January 22, 2004

A new $22 million system to allow soldiers and other Americans overseas to vote via the Internet is inherently insecure and should be abandoned, according to members of a panel of computer security experts asked by the government to review the program.

Does you remember how important the absentee ballots
from US military overseas where during the debacle of
Fraudida 2000? Even the NYTwits had to report that
hundreds of these votes were counted illegally, i.e.
after the cut-off date, etc., and therefore should
have been discarded. Do you remember the political
firestorm about it? Sen. Joe Lieberman
("D"-Sanctimonicutt), broke with Al Gore, and demanded
that these ballots be counted, and not challenged in
court. Well, as reported in the LNS, "all the
_resident's men" would probably not be so eager to
have those absentee ballots from US military counted
in 2004, because there is widespread discontent and
anger in the US military concerning the Bush cabal's
foolish military adventure in Iraq...So here's their
solution...

John Schwartz, New York Times: "A new $22 million
system to allow soldiers and other Americans overseas
to vote via the Internet is inherently insecure and
should be abandoned, according to members of a panel
of computer security experts asked by the government
to review the program. "

Thwart the Theft of a Second Presidential Election, Show Up
for Democracy in 2004: Defeat Bush (again!)

http://www.nytimes.com/2004/01/21/technology/23CND-INTE.html

January 21, 2004
Report Says Internet Voting System Is Too Insecure to Use
By JOHN SCHWARTZ

A new $22 million system to allow soldiers and other Americans overseas to vote via the Internet is inherently insecure and should be abandoned, according to members of a panel of computer security experts asked by the government to review the program.

The system, Secure Electronic Registration and Voting
Experiment, or SERVE, was developed with financing
from the Department of Defense and will first be used
in this year's primaries and general election.

The authors of the new report noted that computer
security experts had already voiced increasingly
strong warnings about the reliability of electronic
voting systems, but they said the new voting program,
which allows people overseas to vote from their
personal computers over the Internet, raised the ante
on such systems' risks.

The system, they wrote, "has numerous other
fundamental security problems that leave it vulnerable
to a variety of well-known cyber attacks, any one of
which could be catastrophic." Any system for voting
over the Internet with common personal computers, they
noted, would suffer from the same risks.

The trojans, viruses and other attacks that complicate
modern life and allow such crimes as online snooping
and identity theft could enable hackers to disrupt or
even alter the course of elections, the report
concluded. Such attacks "could have a devastating
effect on public confidence in elections," the
report's authors wrote, and so "the best course to
take is not to field the SERVE system at all."

A spokesman for the Department of Defense said the
critique overstated the importance of the security
risks in online voting. "The Department of Defense
stands by the SERVE program," the spokesman, Glenn
Flood, said. "We feel it's right on, at this point,
and we're going to use it."

An official of Accenture, the technology services
company that is the main contractor on the project,
said the researchers drew unwarranted conclusions
about future plans for the voting project. "We are
doing a small, controlled experiment," said Meg
McLauglin, president of Accenture eDemocracy Services.

The Federal Voting Assistance Program, part of the
Department of Defense, plans to officially introduce
the program in the next few weeks. Seven states have
signed up so far to participate: Arkansas, Florida,
Hawaii, North Carolina, South Carolina, Utah and
Washington. As many as 100,000 people are expected to
use the system this year, and the total eligible
population would about one million.

A move to that larger population of voters is far from
certain, Ms. McLauglin said, and the final system
could be very different from the one being used this
year. "It will be up to Congress and the states to
determine if this gets expanded, and how," she said.`

"Without doing these experiments, we won't learn more
and we won't learn how to help these folks vote in the
future," she said.

Trying to vote overseas can be a frustrating ordeal.
And Internet voting makes intuitive sense to Americans
who have grown accustomed to buying books, banking and
even finding mates online.

But the authors of the report adamantly state that
what works for electronic commerce doesn't work for
electronic democracy: "E-commerce grade security is
not good enough for elections," they wrote. The dual
requirements of authentication and anonymity make
voting very different from most online purchases, they
wrote, and failures and fraud are covered by Internet
merchants and credit card companies. "How do we
recover if an election is compromised?" they wrote.

