Michigan perseveres with Internet voting
Reuters
February 09, 2004, 10:10 GMT
?
Michigan Democrats will choose their presidential candidate via the Internet, despite doubts cast by the US Defense Department on online voting's security
The Michigan Democratic Party is sticking with its Internet voting system even though security concerns have prompted the Pentagon to abandon its own online voting efforts, a state party spokesman said on Friday.
The Defense Department on Thursday abandoned a pilot project that would have allowed overseas troops to vote online after computer experts warned that hackers could easily tamper with the results.
But in Michigan, 25,000 voters have already cast their ballots online for Saturday's Democratic presidential contest, spokesman Jason Moon said.
"I don't know the specifics, but our system is not same system by any means'' as the one used by the Pentagon, he said.
Moon said the party had set up a secure Web site protected by two firewalls, guarded by the computer-security firm Symantec.
Voters have to enter a unique ID and password, along with their date and city of birth, to vote at a secure Web site that is protected by two firewalls and monitored around the clock by Symantec, he said.
All traffic is encrypted, Moon said, and election officials can double-check votes if a recall is needed as participants do not vote anonymously.
Those encountering computer problems can vote by mail or in person at a polling location, he said.
"We use state-of-the-art technology to ensure the integrity of Internet voting in Michigan,'' Moon said.
Critics say flaws remain
Two computer scientists who found flaws with the Pentagon's system said the Michigan system had many of the same problems.
Partisan hackers could redirect traffic to a dummy Web site to collect voters' passwords and usernames, then use that information to vote for a favourite candidate, Johns Hopkins University professor Avi Rubin said.
Hackers could also flood the voting site with meaningless data to knock it offline in a "denial of service'' attack, or use that same technique to render certain voters' computers useless, he said.
"I think they've dug themselves a pretty deep hole and they're kind of stuck now,'' Rubin said. "You don't want to disenfranchise the 25,000 who voted over the Internet, but on the other hand you have no idea of the legitimacy of those votes.''
Even if election officials can completely secure their own systems, they have no way of knowing if voters' computers have been compromised, said computer consultant Barbara Simons, who developed the Pentagon critique with Rubin and warned the Democratic National Committee about online voting risks last fall.
The wide-open nature of personal computers and the Internet means that it is simply impossible to guarantee that nothing will go wrong, she said.
"It's inescapable. It's not the fault of the people who are building the system they can't solve it right now,'' Simons said. "If we ever get secure computers that might be a different story, but we certainly don't have them.''