All Internet voting is insecure: report
"Serious and unacceptable risk" for election fraud
Online voting is fundamentally insecure due to the architecture of the Internet, according to leading cyber-security experts.
Using a voting system based upon the Internet poses a "serious and unacceptable risk" for election fraud and is not secure enough for something as serious as the election of government officials, according to the four members of the Security Peer Review Group, an advisory group formed by the US Department of Defense to evaluate a new on-line voting system.
The review group's members, and the authors of the damning report, include David Wagner, Avi Rubin and David Jefferson from the University of California, Berkeley, Johns Hopkins University and the Lawrence Livermore National Laboratory, respectively, and Barbara Simons, a computer scientist and technology policy consultant.
The federally-funded Secure Electronic Registration and Voting Experiment (SERVE) system is currently slated for use in the US in this year's primary and general elections. It will allow eligible voters to register to vote at home and then to vote via the Internet from anywhere in the world. The first tryout of SERVE is early in February for South Carolina's presidential primary and its eventual goal is to provide voting services to all eligible US citizens overseas and to US military personnel and their dependents, a population estimated at six million.
After studying the prototype system the four researchers said that from anywhere in the world a hacker could disrupt an election or influence its outcome by employing any of several common types of cyber-attacks. "Attacks could occur on a large scale and could be launched by anyone from a disaffected lone individual to a well-financed enemy agency outside the reach of US law," state the three computer science professors and a former IBM researcher in the report.
A denial-of-service attack would delay or prevent a voter from casting a ballot through a Web site. A "man in the middle" or "spoofing" attack would involve the insertion of a phoney Web page between the voter and the authentic server to prevent the vote from being counted or to alter the voter's choice. What is particularly problematic, the authors say, is that victims of "spoofing" may never know that their votes were not counted.
A third type of attack involves the use a virus or other malicious software on the voter's computer to allow an outside party to monitor or modify a voter's choices. The malicious software might then erase itself and never be detected, according to the report.
While acknowledging the difficulties facing absentee voters, the authors of the security analysis conclude that Internet voting presents far too many opportunities for hackers or terrorists to interfere with fair and accurate voting, potentially in ways impossible to detect.
"The flaws are unsolvable because they are fundamental to the architecture of the Internet," said David Wagner, assistant professor of computer science at UC Berkeley. "Because the danger of successful large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear, states the report. There is no way to plug the security vulnerabilities inherent in the SERVE on-line voting design, according to the report's authors.
The Internet voting plan and touchscreen equipment not linked to the Internet are part of a general move in the US toward greater use of computers, provoked in part by the problems associated with paper ballots during the 2000 presidential election. But the authors of the SERVE analysis conclude that opportunities for tampering are being overlooked in the rush to embrace new election technology.
"Voting in a national election will be conducted using proprietary software, insecure clients and an insecure network," concluded report author and former IBM researcher Barbara Simons.
The full security analysis of the SERVE system can be viewed online at servesecurityreport.org<</a>. Detailed information about the SERVE system is at < a href="serveusa.gov/public/aca.aspx/>serveusa.gov/public/aca.aspx/.