While four members of a panel asked to review the SERVE program — designed to allow Americans overseas to vote over the Net — said it was insecure and should be abandoned, the NYT quoted Accenture, the main contractor, as saying the researchers drew unwarranted conclusions about future plans for the voting project. “We are doing a small, controlled experiment,” Meg McLauglin, president of Accenture eDemocracy Services, was quoted as saying.
Another side to this pointed out by the loose wire reader: Accenture says that the four researchers were a minority voice, and that five of the six others ‘would not recommend shutting down the program’. One of the other outside reviewers, Ted Selker, a professor at the Massachusetts Institute of Technology, disagreed with the report, and was quoted by the NYT as saying it reflected the professional paranoia of security researchers. “That’s their job,” he said. In response one of the four naysayers noted that they were the only members of the group who attended both of the three-day briefings about the system.
The reader also makes this observation: “One of their complaints is that the Internet is inherently unsafe, which may be true. I don’t believe that the US Postal Service (which is the current method for transmitting absentee ballots) is inherently safe either. Ever seen a bag of mail sitting in a building lobby waiting for pickup? I have.” Fair enough, but unless the bag contained ballots (something I have seen in, er, less security conscious democracies), I don’t think it’s a fair comparison, since a few tampered or misdirected ballots would not undermine the integrity of the election.
The security compromises in SERVE are likely to be at the server level, where hackers could either alter delivered votes, mimic voter activity, or disrupt legitimate voters from placing their ballot. This could be done on a scale that would undermine the integrity, or at least could be believed to do so. Remember: In an electronic election (where no parallel paper ballot is collected), a claim of largescale tampering is enough to undermine confidence in the result.
My tupennies’ worth? Although the E stands for experiment, I don’t see SERVE as a ‘controlled experiment’. The NYT says the program will be introduced “in the next few weeks” and covers seven states, and a possible 100,000 people this year. That doesn’t sound like an experiment to me. Maybe I’m missing something here, but I don’t really see how you can conduct an experiment in a live voting environment. What happens if there’s a suggestion the system has been compromised, either during or after the vote? I always thought that voting systems were either approved, credible and acceptable or not in public use. Of course it’s fine to have an ‘experiment’ where the only experimental part is, say, the user-aspects of the voting process. But security can surely never be part of an experiment in a live voting situation.
Security experts are paid to be skeptical. If they raise a warning flag as big as this, I think they should be listened to.