Pentagon nixes Internet voting

Security analysis of SERVE

The Defense Department's decision to temporarily shelve its Internet voting plan has received mixed reviews. Computer scientists who considered the idea too risky are applauding, but industry advocates of electronic voting are disappointed.

DOD officials had planned to use the system, called the Secure Electronic Registration and Voting Experiment, in the election this November, and possibly earlier in state primaries. Using the system, service members stationed overseas would be able to cast absentee ballots online.

Earlier this month, however, Deputy Defense Secretary Paul Wolfowitz killed those plans, citing security concerns.

Maj. Sandra Burr, a DOD spokeswoman, said the department is continuing to test the system, but it will not be used this year. The reason, she said, is "the inability to ensure legitimacy of votes."

Wolfowitz's memo marked the end, for now, of a controversy that began when Pentagon officials asked a 10-member panel to review the Internet voting plan. Four computer scientists on that panel, including Johns Hopkins University professor Aviel Rubin, issued a report last month urging DOD to drop the idea.

Rubin said in an interview that the team's findings are realistic given the current state of Internet security. "Does that mean that some day it won't be possible?" he said. "No. But today's PCs are grossly inadequate for the task."

That view isn't shared at the Information Technology Association of America, where President Harris Miller blasted Rubin and the three other authors of the security report as doomsayers. "They have extremist views," Miller said. "They brought up hypothetical situations that don't exist."

He agreed that security needs to be a high priority in any kind of voting, including Internet and touch screen. But, he said no voting method is completely immune to errors or tampering, as the experience with punch card ballots in Florida in the 2000 election demonstrated.

Miller noted that only four of the 10 panel members raised security concerns. However, Rubin said that only those four even considered computer security.

Miller also pointed out that Michigan recently conducted its Democratic caucus using the Internet. "As far as I know, no one has stepped forward to say there was fraud or that incorrect votes were cast," he said.

About 46,000 people voted via the Internet, said Adrianne Marsh, communications director for the Michigan Democratic Party.

"As far as we can tell, it went very smoothly," she said. "We had great participation." Marsh said that as far as administrators know, no one attempted to hack into the system.

Mark Grebner, a Michigan political consultant, reported that some voters were not able to use the Internet because their log-in information was rejected. Marsh said that the system should have run smoothly for people carefully following instructions, but admitted that she had to try to log in four times.

All forms of electronic voting continue to generate controversy despite apparent successes like Michigan's caucus. David Dill, a Stanford University computer science professor and an opponent of electronic voting, believes that the risks are still too great.

The threat need not be a sophisticated computer virus that could change a vote or reveal voters' identities, although that's possible, he said. But hackers could simply launch a denial-of-service attack to disable the voting site or otherwise disrupt the election so the outcome would be disputed, he said.

"Voting is an especially hard application," Dill said. "You have to transport

information accurately and reliably, and you also have to hide information while you do it. You don't want to transmit the identity of the voter. That makes [e-voting] an extraordinarily difficult issue to solve."

***

Securing the voter

How the Michigan Democratic Party made sure caucus Internet voters were authorized:

1. Voters applied for Internet access and got a randomly generated user name and password. They had to supply their city and date of birth.

2. When logging on to vote, voters had

to provide all four data points: user name, password, and date and city of birth.

3. If a voter made the slightest mistake, the system would reject the log-in attempt.

4. The system allowed voters to re-enter the information until they got it right, including correcting typographical errors or misspellings. But it would not allow the voting process to continue until the user entered the information correctly.

Source: Michigan Democratic Party

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group