21
Thu, Nov
1 New Articles

Weapons of Mass Election

Commentary
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

A new report entitled "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" has called for the halt of the deployment of SERVE in 2004 until underlying security issues have been resolved. At the heart of the report, written by a group of four security experts from academia and the private sector, are apprehensions about the security threats, the On Demand technology of Internet voting, and the stakes for democracy.

What Is SERVE?

SERVE is a project aimed at providing Uniformed Services members and overseas citizens the ability to register, request an absentee ballot, vote, and check registration status via the Internet throughout the absentee voting process. SERVE is a part of the Federal Voting Assistance Program (FVAP) that was mandated by Congress under the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) of 1986 and is currently run by the Department of Defense under Donald H. Rumsfeld.

Although SERVE is billed as an "experiment," it is currently scheduled to be deployed for the 2004 primary and general elections and is expected to handle up to 100,000 votes over the course of the year for the states of Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah, and Washington. By comparison, in the 2000 presidential election, a total of only 84 votes were cast by a predecessor system called Voting Over the Internet (VOI).

An Experiment Leading to Full Deployment

The eventual goal of SERVE is to support the entire population of eligible overseas citizens plus military personnel and their dependents. This population is estimated to number about six million, so the 2004 SERVE deployment is seen as a prototype for a very large future system.

However, in a year when the President of the United States is building his campaign for re-election upon issues of national security, this new report raises the specter of the infamous Florida re-count, the terrorist attacks of 9/11, the ongoing Internet virus and worm epidemics, and the potential for Denial of Service (DoS) attacks that could significantly impact the validity of this On Demand e-government experiment and election results as a whole. While such a terrible outcome might seem unlikely to some, the authors make a compelling technical case for a complete re-evaluation of the SERVE project.

E-Commerce Versus E-Voting

The basic premise of SERVE is that modern e-commerce security technologies can be modified and enhanced to enable individuals to cast their ballots in an election with the same success that consumers currently experience when purchasing goods over the Internet.

However, in analyzing the registration and voting mechanisms of SERVE in light of the current Internet security technologies available, the authors found a number of significant differences in the scope of the project and a basic lack of oversight in the security technologies employed. According to the authors, "voting requires a higher level of security than e-commerce. Though we know how to build electronic commerce systems with acceptable security, e-commerce grade security is not good enough for public elections." Why? What is the difference?

Voting Is a Non-Transferable Right

According to the authors, securing Internet voting is structurally different from--and fundamentally more challenging than--securing e-commerce. For instance, it is not a security failure if your spouse uses your credit card with your consent. However it is a security failure if your spouse votes on your behalf, even with your consent; the right to vote is not transferable.

Interruption of Service Nullifies Elections

Threats are more important to the outcome of a democratic election, too. For instance, a DoS attack on e-commerce transactions may mean that business is lost or postponed. However, such an attack on Internet voting would de-legitimize all the transactions that were cast. Yet the results to an election would be irreversible, disenfranchisement would be complete, and the validity of the outcome could never be assured. Such was exactly the point of the Florida recount in 2000.

Democracy Requires Verifiable, Anonymous Voting Results

The authors also point to the very special requirements that voting holds for maintaining the anonymity of the voter. Voting anonymity is one of the hallmarks of a free and open election, and detecting fraud in an electronic system of Internet voting requires a substantially different security scheme than e-commerce. For instance, in a commercial setting, customers can detect errors because their transactions are not anonymous, and the results of their purchases appear on billing statements that can be checked against electronic receipts. The opposite is true in the security requirements for Internet voting: The voter must be assured that his/her results are accurately accounted for in a setting of anonymity so that the vote cast may not be traced back to the voter. It is an issue of trust that strikes at the core of the "one-man/one-vote" compact of a democracy.

A Flawed Architecture in Current Internet Technology?

These differences between e-commerce and e-voting security make the strongest case for a full examination of the SERVE system before the 2004 elections. Yet, according to the authors of the report, who have studied the proprietary system being deployed, grave security risks have yet to be addressed. The 34-page report breaks these threats into logical groups and then examines the potential of these risks under the current SERVE architecture. According to their evaluation, the risks are high, while the technical Internet skill required to create the security threats are relatively low. According to the authors, these threats include the following:

DoS attacks against SERVE vote-recording servers

  • Trojan horse attacks against the voter's personal computer, preventing the casting of the vote or altering the ballot
  • On-screen electioneering in which the voter's ballot is hijacked, rerouted, or changed
  • Spoofing of the SERVE election site itself, through various easy-to-implement means
  • Physical alteration of the voter's personal computer to prevent or change votes
  • Untraceable insider attacks against the SERVE vote-recording servers
  • Untraceable, automated vote buying or selling across the Internet
  • Coercion of voters through electronic Internet surveillance of the voters' ballots
  • SERVE server-specific viruses that manufacture, steal, or alter votes

Assessing the Real Threat to Electronic Internet Voting

Electronic Internet voting is the Holy Grail of the On Demand e-democracy movement that is backed by IBM and other industry giants, as well as the open-source movement itself. Today, the future promise of Internet voting is an integral part of how computer software and hardware vendors market to governments and nations. This concern is practical in nature and financial at root. For instance, it's estimated that the recent recall election in California cost the beleaguered state over $63 million during a fiscal crisis in which the budget was already $8 billion in deficit. Elections are expensive, and ad hoc elections are even more so.

On the surface of it, the SERVE system appears to meet many of the goals of the e-democracy movement, providing electronic ballots, ease of implementation, rapid deployment, and the quick "on demand" results.

However, when security experts attempt to peer beneath the public face of nearly all of the electronic balloting systems that are being funded by the current U.S. Congress, they're brought up short by the proprietary nature of these products. All are the properties of private corporations, all provide limited access to the underlying code that runs them, and none are known to adhere to overall external international standards that might prevent security flaws, manipulation, or fraud. Those that are based upon Microsoft Windows technology are immediately suspect for similar reasons and for reasons of Microsoft's past track record in securing the Windows platform.

The real underlying fear of the authors of "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" is not that this experimental system will fail massively during 2004, but that its potential success using current Internet technologies might lead public officials to believe that it is inherently secure. To these experts, exactly the opposite is true: Even without access to the underlying code running the system, they can easily devise mechanisms that could thwart the intent of the voter. Their formal meetings with officials and technical experts within the SERVE program have not brought remedy to their concerns, and this warning report is the result.

On the one hand, the impact of SERVE in 2004 can be dismissed as merely "an experiment in e-democracy." After all, it will only be counting a mere 100,000 votes across eight states this year.

On the other hand, the fate of the 2000 election ended up in the hands of a much smaller number of voters in Florida, and the final number of uncounted votes is still a matter of hot debate.

The message of the authors of this report is simple: "We can and should do better than this flawed technology." Unless we do, we will all suffer from the security risk from some unknown weapon of mass election.

Thomas M. Stockwell is Editor in Chief of MC Press, LP.

Thomas Stockwell

Thomas M. Stockwell is an independent IT analyst and writer. He is the former Editor in Chief of MC Press Online and Midrange Computing magazine and has over 20 years of experience as a programmer, systems engineer, IT director, industry analyst, author, speaker, consultant, and editor.  

 

Tom works from his home in the Napa Valley in California. He can be reached at ITincendiary.com.

 

 

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: