|
Because of the increasing frequency of proposals to allow remote voting over the internet, we believe it is necessary to warn policymakers and the public that secure internet voting is a very hard technical problem, and that we should proceed with internet voting schemes only after thorough consideration of the technical and non-technical issues in doing so. Please read our statement, and, if you are a "computer expert", consider endorsing it.
Download the statement in PDF form
Computer Technologists’ Statement on Internet Voting
A partial list of technical challenges includes: (excerpts)
• The voting system as a whole must be verifiably accurate in spite of the fact that client systems can never be guaranteed to be free of malicious logic
• There must be a satisfactory way to prevent large-scale or selective disruption of vote transmission over the internet.
• There must be strong mechanisms to prevent undetected changes to votes
• There must be reliable, unforgeable, unchangeable voter-verified records of votes
• The entire system must be reliable and verifiable even though internet-based attacks can be mounted by anyone, anywhere in the world.
Given this list of problems, there is ample reason to be skeptical of internet voting proposals. Full statement at Verified Voting
What about Internet voting? Dr. Rebecca Mercuri.
Internet voting is risky due to its sociological and technological problems. Absentee balloting does not provide the safeguards of freedom from coercion and vote selling that are afforded via local precincts. Internet voting creates additional problems due to the inability of service providers to assure that websites are not spoofed, denial of service attacks do not occur, balloting is recorded accurately and anonymously, and votes are cast by the appropriate person.
In 2004 the Department of Defense scrapped a $22-million internet voting project known as SERVE after computer scientists tasked with examining the system determined that internet voting wasn’t secure.
A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE) ...This report is a review and critique of computer and communication security issues in the SERVE voting system (Secure Electronic Registration and Voting Experiment), an Internet-based voting system being built for the U.S. Department of Defense's FVAP (Federal Voting Assistance Program). The program's web site is http://www.serveusa.gov/
SERVE is an Internet- and PC-based system, it has numerous other fundamental security problems that leave it vulnerable to a variety of well-known cyber attacks (insider attacks, denial of service attacks, spoofing, automated vote buying, viral attacks on voter PCs, etc.), any one of which could be catastrophic.
Such attacks could occur on a large scale, and could be launched by anyone from a disaffected lone individual to a well-financed enemy agency outside the reach of U.S. law.
SERVE UPDATED statement;
The new report in response to the May 2007 DoD report on Voting Technologies for UOCAVA Citizens
June 13, 2007
New Report (June 2007): Click to download PDF
DoD Report (May 2007): Click to download PDF
August 9, 2001 The Public i Special Report
Internet Voting Project Cost Pentagon $73,809 Per Vote
By John Dunbar
(Washington, Aug. 9) A pilot Internet voting project to encourage voter participation by Americans abroad cost the Pentagon $6.2 million and received high marks from its director, although it delivered only 84 votes in the November election and failed to address a key security concern, the Center for Public Integrity has learned.
Details about the two-and-a-half-year project come as the concept of cyberspace voting is taking a beating. A cadre of experts, including a national commission charged with improving the federal election process and the Pentagon itself, is questioning its feasibility because of the inherent lack of security on the Internet..
|
