Net has too many holes to cast ballots by PC


January 29, 2004|By MIKE HIMOWITZ

THE INTERNET is a splendid medium for influencing public opinion, mobilizing political workers or raising money for candidates, as Howard Dean proved early in his presidential campaign (at least before the Great Yowl).

But the Internet is a rotten medium for voting.

Oh yes, it's convenient - not only for voters, but also for hackers, criminals, dirty tricksters, terrorists and perhaps even foreign governments that would love nothing more than to gum up the works when the United States gives online voting a try.

That is exactly what will happen on a small scale in the coming months as the Department of Defense unveils a $22 million experimental project that will allow up to 100,000 members of the military and civilians living overseas to cast ballots from Web-connected PCs in the presidential primaries of seven states.

Last week, a group of security consultants hired by the government to poke holes in its Secure Electronic Registration and Voting Experiment (SERVE) did just that. Their scathing report concluded that the Net is so fundamentally insecure that using it for voting in the foreseeable future threatens the integrity of the electoral process.

Not surprisingly, the government said "thank you" and announced it would go ahead with the project anyway. But the report, available at www.serve, is well worth reading if you care about fair and accurate vote counts.

First, the authors are: Avi Rubin, technical director of the Information Security Institute at the Johns Hopkins University; David Jefferson, a computer scientist at Lawrence Livermore National Laboratory, who has served on a wide variety of electronic voting panels; Barbara Simons, an encryption expert and former president of the Association for Computing Machinery; and David Wagner, a scientist at the University of California at Berkeley and specialist in security vulnerabilities.

These aren't kooks or professional Jeremiahs. They're top professionals in their field. Like all security specialists, they're paid to be paranoid - to find flaws.

Rubin, in particular, has actively criticized the electronic voting terminals that Maryland and other states are busy installing. But what's scary is that this group didn't have to dig very deep into its collective bag of expertise to make a case against Internet voting.

At the outset, they concede that SERVE addresses a real problem for 6 million military personnel and civilian expatriates. Registering and casting an absentee ballot can require up to five separate international mail transactions, each subject to unavoidable delays and the risk of missing deadlines.

There's also no question that it would be easier for these folks to register and vote at a PC. The question is whether the convenience is worth the risk that their votes could be compromised or changed in the process. Or that an entire election could be subverted by a band of hackers or agents of another country.

It's not idle speculation. Although SERVE will process only 100,000 ballots this year, remember that George W. Bush won Florida, and hence the presidency, by only 269 votes in the election mess of 2000. So a few votes altered here or dropped there can make a big difference.

"Democracy," the report says, "relies on broad confidence in the integrity of our elections, so the stakes are enormous. We simply cannot afford to get this wrong."

Florida, by the way, is one of the states where SERVE will be tested. The others are Arkansas, Hawaii, North Carolina, South Carolina, Utah and Washington.

Although some of the report's concerns might be far-fetched, the scientists' core arguments are well understood by anyone who's spent serious time with PCs on the Internet.

The first is that an Internet system takes a critical element of the election machinery out of the hands of local election boards and puts it onto insecure PC desktops.

SERVE allows voters to cast ballots from any computer connected to the World Wide Web - which is one of its great attractions. Unfortunately, those PCs must be running Windows, the flaws of which are so abundant that Microsoft has to issue monthly security updates.

Worse yet, in order to vote, users must enable ActiveX controls, JavaScript and cookies in their Web browsers. Those are three of Windows' most insecure features, already subject to attacks by legions of hackers and malicious Web site operators.

Although the report notes that SERVE implements the same encryption and security used in commercial transactions, that isn't good enough.

That's because commercial transactions are verifiable. If you order a book from Amazon. com, you'll get an e-mail confirmation - and your credit card statement will show the charge. And of course, the book will arrive - or not.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.