The hacking collective known as Anonymous has allegedly targeted the Iowa caucus’s voting machines.
According to the Associated Press, there are two tools that the “hacktivists” could use to create some chaos. The first is a “denial of service” request, which sends thousands of requests to a website server and makes it useless. The second is a SQL injection, which inserts a code into a website’s software, thereby exploiting its vulnerabilities and forcing it to execute the hacker’s code.
It wouldn’t be the first time that SQL insertions were used to try to rock the vote. In Sweden’s elections in 2010 a voter tried to insert an SQL insertion in the vote by hand-writing. Presumably a hacker could try something similar at the Iowa caucus.
There are other worse examples of SQL insertions being dangerous. In 2010, Washington D.C. conducted a pilot project to allow overseas and military voters to download and return absentee ballots over the website. The city made the system open to the public for only three days, but that was just enough time for J. Alex Halderman, a professor in computer science at the Univesity of Michigan, to expose some of the systems flaws. Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots,” Halderman wrote.
Alas, were such an attack carried out in the Iowa caucus, it wouldn’t be the first time an SQL inserted caused great harm. The Royal Navy’s website was attacked in that manner by a Romanian hacker.
In Iowa, part of the problem is the centralization of the system which makes it vulnerable to attack. Most caucuses Iowa use secret ballots which are cast on paper. Some, in the past, have even used a show of hands. The results are then sent via computer or phone to Iowa GOP headquarters were they are tabulated by a computer and announced. It’s there at, and en route to headquarters, that the vulnerabilities persist.
There are presumably quite a number of ways to defend against this kind of hacking. The first and most obvious is to have the decentralized results posted at the precincts. Bloggers or others observers could go and post those results online and compare them to past elections. If there are shenanigans at a particular precinct it could be more easily detected without the risk of corrupting the entire process. Voters at each polling place could be required to show identification and those without identification could be provided it way ahead of time. This would stop insiders or outsiders from stealing the process.
Both of these reforms are unlikely to happen for two reasons. The caucuses are creatures of the parties, which rely on them to prove their relevance. The more centralized the process, the more the parties have relevance in the state. There are quite a number of Iowa consultants who rely on their ties to the GOP or Democrats to help candidates “deliver” Iowa. Voter IDs won’t do politically either. Given the number of old voters who lack any sort of ID this might induce hyperventilating by those worried about voter disenfranchisement.
Those ostensibly most worried about such disenfranchisement–the political left–has long disliked electronic voting machines. The reasons for this are two fold: electronic voting makes it less likely that local pols (or poll watchers) can steal elections and they often harbor a conspiratorial fear that voting machines are rigged against the people.
When Micah White, founder of the Occupy Wall Street movement, was a student at Swarthmore College he posted a series of stolen internal company memos that exposed flaws in Diebold’s voting machines on his website. Diebold sued the students for copyright infringement under the Digital Millennium Copyright Act. He and a few other students fought all the way to the Ninth Circuit, which predictably voted for the students.
From Occupy Wall Street to now Occupy Des Moines, a former activist posted a two-minute video on YouTube detailing plans to “peacefully shut down the first-in-the-nation Iowa caucus.” The activist say the video was left outside of his tent on November 3.
As I noted last week, there is plenty of opportunity to turn the Iowa caucus into the Iowa circus, especially once the “Occupy Iowa Caucus” movement comes to the foreground. Yesterday eight members were arrested in the headquarters of the Democratic party headquarters in Des Moines.
Could they do something a little more daring to sabotage the 2012 Iowa caucus? Tell will tell.