[Here's my response to an editorial that appeared recently in the Chicago Tribune. The editors posted my response online at http://tinyurl.com/5c4p7y but chose not to publish it in their print edition.]
Internet voting fatally flawed
August 21, 2008
"Let U. S. military personnel overseas vote via the Internet." That's what you suggest in your editorial, "When ballot access goes AWOL" (Aug. 16) http://tinyurl.com/6kovod as the remedy for the paltry 5.5 percent turnout among U. S. voters overseas.
In 2004, the Pentagon was slated to launch just such a system, dubbed "SERVE" (Secure Electronic Registration and Voting Experiment). But they dumped it after the entire concept of Internet voting was blasted by leading experts in computer security.
They wrote, "Because the danger of successful, large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE immediately and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear…There really is no good way to build such a voting system without a radical change in overall architecture of the Internet and the PC, or some unforeseen security breakthrough." (A Security Analysis of SERVE, available online at http://www.servesecurityreport.org ).
None of the experts' prerequisites for secure Internet voting have yet come about. Instead, additional security holes continue to be discovered. Just two months ago, a major Internet flaw was discovered that would allow hackers to invisibly redirect Internet browsers to infected Web sites. (See, for instance, http://tinyurl.com/6jduom Or Google "DNS poisoning.") Such a Web site could "filter" or alter votes before passing them on to the authentic website.
Internet voting is one of those bright new ideas that, unfortunately, turn out to be fatally flawed.
Director for Technology
Illinois Ballot Integrity Project