Review group finds flaws in US e-voting system

A US government-funded internet-based voting system scheduled for use in the 2004 elections has several unresolvable security...

A US government-funded internet-based voting system scheduled for use in the 2004 elections has several unresolvable security vulnerabilities that leave it open to widespread vote tampering and privacy breaches.

The secure electronic registration and voting experiment (Serve) system has been built for the US Department of Defence's Federal Voting Assistance Programme (FVAP).

The system is being developed as part of a government initiative to make it easier for US armed force personnel, the Marines and overseas civilians to vote.

The Serve system is expected to be used by absentee voters from 50 counties in seven states and is designed to handle up to 100,000 votes.

Members of the review group assigned to identify potential problems with the system said the risks are so serious that  further development of Serve should be stopped and not attempted again until "both the internet and the world's home computer infrastructure have been fundamentally redesigned".

The problems lie in the inherent insecurities associated with internet and PC-based systems, said David Wagner, an associate professor at the University of California.

These include viruses and worms, denial-of-service attacks and website spoofing. An attack on the main Serve system or any of the PCs being used by voters could seriously compromise the results, Wagner said.

It would be relatively easy for malicious hackers to insert spoofed web pages that appear to belong to the Serve system but are designed to alter votes or prevent them from being cast, he said. A voter using a PC infected with a virus or worm could easily jeopardise the integrity of the system. The particularly dangerous part is that such hacks could be carried out without ever being detected.

Serve's website claims the online voting system "uses the latest security technology available" to protect voter information and ballot integrity.

The site also noted that every ballot cast is encrypted, and only the local election official in the voter's jurisdiction has the power to decrypt that vote.

Voters using the system will be issued digital signatures for identifying and authenticating themselves on Serve.

The full report is available online at

Jaikumar Vijayan writes for Computerworld

Read more on IT risk management