Security analysts recommend scrapping online voting plans

A group of security analysts who have evaluated Defense Department plans for an online voting pilot have recommended that the plan be scrapped because its security cannot be ensured.

The analysts concluded "Internet voting presents far too many opportunities for hackers or even terrorists to interfere with fair and accurate voting."

DOD said it has no intention of stopping the program.

"Security was our Number One priority when we started on this concept," DOD spokesman Glenn Flood said. "The concerns raised by this minority group are not new to us. Measures have been put in place, and we have been working with state and local election officials to ensure the integrity of the system."

The Secure Electronic Registration and Voting Experiment is a DOD program being operated by the Federal Voting Assistance Program. The goal is to ease absentee voting procedures for U.S. citizens living or serving overseas. SERVE is an expansion of a small program that counted a handful of overseas military votes in 2000. In this year's primary and general elections, as many as 100,000 voters from 50 counties in Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah and Washington will be eligible to use the Web system.

Accenture LLP of Chicago received a contract to develop SERVE in 2002. The contract runs through March 2005 to allow for post-election review. Eligible voters will be able to register and cast votes from any PC with an Internet connection running Microsoft Windows 95 or later operating systems. Users access SERVE through the www.serveusa.gov website.

A 10-member Security Peer Review Group put together by the Federal Voting Assistance Program evaluated the system. A minority report was issued by four members of the group: David Jefferson of the Lawrence Livermore National Laboratory, Aviel D. Rubin of Johns Hopkins University, David Wagner of the University of California at Berkley and Barbara Simons, a consultant formerly with IBM Corp.

They said inherent flaws in proprietary software, the Internet and PCs from which votes would be cast make the process too risky to be used in a real election. Threats include:

* Insider flaws, inserted in software by programmers

* Denial-of-service attacks, which could delay or prevent a voter from casting a ballot

* Spoofing attacks, in which a voter could be redirected to a phony Web site that could block or alter a vote

* Malicious code on a PC that could let a third party monitor or manipulate the voting.

The analysts said the report was not intended as criticism of the Federal Voting Assistance Program or the work done on SERVE.

"The real barrier is not a lack of vision, skill, resources or dedication," the report said. "It is the fact that, given the current Internet and PC security technology, the FVAP has taken on an essentially impossible task."

Rubin, an outspoken critic of online voting systems, said a successful test this year, when stakes are low because of the relatively low number of voters involved, could result in an expansion in future elections without addressing basic security concerns.

"I'm not against computers," Rubin said at a conference in Washington last month. But a lack of assurances in an online voting system could undermine the democratic process. "In order for democracy to work, people need to have confidence in the election system," he said.

Flood said weaknesses in the Internet infrastructure were taken into account in designing SERVE.

"The only 100-percent safe solution from a security standpoint is not to do it," he said. "That is not an option."