Dear Senators and Representatives,
I was shocked, after all the evidence and agreement we've gotten over
the years about the problems of electronic ballots, to just hear that
the Colorado Senate is pushing for internet voting. Please put a stop
to this!
I am a consultant to Internet2 on Internet security and
authentication. I know how difficult the problems are and how bad the
state of security is out there.
Previous trials have been halted after it was demonstrated that given
the current problems with security of computers and the Internet, any
sort of internet voting is far too vulnerable to a plethora of
problems. See for example this official report, which concludes
that documents how easy it would be for any of a wide variety of
people, foreign and domestic, to subvert an election that included
any substantial amount of voting over the Internet:
A Security Analysis of the Secure Electronic Registration and Voting
Experiment (SERVE)
http://servesecurityreport.org/
...
[SERVE] has numerous other fundamental security problems that leave
it vulnerable to a variety of well-known cyber attacks (insider
attacks, denial of service attacks, spoofing, automated vote buying,
viral attacks on voter PCs, etc.), any one of which could be
catastrophic.
Such attacks could occur on a large scale, and could be launched by
anyone from a disaffected lone individual to a well-financed enemy
agency outside the reach of U.S. law. These attacks could result in
large-scale, selective voter disenfranchisement, and/or privacy
violation, and/or vote buying and selling, and/or vote switching even
to the extent of reversing the outcome of many elections at once,
including the presidential election. With care in the design, some of
the attacks could succeed and yet go completely undetected. Even if
detected and neutralized, such attacks could have a devastating
effect on public confidence in elections.
Such attacks could occur on a large scale, and could be launched by
anyone from a disaffected lone individual to a well-financed enemy
agency outside the reach of U.S. law. These attacks could result in
large-scale, selective voter disenfranchisement, and/or privacy
violation, and/or vote buying and selling, and/or vote switching even
to the extent of reversing the outcome of many elections at once,
including the presidential election. With care in the design, some of
the attacks could succeed and yet go completely undetected. Even if
detected and neutralized, such attacks could have a devastating
effect on public confidence in elections.
It is impossible to estimate the probability of a successful
cyber-attack (or multiple successful attacks) on any one
election. But we show that the attacks we are most concerned about
are quite easy to perpetrate. In some cases there are kits readily
available on the Internet that could be modified or used directly for
attacking an election. And we must consider the obvious fact that a
U.S. general election offers one of the most tempting targets for
cyber-attack in the history of the Internet, whether the attacker's
motive is overtly political or simply self-aggrandizement.
The vulnerabilities we describe cannot be fixed by design changes or
bug fixes to SERVE. These vulnerabilities are fundamental in the
architecture of the Internet and of the PC hardware and software that
is ubiquitous today. They cannot all be eliminated for the
foreseeable future without some unforeseen radical breakthrough. It
is quite possible that they will not be eliminated without a
wholesale redesign and replacement of much of the hardware and
software security systems that are part of, or connected to, today's
Internet.
Please stop this bill.
Thank you,
Neal McBurnett http://bcn.boulder.co.us/~neal/
Boulder CO
303-494-6493
Signed and/or sealed mail encouraged. GPG/PGP Keyid: 2C9EBA60