Security analysts recommend scrapping online voting plans

A group of security analysts who have evaluated Defense Department plans for an online voting pilot have recommended that the plan be scrapped because its security cannot be ensured.

The analysts concluded “Internet voting presents far too many opportunities for hackers or even terrorists to interfere with fair and accurate voting.”

DOD said it has no intention of stopping the program.

“Security was our Number One priority when we started on this concept,” DOD spokesman Glenn Flood said. “The concerns raised by this minority group are not new to us. Measures have been put in place, and we have been working with state and local election officials to ensure the integrity of the system.”

The Secure Electronic Registration and Voting Experiment is a DOD program being operated by the Federal Voting Assistance Program. The goal is to ease absentee voting procedures for U.S. citizens living or serving overseas. SERVE is an expansion of a small program that counted a handful of overseas military votes in 2000. In this year’s primary and general elections, as many as 100,000 voters from 50 counties in Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah and Washington will be eligible to use the Web system.

Accenture LLP of Chicago received a contract to develop SERVE in 2002. The contract runs through March 2005 to allow for post-election review. Eligible voters will be able to register and cast votes from any PC with an Internet connection running Microsoft Windows 95 or later operating systems. Users access SERVE through the website.

A 10-member Security Peer Review Group put together by the Federal Voting Assistance Program evaluated the system. A minority report was issued by four members of the group: David Jefferson of the Lawrence Livermore National Laboratory, Aviel D. Rubin of Johns Hopkins University, David Wagner of the University of California at Berkley and Barbara Simons, a consultant formerly with IBM Corp.

They said inherent flaws in proprietary software, the Internet and PCs from which votes would be cast make the process too risky to be used in a real election. Threats include:

  • Insider flaws, inserted in software by programmers

  • Denial-of-service attacks, which could delay or prevent a voter from casting a ballot

  • Spoofing attacks, in which a voter could be redirected to a phony Web site that could block or alter a vote

  • Malicious code on a PC that could let a third party monitor or manipulate the voting.

  • The analysts said the report was not intended as criticism of the Federal Voting Assistance Program or the work done on SERVE.

    “The real barrier is not a lack of vision, skill, resources or dedication,” the report said. “It is the fact that, given the current Internet and PC security technology, the FVAP has taken on an essentially impossible task.”

    Rubin, an outspoken critic of online voting systems, said a successful test this year, when stakes are low because of the relatively low number of voters involved, could result in an expansion in future elections without addressing basic security concerns.

    “I’m not against computers,” Rubin said at a conference in Washington last month. But a lack of assurances in an online voting system could undermine the democratic process. “In order for democracy to work, people need to have confidence in the election system,” he said.

    Flood said weaknesses in the Internet infrastructure were taken into account in designing SERVE.

    “The only 100-percent safe solution from a security standpoint is not to do it,” he said. “That is not an option.”

    About the Author

    Connect with the GCN staff on Twitter @GCNtech.


    • Telecommunications
      Stock photo ID: 658810513 By asharkyu

      GSA extends EIS deadline to 2023

      Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

    • Workforce
      Shutterstock image ID: 569172169 By Zenzen

      OMB looks to retrain feds to fill cyber needs

      The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

    • Acquisition
      GSA Headquarters (Photo by Rena Schild/Shutterstock)

      GSA to consolidate multiple award schedules

      The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

    Stay Connected

    FCW Update

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.