Web-voting option suspended due to a system flaw

The option of casting your vote through the new D.C.’s Digital Vote by Mail system has been suspended because of a vulnerability that allowed a public tester of the system to modify it so that it plays a song while the users vote.

The researcher used this harmless way of showing that the system is still not secure enough to guarantee that the votes will be correct and legitimate, but this flaw could allow direct manipulation of the votes.

So, until further notice, this option has been put on hold. But the system still allows users to print out the ballots, mark them and send them back by mail or via fax, or to scan the printed and marked ballots and send them back via email.

According to ComputerWorld, the system was primarily designed to allow citizens located in foreign countries during the election to cast their votes, but the issue of security of Web-voting has long concerned election officials. These systems are always at risk of getting “DDoSed” or of the ballots being manipulated via client-site attacks and redirections.

Luckily for everybody involved, this new Digital Vote by Mail system was tested before it was allowed to run, but the question is – how much testing is enough to assure the legitimacy of such a delicate process?