SERVE eVoting System Lambasted


The panel of expert reviewing SERVE, the US Dept. of Defense eVoting system for overseas military members has released their report. The conclusions are not encouraging. (see NY Times article). Some interesting conclusions, but the most telling to me is the following:

Like the proponents of SERVE, we believe that there should be better support for voting for our military overseas. Still, we regret that we are forced to conclude that the best course is not to field the SERVE system at all. Because the danger of successful, large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE immediately and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear. We want to make clear that in recommending that SERVE be shut down, we mean no criticism of the FVAP, or of Accenture, or any of its personnel or subcontractors. They have been completely aware all along of the security problems we describe here, and we have been impressed with the engineering sophistication and skill they have devoted to attempts to ameliorate or eliminate them. We do not believe that a differently constituted project could do any better job than the current team. The real barrier to success is not a lack of vision, skill, resources, or dedication; it is the fact that, given the current Internet and PC security technology, and the goal of a secure, all-electronic remote voting system, the FVAP has taken on an essentially impossible task. There really is no good way to build such a voting system without a radical change in overall architecture of the Internet and the PC, or some unforeseen security breakthrough. The SERVE project is thus too far ahead of its time, and should wait until there is a much improved security infrastructure to build upon.
From SERVE Analysis
Referenced Thu Jan 22 2004 17:47:50 GMT-0700

Overseas military members have a tough time voting because they've had to do it absentee with long mail delays. SERVE was supposed to increase military member participation in the voting process, so it is indeed unfortunate that it can't be made to work. Keep in mind that SERVE is radically different in its goals than eVoting systems that are used standard elections. Because the goal was to allow overseas military members to vote, the design uses uncontrolled (sometimes home-based) PCs connected to the Internet, not dedicated machines maintained just for elections.

Update: The New York Times has an Op-Ed piece on SERVE

Four computer scientists brought in by the Pentagon to analyze a plan for Internet voting by the military issued a blistering report this week, concluding that the program should be halted. These four are the only members of a 10-member advisory committee to issue a report on the program. Their findings make it clear that the potential for hackers to steal votes or otherwise subvert elections electronically is too high. Congress should suspend the program.

The intentions behind the Pentagon's plan, the Secure Electronic Registration and Voting Experiment, are laudable. Military personnel overseas, and other Americans abroad, face obstacles to registering and voting. The new program would ease the way by allowing them to use any computer hooked up to the Internet. This year, it would be limited to voters abroad who are from one of 50 counties in seven states, but it could eventually be used by all of the estimated six million American voters overseas.

But the advantages of the Pentagon's Internet voting system would be far outweighed by the dangers it would pose. The report makes it clear that the possibilities for compromising the secrecy of the ballot, voting multiple times and carrying out vote theft on a large scale would be limited only by the imagination and skill of would-be saboteurs. Viruses could be written that would lodge on voters' computers and change their votes. Internet service providers, or even foreign governments that control network access, could interfere with votes before they reached their destination.

From Making Votes Count: The Perils of Online Voting
Referenced Fri Jan 23 2004 09:38:07 GMT-0700