Posted on 01/21/2004 5:21:27 PM PST by buffyt
A new $22 million system to allow soldiers and other Americans overseas to vote via the Internet is inherently insecure and should be abandoned, according to members of a panel of computer security experts asked by the government to review the program.
The system, Secure Electronic Registration and Voting Experiment, or SERVE, was developed with financing from the Department of Defense and will first be used in this year's primaries and general election.
Advertisement
The authors of the new report noted that computer security experts had already voiced increasingly strong warnings about the reliability of electronic voting systems, but they said the new voting program, which allows people overseas to vote from their personal computers over the Internet, raised the ante on such systems' risks.
The system, they wrote, "has numerous other fundamental security problems that leave it vulnerable to a variety of well-known cyber attacks, any one of which could be catastrophic." Any system for voting over the Internet with common personal computers, they noted, would suffer from the same risks.
The trojans, viruses and other attacks that complicate modern life and allow such crimes as online snooping and identity theft could enable hackers to disrupt or even alter the course of elections, the report concluded. Such attacks "could have a devastating effect on public confidence in elections," the report's authors wrote, and so "the best course to take is not to field the SERVE system at all."
A spokesman for the Department of Defense said the critique overstated the importance of the security risks in online voting. "The Department of Defense stands by the SERVE program," the spokesman, Glenn Flood, said. "We feel it's right on, at this point, and we're going to use it."
An official of Accenture, the technology services company that is the main contractor on the project, said the researchers drew unwarranted conclusions about future plans for the voting project. "We are doing a small, controlled experiment," said Meg McLauglin, president of Accenture eDemocracy Services.
The Federal Voting Assistance Program, part of the Department of Defense, plans to officially introduce the program in the next few weeks. Seven states have signed up so far to participate: Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah and Washington. As many as 100,000 people are expected to use the system this year, and the total eligible population would about one million.
A move to that larger population of voters is far from certain, Ms. McLauglin said, and the final system could be very different from the one being used this year. "It will be up to Congress and the states to determine if this gets expanded, and how," she said.`
"Without doing these experiments, we won't learn more and we won't learn how to help these folks vote in the future," she said.
Trying to vote overseas can be a frustrating ordeal. And Internet voting makes intuitive sense to Americans who have grown accustomed to buying books, banking and even finding mates online.
But the authors of the report adamantly state that what works for electronic commerce doesn't work for electronic democracy: "E-commerce grade security is not good enough for elections," they wrote. The dual requirements of authentication and anonymity make voting very different from most online purchases, they wrote, and failures and fraud are covered by Internet merchants and credit card companies. "How do we recover if an election is compromised?" they wrote.
The report states, "We recognize that no security system is perfect, and it would be irresponsible and naïve to demand perfection; but we must not allow unacceptable risks of election fraud to taint our national elections."
They said any new system "should be as secure as current absentee voting systems and should not introduce any new or expanded vulnerabilities into the election beyond those already present."
Naturally the Demoncrats will rally behind this form of fraud!
It might happen. The internet is becoming very big. Some might even say HUGH!
It is exactly this requirement of both authentication and anonymity that will doom any internet voting system. There are protocols that have been proposed to do this but they are very complex and even harder to implement. Go to couterpane.com and look up some of Bruce Schneier's essays on electronic and internet voting. Mr. Schneier has big creds in the security and cryptographic community. He is the designer of 'blowfish' a widely deployed strong cryptosystem, and his 'twofish' algorythm was among the final 3 considered to replace DES.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.