Admin to go Ahead with Not-So-Secure E-voting for DoD

From Federal Computer Weekly...
_____________

Analysts call for hold on military e-voting
BY Michael Hardy
Jan. 22, 2004

A group of computer scientists is urging the Defense Department to abandon a plan to let overseas personnel cast absentee ballots over the Internet.

The system, called Secure Electronic Registration and Voting Experiment (SERVE), will be implemented in time for November's election, said DOD spokesman Glenn Flood.

Although security analysts who studied the system believe it could be vulnerable to hacking and alteration of results, DOD officials do not intend to change their plans.

"We have confidence that it will be safe and secure for the general election in November," he said. "We respect the work the team did, but these are issues we knew about."

The analysts include Avi Rubin, the Johns Hopkins University professor who publicized potential security hazards last year in electronic voting machines. They concluded that because SERVE uses Microsoft Corp.'s Windows operating system and standard Internet technologies, there is no way to make it secure.

Some states could potentially use the system for primary elections, although it won't be ready in time for the Feb. 3 primaries, he said. "It's their call," he said.

"The flaws are unsolvable because they are fundamental to the architecture of the Internet," said David Wagner, an assistant professor of computer science at the University of California-Berkeley, and one of the researchers, in a written statement. "It's simply not secure enough for something as serious as the election of a government official."

The researchers are worried that if the early trials of SERVE are successful, federal and state governments will rush to expand its use, assuming that it will be secure.

"That's like saying you don't ever need to wear a seat belt because you drove to work without crashing the car this morning," Rubin said.
___________

.pdf version of the Security Paper on SERVE...

http://servesecurityreport.org/paper.pdf

 

Today's Krugman...
______________
Democracy at Risk
By PAUL KRUGMAN

he disputed election of 2000 left a lasting scar on the nation's psyche. A recent Zogby poll found that even in red states, which voted for George W. Bush, 32 percent of the public believes that the election was stolen. In blue states, the fraction is 44 percent.

Now imagine this: in November the candidate trailing in the polls wins an upset victory — but all of the districts where he does much better than expected use touch-screen voting machines. Meanwhile, leaked internal e-mail from the companies that make these machines suggests widespread error, and possibly fraud. What would this do to the nation?

Unfortunately, this story is completely plausible. (In fact, you can tell a similar story about some of the results in the 2002 midterm elections, especially in Georgia.) Fortune magazine rightly declared paperless voting the worst technology of 2003, but it's not just a bad technology — it's a threat to the republic.

First of all, the technology has simply failed in several recent elections. In a special election in Broward County, Fla., 134 voters were disenfranchised because the electronic voting machines showed no votes, and there was no way to determine those voters' intent. (The election was decided by only 12 votes.) In Fairfax County, Va., electronic machines crashed repeatedly and balked at registering votes. In the 2002 primary, machines in several Florida districts reported no votes for governor.

And how many failures weren't caught? Internal e-mail from Diebold, the most prominent maker of electronic voting machines (though not those in the Florida and Virginia debacles), reveals that programmers were frantic over the system's unreliability. One reads, "I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded." Another reads, "For a demonstration I suggest you fake it."

Computer experts say that software at Diebold and other manufacturers is full of security flaws, which would easily allow an insider to rig an election. But the people at voting machine companies wouldn't do that, would they? Let's ask Jeffrey Dean, a programmer who was senior vice president of a voting machine company, Global Election Systems, before Diebold acquired it in 2002. Bev Harris, author of "Black Box Voting" (www.blackboxvoting.com), told The A.P. that Mr. Dean, before taking that job, spent time in a Washington correctional facility for stealing money and tampering with computer files.

Questionable programmers aside, even a cursory look at the behavior of the major voting machine companies reveals systematic flouting of the rules intended to ensure voting security. Software was modified without government oversight; machine components were replaced without being rechecked. And here's the crucial point: even if there are strong reasons to suspect that electronic machines miscounted votes, nothing can be done about it. There is no paper trail; there is nothing to recount.

So what should be done? Representative Rush Holt has introduced a bill calling for each machine to produce a paper record that the voter verifies. The paper record would then be secured for any future audit. The bill requires that such verified voting be ready in time for the 2004 election — and that districts that can't meet the deadline use paper ballots instead. And it also requires surprise audits in each state.

I can't see any possible objection to this bill. Ignore the inevitable charges of "conspiracy theory." (Although some conspiracies are real: as yesterday's Boston Globe reports, "Republican staff members of the U.S. Senate Judiciary Committee infiltrated opposition computer files for a year, monitoring secret strategy memos and periodically passing on copies to the media.") To support verified voting, you don't personally have to believe that voting machine manufacturers have tampered or will tamper with elections. How can anyone object to measures that will place the vote above suspicion?

What about the expense? Let's put it this way: we're spending at least $150 billion to promote democracy in Iraq. That's about $1,500 for each vote cast in the 2000 election. How can we balk at spending a small fraction of that sum to secure the credibility of democracy at home?

 

Today's NYTimes Editotial...
___________
The Perils of Online Voting

Internet voting has been viewed as a possible cure for some of the ills that afflict the mechanics of American democracy. Recently, the technology has seemed to move ahead of any serious consideration of whether it is actually a good idea to allow home computer owners to choose a president in the same way they order bath towels online or send e-mail to their relatives. But now there are grave questions about whether even the technology makes sense.

Four computer scientists brought in by the Pentagon to analyze a plan for Internet voting by the military issued a blistering report this week, concluding that the program should be halted. These four are the only members of a 10-member advisory committee to issue a report on the program. Their findings make it clear that the potential for hackers to steal votes or otherwise subvert elections electronically is too high. Congress should suspend the program.

The intentions behind the Pentagon's plan, the Secure Electronic Registration and Voting Experiment, are laudable. Military personnel overseas, and other Americans abroad, face obstacles to registering and voting. The new program would ease the way by allowing them to use any computer hooked up to the Internet. This year, it would be limited to voters abroad who are from one of 50 counties in seven states, but it could eventually be used by all of the estimated six million American voters overseas.

But the advantages of the Pentagon's Internet voting system would be far outweighed by the dangers it would pose. The report makes it clear that the possibilities for compromising the secrecy of the ballot, voting multiple times and carrying out vote theft on a large scale would be limited only by the imagination and skill of would-be saboteurs. Viruses could be written that would lodge on voters' computers and change their votes. Internet service providers, or even foreign governments that control network access, could interfere with votes before they reached their destination.

This week's report — which was written by respected scientists, including Aviel Rubin, an associate professor of computer science at Johns Hopkins University — is not the first to call Internet voting into question. A March 2001 study conducted by the Internet Policy Institute and financed by the National Science Foundation found that Internet systems like the Pentagon's "pose significant risk to the integrity of the voting process."

There is every reason to believe that if federal elections can be tampered with, they will be, particularly when a single hacker, working alone, might be able to use an online voting system to steal a presidential election. The authors of this week's report concede that there is no way of knowing how likely it is that the Pentagon's voting system would be compromised. What is clear, however, is that until the vulnerabilities they identified are eliminated, the risks are too great.