US Internet Voting Technology Comes Under Fire

Despite a recommendation from researchers to halt the project before it is applied in the upcoming primary elections, the United States is pushing forward with intentions to use an experimental Internet-voting system in the primaries and in the presidential election in November.

The federally funded online absentee voting system in question -- which researchers were invited to test for security -- is known as the Secure Electronic Registration and Voting Experiment, or Serve.

A new report written by computer experts from UC Berkeley, Johns Hopkins University and the Lawrence Livermore National Laboratory warns the system is wide open to electronic attackers who could interfere with voting without being detected.

Administrators of the program, however, said they have no intentions of stopping the program's use in the upcoming Democratic presidential primary in South Carolina on February 3rd or in the November presidential contest.

"We don't plan to stop the program, and we were aware of these concerns long before the report came out," U.S. Department of Defense spokesperson Glenn Flood told TechNewsWorld. "We feel confident it will be secure and safe come November."

Net Voting Not Fixable

The Serve program, initiated to create an Internet-based voting system for America's 6 million eligible voters overseas or in the military, is scheduled to be used in 50 counties and seven U.S. states during this year's primary and general elections, handling as many as 100,000 votes.

An advisory group formed by the Federal Voting Assistance Program to evaluate the system, however, is now calling for it to be shut down because of inherent security gaps that cannot be fixed.

UC Berkeley assistant professor and report coauthor David Wagner told TechNewsWorld that the Internet's security plagues -- including viruses, worms and denial-of-service (DoS) attacks -- paired with PCs that are not intended to be used as voting machines, makes the Serve system highly vulnerable.

"Basically, this is not fixable with today's technology," Wagner said. "We've looked at a number of emerging technologies, and there's nothing today or even on the horizon that will allow secure Internet elections."

Getting to States and Counties

The Department of Defense's Flood said administrators of the Serve system were well aware of the significance of the associated security issues. He said the program was meant to study and experiment with Internet voting and has moved forward successfully toward the goal of being used as a live system.

"You have to keep in mind there's no such thing as 100 percent secure anything," he said, noting that the system will be deployed with training for states and counties involved leading up to the general election in November, when "everyone will be up to speed on what they're supposed to do."

Stronger or Unsafe?

Former executive director of the International Foundation for Elections Systems Paul DeGregorio, nominated last year by President Bush to sit on a U.S. elections commission, told TechNewsWorld that the security controversies around electronic and Internet voting will help validate the new voting method by forcing vendors to defend and improve their products.

UC Berkeley's Wagner, however, said the Serve system amounts to an experiment with no measurable test criteria because going live with the system -- without first fixing the security vulnerabilities -- means the voting could be fouled without the knowledge of those administering the system.

"We have two concerns," he said. "One is, if there is a close election in 2004, that vote fraud on the Internet could tip the scales. The other thing is that on the Internet, we'll have no way of knowing whether the system has been hacked."