|
Military
drops project for voting via Internet
02.06.04
REUTERS
WASHINGTON - The
Pentagon said Thursday it had scrapped its program
to allow U.S. troops and other Americans overseas
to vote through the Internet because the system
was so vulnerable to computer hackers it could
cast doubt on the election results.
The Pentagon heeded the advice of cybersecurity
experts who urged in a Jan. 21 report that the
program be abandoned because it was impossible to
create a voting system with current personal
computers and the Internet that would stop hackers
or terrorists from tampering with election
results.
The $22 million Secure Electronic Registration and
Voting Experiment, or SERVE, was supposed to allow
100,000 U.S. troops and civilians overseas to vote
through the Internet this year.
Deputy Defense Secretary Paul Wolfowitz wrote a
memo on Jan. 30 saying the Pentagon "will not
be using the SERVE Internet voting project in view
of the inability to assure legitimacy of votes
that would be cast using the system, which thereby
brings into doubt the integrity of election
results."
The first tryout for the SERVE system had been
scheduled for this past Tuesday's South Carolina
presidential primary, but the Pentagon put the
system on hold. More...
© 2004 AzStarNet, Arizona Daily Star.
Report
Says Internet Voting System Is Too Insecure to Use
By JOHN SCHWARTZ
New York Times
01.21.04
A new $22 million
system to allow soldiers and other Americans
overseas to vote via the Internet is inherently
insecure and should be abandoned, according to a
panel of computer security experts asked by the
government to review the program.
The system, Secure Electronic Registration and
Voting Experiment, or SERVE, was developed with
financing from the Department of Defense and will
first be used in this year's primaries and general
election.
The authors of the new report noted that computer
security experts had already voiced increasingly
strong warnings about the reliability of
electronic voting systems, but they said the new
voting program, which allows people overseas to
vote from their personal computers over the
Internet, raised the ante on such systems' risks.
The system, they wrote, "has numerous other
fundamental security problems that leave it
vulnerable to a variety of well-known cyber
attacks, any one of which could be
catastrophic." Any system for voting over the
Internet with common personal computers, they
noted, would suffer from the same risks.
The trojans, viruses and other attacks that
complicate modern life and allow such crimes as
online snooping and identity theft could enable
hackers to disrupt or even alter the course of
elections, the report concluded. Such attacks
"could have a devastating effect on public
confidence in elections," the report's
authors wrote, and so "the best course to
take is not to field the SERVE system at
all."
A spokesman for the Department of Defense said the
critique overstated the importance of the security
risks in online voting. "The Department of
Defense stands by the SERVE program," the
spokesman, Glenn Flood, said. "We feel it's
right on, at this point, and we're going to use
it."
An official of Accenture,
the technology services company that is the main
contractor on the project, said the researchers
drew unwarranted conclusions about future plans
for the voting project. "We are doing a
small, controlled experiment," said Meg
McLauglin, president of Accenture eDemocracy
Services.
The Federal Voting Assistance Program, part of the
Department of Defense, plans to officially
introduce the program in the next few weeks. Seven
states have signed up so far to participate:
Arkansas, Florida, Hawaii, North Carolina, South
Carolina, Utah and Washington. As many as 100,000
people are expected to use the system this year,
and the total eligible population would about one
million.
A move to that larger population of voters is far
from certain, Ms. McLauglin said, and the final
system could be very different from the one being
used this year. "It will be up to Congress
and the states to determine if this gets expanded,
and how," she said.`
"Without doing these experiments, we won't
learn more and we won't learn how to help these
folks vote in the future," she said.
Trying to vote overseas can be a frustrating
ordeal. And Internet voting makes intuitive sense
to Americans who have grown accustomed to buying
books, banking and even finding mates online.
But the authors of the report adamantly state that
what works for electronic commerce doesn't work
for electronic democracy: "E-commerce grade
security is not good enough for elections,"
they wrote. The dual requirements of
authentication and anonymity make voting very
different from most online purchases, they wrote,
and failures and fraud are covered by Internet
merchants and credit card companies. "How do
we recover if an election is compromised?"
they wrote.
The report states, "We recognize that no
security system is perfect, and it would be
irresponsible and naïve to demand perfection; but
we must not allow unacceptable risks of election
fraud to taint our national elections."
They said any new system "should be as secure
as current absentee voting systems and should not
introduce any new or expanded vulnerabilities into
the election beyond those already present."
One of the authors of the report, David Wagner, an
assistant professor in the Computer Science
Division at the University of California at
Berkeley, said, "The bottom line is we feel
the solution can't be a system that introduces
greater risks just to gain convenience."
Although some of the possible attacks may sound
far-fetched or arcane, the security experts said
that each of them had already been seen in some
form out on the Internet.
"We're not making up any theoretical
concepts," said Aviel D. Rubin, an author of
the report and the technical director of the
Information Security Institute at Johns Hopkins
University. "These are all things that occur
in the wild that we see all the time."
Computers on the Internet have become ever more
vulnerable to malicious software that takes over
the machines' functions to monitor the users'
activities, scan them for private information or
press them into service to launch attacks on other
computers, to send spam or advertise Internet
pornography sites online. "And we're going to
use these as voting booths?" Mr. Rubin asked.
"It just doesn't make any sense."
A major American election would be an irresistible
target for hackers, and the ability of computers
to automate tasks means that many attacks could be
carried out on a large scale, the report said. More...
(link to New York Times)
|
