Risky Votes

By Shane Harris

January 27, 2004

Despite warnings from computer experts that a $22 million online voting system is plagued by security risks, the Pentagon is moving forward with the project.

Known as Secure Electronic Registration and Voting Experiment, or SERVE, the system lets U.S. military members and their dependents or U.S. citizens living abroad vote in this year's presidential election via the Internet. SERVE effectively puts the mail-in absentee ballot system online.

The voting device is touted for allowing users to register online and check that their ballots were counted. But the authors of a new report -- which the government commissioned -- say SERVE is fraught with security risks.

The group noted that electronic voting booths have already shown to have numerous security flaws and other problems that make the systems unreliable. Those problems apply to SERVE as well, but because it is an Internet and PC-based system, the risks are multiplied. "[SERVE] has numerous other fundamental security problems that leave it vulnerable to a variety of well-known cyber attacks…any one of which could be catastrophic," the authors wrote.

Electronic voting, which has been debated for years, took on new relevance following the hotly contested 2000 presidential election, in which officials in Florida had to manually count paper ballots. They often found it was difficult or impossible to tell which candidate a voter meant to select. Electronic voting booths were supposed to fix that problem, but studies and investigative reports have raised doubts about the credibility of the machines.

Despite concerns that an online voting system is vulnerable to worms, viruses and other Internet-based security risks, the Defense Department has no plans to halt SERVE. Glenn Flood, a Pentagon spokesman, said last week, "The Defense Department stands by the SERVE program. We feel it's right on at this point, and we're going to use it."

Technology companies were quick to pounce on the experts' findings, and to dismiss them. Harris Miller, president of the Information Technology Association of America, called the report "academic" and said stopping SERVE "is the kind of risk-averse thinking that would send agoraphobics running into the streets."

The study's authors include prominent computer scientists who have researched government technology programs, including the controversial Terrorism Information Awareness project that was proposed by the Defense Advanced Research Projects Agency. For that project, TIA would scan large public and private databases of citizens' transactions for telling indicators of a terrorist attack.

A pair of experts who are watching SERVE's progress, as well as the Feb. 7 Michigan Democratic primary, which will allow online voting, say the process is characterized by experimentation. "The transition to the widespread use of Internet voting cannot, and should not, occur overnight," said Thad E. Hall of the Century Foundation in a statement last week. "There must be a deliberate strategy -- involving experimentation and research -- that moves along a rational path to Internet voting."

NASA Gets Smart

The General Services Administration announced last week that it has awarded a $93 million task order to develop a "state-of-the-art smart card" for NASA employees, which they would use to access agency facilities and information systems.

NASA is the lead agency on the program -- a pilot project for the federal government -- which has been in the planning stages for two years. GSA's Federal Technology Service awarded the task order to help develop the card to Maximus Inc. of Reston, Va.

Billed as the "One NASA" card, it will verify an individual's identity as he presents the card to a digital reader when entering facilities or accessing computer systems. David Saleeba, NASA's assistant administrator for security management and safeguards, said that the agency plans to run a small trial in May at the Marshall Space Flight Center in Huntsville, Ala. If that's successful, the card will be issued to 2,000 employees for additional testing, he said. And if all goes well with that phase, NASA plans to deploy more than 100,000 cards by the end of fiscal 2005, as long as the Office of Management and Budget approves, Saleeba added.


By Shane Harris

January 27, 2004

http://www.govexec.com/technology/2004/01/risky-votes/15792/