Berkeley High student tried to rig his own election, exposing flaw in district’s cybersecurity

Berkeley High School. Photo: Nancy Rubin

Large-scale voting fraud in a Berkeley High student government election has gotten two candidates disqualified and revealed a vulnerability in the district’s technology system.

No software hacking or Russian meddling was required.

A candidate simply logged into his classmates’ email accounts and cast hundreds of online votes for himself, according to administrators.

John Villavicencio, BHS director of student activities, first noticed a suspicious spike in support for two of the candidates running for student-body president and vice president a couple of days after the voting period opened in mid-March. Students were casting ranked-choice ballots via a Google Form accessed through district-provided Gmail accounts, and election administrators could observe the live results. The sudden influx of votes favoring these two candidates was blatant, Villavicencio said.


The administrator contacted R.E. Stern, the Berkeley High senior who serves as the school’s commissioner of elections.

“I said, ‘This seems kind of weird, does this seem weird to you?'” Villavicencio said. “We both spent the next hour digging deeper.”

Stern and Villavicencio noticed that students typically voted at certain times, like during lunch or right after school. However, votes for the two candidates in question, who were running mates, were flooding in on a completely different schedule. What’s more, they discovered, some of those votes were cast in quick succession, with ballots submitted in the alphabetical order of the voters’ last names.

“When we spotted it, it was incredibly obvious,” said Stern, 17. “There were just massive alphabetical votes at random hours.”

But just to make sure, the student conducted several statistical analyses and plotted out voting trends in charts and graphs. He shared his findings in a highly detailed email sent to the whole student body March 29, the day before spring break. (Administrators were not available for interviews until Monday.)

Among the revelations: a vote cast for the presidential candidate in question during a certain time period had a 63% chance of being preceded by another vote for that candidate — by a voter whose last name started with the same letter as the other voter. For other candidates, that likelihood dropped to 5%. More than 500 votes were found to be fraudulent.

First-place votes for one candidate surged ahead at unusual times, raising questions. Graph: R.E. Stern/Berkeley High

The investigators were also able to determine that the false votes were cast from a computer, and looked into who had access to computers during the times the votes were cast. They interviewed potential perpetrators and narrowed it down to the presidential candidate himself, who eventually took responsibility for the fraud, said Principal Erin Schweng.


“We have a lot of different things we’re going to be asking and requiring of them, to make amends,” she said.

According to the district’s internet use policy, students who use others’ digital accounts can be disciplined and lose school internet privileges.

Schweng said the culture around this election, from the outset, was different than what she’d seen in the past. There were more reports of students taking down candidates’ posters, and more activity on social media. Some students suggested to the principal that the stakes felt higher because colleges are becoming increasingly more selective, and extracurriculars like student government are consequently more important.

“That just sounds like an incredibly difficult and stressful place to be,” Schweng said. Administrators remind electoral hopefuls to focus on promoting themselves without “tearing candidates down,” she said.

The fraudulent voter and his running mate were disqualified from the election, and all students whose accounts he’d accessed were allowed to recast votes.

Junior Lexie Tesch was ultimately voted president and classmate Daijah Conerly vice president.


Hundreds of students kept formulaic email passwords

How was one student able to cast votes on behalf of hundreds of his classmates?

When kids enter a Berkeley middle or high school, they get an email address from the district, which is always a student’s first and last name. The default password that comes with the account is “Berkeley” followed by the student’s identification number.

If a student does not change the default password, “anyone with access to your student ID number will be able to access and delete your emails, schoolwork, personal documents and anything stored on your Google Drive,” Stern wrote in his message to the student body. (Administrators retain access to student accounts even when the passwords are changed, according to BUSD.)

New students look at their phones during Berkeley High freshman orientation. All students are issued district email accounts with formulaic passwords. Photo: Natalie Orenstein

By the time the fraudulent votes were cast, there were evidently still more than 500 students who had both not changed their password and had not yet voted. Because seniors are ineligible to vote, the actual number of students still using the provided password was likely much higher. On a campus with a bit over 3,000 students, that’s a lot of teenagers lacking digital security.

