Abandon Insecure Net Voting System: Security Panel

A new system for voting by Internet is inherently insecure and should be abandoned, a panel of computer security experts has said in a report to the federal government which asked the panel to examine the program.

"The bottom line," said co-author David Wagner, an assistant computer science professor at the University of California at Berkeley, "is we feel the solution can't be a system that introduces greater risks just to gain convenience."

Meant to let soldiers and other Americans overseas vote online, the Secure Electronic Registration and Voting Experiment – developed with Defense Department financing and due to get its maiden voyage in the coming primaries and general election – "has numerous… fundamental security problems that leave it vulnerable to a variety of well-known cyber-attacks, any one of which could be catastrophic," according to the panel's report.

"The authors… noted that computer security experts had already voiced increasingly strong warnings about the reliability of electronic voting systems," said The New York Times, "but they said the new voting program, which allows people overseas to vote from their personal computers over the Internet, raised the ante on such systems' risks."

These prospective attacks, the panel continued, could involve Trojan horse programs, viruses, and other cyber-invasions that allow for online snooping and identity theft, to levels where hackers and crackers could interrupt or even alter an election result. These "could have a devastating effect on public confidence in elections… the best course to take is not to field the SERVE system at all," the authors said.

The Defense Department, however, says the report "overstated" the importance of those security risks to cyber-voting, according to the Times. "The Department of Defense stands by the SERVE program," department spokesman Glenn Flood told the paper. "We feel it's right on, at this point, and we're going to use it."

The Defense Department's Federal Voting Assistance Program planned to unwrap SERVE officially in the coming weeks, with seven states – Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah, and Washington – already signed up to use it.

Internet voting "makes intuitive sense to Americans who have grown accustomed to buying books, banking and even finding mates online," the Times said. "But the authors of the report adamantly state that what works for electronic commerce doesn't work for electronic democracy."

The report's authors admit that no security system is entirely perfect, "and it would be irresponsible and naïve to demand perfection; but we must not allow unacceptable risks of election fraud to taint our national elections." Any new system, the report continued, "should be as secure as current absentee voting systems and should not introduce any new or expanded vulnerabilities into the election beyond those already present."

Although some of the possible attacks may sound far-fetched or arcane, the security experts said that each of them had already been seen in some form out on the Internet.