Federal remote voting system called flawed
Wednesday, January 21, 2004 Posted: 8:47 PM EST (0147 GMT)
(CNN) A federally funded Internet-based voting system due for release in less than two weeks is inherently flawed and should be scuttled because of weak security, according to a report by a team of computer scientists.
The system, called the Secure Electronic Registration and Voter Experiment, or SERVE, is designed to allow U.S. military personnel and civilians living overseas to log onto a computer terminal and cast an absentee ballot.
The backers of the SERVE system downplayed the findings Wednesday, saying other experts disagree.
According to the report, the online nature of SERVE could easily allow a hacker to tamper with the voting results.
"Because the danger of successful large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear," the report said.
Among the type of hacks the researchers outlined are ones that would overwhelm computers with a denial-of-service attack.
Others are those that would remotely a phony Web page between the voter and the authentic server, and ones using a virus that could allow someone to alter a voter's choices before they're sent over an encrypted connection.
The Federal Voting Assistance Program, part of the Defense Department, is moving ahead with the system.
"This is a minority report from one of the peer-review groups we invited to look at the SERVE system," said department spokesman Glen Flood. "Out of this group of about 10 or 11 members, only four of them decided that concerns were warranted.
"We respect what they've done," Flood said of the dissenting members. "They have excellent credentials, but we stand by the SERVE program."
The report's authors are computer scientists David Wagner, Avi Rubin and David Jefferson from the University of California at Berkeley, Johns Hopkins University and the Lawrence Livermore National Laboratory, respectively, and Barbara Simons, a computer scientist and leading technology policy consultant.
According to the report, the system is targeted for use in 50 counties and seven states during this year's primary and general elections, and could handle up to 100,000 votes.
The report said the first tryout is slated for February 3 during South Carolina's presidential primary.
A similar system was used in the 2000 presidential election, but fewer than 100 votes were cast at that time.
Both systems were designed to make it easier for U.S. military personnel and overseas civilians to vote in their home districts.
Paper ballots are the only alternative, but obtaining and recording them can often be a frustrating process, the researchers said.
The SERVE system is different from the electronic voting machines used during several recent elections, but the report's researchers said the problems are greater with the SERVE system due to the addition of the Internet.
Electronic voting has become a contentious issue in recent years as critics complained about a lack of paper trails and security flaws.
The Federal Voting Assistance Program carries out the federal responsibilities of the secretary of defense under the Uniformed and Overseas Citizens Absentee Voting Act of 1986. The act covers more than 6 million potential voters.
CNN's Daniel Sieberg and Alex Walker contributed to this report.