Interesting report from an independent group. They are recommending that the federal voting site, SCORE be shut down because of security weaknesses. The system was designed by Accenture. This is, of course, interesting to us since Anitian is securing Oregon's electronic voting system. The report is a good read if your interested in electronic voting issues. ___________________________________ Andrew Plato, CISSP President/Principal Consultant Anitian Enterprise Security 503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ Security experts nix Internet voting plan By R. Colin Johnson, EE Times January 23, 2004 (12:45 p.m. EST) URL: http://www.eetimes.com/story/OEG20040123S0036 PORTLAND, Ore. - An Internet voting scheme called Secure Electronic Registration and Voting Experiment may be dead, at least according to an independent report. The report was released by four whistle-blowing security experts hired by the Federal Voting Assistance Program to evaluate the program, also know as Serve. Serve is scheduled to become operational in time for 2004 primary elections beginning in February. "We were hired to evaluate the Serve Internet voting system, and to recommend repairs we thought were needed to make the system secure, but we found that its based on consumer-level PCs and operating systems that cannot be made secure. A worm or virus like the ones we've seen attacking the Internet lately could easily change your vote without you knowing it. Serve should be abandoned," said computer scientist David Wagner. Wagner coauthored the report with computer scientists Avi Rubin from the University of California at Berkeley, David Jefferson of Johns Hopkins University and Barbara Simons of Lawrence Livermore National Laboratory. Their report represents a minority opinion of the Security Peer Review Group, an advisory group formed by the Federal Voting Assistance Program to evaluate Serve. Overseas residents and military personnel must use paper absentee ballots, which are often delayed, thereby invalidating the ballots. The program was created to remedy the problem, but the cure could be worse than the illness, according to the security experts. The critics said using consumer-grade components already under attack by hackers worldwide makes the online voting system dead-on-arrival. Program officials nevertheless plan to begin trial usage soon despite the experts' conclusion that the system is not secure. According to Wagner, the computer security experts tried a range of methods to fix the security holes in the Internet/PC/Windows environment, but concluded that it could not be done. Instead, Wagner said secure lines independent of the Internet and consumer-grade operating systems should be installed at foreign embassies and military bases. "We tried every imaginable method of providing secure voting over the Internet using PCs, but we have concluded that it can only be done with secure lines. It won't be as convenient as using the Internet, but it will be secure," said Wagner. Serve is being readied for use in 50 counties and in seven U.S. states during this year's primary and general elections, handling as many as 100,000 votes beginning on Feb. 3 during South Carolina's presidential primary. The program's stated goal is to provide 6 million overseas voters with access to online absentee voting.
This archive was generated by hypermail 2b30 : Fri Jan 23 2004 - 13:26:10 PST