The report states, "We recognize that no security
system is perfect, and it would be irresponsible and
naïve to demand perfection; but we must not allow
unacceptable risks of election fraud to taint our
national elections."

They said any new system "should be as secure as
current absentee voting systems and should not
introduce any new or expanded vulnerabilities into the
election beyond those already present."

One of the authors of the report, David Wagner, an
assistant professor in the Computer Science Division
at the University of California at Berkeley, said,
"The bottom line is we feel the solution can't be a
system that introduces greater risks just to gain
convenience."

Although some of the possible attacks may sound
far-fetched or arcane, the security experts said that
each of them had already been seen in some form out on
the Internet.

"We're not making up any theoretical concepts," said
Aviel D. Rubin, an author of the report and the
technical director of the Information Security
Institute at Johns Hopkins University. "These are all
things that occur in the wild that we see all the
time."

Computers on the Internet have become ever more
vulnerable to malicious software that takes over the
machines' functions to monitor the users' activities,
scan them for private information or press them into
service to launch attacks on other computers, to send
spam or advertise Internet pornography sites online.
"And we're going to use these as voting booths?" Mr.
Rubin asked. "It just doesn't make any sense."

A major American election would be an irresistible
target for hackers, and the ability of computers to
automate tasks means that many attacks could be
carried out on a large scale, the report said.

The authors said the Federal Voting Assistance
Program, which runs SERVE, and Accenture, the main
contractor, should not be faulted for their work,
which they found innovative and conscientious. Secure
Internet voting, the panel concluded, is an
"essentially impossible task."

In fact, the panel said, "there really is no good way
to build such a voting system without a radical change
in overall architecture of the Internet and the PC, or
some unforeseen security breakthrough. The SERVE
project is thus too far ahead of its time, and should
wait until there is a much improved security
infrastructure to build upon."

The risks inherent in SERVE are likely to cripple any
system for Internet-based voting, said Barbara Simons,
a technology consultant and coauthor of the report.
"It's not just a SERVE thing," she said.

Such concerns are not new. They have formed the basis
of several recent studies of Internet voting. A report
in 2001 by the Internet Policy Institute, financed by
the National Science Foundation, concluded that
"remote Internet voting systems pose significant risk
to the integrity of the voting process and should not
be fielded for use in public elections until
substantial technical and social science issues are
addressed."

David Jefferson, an author of the new report and a
computer scientist at Lawrence Livermore National
Laboratory in Northern California, also worked on a
2000 report for the California secretary of state that
reached similar conclusions. "Nothing fundamental has
changed," he said, since that report was written.

"Nothing we've seen makes us think that this can be
made secure," Mr. Jefferson said.

In attempting to play down the critique of the system,
Mr. Flood of the Defense Department called it a
"minority report," since it involved only 4 of the 10
outside experts asked to review the system. But Mr.
Rubin, the report co-author, noted that the four
authors were the only members of the group who
attended both of the three-day briefings about the
system.

There is no majority report, since the other six
experts have not taken a public stance on the project.


Ms. McLauglin of Accenture said that the company had
contacted the other six members of the outside
advisory group and that five of the six said they
would not recommend shutting down the program.

One of the other outside reviewers, Ted Selker, a
professor at the Massachusetts Institute of
Technology, disagreed with the report, saying it
reflected the professional paranoia of security
researchers. "That's their job," he said.

Mr. Selker, an expert in the ways people use
technology, said security is a less pressing concern
than mistakes in registration databases, poor ballot
design and inadequate polling place procedures. "Every
single election machine I've seen — including the
lever machine, including punch card machines,
including paper ballots — has vulnerabilities," he
said.

A security expert and critic of technologically
advanced voting systems who had seen an early draft of
the study applauded the group's work. "What I saw
convinced me that no one should ever vote on that
system," said David Dill, a professor of computer
science at Stanford University who has become active
in voting technology issues. "I understand the
problems that people overseas have voting, especially
if they are in the military, and I believe we have to
make it a lot easier for them," he said. "But SERVE is
the wrong solution."


Posted by richard at January 22, 2004 12:03 PM