[VotoEletronico] Report Finds "Fundamental" Flaws in Pentagon E-Voting System

Fri, 30 Jan 2004 06:40:02 -0800

 Report Finds "Fundamental" Flaws in Pentagon E-Voting System

======================================================================

A recent peer review study of an Internet-based voting system

developed by the Pentagon found "fundamental" security risks and

recommended that the system not be used in the 2004 general election.

The report, released by the Security Peer Review Group of the Federal

Voting Assistance Program, reviewed the election system known as the

Secure Electronic Registration and Voting Experiment (SERVE). SERVE

is intended to allow personnel to vote in their local elections over

the Internet, from anywhere in the world. SERVE is slated to be

available for use by citizens abroad and military personnel from seven

states to vote in the 2004 general elections.

The report found that SERVE suffered from various security weaknesses

found in other electronic voting systems, and more fundamental

security problems due to its reliance on the Internet. SERVE lacks a

paper audit feature, and is also vulnerable to common Internet

attacks, such as viruses or hacking. Moreover, the report found that

SERVE was vulnerable to a broad range of threats, from lone

individuals manipulating the system to well-organized attacks. Such

incidents could result in election tampering and disenfranchisement,

affecting the results of local and presidential elections. Further,

the report found that such assaults could go undetected. Because of

the relative ease of perpetrating such attacks and the great damage

that would result, the report advocated that SERVE not be used at all.

The report states that these vulnerabilities stem from the

architecture of the Internet and computing. After reviewing a number

of modifications of SERVE and determining that none addressed the

fundamental weaknesses, the report concluded that a wholesale redesign

and replacement of many of the computers on the Internet would be

required to address these problems. The report found that the most

promising of the SERVE variations is a kiosk architecture that would

not rely on unsecured software or the Internet.

The SERVE Security Analysis Report:

http://www.servesecurityreport.org/

Verified Voting Coalition:

http://www.verifiedvoting.com

For more information about electronic voting, see EPIC's Voting Page:

http://www.epic.org/privacy/voting/

======================================================================

Responder a