Politech mailing list archives

Previous By Date Next
Previous By Thread Next

Pentagon's Internet "secure voting" system probably isn't

From: Declan McCullagh <declan () well com>
Date: Fri, 23 Jan 2004 14:22:56 -0600
---

Forwarded:

The report is here:
        http://www.servesecurityreport.org/   

Today's NYTimes story says that seven states, with some 100,000 people,
will be voting via the Internet using a system that experts say CANNOT be
both secure and anonymous and which can be hacked in a wide range of
existing ways that are commonly seen online already.

        http://www.nytimes.com/2004/01/21/technology/23CND-INTE.html

Report Says Internet Voting System Is Too Insecure to Use
By JOHN SCHWARTZ

Published: January 21, 2004

 A new $22 million system to allow soldiers and other Americans overseas
 to vote via the Internet is inherently insecure and should be abandoned,
 according to members of a panel of computer security experts asked by the
 government to review the program.

 The system, Secure Electronic Registration and Voting Experiment, or
 SERVE, was developed with financing from the Department of Defense and
 will first be used in this year's primaries and general election.

<snip>

 The system, they wrote, "has numerous other fundamental security problems
 that leave it vulnerable to a variety of well-known cyber attacks, any
 one of which could be catastrophic." Any system for voting over the
 Internet with common personal computers, they noted, would suffer from
 the same risks.

 The trojans, viruses and other attacks that complicate modern life and
 allow such crimes as online snooping and identity theft could enable
 hackers to disrupt or even alter the course of elections, the report
 concluded. Such attacks "could have a devastating effect on public
 confidence in elections," the report's authors wrote, and so "the best
 course to take is not to field the SERVE system at all."

 A spokesman for the Department of Defense said the critique overstated
 the importance of the security risks in online voting. "The Department of
 Defense stands by the SERVE program," the spokesman, Glenn Flood, said.
 "We feel it's right on, at this point, and we're going to use it."

<snip>

 But the authors of the report adamantly state that what works for
 electronic commerce doesn't work for electronic democracy: "E-commerce
 grade security is not good enough for elections," they wrote. The dual
 requirements of authentication and anonymity make voting very different
 from most online purchases, they wrote, and failures and fraud are
 covered by Internet merchants and credit card companies. "How do we
 recover if an election is compromised?" they wrote.

--
"No President has ever done more for human rights than I have."
--George W. Bush in The New Yorker http://www.newyorker.com/press/content/
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
Previous By Date Next
Previous By Thread Next

Current thread: