Saturday, March 6, 2010

UBC AMS elections got hacked!

Someone figured out how to vote over 700 times in the recent University of British Columbia student union (AMS) elections (January 25 - 29). It's still being investigated, but Elections Administrator Isabel Ferreras presented a preliminary report to AMS Council on March 3.

I was involved because I helped the Elections Committee calculate the voter funded media (VFM) awards. We were running two VFM competitions simultaneously -- 1-time VFM and Continuous VFM -- see comparison table. 1-time VFM was on the AMS elections ballot, which required a UBC login to vote. Continuous VFM was on this votermedia.org page, where anyone could vote without logging in.

Surprisingly, it was the login-protected ballot that got hacked. That's why the Elections Committee didn't spot it, and why it took me 2 weeks to spot it -- no one expected such a thing. Now we're all older & wiser.

Check out the light-hearted coverage from AMS Confidential. UBC Spectator live-blogged the AMS Council meeting with Isabel's report:



TO: AMS COUNCIL
FROM: ISABEL FERRERAS, ELECTIONS ADMINISTRATOR
RE: PRELIMINARY REPORT TO COUNCIL ON INVESTIGATION INTO VOTER IRREGULARITIES

       Introduction
  1. As you know, the AMS has been investigating a voter irregularity which came to light after submission of the Elections Report to Council on February 10, 2010.
  2. The Elections Committee has obtained preliminary findings from its external forensic investigator which indicate that the voter irregularity in question had no effect on any of the AMS Executive positions.
  3. We have directed the investigator to continue with its investigation as there are certain other issues which came to light which warrant further attention.
  4. As a result, I am only able to provide this preliminary report to Council.

    Background

  5. As you know, on February 10, 2010, I submitted my Report to Council on the 2010 Elections Results (in accordance with Section IX, Article 7, Section 10 of the Code of Procedure).
  6. On February 17, 2010, I was contacted by Mark Latham, the sponsor of the voter funded media contest, concerning an irregularity in the pattern of the votes. Mark noted that, with respect to the voter funded media contest, there had been a significant number of votes occurring at the end of the election and that numerous votes had been cast from the same IP address. I reviewed the elections results and confirmed that a significant number of votes had been cast from the same IP address immediately before the ending of the election.
  7. On February 19, 2010 I notified the AMS’ General Manager, Ross Horton, as well as Chris Eaton, UBC’s Academic Governance Officer & Triennial Returning Officer, given that two sets of UBC posit
    ions had been filled as a result of this electoral process.
  8. The AMS retained FDR Forensic Data Recovery Inc. to provide forensic preservation and analysis of the AMS’ 2010 Elections Results. FDR is a recognized industry leader in computer forensics, data preservation and data recovery with a reputation for prompt and responsive service.
  9. On February 25, 2010, Mr. Horton advised the Executive that AMS was investigating a voter irregularity. To avoid any potential conflict of interest of elected Executive members, it was agreed that Mr. Horton would continue to be responsible for directing the FDR investigation, in consultation with the Elections Committee and AMS’ legal counsel.
  10. On February 26, 2010, the AMS released a communication to its membership indicating that we were investigating this voting irregularity.

    Role of Elections Committee and Elections Administrator
  11. In keeping with my role as Elections Administrator, I have been involved in the investigation.
  12. The Code states that it is my responsibility to provide a report to Council on the election, including the results.
  13. However, in this case, where the previous report that I submitted may have been wrong on the basis of a fraud or error not earlier brought to my attention, I am advised by legal counsel that it is my obligation to consider the information concerning the voter irregularity and to take all reasonable steps to provide a revised report to Council as soon as possible.
  14. I also understand from AMS’ legal counsel that the law does not require a standard of perfection. In other words, the Elections Committee is not obliged to guarantee that the elections results are perfect. Rather, an election result may only be rejected where a substantial irregularity is shown to have occurred and there is a determinable and material effect on the elections results.
  15. As discussed below, the preliminary information suggests the voter irregularities identified to date did not affect the outcome for any of the AMS Executive positions.

    Preliminary Results of Forensic Analysis
  16. In its preliminary analysis, FDR has determined the following:

    1. There is a security vulnerability in the voting system such that an eligible student could submit an unlimited number of votes on behalf of any student number including ineligible student numbers.
    2. 731 votes were cast from one IP address between 12:44:33 and 16:00:00 (the “Suspect Voters”)
    3. 18 of the Suspect Voters contain ineligible student numbers which is indicative of fraudulent activity.
    4. In the University Board of Governors ballot section there are 4 hidden fields which are not displayed: board1, board2, board4 and board8. Within the Suspect Votes, there were 58 votes cast for board2 and 75 votes for board8. This data anomaly is not possible through the normal voting process.
  17. FDR has therefore concluded that the 731 Suspect Voters are not legitimate.
  18. The AMS has no information (from FDR or any other source) indicating any connection between any persons who ran for election or participated in the voter funded media contest and the Suspect Voters.
  19. By “backing out” the 731 Suspect Voters from the election results, the Elections Committee has determined that there has been no effect on the election results with respect to any AMS positions.
  20. However, there is an effect on the voter funded media contest. For referendum questions, only the successful question was affected. This will be addressed in my revised report.
  21. The only race which is effected by the removal of the Suspect Voters is the UBC Senate race. The AMS has shared the results of its preliminary investigation with UBC.
  22. FDR’s preliminary analysis identifies a number of other instances of multiple votes submitted from one or more IP addresses. FDR has noted that such instances may not be suspicious as the IP address(es) may be routers, gateways or a public terminals. These instances of ‘Clump Voting’ are being investigated and will be reported upon in FDR’s report.

    Continuing Investigation
  23. We have directed FDR to continue to investigate whether there are other voter irregularities including:

    1. analyzing material Clump Voting coming from the same IP addresses;
    2. whether votes saved, but not submitted, were over-written by the 731 Suspect Voters.
  24. Upon receipt of FDR’s report, the Elections Committee will present the results to Council and likely present a revised elections report.

    Next Steps
  25. We have asked FDR to make recommendations in their final report regarding steps which may be taken to avoid the repetition of the security breaches and irregularities identified in the AMS Electronic Elections process.

No comments: