Oscars Move To Online Voting: Are They Vulnerable To Attacks?By: Josh Wolford - February 3, 2012
Although the race for Best Picture is probably not as important as a Presidential election or a referendum vote, it’s pretty serious stuff. If you’ve ever watched an entire Academy Awards broadcast you probably remember seeing the “demonstration of security.” You know, some suited representatives from PwC will strut onto the stage and talk about how they have tabulated the votes and kept them a secret. “Only two people knows the results before tonight,” they say.
Now, the security of the Oscar voting is being called in question due to the Academy’s decision to go digital in 2013.
The Academy is sourcing the job of developing an electronic voting platform to Everyone Counts, purveyors of “secure, transparent, and universally accessible election systems.” Everyone Counts is based in California and has provided online election solutions in places like New South Wales, Honolulu, and Denver.
PwC’s role in the Oscar voting will reportedly remain unchanged. They’ve been in charge of the ballots for 78 years and in that time have counted over 450,000 individual ballots. This year, 5,783 nomination ballots were sent to Academy members and final ballots were mailed out on Wednesday.
The current mail system has yet to produce a single security breach, according to PwC. Here’s how the ballots currently make their way to the Oscars:
Once the votes have been submitted and tabulated, PwC prepares two briefcases with a complete set of envelopes bearing the Oscar winners’ names. As a precautionary measure, both briefcases are then transported to the ceremony via separate, secret routes with each of the PwC balloting leaders. As a second preventive measure, the PwC balloting leaders also memorize every winner. During the live telecast, Oltmanns and Rosas remain backstage and hand each envelope to award presenters before they walk onstage.
Changing to online voting presumably wouldn’t change any of that, but it would change the way PwC receives the votes. And of course, with any sort of online voting, the first concern is security. And some analysts are concerned that the Academy Awards are opening themselves up to a slew of tampering problems.
Best Actor Ashton Kutcher, anyone?
The worry is that people who wish to mess with the awards could use a variety of cyber attacks – DDoS, malware, etc. These could be used somehow to influence the outcome while possibly remaining undetected.
“Everybody would like there to be secure internet voting, but some very smart people have looked at the problem and can’t figure out how to do it,” David Dill, a professor of computer science at Stanford University told the Guardian. “The problem arises as soon as you decouple the voter from the recorded vote. If someone casts a ballot for best actor A and the vote is recorded for best actor B, the voter has no way of knowing the ballot has been altered, and the auditor won’t be able to see it either.”
This is a general concern, but apparently some security experts are concerned with Everyone Counts specifically.
One security expert said he was unimpressed by the Everyone Counts software. A 2007 report concluded that the system created by Everyone Counts for a local council election in the UK had a “number of serious flaws.” Security experts tried to penetrate its defenses, successfully exposing the problems.
Of course, Everyone Counts is not the only organization to experience difficulties with online elections. The company’s CEO Lori Steele told the Guardian that no system is perfect but computers are more reliable than paper ballot, the latter of which is easier to forge.
“We are honored to have earned the trust of the Academy of Motion Picture Arts and Sciences in bringing online voting to the Oscars starting next year,” said Steele. “Our company was founded to set a new standard of security, accessibility, and transparency in elections. We’re proud to be working with the Academy, an organization that also represents the highest standards in its field.”
Since the changes won’t go into effect until 2013, the Academy plans to spend next year running everything through a series of rigorous tests.
Though the aging Academy population might object to all the newfangled internets and stuff, it’s hard to argue that online voting wouldn’t make things more efficient. But security is always a concern with thing sort of thing.
On the other hand, maybe hackers could finally use this opportunity to make the Academy give Tarantino a Best Picture Oscar one of these days.
I’ve reached out to Everyone Counts for comments, but haven’t heard back.