SERVE Security Hopelessly Flawed

The seemingly ubiquitous Benedict Spinoza (that can’t be a real name) of American Samizdat and Benedict@Large has yet another interesting blog, it seems. This one’s called Black Box Notes, and it’s dedicated to news about the electronic voting system. The latest post links to a report on Wired News that a bevy of experts from Lawrence Livermore Laboratories and Johns Hopkins University (among other places) strongly recommends scrapping the SERVE system that’s supposed to be used to collect overseas votes because its security is so flawed.

Researchers warned last week that an Internet voting system designed for Americans overseas to use in the November presidential election should be scrapped — because Internet insecurities could compromise the election.The government dismissed the researchers’ findings, saying the report offered false conclusions about the security of the Secure Electronic Registration and Voting Experiment, or SERVE, system. The evaluation was written for the Defense Department by four of 10 computer experts assembled by the Federal Voting Assistance Program.

“They didn’t know that we would come up with a conclusion as strongly as we did that they really shouldn’t field this system,” David Jefferson, a computer scientist at Lawrence Livermore National Laboratory in California and one of the report authors, said. “But once we decided that the system was sufficiently dangerous, we felt we had to recommend it couldn’t go forward.”

Jefferson expressed concern that the test-run will occur during an important presidential election. “They think the value of the experiment outweighs the risk; we don’t,” he said.

SERVE is the program that will register and count the votes of the absentees, the largest chunk of which would be military, an all-important sector of Bush’s base. After 3 solid years of Republicans cutting veterans’ benefits and making promises they have blithely broken, it would seem that that vote is no longer as automatically Republican as it was last time. I don’t want to sound paranoid but with WH pol-ops outing covert agents and Publican Congressional staffers hacking into Democratic files for more than a year proving that the Pubs don’t have a lot of integrity mixed into their “winning is all that matters” philosophy, the scope for potential vote-theft is massive. There are a number of ways it could be done:

The researchers said an Internet voting system that allows ballots to be cast through personal computers would be vulnerable to viruses and worms, spoofing attacks (in which a hacker could intercept and change votes using a fake site resembling the real voting site) or a DoS attack preventing voters from accessing the real site.

Imagine this not-unimaginable scenario:

Tom DeLay sets up a spoof operated by the same staffers who hacked into the Congressional Democrats’ network and intercepts the estimated 6M votes coming in from overseas, most of them military, before they get to the official server. If they’re Republican votes, he passes them on to the server to be counted; if they’re Democratic, he deletes them or changes them into Republican votes. If done properly, the experts warn, there would be no way to know whether or not the votes had been tampered with.

Too cynical and suspicious? Maybe, but in the last 3 years being cynical and suspicious has been a good way to accurately predict Republican tactics. And with the questions swirling around the oddities in the Georgia voting, for instance, that centered on electronic voting machines spitting out results almost opposite to poll results in the same districts, and with the fact that in almost every single election in which electronic voting results were considered anomalies it was the Republicans who gained from them, a little suspicion may be a necessary defense mechanism.

It’s becoming more obvious every day that we can’t afford a system of voting that doesn’t provide a paper trail for checking electronic results against actual voter intentions. Without a paper trail, the risks of fraud are too great.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s