Report Finds "Fundamental" Flaws in Pentagon E-Voting System
======================================================================
A recent peer review study of an Internet-based voting system
developed by the Pentagon found "fundamental" security risks and
recommended that the system not be used in the 2004 general election.
The report, released by the Security Peer Review Group of the Federal
Voting Assistance Program, reviewed the election system known as the
Secure Electronic Registration and Voting Experiment (SERVE). SERVE
is intended to allow personnel to vote in their local elections over
the Internet, from anywhere in the world. SERVE is slated to be
available for use by citizens abroad and military personnel from seven
states to vote in the 2004 general elections.
The report found that SERVE suffered from various security weaknesses
found in other electronic voting systems, and more fundamental
security problems due to its reliance on the Internet. SERVE lacks a
paper audit feature, and is also vulnerable to common Internet
attacks, such as viruses or hacking. Moreover, the report found that
SERVE was vulnerable to a broad range of threats, from lone
individuals manipulating the system to well-organized attacks. Such
incidents could result in election tampering and disenfranchisement,
affecting the results of local and presidential elections. Further,
the report found that such assaults could go undetected. Because of
the relative ease of perpetrating such attacks and the great damage
that would result, the report advocated that SERVE not be used at all.
The report states that these vulnerabilities stem from the
architecture of the Internet and computing. After reviewing a number
of modifications of SERVE and determining that none addressed the
fundamental weaknesses, the report concluded that a wholesale redesign
and replacement of many of the computers on the Internet would be
required to address these problems. The report found that the most
promising of the SERVE variations is a kiosk architecture that would
not rely on unsecured software or the Internet.
The SERVE Security Analysis Report:
http://www.servesecurityreport.org/
Verified Voting Coalition:
http://www.verifiedvoting.com
For more information about electronic voting, see EPIC's Voting Page:
http://www.epic.org/privacy/voting/
======================================================================