Featured Research

from universities, journals, and other organizations

Internet Voting System Set For Upcoming Elections Not Secure, Computer Experts Say

Date:
January 23, 2004
Source:
University Of California, Berkeley
Summary:
A federally funded online absentee voting system scheduled to debut in less than two weeks has security vulnerabilities that could jeopardize voter privacy and allow votes to be altered, according to a report prepared by four prominent researchers invited to analyze the system.

BERKELEY – A federally funded online absentee voting system scheduled to debut in less than two weeks has security vulnerabilities that could jeopardize voter privacy and allow votes to be altered, according to a report prepared by four prominent researchers invited to analyze the system. All experts in cyber-security, they say the risks associated with Internet voting cannot be eliminated and urge that the system be shut down.

The report's authors are computer scientists David Wagner, Avi Rubin and David Jefferson from the University of California, Berkeley, The Johns Hopkins University and the Lawrence Livermore National Laboratory, respectively, and Barbara Simons, a computer scientist and leading technology policy consultant. They are members of the Security Peer Review Group, an advisory group formed by the Federal Voting Assistance Program to evaluate the system.

Administrators of this program, part of the U.S. Department of Defense, were charged with finding an easier way for U.S. military personnel and overseas civilians to vote in their home districts. Currently, these voters must rely on absentee paper ballots. But obtaining and returning paper ballot from a distant location can be a frustrating process that sometimes depends on slow or unreliable foreign postal services.

As an alternative, the federal program funded the creation of an Internet-based voting system called the Secure Electronic Registration and Voting Experiment, or SERVE. The system is slated to be used in 50 counties in seven states during this year's primary and general elections, handling up to 100,000 votes. The first tryout is Feb. 3 for South Carolina's presidential primary. The eventual goal is to provide voting services to all eligible overseas citizens, plus military personnel and their dependents, a population estimated at 6 million.

While acknowledging the difficulties facing such absentee voters, the authors of the security analysis conclude that Internet voting presents far too many opportunities for hackers or even terrorists to interfere with fair and accurate voting, potentially in ways impossible to detect. Such tampering could alter election results, particularly in close contests.

"Because the danger of successful large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear," the report states.

The authors of the report state that there is no way to plug the security vulnerabilities inherent in the SERVE online voting design.

"The flaws are unsolvable because they are fundamental to the architecture of the Internet," says Wagner, assistant professor of computer science at UC Berkeley. "Using a voting system based upon the Internet poses a serious and unacceptable risk for election fraud. It is simply not secure enough for something as serious as the election of a government official."

The researchers also believe that if no mishaps occur or are detected during this year's trial runs with the online voting system, federal or state governments might swiftly expand its use.

"The danger is that this system will work fine in a low-stakes setting like these first trial runs," says Rubin, technical director of the Information Security Institute at Johns Hopkins and an associate professor of computer science. "That will likely be used as an argument for expanding the system for even wider use. But that's like saying you don't ever need to wear a seat belt because you drove to work without crashing the car this morning."

The Internet voting plan, along with the growing use of touchscreen equipment not linked to the Internet, is part of a nationwide move toward greater use of computers, provoked in part by the problems associated with paper ballots during the 2000 presidential election. But the authors of the SERVE analysis conclude that opportunities for tampering are being overlooked in the rush to embrace new election technology.

"The SERVE system has all of the problems that electronic touchscreen voting systems have: secret software, no protection against insider fraud and lack of voter verifiability," says Jefferson. "But it also has a host of additional security vulnerabilities associated with the PC and the Internet, including denial-of-service attacks, automated vote buying and selling, spoofing attacks and virus attacks."

As currently implemented, certain members of the U.S. Armed Forces, the Merchant Marines, the Public Health Service and the National Oceanic and Atmospheric Administration, as well as U.S. citizens living abroad, are eligible to vote using SERVE. Such voters can go to the SERVE Web site using a Windows-based computer connected to the Internet and cast their ballots.

After studying the prototype system, however, the four researchers said it would be too easy for a hacker, located anywhere in the world, to disrupt an election or influence its outcome by employing any of several common types of cyber-attacks:

* A denial-of-service attack, which would delay or prevent a voter from casting a ballot through the SERVE Web site.* A "Man in the Middle" or "spoofing" attack, in which a hacker would insert a phony Web page between the voter and the authentic server to prevent the vote from being counted or to alter the voter's choice. What is particularly problematic, the authors say, is that victims of "spoofing" may never know that their votes were not counted. * Use of a virus or other malicious software on the voter's computer to allow an outside party to monitor or modify a voter's choices. The malicious software might then erase itself and never be detected.

"Voting in a national election will be conducted using proprietary software, insecure clients and an insecure network," says Simons, a former IBM Research Staff Member and a past president of the Association for Computing Machinery. "Congress and the Department of Defense should understand that providing soldiers with an insecure system on which to vote is not doing them any favors."

The full security analysis of the SERVE system can be viewed online at http://www.servesecurityreport.org/.

For detailed information about the SERVE system, including a list of participating states and counties, go to /http://www.serveusa.gov/public/aca.aspx/.


Story Source:

The above story is based on materials provided by University Of California, Berkeley. Note: Materials may be edited for content and length.


Cite This Page:

University Of California, Berkeley. "Internet Voting System Set For Upcoming Elections Not Secure, Computer Experts Say." ScienceDaily. ScienceDaily, 23 January 2004. <www.sciencedaily.com/releases/2004/01/040123005148.htm>.
University Of California, Berkeley. (2004, January 23). Internet Voting System Set For Upcoming Elections Not Secure, Computer Experts Say. ScienceDaily. Retrieved July 27, 2014 from www.sciencedaily.com/releases/2004/01/040123005148.htm
University Of California, Berkeley. "Internet Voting System Set For Upcoming Elections Not Secure, Computer Experts Say." ScienceDaily. www.sciencedaily.com/releases/2004/01/040123005148.htm (accessed July 27, 2014).

Share This




More Computers & Math News

Sunday, July 27, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Google's Next Frontier: The Human Body

Google's Next Frontier: The Human Body

Newsy (July 27, 2014) Google is collecting genetic and molecular information to paint a picture of the perfectly healthy human. Video provided by Newsy
Powered by NewsLook.com
Congress OKs Unlocking Phones From Carriers

Congress OKs Unlocking Phones From Carriers

Newsy (July 26, 2014) A bill legalizing "unlocking," or untethering a phone from its default wireless carrier, has passed Congress and is expected to be signed into law. Video provided by Newsy
Powered by NewsLook.com
Apple Acquires 'Pandora of Books' Service BookLamp

Apple Acquires 'Pandora of Books' Service BookLamp

Newsy (July 26, 2014) Apple reportedly acquired analytics and recommendation engine BookLamp for between $10 and $15 million. Video provided by Newsy
Powered by NewsLook.com
Wikipedia Puts Congress in Time Out, Blocks Editing

Wikipedia Puts Congress in Time Out, Blocks Editing

Newsy (July 26, 2014) An IP address within the House of Representatives was banned from editing Wikipedia articles for 10 days after it made some questionable changes. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins