Internet voting fatally flawed

August 21, 2008

"Let U. S. military personnel overseas vote via the Internet." That's what you suggest in your editorial, "When ballot access goes AWOL" (Aug. 16) http://tinyurl.com/6kovod as the remedy for the paltry 5.5 percent turnout among U. S. voters overseas.

In 2004, the Pentagon was slated to launch just such a system, dubbed "SERVE" (Secure Electronic Registration and Voting Experiment). But they dumped it after the entire concept of Internet voting was blasted by leading experts in computer security.

They wrote, "Because the danger of successful, large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE immediately and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear…There really is no good way to build such a voting system without a radical change in overall architecture of the Internet and the PC, or some unforeseen security breakthrough." (A Security Analysis of SERVE, available online at http://www.servesecurityreport.org  ).

Included in its report is the caution that some varieties of attack "would be extremely difficult to detect, even in cases when they change the outcome of a major election."

None of the experts' prerequisites for secure Internet voting have yet come about. Instead, additional security holes continue to be discovered. Just two months ago, a major Internet flaw was discovered that would allow hackers to invisibly redirect Internet browsers to infected Web sites. (See, for instance, http://tinyurl.com/6jduom   Or Google "DNS poisoning.") Such a Web site could "filter" or alter votes before passing them on to the authentic website.

Internet voting is one of those bright new ideas that, unfortunately, turn out to be fatally flawed.

--Roy Lipscomb
Vice-Chair
Director for Technology
Illinois Ballot Integrity Project
Chicago