Published January 14, 2015
An Internet voting (search) system developed by the Pentagon for U.S. citizens overseas is so vulnerable to attacks that it should be scrapped, four computer security experts said in a report released Wednesday.
But the Pentagon is standing by the system, which could get its first test Feb. 3 in South Carolina's primary election.
The four computer security experts say the Secure Electronic Registration and Voting Experiment (search), or SERVE, could be penetrated by hackers who could change votes or gather information about users.
"Internet voting presents far too many opportunities for hackers or even terrorists to interfere with fair and accurate voting, potentially in ways impossible to detect," the computer experts said in a statement. "Such tampering could alter election results, particularly in close contests."
Defense Department spokesman Glenn Flood said the Pentagon was confident the system is secure.
"We knew from the start that security would be the utmost concern," Flood said. "We've had things put in place that counteract the things they talked about."
The experts specified these risks, among others:
--There is no way to verify that the vote recorded inside the system is the same as the one cast by the voter.
--It might be possible for hackers to determine how a particular individual voted, "an obvious privacy risk."
--The system may be vulnerable to attacks from many quarters, some undetectable.
"Not only could a political party attempt to manipulate an election by attacking SERVE, but so could individual hackers, criminals, terrorists, organizations such as the Mafia and even other countries," the report said.
The report noted that four states tried a limited form of Internet voting in the 2000 election, handling only 84 votes. They were Florida, South Carolina, Texas and Utah.
Another concern was that because of the automated nature of the system, it might be vulnerable to vote buying, selling or swapping in large numbers.
In 2000, the report said, the first Internet-based attempt at vote swapping in a presidential election was seen with the creation of a Web site to encourage swapping between voters for Al Gore and Ralph Nader.
While that attempt depended on the honor system and no money changed hands, similar characteristics in SERVE could give rise to enforced vote-swapping or to the purchase of votes, the report said.
The four security experts are among 10 the Pentagon asked to study the SERVE system and look for vulnerabilities. The other six experts decided not to issue a report, Flood said.
The four experts are Aviel Rubin of the Johns Hopkins University, David Wagner of the University of California at Berkeley, David Jefferson of the Lawrence Livermore National Laboratory and independent consultant Barbara Simons.
So far, seven states have signed on to the experimental system: Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah and Washington.
Flood said the system may be available for South Carolina expatriates (search) to use during the coming primary, "but for sure it will be available for the November elections."
About 6 million U.S. voters live overseas, most of them members of the military or their relatives, Flood said. The computer experts said the SERVE system is designed to handle about 100,000 votes from the seven states.
Michigan is using a separate system for its Democratic presidential caucuses.