--- Forwarded: The report is here: http://www.servesecurityreport.org/ Today's NYTimes story says that seven states, with some 100,000 people, will be voting via the Internet using a system that experts say CANNOT be both secure and anonymous and which can be hacked in a wide range of existing ways that are commonly seen online already. http://www.nytimes.com/2004/01/21/technology/23CND-INTE.html Report Says Internet Voting System Is Too Insecure to Use By JOHN SCHWARTZ Published: January 21, 2004 A new $22 million system to allow soldiers and other Americans overseas to vote via the Internet is inherently insecure and should be abandoned, according to members of a panel of computer security experts asked by the government to review the program. The system, Secure Electronic Registration and Voting Experiment, or SERVE, was developed with financing from the Department of Defense and will first be used in this year's primaries and general election. <snip> The system, they wrote, "has numerous other fundamental security problems that leave it vulnerable to a variety of well-known cyber attacks, any one of which could be catastrophic." Any system for voting over the Internet with common personal computers, they noted, would suffer from the same risks. The trojans, viruses and other attacks that complicate modern life and allow such crimes as online snooping and identity theft could enable hackers to disrupt or even alter the course of elections, the report concluded. Such attacks "could have a devastating effect on public confidence in elections," the report's authors wrote, and so "the best course to take is not to field the SERVE system at all." A spokesman for the Department of Defense said the critique overstated the importance of the security risks in online voting. "The Department of Defense stands by the SERVE program," the spokesman, Glenn Flood, said. "We feel it's right on, at this point, and we're going to use it." <snip> But the authors of the report adamantly state that what works for electronic commerce doesn't work for electronic democracy: "E-commerce grade security is not good enough for elections," they wrote. The dual requirements of authentication and anonymity make voting very different from most online purchases, they wrote, and failures and fraud are covered by Internet merchants and credit card companies. "How do we recover if an election is compromised?" they wrote. -- "No President has ever done more for human rights than I have." --George W. Bush in The New Yorker http://www.newyorker.com/press/content/ _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Fri Jan 23 2004 - 12:15:51 PST