CRIME Security experts nix Internet voting plan

From: Andrew Plato (aplato@private)
Date: Fri Jan 23 2004 - 12:06:07 PST

  • Next message: Sasha Romanosky: "RE: CRIME Security experts nix Internet voting plan"

    Interesting report from an independent group. They are recommending that
    the federal voting site, SCORE be shut down because of security
    weaknesses. The system was designed by Accenture. 
    
    This is, of course, interesting to us since Anitian is securing Oregon's
    electronic voting system. 
    
    The report is a good read if your interested in electronic voting
    issues. 
    
    ___________________________________
    Andrew Plato, CISSP
    President/Principal Consultant
    Anitian Enterprise Security 
     
    503-644-5656 Office
    503-214-8069 Fax
    503-201-0821 Mobile
    www.anitian.com
    ___________________________________ 
    
    
    Security experts nix Internet voting plan
    By R. Colin Johnson, EE Times
    January 23, 2004 (12:45 p.m. EST)
    URL: http://www.eetimes.com/story/OEG20040123S0036 
    
    PORTLAND, Ore. - An Internet voting scheme called Secure Electronic
    Registration and Voting Experiment may be dead, at least according to an
    independent report. 
    
    The report was released by four whistle-blowing security experts hired
    by the Federal Voting Assistance Program to evaluate the program, also
    know as Serve. Serve is scheduled to become operational in time for 2004
    primary elections beginning in February. 
    
    "We were hired to evaluate the Serve Internet voting system, and to
    recommend repairs we thought were needed to make the system secure, but
    we found that its based on consumer-level PCs and operating systems that
    cannot be made secure. A worm or virus like the ones we've seen
    attacking the Internet lately could easily change your vote without you
    knowing it. Serve should be abandoned," said computer scientist David
    Wagner. Wagner coauthored the report with computer scientists Avi Rubin
    from the University of California at Berkeley, David Jefferson of Johns
    Hopkins University and Barbara Simons of Lawrence Livermore National
    Laboratory. Their report represents a minority opinion of the Security
    Peer Review Group, an advisory group formed by the Federal Voting
    Assistance Program to evaluate Serve. 
    
    Overseas residents and military personnel must use paper absentee
    ballots, which are often delayed, thereby invalidating the ballots. The
    program was created to remedy the problem, but the cure could be worse
    than the illness, according to the security experts. 
    
    The critics said using consumer-grade components already under attack by
    hackers worldwide makes the online voting system dead-on-arrival.
    Program officials nevertheless plan to begin trial usage soon despite
    the experts' conclusion that the system is not secure. 
    
    According to Wagner, the computer security experts tried a range of
    methods to fix the security holes in the Internet/PC/Windows
    environment, but concluded that it could not be done. Instead, Wagner
    said secure lines independent of the Internet and consumer-grade
    operating systems should be installed at foreign embassies and military
    bases. 
    
    "We tried every imaginable method of providing secure voting over the
    Internet using PCs, but we have concluded that it can only be done with
    secure lines. It won't be as convenient as using the Internet, but it
    will be secure," said Wagner. 
    
    Serve is being readied for use in 50 counties and in seven U.S. states
    during this year's primary and general elections, handling as many as
    100,000 votes beginning on Feb. 3 during South Carolina's presidential
    primary. The program's stated goal is to provide 6 million overseas
    voters with access to online absentee voting.
    



    This archive was generated by hypermail 2b30 : Fri Jan 23 2004 - 13:26:10 PST