What the University of Michigan Fight Song Teaches Us about Security
11:24 am in Associations, Online Voting, Voting Trends by Votenet Updates
Ordinarily here at Voting 2.0 we stay away from talking specifically about Votenet-specific features, but a recent event has organizations asking a critical question: “If hackers can penetrate a government online election, can Votenet keep our organization’s voting event secure?”
In late 2010, the District of Columbia rolled out a pilot project to allow overseas and military voters to download and return absentee ballots over the internet. Before they sent invitations to real voters, they put the system online to invite the public to evaluate the system’s security and usability.
Within 36 hours, a team of hackers from the University of Michigan exploited a vulnerability that gave the students the ability to change votes and reveal secret ballots. The hack made headlines around the country when the students left a “calling card” to show that they had control of the server: after 15 seconds, the page played the University of Michigan fight song.
So how is Votenet’s system more secure? The leading security expert at The Hyperion Group noted that the pilot voting program and Votenet’s certified system have little in common.
The DC pilot program used an open source server-side application and only performed internal testing before opening their process to the public. Votenet actually hires The Hyperion Group to attack the system just as a malicious hacker would from any of the six areas that an online voting system might be vulnerable.
Each year The Hyperion Group assesses the system and advises Votenet on how to close any vulnerable windows. The Hyperion team also perform the rigorous tests each time the system undergoes significant changes or Votenet unveils new products.
The result of the testing is that Votenet has earned The Hyperion Group’s verified certification and is able to display the Hyperion badge.
As Votenet CEO Michael Tuteur said, “After eight years with zero security intrusions, almost 25,000 elections for 1,500 customers and 16,000,000 voters served, Votenet is the proven choice for organizations concerned about establishing and maintaining the trust of their constituents and conducting a successful governance program.”
Click here for more information on Votenet’s certifications and standards to make sure every election maintains the highest integrity.
Amazing! Who built the DC Pilot project?
Having a secure voting platform is key to a successful election. Incidents such as the one mentioned can not only hinder the results but they can also deter an energetic member from participating in the future. As online communities grow in different aspects it’s important to make sure elections are secure and safe from such problems as mentioned above.