Pentagon nixes Internet voting
- By Michael Hardy
- Feb 22, 2004
Security analysis of SERVE
The Defense Department's decision to temporarily shelve its Internet voting plan has received mixed reviews. Computer scientists who considered the idea too risky are applauding, but industry advocates of electronic voting are disappointed.
DOD officials had planned to use the system, called the Secure Electronic Registration and Voting Experiment, in the election this November, and possibly earlier in state primaries. Using the system, service members stationed overseas would be able to cast absentee ballots online.
Earlier this month, however, Deputy Defense Secretary Paul Wolfowitz killed those plans, citing security concerns.
Maj. Sandra Burr, a DOD spokeswoman, said the department is continuing to test the system, but it will not be used this year. The reason, she said, is "the inability to ensure legitimacy of votes."
Wolfowitz's memo marked the end, for now, of a controversy that began when Pentagon officials asked a 10-member panel to review the Internet voting plan. Four computer scientists on that panel, including Johns Hopkins University professor Aviel Rubin, issued a report last month urging DOD to drop the idea.
Rubin said in an interview that the team's findings are realistic given the current state of Internet security. "Does that mean that some day it won't be possible?" he said. "No. But today's PCs are grossly inadequate for the task."
That view isn't shared at the Information Technology Association of America, where President Harris Miller blasted Rubin and the three other authors of the security report as doomsayers. "They have extremist views," Miller said. "They brought up hypothetical situations that don't exist."
He agreed that security needs to be a high priority in any kind of voting, including Internet and touch screen. But, he said no voting method is completely immune to errors or tampering, as the experience with punch card ballots in Florida in the 2000 election demonstrated.
Miller noted that only four of the 10 panel members raised security concerns. However, Rubin said that only those four even considered computer security.
Miller also pointed out that Michigan recently conducted its Democratic caucus using the Internet. "As far as I know, no one has stepped forward to say there was fraud or that incorrect votes were cast," he said.
About 46,000 people voted via the Internet, said Adrianne Marsh, communications director for the Michigan Democratic Party.
"As far as we can tell, it went very smoothly," she said. "We had great participation." Marsh said that as far as administrators know, no one attempted to hack into the system.
Mark Grebner, a Michigan political consultant, reported that some voters were not able to use the Internet because their log-in information was rejected. Marsh said that the system should have run smoothly for people carefully following instructions, but admitted that she had to try to log in four times.
All forms of electronic voting continue to generate controversy despite apparent successes like Michigan's caucus. David Dill, a Stanford University computer science professor and an opponent of electronic voting, believes that the risks are still too great.
The threat need not be a sophisticated computer virus that could change a vote or reveal voters' identities, although that's possible, he said. But hackers could simply launch a denial-of-service attack to disable the voting site or otherwise disrupt the election so the outcome would be disputed, he said.
"Voting is an especially hard application," Dill said. "You have to transport
information accurately and reliably, and you also have to hide information while you do it. You don't want to transmit the identity of the voter. That makes [e-voting] an extraordinarily difficult issue to solve."
Securing the voter
How the Michigan Democratic Party made sure caucus Internet voters were authorized:
1. Voters applied for Internet access and got a randomly generated user name and password. They had to supply their city and date of birth.
2. When logging on to vote, voters had
to provide all four data points: user name, password, and date and city of birth.
3. If a voter made the slightest mistake, the system would reject the log-in attempt.
4. The system allowed voters to re-enter the information until they got it right, including correcting typographical errors or misspellings. But it would not allow the voting process to continue until the user entered the information correctly.
Source: Michigan Democratic Party