Elections Website Flaw Revealed

Last year’s elections website, the site used by the Elections Commission to conduct all ballot casting for ASSU elections, was recently revealed to have had a serious security flaw – but one that ultimately did not affect the election.

Quinn Slack ’11, this year’s Election Commissioner, has already taken steps to ensure the integrity of the online voting process and thus of the election results themselves.  At the end of last year, ASSU President David Gobaud interviewed Slack for Elections Commissioner. Slack, a computer science major, was chosen largely because of his technical background.

After assuming the position, Slack reviewed the program code used for the website in 2009 and found a security glitch that he said would have allowed hackers to “cast an unlimited number of ballots that are not traced to their SUNet ID.”

To determine if this security hole was exploited, Slack reviewed the access logs from the election. The logs, which reveal whether or not a vote was cast with a valid SUNet ID, showed that no one had exploited the security glitch.  Nevertheless, Slack found the situation “very troubling.”

Diffbot, the third-party company hired by the 2008-09 Elections Commission (with which Slack was not affiliated), created the voting website used that year. According to Diffbot co-founders Leith Abdulla and Michael Tung, the Elections Commission hired the company about three weeks before the election actually took place.

The former Elections Commissioner could not be reached for comment, but Abdulla stated that commission was in a bind due to the fact that developer had recently quit.  Diffbot had worked with the ASSU previously and agreed to help.  Diffbot charged the ASSU for half of the hours they worked.

Even so, the development of the site was more costly than expected.  According to Slack, the Elections Commission paid about $5,000 to Diffbot for their urgent services. According to ASSU Financial Manager Matt McLaughlin, the funding for the site was originally under-allocated because the ASSU thought an internal person would be able to construct the site.  When this plan failed, however, the money had to be drawn from other sources within the Elections Commission.

The Elections Commission’s account is funded by the ASSU endowment.  Accordingly, no student fees are used in running the commission. Abdulla believes that contracting Diffbot was probably, “a really good deal [for the Elections Commission]… considering the time constraints.”

Diffbot hastily created the site in two days and then tested it for a week before it was to be used in the election.

Abdulla and Tung first heard about the glitch from Slack on January 12, 2009. The company reviewed the issue, confirmed that a glitch existed, but also mentioned a safety net in place that would have caught fraudulent ballot casting.

Abdulla and Tung explained that all eligible voters had an encrypted SUNet ID, which was required to cast a valid vote. Had someone with the technical skill needed to exploit the glitch succeeded in casting votes, the votes casted would have been be flagged, as each vote requires an accompanying SUNet ID.  According to Diffbot, this provided a safety net that would have prevented any fraudulent actions.

According to Abdulla, two elections commissioners validated the ballots both with a program and manually. Abdulla also stated that while ultimately the glitch was not intended, the actual security threat from the glitch was virtually non-existent because any exploitation would have been caught and the official results properly adjusted.  The event nonetheless caused concern for those involved in the election process.

While the Diffbot team was responsible for the error in the code, Slack mentioned that software often has glitches. “The presence of one security hole does not necessarily mean that it is bad software,” he stated.  Both Slack and Diffbot pointed to the very short timetable (two days) for completion as a possible reason for the error.

Even before realizing the security susceptibility existed, both Gobaud and Slack pointed the elections commission in a new direction. Gobaud stated that computer security issues such as this had been on his mind for at least two years. “It’s not surprising,” he stated after being asked about the glitch. After initially telling the ASSU technical team to look into the election website, Gobaud later realized, “that Quinn was very qualified and doing all the right things.”

Slack has taken responsibility for the development of the new site to be used this year.  He said the site “is something that is very much on my mind…it’s something we’re working really hard on this year.”

Slack believes the website development is, “a really important part of the elections commission” and he wants to “set up something that will be sustainable.”  Therefore, he said, “I’m handling all the technical stuff and I’m not taking additional salary for that.” This measure should save the Elections Commission thousands of dollars.

Slack has decided to build the new site from the ground-up. This decision was primarily motivated by the desire to add new features to the site.  These features will include, “hosting candidate profiles on our site [to] better educate voters and reduce the expense and environmental waste of flyering.” By developing a “solid foundation” now, the Elections Commission can save money in the future by reusing the site.

One of the main differences from last year will be the timetable on which the site is developed. Slack started in the summer of 2009 and he plans to begin testing the site and receiving feedback within three months before the election.

Slack also believes that making the code open-source is very important. This means that the public will have access to the code and other website developers and programmers can look over the code and possibly determine if there are any security flaws before the election. Gobaud mentions Stanford’s excellent collection of experts, especially those “experts in the computer science department that have testified before congress about e-voting” who could possibly help review the code.

While open-source code generally draws reviews by many people, Gobaud was not yet sure if he or Slack would elicit help from any specific qualified programmers.

Even Diffbot has praised Quinn’s work thus far.  Abdulla commented, “I think the direction that they’re going in is excellent, and Stanford is going to stand out as a model…. The goal is a valid and fair elections process.”

Subscribe to the Stanford Review