By Shane Harris
February 3, 2004Critics and supporters of a new Pentagon-funded online voting system are digging in their heels in the debate over whether it should be scrapped over concerns that it's vulnerable to error and tampering. Now, a new dispute has developed not over the substance of the criticism, but the fact that it was aired at all.
On Jan. 20, a group of four computer scientists issued a report outlining potential information security risks associated with the Defense Department's Secure Electronic Registration and Voting Experiment (SERVE). The department plans to use the remote Internet voting system to allow some military personnel and U.S. civilians living abroad to vote electronically in the upcoming presidential election. But because of the security risks, the experts recommended that officials halt the voting experiment.
The Pentagon invited the report's authors, several of whom are well-known skeptics of electronic voting machines and Internet-based voting, to critique SERVE's technological design. But it now appears that Defense officials, as well as the contractors building SERVE, never expected the experts to publicly release a report on security concerns in advance of a fuller study of the program.
The computer experts said that running the SERVE software online makes it vulnerable to attacks by worms, viruses and other kinds of hacking. The scientists posted their findings at http://www.servesecurityreport.org. Quickly, though, lobbyists for the information technology industry, Pentagon officials and executives of the company leading SERVE's construction dismissed the experts' warnings as a "minority report," because they were not crafted by the full panel of 10 experts reviewing the voting system.
Avi Rubin, one of the report's authors, said that SERVE officials were well aware of the publicly skeptical stance he and others had taken with respect to the security and integrity of online voting systems. Rubin, an associate professor of computer science at Johns Hopkins University, and three other experts met twice to discuss their concerns, and decided between those two meetings to release a report focused solely on the security risks they perceived, said Barbara Simons, a co-author and a member of the Association for Computing Machinery. The other six SERVE reviewers didn't contribute to the final report because it focused on areas outside their expertise, Rubin and Simons said.
The Pentagon immediately distanced itself from the findings, saying, through a spokesman, that officials were confident in the security features that had been built into SERVE, and that they still planned to use it.
An executive with Accenture, which leads the team of SERVE designers, said the experts evaluated SERVE as if it were a full-fledged system serving a potential voter pool of 6 million Americans overseas. That was misleading, because the project will probably involve no more than 100,000 volunteers, an essentially controlled environment of test subjects, said Meg McLaughlin, president of Accenture's eDemocracy Services unit.
Last week, Accenture released a number of "inaccuracies" contained in the SERVE report, which they said hadn't been corrected before the report was released publicly. The experts only corrected the contested points and issued a final report after giving draft copies to some members of the media, McLaughlin said.
But Simons countered, "That's absolutely not correct." A draft copy was released exclusively to The New York Times before the group issued its final report, Simons said, but she noted that a final, corrected copy also was released, after Defense officials and Accenture noted which points they wanted changed.
The corrected report is online today, and is the version that several news outlets used in their reporting. The Times story, in fact, ran in the newspaper two days after Simons' group posted the updated report. The Washington Post and The Los Angeles Times published similar stories the same day.
It now appears that SERVE officials were eager from the beginning to keep the security experts' findings under wraps. Defense officials asked the group to sign a non-disclosure agreement, stipulating that they wouldn't discuss their opinions publicly, Rubin and Simon said. The group refused, and the department ultimately agreed to allow them to review SERVE without promising to stay silent.
While the war of words has heated up, the debate over SERVE's risks remains. For their part, the critics say that the Internet is so lacking in security that no online voting system can ever be immune from attacks.
McLaughlin doesn't disagree. But she points out that mail-in absentee ballots can be tampered with, too, that the online system allows users to double-check their ballots before submitting them, and that election officials on the receiving end can also recheck the ballots against master records the company will maintain at a physically and electronically secure facility.
McLaughlin said the SERVE project would proceed as planned. The small group of overseas voters will participate in the general election for president in November, and she said those from the seven states participating in the project may be able to vote online in their primaries, as well.
Rubin said he doesn't expect the Pentagon will ask for his input on SERVE in the future.
"It's pretty much out of our hands," he said, adding that, based on his history of speaking out against such projects, "I wonder why they even invited me."
By Shane Harris
February 3, 2004