Internet Voting Is Vulnerable to Tampering, Experts Warn
An Internet voting system developed by the Pentagon for U.S. citizens overseas is so vulnerable to attacks it should be scrapped, four computer security experts said in a report released Wednesday.
But the Pentagon is standing by the system, which could get its first test Feb. 3 in South Carolina’s primary election.
The four computer security experts said the Secure Electronic Registration and Voting Experiment, or SERVE, could be penetrated by hackers who could change votes or gather information about users.
“Internet voting presents far too many opportunities for hackers or even terrorists to interfere with fair and accurate voting, potentially in ways impossible to detect,” the experts said in a statement. “Such tampering could alter election results, particularly in close contests.”
Defense Department spokesman Glenn Flood said the Pentagon was confident the system was secure. “We knew from the start that security would be the utmost concern,” Flood said. “We’ve had things put in place that counteract the things they talked about.”
The experts specified these risks, among others:
* There is no way to verify that the vote recorded inside the system is the same as the one cast by the voter.
* It might be possible for hackers to determine how a particular individual voted, “an obvious privacy risk.”
* The system may be vulnerable to attacks from many quarters, some undetectable.
“Not only could a political party attempt to manipulate an election by attacking SERVE, but so could individual hackers, criminals, terrorists, organizations such as the Mafia and even other countries,” the report says.
The report noted that four states -- Florida, South Carolina, Texas and Utah -- tried a limited form of Internet voting in 2000, handling only 84 votes.
Another concern was that because of the automated nature of the system, it might be vulnerable to vote buying, selling or swapping in large numbers.
In 2000, the report says, the first Internet-based attempt at vote swapping in a presidential election was seen with the creation of a website to encourage swapping between voters for Al Gore, the Democratic presidential candidate, and Green Party candidate Ralph Nader.
While that attempt depended on the honor system and no money changed hands, similar characteristics in SERVE could give rise to enforced vote-swapping or to the purchase of votes, the report says.
The four security experts are among 10 the Pentagon asked to study the SERVE system and look for vulnerabilities. The other six experts decided not to issue a report, Flood said.
The four experts are Aviel Rubin of Johns Hopkins University, David Wagner of UC Berkeley, David Jefferson of Lawrence Livermore National Laboratory and independent consultant Barbara Simons.
So far, seven states have signed on to the experimental system: Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah and Washington.
Flood said SERVE may be available for South Carolina expatriates during the primary, “but for sure it will be available for the November elections.”
About 6 million U.S. voters live overseas. The computer experts said SERVE is designed to handle about 100,000 votes from the seven states.
