Michigan exposes laughs and concerns in DC election security showdown

Hacking an electronic voting system is illegal, undemocratic, deeply irresponsible, and an affront to everyone who ever fought against tyranny. But done the right way, it can also be funny.

A web-based voting system, designed for District of Columbia voters to cast their ballot from overseas, has been suspended after students at the University of Michigan altered the system to play a song every time somebody cast a vote. (The song in question was “The Victors”, the fight song of Michigan’s sporting teams.)

It should be stressed the students were not acting criminally and were among more than a 100 people asked to test the security and given access to the source code behind the system.

The voting option would have been among the first to take advantage of the Military and Overseas Voter Empowerment Act, a law passed last year allowing technology to be used to make it easier for people, such as serving soldiers, to vote. Voters in the DC elections will still be able to log on to a website to print out ballots and return them by e-mail, fax or regular mail.

It’s not just the musical interlude that’s caused concern among officials. Testing also showed that Mac users running Safari and viewing and completing the ballot document with Safari’s default built-in PDF viewer would likely not have their vote counted. That particular setup left the ballot document restored to its original, unedited state when the voter saved and submitted it, meaning they would unwittingly cast a blank ballot.

The DC Board of Elections and Ethics says it has ” determined, with the assistance of the public examination community, that the current iteration of the ballot return feature did not meet our security and file integrity standards for the Digital Vote by Mail pilot project.”

The big question, now, is whether or not the decision to start the public testing program on September 24 was too late for a system designed to be used for real voting on November 2.