Security and Privacy of Internet Voting in U.S. Elections

Feb. 19, 2021 | 12 pm EDT | LINK |

Michael A. Specter,
Massachusetts Institute of Technology

Cybersecurity Lecture Series
Presented by the Institute for Information Security and
Privacy and the School of Cybersecurity and Privacy

Abstract: Election security is ​hard​–elections themselves are complex socio-technical systems that encompass cryptography, systems security, and public policy. Providing a transparent, safe, and private voting system remains a complicated problem, motivating a number of research papers in both cryptography and systems security.

Unfortunately, COVID-19, overseas voters, and accessibility concerns have forced the U.S. States to increasingly turn to untested forms of Internet voting to facilitate remote participation. Despite these systems’ newfound importance to the democratic process, there has been little public documentation on their security and privacy properties, a problem worsened by voting system vendors’ record of hostility toward independent security research.

In this talk, Specter will present his research evaluating the security of the dominant Internet voting systems currently used in U.S. federal elections. We will present an introduction to cryptography in remote voting, and show how all U.S.-deployed systems suffer from flaws that could easily undermine an election by exposing any voter’s private ballot, changing their vote, or otherwise control the outcome. As a direct result of this work, many states have altered or canceled plans to use these systems. The talk will conclude with a discussion of emerging challenges at the intersection of applied cryptography, systems security, and public policy.

Bio: Michael A. Specter is a Ph.D. candidate in Electrical Engineering and Computer Science at MIT, advised by Gerry Sussman and Danny Weitzner. He is a member of the Internet Policy Research Initiative, the Caltech/MIT Voting Technology Project, and a research affiliate with Google’s Android Security and Privacy Team. Specter’s doctoral research centers on how to leverage insights from economics, public policy, and law to guide applied cryptography and systems security research. His work has included the discovery of vulnerabilities in ​election​ ​systems​, the development of new cryptographic protocols for ​deniable​ messaging, the analysis of law enforcement’s proposals to regulate encryption​, and improvements to Google’s Linux kernel fuzzer ​Syzkaller​. Specter is a recipient of the ​EFF Pioneer Award​ and the M3AAWG JD Falk Award, and his work has been featured in ​The New York Times​, ​The New Yorker​, ​CNN​, ​Vice​, ​Bloomberg​, ​Fortune​, and ​The Economist​. Most recently, he was a contributor to the EFF-led ​Amicus Brief to the Supreme Court on the need to reform the Computer Fraud and Abuse Act​. He has held research internships at both Google and Apple and holds both a master’s in EECS and in Technology Policy from MIT. Prior to embarking on his Ph.D., Specter was a research scientist in MIT’s Lincoln Laboratory, a research facility affiliated with the U.S. Air Force, where he focused on operating systems security, vulnerability discovery, and reverse engineering in the interest of national security.