RealTime IT News

E-Voting Experts SERVE Up Controversy

Officials at the Information Technology Association of America (ITAA) moved quickly to dispel the e-voting gloom created by a group of computer scientists who find the Internet too vulnerable to attack, publishing a report earlier this week recommending an immediate halt to Internet voting.

The Secure Electronic Registration and Voting Experiment (SERVE) was established by the Department of Defense's (DoD) Federal Voting Assistance Program (FVAP) to help U.S. citizens and military members overseas vote in general elections.

SERVE is an alternative to the absentee ballots used today to cast votes in primary and general elections. Approximately one-third of mail-in votes, however, never make it to the counting rooms, however, according to FVAP.

SERVE is to be served up in 2004's primary and general elections, but the Security Peer Review Group (SPRG), established by the FVAP, find the underlying structure of the Internet, as well as the hardware being used for Internet voting, as too insecure to entrust to American votes.

"Because the danger of successful, large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE immediately and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear." the report stated unequivocally.

The report points to distributed denial of service , insider attacks, spoofing and automated vote buying tactics that are easy for disaffected citizens, as well as an enemy, to download and launch. IT also points to the machines used to conduct the e-voting, called Direct Recording Electronic (DRE) systems, that are proprietary and leave no paper audit trail.

ITAA President Harris Miller said the thinking espoused by the report kills an invaluable tool that enfranchises thousands of service members pulling duty overseas.

"The American people understand that life is all about taking intelligent risks to gain meaningful rewards," he said in a statement. "In the high tech industries, if not in certain academic circles, we call that progress."

Sufficient security features are found in the SERVE system, Miller said, to prevent Internet-based attacks, like digital signatures and data encryption. According to Miller, the security, as well, as the extensive testing, should be enough to keep the SERVE program alive.

ITAA membership is made up of many of the DRE manufacturers attacked in the SERVE report. One of them, Diebold , was in the news recently after unsuccessfully trying to halt the Internet publication of security vulnerabilities found in its DRE machines.

In October 2003, an attacker found his or her way into the corporate network of Votehere.net, an e-voting company that licenses encryption software to verify voting results. While the attacker was caught and officials say no information was taken, it raises the question of what happens next time, when someone is able to steal the software used to verify and guarantee voter counts.

Rashad Robinson, a spokesperson for the Center for Voting and Democracy, told internetnews.com his organization does favor e-voting, but there is a skepticism surrounding the issue that needs to be addressed first, as well as the industry coming up with a rigorous system that alleviates security concerns.

"The idea of having Internet voting and other new equipment would be negated if we don't have systems people don't feel comfortable using," he said. "If people don't feel comfortable with the system, we've not actually fulfilled our mission."

At press time, there was no word whether FVAP officials would continue with the SERVE program despite the report's recommendation. Currently, the experiment is running overseas and in selected counties in Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah and Washington.

The SPRG is made up of four computer scientists: Dr. David Jefferson from the University of California, Berkeley; Dr. Aviel Rubin from The Johns Hopkins University; Dr. David Jefferson from the Lawrence Livermore National Laboratory; and Dr. Barbara Simons, a technology policy consultant at the Association for Computing Machinery.