---
Forwarded:
The report is here:
http://www.servesecurityreport.org/
Today's NYTimes story says that seven states, with some 100,000 people,
will be voting via the Internet using a system that experts say CANNOT be
both secure and anonymous and which can be hacked in a wide range of
existing ways that are commonly seen online already.
http://www.nytimes.com/2004/01/21/technology/23CND-INTE.html
Report Says Internet Voting System Is Too Insecure to Use
By JOHN SCHWARTZ
Published: January 21, 2004
A new $22 million system to allow soldiers and other Americans overseas
to vote via the Internet is inherently insecure and should be abandoned,
according to members of a panel of computer security experts asked by the
government to review the program.
The system, Secure Electronic Registration and Voting Experiment, or
SERVE, was developed with financing from the Department of Defense and
will first be used in this year's primaries and general election.
<snip>
The system, they wrote, "has numerous other fundamental security problems
that leave it vulnerable to a variety of well-known cyber attacks, any
one of which could be catastrophic." Any system for voting over the
Internet with common personal computers, they noted, would suffer from
the same risks.
The trojans, viruses and other attacks that complicate modern life and
allow such crimes as online snooping and identity theft could enable
hackers to disrupt or even alter the course of elections, the report
concluded. Such attacks "could have a devastating effect on public
confidence in elections," the report's authors wrote, and so "the best
course to take is not to field the SERVE system at all."
A spokesman for the Department of Defense said the critique overstated
the importance of the security risks in online voting. "The Department of
Defense stands by the SERVE program," the spokesman, Glenn Flood, said.
"We feel it's right on, at this point, and we're going to use it."
<snip>
But the authors of the report adamantly state that what works for
electronic commerce doesn't work for electronic democracy: "E-commerce
grade security is not good enough for elections," they wrote. The dual
requirements of authentication and anonymity make voting very different
from most online purchases, they wrote, and failures and fraud are
covered by Internet merchants and credit card companies. "How do we
recover if an election is compromised?" they wrote.
--
"No President has ever done more for human rights than I have."
--George W. Bush in The New Yorker http://www.newyorker.com/press/content/
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
