E-Voting, As it Advances, Faces Big Risks

On the eve of Tuesday’s midterm elections, computer experts are sounding an alarm about possible problems with the electronic systems that two in every five voters will be using.

They are also criticizing the Defense Department’s decision to let some overseas military personnel send in their votes via E-mail.

The Defense Department’s program, called the Interim Voting Assistance System, was put together between June 15 and Sept. 1. That is a tight timeframe for a system of such complexity, said Barbara Simons, a former scientist at IBM Research who co-authored a paper criticizing the IVAS system late last month. While allowing voting over the Internet may seem like a natural way to get younger voters involved, Simons said “there is a fundamental problem” that might not be appreciated by people who have come to regard the Internet as safe for other kinds of transactions, such as buying a book at Amazon.

“That’s not a secret transaction&#151you wantAmazon to know who you are,” Simons said in a phone interview. By contrast, voting is supposed to be a private affair. “I’m personally offended that people who are fighting and dying for our country are being told they have to give up their right to vote in secret.”

Simons said that the Defense Department’s use of unencrypted E-mail will expose soldiers to identity theft, and creates the possibility that a hacker or foreign government may intercept a vote and change it.

A defense department spokesman, Stewart Upton, acknowledged there are risks with the E-mail part of the IVAS system but said the department had taken pains to warn soldiers of those risks. He said that ballots sent by E-mail won’t pass through the hands of any government official before being received by a local election official.

Maj. Upton also said that he did not yet know how many overseas military personnel would use IVAS. Through Oct. 29, the military had distributed some 137,000 absentee ballots.

In any event, any problems with IVAS will likely pale next to those within the U.S., where some 66 million registered voters will be using direct recording electronic (DRE) voting equipment Tuesday, many for the first time.

In September, researchers at Princeton University published a paper criticizing the security holes in the AccuVote-TS, the electronic device to be used by the largest number of voters. The AccuVote’s manufacturer, Diebold Election Systems, said Princeton had focused on physical vulnerabilities that won’t be relevant on Election Day.

But former IBMer Simons, who is now a technology policy consultant, said manufacturers and politicians can talk all they want about the steps they’ve taken to safeguard electronic voting.

“You can fix the problems you know about,” she said. “But somebody’s going to attack you at your weak point, on something you haven’t thought about. That’s the fundamental problem with computer security.”