Thousands of Michigan Democrats have cast ballots for Saturday's caucuses using an Internet system that security experts say shares some of the risks found in a just-scrapped Pentagon effort.
Party officials insist they have safeguards and note that these particular ballots, unlike those in the $22 million Pentagon (search) program, are not meant to be secret.
On Thursday, the Pentagon cited security concerns in announcing the cancellation of a program that would have let as many as 100,000 military and overseas citizens vote online in November.
"I believe that Michigan should take their cue from the Pentagon," said Avi Rubin, a Johns Hopkins professor who studies security in voting systems. "Internet voting is not secure. Period."
Voting in Michigan began in early January, long before the Pentagon decision, which reflects concerns that the legitimacy of Internet votes cannot be assured.
Mark Brewer, executive chairman of the Michigan Democratic Party (search), stood by his system Friday, saying, "The Pentagon system, from what I know of it, is far different than ours."
Experts worry that more states might be encouraged by the Michigan Democrats' endeavor to try out online voting, making elections an increasingly tempting target for hackers.
Lorrie Cranor, an online voting expert at Carnegie Mellon University, said potential attackers may simply wait until Internet voting is more widely used — by then it will be harder to stop.
Rubin and three other experts on a 10-member Pentagon peer-review committee had urged the cancellation of the military system, saying Internet voting cannot be made secure using today's technologies. As currently constituted, they say, the Internet is inherently prone to hacking and viruses.
Defense officials are now exploring alternative voting systems and may still run the scrapped system, but without having the votes count.
Internet voting has been used in local elections in other countries, including Britain and Switzerland, but U.S. election officials have been hesitant, eyeing the results of the Pentagon effort and party-run contests.
The Pentagon cancellation "doesn't mean Internet voting is dead, but its eventual introduction at a larger scale is further off today than it was a week ago," said Doug Chapin, director of the research organization ElectionLine.org (search).
But a flawless showing in Michigan could create pressure from the electorate, said Harris Miller, president of the Information Technology Association of America (search) and a longtime election poll worker.
"People shop online every day. Businesses do online financial transactions worth trillions of dollars. Why shouldn't you be able to vote online?" he asked.
Arizona Democrats led the way in 2000 as 45 percent of the 86,970 voters used the Internet to cast their primary ballots. For the general election, 84 citizens used the Internet to submit ballots to Florida, South Carolina, Texas and Utah.
The Michigan Democratic Party saw Internet voting as a way to increase turnout. Being party-run, the contest is not subject to the same certification requirements as government-run elections.
About 123,000 registered Democrats requested ballots to vote online or by mail. To vote online, voters enter personalized codes from the ballot, along with place and date of birth.
More than 50,000 have voted, about half over the Internet. Online voting is open through Saturday afternoon. At caucuses, organizers will have lists of people who already voted, and party officials will go through ballots again afterward to reject duplicates.
Brewer said those safeguards — along with encryption and firewalls — are adequate.
Security experts disagree.
"That's completely ignoring the fact that if I'm voting from a computer infected by a virus, all bets are off," said Barbara Simons, who co-wrote the Pentagon report and testified against the Michigan system before the Democratic National Committee. "It can change my vote before sending it out to the Internet."
The Pentagon report had raised similar concerns about viruses written specifically to change votes. It also said viruses and keystroke recorders that can infect public terminals, such as at cybercafes, could compromise ballot security.
Michigan's ballots, however, are not secret, making it easier to verify, if challenged, that a vote got recorded as intended, Brewer said.
But officials may never have reason to suspect foul play and thus won't know to check, said Lauren Weinstein, a veteran computer scientist not involved with either voting system.
The Pentagon and Michigan systems use different vendors that both grew out of Election.com, the company that ran Arizona's 2000 Democratic primary on behalf of the party. Last Tuesday's government-run primaries in Arizona had no online component.