“It just shows that people don’t make healthy cybersecurity decisions,” said Stern.

But he and some other students, who might be as young as 11 when they receive their BUSD email account, said they do not remember ever being told to change their passwords.

“I’m not sure how much Berkeley High really invests in having robust architecture for student security,” Stern said. He brought up a rumor, which an administrator confirmed to Berkeleyside, that a student once logged into a classmate’s email account and withdrew all their University of California college applications.

Matt Albinson, the school’s technology coordinator, said all incoming ninth graders are told to change their passwords during a tech orientation, and teachers are reminded to tell their students throughout the year. In elementary and middle school, students are also taught about “digital citizenship.”

Administrators agreed the message had to be much louder, though, and suggested password-changing could become an activity in class.

“It’s not a hard fix,” Schweng said. “Another implication for us is to be very, very careful about who has access to student names.” Villavicencio said he wants to limit the times when ID numbers are included on print-outs or lists too. Currently, students in leadership roles and some others have access to such lists.

Suspiciously, alphabetically consecutive groups of students cast ballots for the same candidate in quick succession. Chart: R.E. Stern/Berkeley High

Some administrators said they had not considered, or did not believe, a change was needed in the way the default passwords were formulated in the first place. District officials said a different system will be used next year, but said in an email that “there are many considerations.”

“The more complex the password, the more difficult it is to remember, especially for younger students,” the district message said.

“I didn’t want people to lose faith in democracy because of this”

When Stern became his school’s commissioner of elections two years ago, “I made it my job to overhaul the entire election system,” he said.

He implemented a ranked-choice system because that’s what the city of Berkeley uses, and he wanted his classmates to be prepared for their civic duties after graduation.

“The other changes were to get the election into the 21st century,” Stern said.

For the first time, students voted online.

“With online voting, you do invite a whole bunch more opportunities for fraud,” Stern conceded. “But you also make it easier to detect. If someone were to, say, take the envelopes last year and vote, you would have no way of finding out.”

Schweng and Villavicencio praised how Stern handled the revelations.

“It is such a pleasure to work with someone with someone with such integrity,” the principal said.

Even when questioning suspects, he was “very neutral and very unbiased,” Villavicencio said. “He wanted to run the elections in a fair and free way.”

Stern was “the brains behind the statistical analysis,” said the administrator, a former BHS math teacher.

Student Activities Director John Villavicencio — here addressing students during an orientation — discovered the fraud with student R.E. Stern, the elections commissioner. Photo: Natalie Orenstein

For Stern, it’s taken some time to get used to the attention he’s received — on Instagram and in the hallways — since his email went out.

“I am pretty reserved about the extent to which I share information about myself,” Stern said. “Apparently I’m some sort of hero now.”

His classmates Tesch and Conerly have meanwhile started to move on from the scandal that ended with their victory, and tried to make good on their campaign promises.

The juniors told Berkeleyside they’re working to establish a “simple supply center” with necessities like toothbrushes and socks.

“We want to really show our homeless and low-income students that we’re here for them and want to help support them,” Tesch said.

Conerly said she plans to host a “cultural awareness assembly” during Black History Month, having heard many students say that history should be better acknowledged. Other priorities for the new student leaders include hanging highly visible disaster-safety placards customized for each Berkeley High building, and creating an anonymous website where students can report bullying and sexual harassment.

The students said they first learned about the election fraud in a private meeting for all candidates March 25. At first, everyone in the room “burst out laughing” when they heard the strange news, then quickly realized the severity of the situation.

“I was just so angry,” Tesch said. “I didn’t want people to lose faith in democracy because of this.”

Tesch said she had actually neglected to change her own password until right before the election. For quite some time, she actually thought she wasn’t supposed to, so administrators could maintain access to the account.

“Potentially if I hadn’t changed it, he could have hacked my own ballot!” she said.