Saturday, October 30, 2010

Security Debate Rages Over Internet Voting

As e-voting comes of age, cybersecurity fears are mounting. The debate over Internet voting focuses on members of the military and Americans living overseas who have had difficulty getting and returning ballots by Election Day. Security experts say Internet voting systems open up elections to cyberattacks, hackers and online fraud.

State efforts to let military and overseas voters cast ballots using the Internet have set off warnings from computer security experts that elections could be subject to cyberattacks.
The debate intensified after the District of Columbia tested an Internet voting system for possible use next month and invited computer scientists to try hacking into it. They did, without much trouble.
Arizona and West Virginia will allow military and overseas voters to use the Internet on Nov. 2 with systems the states claim are safe. More than 20 other states let those voters use e-mail, which some election security experts say is just as vulnerable. Congress has asked the Pentagon and the states to conduct pilot projects.
Computerized options for the nation's 4 million to 5 million military and overseas voters have spread almost as fast as the use of touch-screen machines in the United States a decade ago. Although no fraud has been detected, the computer lines are fraught with danger.
"The nature of the Internet can be so insecure," says Rokey Suleman, the D.C. director of elections who ordered up the test. "Right now, maybe it can't be done. But we have to do projects to get us there."
The debate over Internet voting focuses on members of the military and Americans living overseas who have had difficulty getting and returning ballots by Election Day. In 2008, only two-thirds of them returned their ballots on time, compared with 91 percent of absentee voters.
A law passed by Congress last year mandates that states send out absentee ballots to military voters and Americans abroad at least 45 days before an election and make electronic delivery of those ballots an option. It recommends pilot programs for returning voted ballots via the Internet, which is considered riskier.
'We Have To Move Cautiously'
So far, two states and the District of Columbia have made tentative moves in that direction:
*Arizona pioneered the process in 2008 and is continuing it this year. Voters can scan and upload paper ballots to an online system with a user name and password, and they must include a signed affidavit. In 2008, 135 of 9,171 military and overseas voters used the system. So far this year, 57 voters have used it in three elections.
"It's something that we have to move cautiously on," Secretary of State Ken Bennett says. "If people can go to ATM machines and move tens of thousands of dollars around, I'd like to believe that someday we'll be able to make voting similarly convenient."

Five counties in West Virginia let military and overseas voters cast ballots on a Web site that uses proprietary software. Just 77 voters used it in the May primary. For next month's general election, which includes a U.S. Senate race that could tip the balance of power Relevant Products/Services between Democrats and Republicans, eight counties are offering it.
"This is still just an option for our military and overseas voters," Secretary of State Natalie Tennant says. "But I feel like we have our bases covered."
*The District of Columbia was preparing to offer Internet voting to its military and overseas voters Nov. 2, but the test proved its vulnerabilities.
University of Michigan assistant professor J. Alex Halderman and two graduate students hacked in, saw who was "voting," changed votes and left the school's fight song as their calling card. While controlling the server Relevant Products/Services, he says, they also saw cyberattack efforts that appeared to come from China and Iran.
"It's a learning experience for everyone," he says. "Election officials should be asking whether the technology Relevant Products/Services is safe, not presuming that it someday will be."
Halderman's success came as little surprise to the non-profit Open Source Digital Voting Foundation, which provided the technology for the D.C. test. Its officials don't believe Internet voting is ready for prime time.
"How America votes is just as important as who they vote for," says Gregory Miller, the foundation's co-executive director. "You are running far too much risk."
How Much Risk To Accept
Internet elections have been held elsewhere in the past. In 2000, Arizona Democrats held their presidential primary mostly on the Internet. In 2007, Honolulu offered Internet voting for its 33 neighborhood advisory boards. Last year, it eliminated in-person voting for those boards to save money and went entirely to the Internet and phone, but participation dropped from 24 percent to 6 percent.
Organizations directly involved in serving military and overseas voters say the Internet isn't ready to host elections. The Defense Department's Federal Voting Assistance Program, which helps military and overseas voters, has been working with the U.S. Election Assistance Commission in hopes of holding a test in 2012.
"This is ultimately a policy decision as to how much risk you're willing to accept," says Bob Carey, the program's director. "We need to make sure that we've crossed our T's and dotted our I's."

Susan Dzieduszycka-Suinat, executive director of the Overseas Vote Foundation, which helps U.S. voters in foreign countries, says Internet and e-mail voting puts at risk what they fought for years to obtain by demanding earlier and easier delivery of ballots.
"We're pushing the envelope too early with what I call precious cargo," she says.
Security watchdogs agree.
"Nobody knows how to conduct an election that is immune to the kinds of attacks we in the security community know how to do," says David Jefferson, a computer scientist at Lawrence Livermore National Laboratory who chairs, an election security group. "We can't have our election systems exposed to cyberattacks."

No comments:

Post a Comment