronic voting system with no internet access. "It took almost 100 years and over 50 bills and resolutions to finally put it in place in 1970," the reported stated.
An internet system faces one major concern: the ability to authenticate identities. Members currently use their ID cards to cast votes on the House floor and entrance into the chamber is regulated by the Sergeant at Arms. Even a new video-based internet system would be susceptible to "deep fakes" that can manipulate audio and images.
"One method of authentication could be biometric, such as fingerprint scanners, eye scanners, or facial recognition," the report stated. "However this technology would take time to put into place."
There is another roadblock for enacting remote voting. House members would have to engage in the very act they are attempting to avoid to approve it: travel to Washington to vote on the matter.
"Without complete consensus, which we do not currently have, it would also require us to come back to Washington to vote to change House rules to allow for remote voting," the report stated.
Posted in Politics+Society
Tagged avi rubin, cybersecurity, voting, national security
