Pentagon Cancels Internet Voting System

Citing security concerns, the Pentagon has canceled Internet voting that would have involved as many as 100,000 military and overseas citizens from seven states in November, a Defense Department official said Thursday.

The announcement comes two weeks after outside security experts urged the program's cancellation in a scathing report. They said hackers or terrorists could penetrate the system and change votes or gather information about users. At the time, the Pentagon said it felt confident enough to proceed.

But Deputy Defense Secretary Paul Wolfowitz (search) has since decided to scrap the system because Pentagon officials were not certain they could "assure the legitimacy of votes that would be cast," said a Pentagon official who spoke on condition of anonymity.

The official said alternative voting systems will now be considered, possibly using the Internet as well. The official could not say when, if ever, such a system would be ready.

Accenture eDemocracy Services (search), the vendor that built the system, issued a statement indicating testing will continue.

"This is now an opportunity to demonstrate that the Internet is viable, valuable and secure enough to use for filing absentee ballots," said Meg McLaughlin, the Accenture unit's president. "We are confident that sending absentee ballots via the Internet is just as secure and reliable as sending them by mail."

Computer scientists were elated.

"We certainly share their desire to make sure that our military people have the opportunity to vote in the national election, but it's always been our contention that we're not doing them any favor by providing them an insecure system on which to vote," said Barbara Simons, one of four co-authors of the critical Pentagon voting report and a former president of the Association for Computing Machinery.

The Secure Electronic Registration and Voting Experiment, or SERVE, was designed to help overseas citizens vote in U.S. elections. Nearly one in three overseas soldiers registered to vote in the 2000 presidential election didn't receive ballots in time.

In a smaller Internet voting trial conducted that same year by the Pentagon's Federal Voting Assistance Program, 84 citizens submitted online ballots to Florida, South Carolina, Texas and Utah.

This year's $22 million trial, also overseen by the Pentagon agency, was to have covered 50 counties in Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah and Washington. It would have been open to non-military Americans abroad and military personnel stationed at U.S. and foreign bases. Any Internet-connected computer running Windows operating systems, including at a cybercafe, could have been used for voting.

The system was to be ready for the general elections and possibly later primary states, though it had not been certified in time for use in Tuesday's South Carolina primary.

About 6 million U.S. voters live overseas, most of them members of the military or their relatives.

The report from Simons and three other experts on a 10-member Pentagon peer-review panel said Internet voting could not be made secure — at least using today's technology — primarily because the Internet and personal computers are inherently vulnerable to hackers and viruses.

The experts specified these central risks, among others:

— There is no way to verify that the vote recorded inside the system is the same as the one cast by the voter.

— It might be possible for hackers to determine how a particular individual voted, "an obvious privacy risk."

— The system may be vulnerable to attacks from many quarters, some undetectable. Stealth programs as trojan horses that harvest data are sometimes installed on public computer terminals.

Doug Lewis, executive director of the Houston-based Election Center research group, said the Pentagon decision will likely set back Internet voting. Many states had been awaiting the results of the trial before committing to widespread online voting.

Michigan Democrats already have begun online voting leading up to Saturday's caucuses, which are run by the party and are thus not subject to election certification requirements. Party officials did not return calls Thursday seeking comment on the Pentagon decision.