Risky Votes

Despite warnings from computer experts that a $22 million online voting system is plagued by security risks, the Pentagon is moving forward with the project.

Known as Secure Electronic Registration and Voting Experiment, or SERVE, the system lets U.S. military members and their dependents or U.S. citizens living abroad vote in this year's presidential election via the Internet. SERVE effectively puts the mail-in absentee ballot system online.

The voting device is touted for allowing users to register online and check that their ballots were counted. But the authors of a new report -- which the government commissioned -- say SERVE is fraught with security risks.

The group noted that electronic voting booths have already shown to have numerous security flaws and other problems that make the systems unreliable. Those problems apply to SERVE as well, but because it is an Internet and PC-based system, the risks are multiplied. "[SERVE] has numerous other fundamental security problems that leave it vulnerable to a variety of well-known cyber attacks…any one of which could be catastrophic," the authors wrote.

Electronic voting, which has been debated for years, took on new relevance following the hotly contested 2000 presidential election, in which officials in Florida had to manually count paper ballots. They often found it was difficult or impossible to tell which candidate a voter meant to select. Electronic voting booths were supposed to fix that problem, but studies and investigative reports have raised doubts about the credibility of the machines.

Despite concerns that an online voting system is vulnerable to worms, viruses and other Internet-based security risks, the Defense Department has no plans to halt SERVE. Glenn Flood, a Pentagon spokesman, said last week, "The Defense Department stands by the SERVE program. We feel it's right on at this point, and we're going to use it."

Technology companies were quick to pounce on the experts' findings, and to dismiss them. Harris Miller, president of the Information Technology Association of America, called the report "academic" and said stopping SERVE "is the kind of risk-averse thinking that would send agoraphobics running into the streets."

The study's authors include prominent computer scientists who have researched government technology programs, including the controversial Terrorism Information Awareness project that was proposed by the Defense Advanced Research Projects Agency. For that project, TIA would scan large public and private databases of citizens' transactions for telling indicators of a terrorist attack.

A pair of experts who are watching SERVE's progress, as well as the Feb. 7 Michigan Democratic primary, which will allow online voting, say the process is characterized by experimentation. "The transition to the widespread use of Internet voting cannot, and should not, occur overnight," said Thad E. Hall of the Century Foundation in a statement last week. "There must be a deliberate strategy -- involving experimentation and research -- that moves along a rational path to Internet voting."

NASA Gets Smart

The General Services Administration announced last week that it has awarded a $93 million task order to develop a "state-of-the-art smart card" for NASA employees, which they would use to access agency facilities and information systems.

NASA is the lead agency on the program -- a pilot project for the federal government -- which has been in the planning stages for two years. GSA's Federal Technology Service awarded the task order to help develop the card to Maximus Inc. of Reston, Va.

Billed as the "One NASA" card, it will verify an individual's identity as he presents the card to a digital reader when entering facilities or accessing computer systems. David Saleeba, NASA's assistant administrator for security management and safeguards, said that the agency plans to run a small trial in May at the Marshall Space Flight Center in Huntsville, Ala. If that's successful, the card will be issued to 2,000 employees for additional testing, he said. And if all goes well with that phase, NASA plans to deploy more than 100,000 cards by the end of fiscal 2005, as long as the Office of Management and Budget approves, Saleeba added.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.