Insecure Internet Voting


The Federal Voting Assistance Program promises to allow citizens living overseas to “Vote Using the Internet in 2004!”:

Are you a Uniformed Services member or dependent? Are you a U.S. citizen living overseas?
In 2004, you can take part in an exciting new initiative called SERVE (Secure Electronic Registration and Voting Experiment), which will let eligible U.S. citizens vote from any Windows-based computer with Internet access, anywhere in the world!

A new report, A Security Analysis of the Secure Electronic Registration and Voting Experiment, finds that SERVE is “vulnerable to a variety of well-known cyber attacks (insider attacks, denial of service attacks, spoofing, automated vote buying, viral attacks on voter PCs, etc.), any one of which could be catastrophic.” While the system uses a certain level of encryption and security, the report’s authors argue that “E-commerce grade security is not good enough for elections.”
And, by the way, SERVE has all the same flaws that other e-voting systems have: they are “especially vulnerable to various forms of insider (programmer) attacks” and lack verifiable audit trails.
NY Times: Report Says Internet Voting System Is Too Insecure to Use
Update, Jan. 23, Washington Post: Pentagon’s Online Voting Program: Chat with Avi Rubin

Andrew Raff @andrewraff