Speaker: Mike Specter, Ph.D. Candidate, MIT CSAIL

Topic: Security and Privacy of U.S. Deployed Internet Voting Systems

Election security is ​hard​–elections themselves are complex sociotechnical systems that encompass cryptography, systems security, and public policy. Providing a transparent, safe, and private voting system remains a complicated problem, motivating a number of research papers in both cryptography and systems security. 

Unfortunately, COVID-19, overseas voters, and accessibility concerns have forced U.S. States to increasingly turn to untested forms of Internet voting to facilitate remote participation. Despite these systems’ newfound importance to the democratic process, there has been little public documentation on their security and privacy properties, a problem worsened by voting system vendors’ record of hostility toward independent security research.

In this talk, Specter will present analyses of the two dominant Internet voting systems currently used in U.S. federal elections -- OmniBallot and Voatz. Through a process of reverse engineering, reimplementation of server-side components, and security analysis, this work shows that both systems suffer from flaws that could easily undermine an election by exposing any voter’s private ballot, changing their vote, or otherwise controlling the outcome. As a direct result of this work, many states have altered or cancelled plans to use these systems. The talk will conclude with a discussion of emerging challenges at the intersection of applied cryptography, systems security, and public policy.



Michael A. Specter is a Ph.D. candidate in Electrical Engineering and Computer Science at MIT, advised by Gerry Sussman and Danny Weitzner. He is a member of the Internet Policy Research Initiative, the Caltech/MIT Voting Technology Project, and a research affiliate with Google’s Android Security and Privacy Team.

Specter’s doctoral research centers on how to leverage insights from economics, public policy, and law to guide applied cryptography and systems security research. Specifically, his work has included discovery of vulnerabilities in ​election​ ​systems​, development of new cryptographic protocols for ​deniable​ messaging, analysis of law enforcement’s proposals to regulate encryption​, and improvements to Google’s kernel fuzzer ​Syzkaller​.

Specter is a recipient of the ​EFF Pioneer Award​ and the M3AAWG JD Falk Award, and his work has been featured in ​The New York Times​, ​The New Yorker​, ​CNN​, ​Vice​, ​Bloomberg​, ​Fortune​, and ​The Economist​. Most recently, he was a contributor to the EFF-led ​Amicus Brief to the Supreme Court on the need to reform the Computer Fraud and Abuse Act​. He has held research internships at both Google and Apple, and holds both a masters in EECS and in Technology Policy from MIT. Prior to embarking on his PhD, Specter was a research scientist in MIT’s Lincoln Laboratory, a research facility affiliated with the U.S. Air Force, where he focused on operating systems security, vulnerability discovery, and reverse engineering in the interest of national security.

Upcoming Events