Security experts question Maryland’s online ballot system
ANNAPOLIS, Maryland — A new online ballot system and marking tool could weaken Maryland’s voting security and make it the most vulnerable state in the nation, according to some cybersecurity experts.
On Sept. 14, the Mar yland State Board of Elections voted 4-1 to certify a new voting system and marking tool for online ballots.
The new system will allow all Maryland voters the ability to both make selections on a computer and print absentee ballots from home, and send them into the State Board of Elections.
Nikki Charlson, the deputy state administrator of the Board of Elections, said the system and tool are as secure as possible.
“We are following all of the best practices for IT systems,” she said.
Experts in cybersecurity and computer science have publicly stated they believe the potential risks with the new method of voting outweigh the benefits.
While Maryland voters can still have absentee ballots mailed or faxed to them, the new method allows any Maryland registered voter with access to the internet the ability to request and download a ballot. These can be marked on the computer, but the selections are not recorded anywhere except on the printed ballots themselves.
All completed absentee ballots must be mailed to Maryland election officials on or before the day of the election in order to be counted.
Four of the five members of the Board of Elections found the ballot delivery system and marking tool to be secure enough for Mar yland voters.
Patrick J. Hogan, a Democrat, the vice chairman of the State Board of Elections, acknowledged the risks, but voted to certify the system and tool.
“There’s no guarantees in life,” he said at a Board of Public Works meeting on Aug. 17. “We’ve had four security reviews done of this online ballot marking tool and all have said it’s secure.”
Poorvi L. Vora, a professor of computer science at The George Washington University, said the security reviews are not definitive.
“You can do a test and not find anything wrong,” she said. “That does not mean it is secure.”
Kelley A. Howells, a Republican, was the lone board member to vote against the extension of the system and marking tool, saying she wanted to avoid unnecessar y complexity.
Four computer scientists from outside the state, including Vora, put out a statement addressing the potential problems with the expanded use of online ballots and the new marking tool, specifically with voter verification.
“There must be a secure method for authenticating voter transactions that guarantees that the reliably identified voter, as opposed to a bad actor or piece of malicious software, is at the other end of the transaction,” they said in a statement.
To prevent fraud, Maryland voters are required to provide the last four digits of their Social Security number, their driver’s license number and the issue date of their license plate or Motor Vehicle Administration ID number in order to access the ballot on their computer.
Rebecca Wilson, the co-director of Save our Votes, a nonpartisan organization working to increase voter security, spoke against the certification at the meeting on Sept. 14 and said it’s not secure enough. People can access that information if they really want it, she said.
“Driver’s license numbers can be derived from an algorithm,” she said.
Alan De Smet is a software engineer who created a website that can determine driver’s license numbers in certain states, particularly states that use an algorithm to determine the numbers.
Using his website, anyone with access to the Internet can determine most Maryland driver’s license numbers with only a person’s full name and day and month of birth.
“My description of the algorithm itself, including the source code to my software, is free speech,” he said. “That I make it available to use online shouldn’t change anything.”
Buel C. Young, a spokesman for the Motor Vehicle Administration, said the administration is aware the algorithm is online.
“In the technological age, there is always going to be someone making advancements toward replicating information,” he said.
De Smet said the best solution to improve Maryland’s license number security is to assign driver’s license numbers in a meaningless way.
“Any high-quality random number generator would do the job,” he said. “Something as simple as assigning numbers sequentially would certainly be better.”
Wilson also said Social Security numbers are not secure.
“The last four digits of the Social Security number, you may as well consider those public because of breaches of the federal employees’ database, the University of Maryland [breach],” she said. “There have been large-scale compromises of Social Security numbers in Maryland which we know are on the black market.”
On Feb. 18, 2014, hackers stole more than 300,000 personal records from the University of Maryland’s personal information database.
The personal data — including Social Security numbers — of more than 22 million federal employees, contractors, applicants and family members was breached, likely starting in 2014, federal officials announced in 2015.
The four computer scientists said the license issue date, the third verification needed to obtain the online ballot, is accessible to “tens of thousands of state employees and local law enforcement agencies.”
Charlson said employees sign an agreement not to use information they have access to for any unauthorized reason.
According to Barbara Simons, the chair of the Board of Directors of Verified Voting, Maryland is particularly vulnerable to voter fraud.
Simons, one of the computer scientists who opposing the use of the online voting system and marking tool, said Maryland has three main security risks: no signature check of mail-in ballots is conducted; any citizen can request an absentee ballot without excuse; and an absentee ballot can be obtained and marked online.
“This combination of factors makes the Maryland absentee voter system the most insecure in the country,” she said.
While other states also use online ballots and mail-in voting, Maryland is the only one of those states that does not use signature verification.
The General Assembly, which meets in the spring, would have to vote on signature verification, so it will not be in place for the 2016 elections, Charlson explained.