Internet Voting – Why Not

Computer Technologists’ statement on internet voting September 11th, 2008

Because of the increasing frequency of proposals to allow remote voting over the internet, we believe it is necessary to warn policymakers and the public that secure internet voting is a very hard technical problem, and that we should proceed with internet voting schemes only after thorough consideration of the technical and non-technical issues in doing so. Please read our statement, and, if you are a “computer expert”, consider endorsing it.
Download the statement in PDF form

Computer Technologists’ Statement on Internet Voting 

A partial list of technical challenges includes: (excerpts)

• The voting system as a whole must be verifiably accurate in spite of the fact that client systems can never be guaranteed to be free of malicious logic
• There must be a satisfactory way to prevent large-scale or selective disruption of vote transmission over the internet.
• There must be strong mechanisms to prevent undetected changes to votes
• There must be reliable, unforgeable, unchangeable voter-verified records of votes
• The entire system must be reliable and verifiable even though internet-based attacks can be mounted by anyone, anywhere in the world.
Given this list of problems, there is ample reason to be skeptical of internet voting proposals. Full statement at Verified Voting

What about Internet voting?  Dr. Rebecca Mercuri.
Internet voting is risky due to its sociological and technological problems.  Absentee balloting does not provide the safeguards of freedom from coercion and vote selling that are afforded via local precincts.  Internet voting creates additional problems due to the inability of service providers to assure that websites are not spoofed, denial of service attacks do not occur, balloting is recorded accurately and anonymously, and votes are cast by the appropriate person.

 In 2004 the Department of Defense scrapped a $22-million internet voting project known as SERVE after computer scientists tasked with examining the system determined that internet voting wasn’t secure.

A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE) …This report is a review and critique of computer and communication security issues in the SERVE voting system (Secure Electronic Registration and Voting Experiment), an Internet-based voting system being built for the U.S. Department of Defense’s FVAP (Federal Voting Assistance Program). The program’s web site is http://www.serveusa.gov/

SERVE is an Internet- and PC-based system, it has numerous other fundamental security problems that leave it vulnerable to a variety of well-known cyber attacks (insider attacks, denial of service attacks, spoofing, automated vote buying, viral attacks on voter PCs, etc.), any one of which could be catastrophic.
Such attacks could occur on a large scale, and could be launched by anyone from a disaffected lone individual to a well-financed enemy agency outside the reach of U.S. law.

SERVE UPDATED statement;
The new report in response to the May 2007 DoD report on Voting Technologies for UOCAVA Citizens
June 13, 2007
New Report (June 2007): Click to download PDF
DoD Report (May 2007): Click to download PDF

August 9, 2001  The Public i Special Report
Internet Voting Project Cost Pentagon $73,809 Per Vote
By John Dunbar
(Washington, Aug. 9) A pilot Internet voting project to encourage voter participation by Americans abroad cost the Pentagon $6.2 million and received high marks from its director, although it delivered only 84 votes in the November election and failed to address a key security concern, the Center for Public Integrity has learned.

Details about the two-and-a-half-year project come as the concept of cyberspace voting is taking a beating. A cadre of experts, including a national commission charged with improving the federal election process and the Pentagon itself, is questioning its feasibility because of the inherent lack of security on the Internet..

If I can shop and bank online, why can’t I vote online? Wednesday, November 2, 2011 By David Jefferson. Verified Voting
…However, computer and network security experts are virtually unanimous in pointing out that online voting is an exceedingly dangerous threat to the integrity of U.S. elections. There is no way with current technology to guarantee that the security, privacy, and transparency requirements for elections can all be met with any security technology in the foreseeable future.

The Pew study , “No Time to Vote: Challenges Facing America’s Overseas Military Voters,”  recommends four policy options that would help improve the voting process for military overseas voters:     – Expanding the use of the Federal Write-in Absentee Ballot, a back-up measure for military voters who do not receive their state ballots in time;
-Allowing election materials to be transmitted electronically; (not voted materials)
-Ensuring a minimum of 45 days to allow ballots to travel between voters and election offices; and,
-Eliminating a requirement that military voters have their completed ballots notarized before returning them 

Voters Unite advises :
The Pew report does NOT support casting ballots via the internet. In fact, the Pew report mentions and quotes a GAO report:

“Allowing military voters overseas to return their ballots
electronically helps ensure they have time to vote—but it also raises questions about the voters’ privacy and the security of the ballots as well as access to the technology. As the GAO noted in a 2007 report, while alternatives such as electronic and Internet voting “may expedite the absentee voting process, they are more vulnerable to privacy and security compromises than the conventional methods now in use. Electronic and Internet voting require safeguards to limit such vulnerabilities and prevent compromises to votes from intentional actions or inadvertent errors. However, available safeguards may not
adequately reduce the risks of compromise.””
[GAO Report 07-774, “Action Plans Needed to Fully Address
Challenges in Electronic Absentee Voting Initiatives for Military
and Overseas Citizens,” June 2007, p. 30.]

The Florida internet project mentioned by Ms. Evans, actually required the county to fly voting machines, all supplies and election officials to the three locations in order to make the project work. Then after all of the expense for travel only a few over 60 voters used the system. And that system was actually run by a Spanish corporation and all votes were gathered in Barcelona before being transmitted to the county. Is this what we want? I don’t think so. The report discusses other options that make much more sense.

~VotersUnite

Florida Internet Voting Plan Is Illegal and Marred by Conflict of Interest Says Critic Kim Zetter May 30, 2008 Wired News