Federal online voting system called unfixable

A federal online voting system for military personnel and other citizens overseas is so fraught with security risks that it should be shut down before it is implemented next month, according to four researchers asked to analyze it.

Because the system relies on the Internet and personal computers, voter privacy could be jeopardized and votes could be altered by hackers or even terrorists - which could change the outcome of a close race, the report released yesterday concludes.


"Computers were not built to be voting booths," said Avi Rubin, associate professor of computer science at Johns Hopkins University and one of the report's authors. "They're vulnerable to all kinds of attacks and viruses. They're going to use what we know are insecure machines as voting booths."

The new Internet-based voting system - being administered by the U.S. Department of Defense - is called the Secure Electronic Registration and Voting Experiment, or Serve. Up to 100,000 voters from 50 counties in seven states, not including Maryland, are expected to use it to cast ballots in this year's primary and general elections. Eventually, 6 million overseas voters, from servicemen to students, could be eligible to vote this way.


The idea is to make it easier for citizens living overseas to cast absentee ballots for races in their home districts. Now, people have to send away for paper ballots and then wait for them to arrive, a process sometimes marred by unreliable foreign postal services.

Serve's rollout is expected to be in time for the important South Carolina primary Feb. 3. Despite the criticisms identified by some members of a peer review group commissioned by the Defense Department, there are no plans to delay it.

"We respect what they have done. They have excellent credentials," said Glenn E. Flood, a Defense spokesman. But, he said, "we plan to continue the program."

R. Michael Alvarez, a political science professor at the California Institute of Technology who is charged with evaluating Serve, said the key to the program is the last word in its title: Experiment.

"It's meant to be an experiment. It's meant to be a controlled environment," he said. "It's going to provide a lot of information on whether we can help enfranchise this group of voters with the use of technology.

"The criticism is welcome," he said. "That's what we expected from the people we brought in to look at this part of the program. The goal here is openness. The goal here is to learn."

Rubin was the principal author of a report released last summer that pointed to security problems with touch-screen voting machines made by Diebold Election Systems, machines that Maryland bought for $55 million for a near-statewide rollout this spring.

Despite the many problems found with those machines, there was a series of recommended fixes. This time, however, the authors say nothing can be done. They praise those who designed Serve but say it's the computers, well-known to be vulnerable to worms and viruses, that are the problem.


"There really is no good way to build such a voting system without a radical change in the overall architecture of the Internet and the PC, or some unforeseen security breakthrough," the report states.

Barbara Simons, a computer scientist who was one of the report's co-authors, said she is worried that the results of this "experiment" can never be properly verified. Because voting is inherently based on privacy, there is no way to know that a ballot was properly cast or counted, she said. It's the opposite of other sensitive transactions done online, such as shopping, in which the purchaser wants the purchase known so the correct item can be sent to the proper address.

Besides, Simons said, "with an election, there's a lot of motivation to try to subvert it."

Simons said her biggest fear is that once Serve is implemented, it will appear to have worked correctly - and at the same time, it will be impossible to tell whether it truly did. Based on that assumed success, she said, the whole country could be pushed toward Internet voting in 2008.

"We just think that would be disastrous," she said.