Dear Senators and Representatives, I was shocked, after all the evidence and agreement we've gotten over the years about the problems of electronic ballots, to just hear that the Colorado Senate is pushing for internet voting. Please put a stop to this! I am a consultant to Internet2 on Internet security and authentication. I know how difficult the problems are and how bad the state of security is out there. Previous trials have been halted after it was demonstrated that given the current problems with security of computers and the Internet, any sort of internet voting is far too vulnerable to a plethora of problems. See for example this official report, which concludes that documents how easy it would be for any of a wide variety of people, foreign and domestic, to subvert an election that included any substantial amount of voting over the Internet: A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE) http://servesecurityreport.org/ ... [SERVE] has numerous other fundamental security problems that leave it vulnerable to a variety of well-known cyber attacks (insider attacks, denial of service attacks, spoofing, automated vote buying, viral attacks on voter PCs, etc.), any one of which could be catastrophic. Such attacks could occur on a large scale, and could be launched by anyone from a disaffected lone individual to a well-financed enemy agency outside the reach of U.S. law. These attacks could result in large-scale, selective voter disenfranchisement, and/or privacy violation, and/or vote buying and selling, and/or vote switching even to the extent of reversing the outcome of many elections at once, including the presidential election. With care in the design, some of the attacks could succeed and yet go completely undetected. Even if detected and neutralized, such attacks could have a devastating effect on public confidence in elections. Such attacks could occur on a large scale, and could be launched by anyone from a disaffected lone individual to a well-financed enemy agency outside the reach of U.S. law. These attacks could result in large-scale, selective voter disenfranchisement, and/or privacy violation, and/or vote buying and selling, and/or vote switching even to the extent of reversing the outcome of many elections at once, including the presidential election. With care in the design, some of the attacks could succeed and yet go completely undetected. Even if detected and neutralized, such attacks could have a devastating effect on public confidence in elections. It is impossible to estimate the probability of a successful cyber-attack (or multiple successful attacks) on any one election. But we show that the attacks we are most concerned about are quite easy to perpetrate. In some cases there are kits readily available on the Internet that could be modified or used directly for attacking an election. And we must consider the obvious fact that a U.S. general election offers one of the most tempting targets for cyber-attack in the history of the Internet, whether the attacker's motive is overtly political or simply self-aggrandizement. The vulnerabilities we describe cannot be fixed by design changes or bug fixes to SERVE. These vulnerabilities are fundamental in the architecture of the Internet and of the PC hardware and software that is ubiquitous today. They cannot all be eliminated for the foreseeable future without some unforeseen radical breakthrough. It is quite possible that they will not be eliminated without a wholesale redesign and replacement of much of the hardware and software security systems that are part of, or connected to, today's Internet. Please stop this bill. Thank you, Neal McBurnett http://bcn.boulder.co.us/~neal/ Boulder CO 303-494-6493 Signed and/or sealed mail encouraged. GPG/PGP Keyid: 2C9EBA60
Attachment:
signature.asc
Description: Digital signature