The experts--three computer science professors and a former IBM researcher--said on Wednesday that creating an e-voting system that both guarantees each person votes once and protects the voter's identity is impossible on the current Internet system.
"Basing a voting system on the Internet poses unavoidable risks of voting fraud and privacy risks," said David Wagner, an associate professor of computer science at the University of California at Berkeley. "They are unavoidable and can't be fixed."
The report comes as the U.S. Department of Defense prepares to launch the Secure Electronic Registration and Voting Experiment, a system that will let absentee military voters in 50 counties place their votes; the inauguration of the technology will occur with South Carolina's presidential primary on February 3. Eventually, the program will be expanded to handle the votes of nearly 6 million U.S. military personnel and civilians abroad.
Early elections may dodge any online attacks because the number of potential voters will initially be small, according to the security experts. However, early successes could lead to widespread adoption of the system, which would eventually leave entire elections open to attack, the report said.
"If you vote from an insecure home computer over an insecure network, you have an insecure election," Wagner said.
Wagner and the other authors of the report were four of the 10 security researchers who analysed the planned system at the request of the Federal Voting Assistance Program (FVAP), a branch of the U.S. Department of Defense. The six other members believed the system could work, said Glenn Flood, a spokesman for FVAP.
"Security is something that we have been concerned about from the beginning," he said, adding that the department and its contractors took security advice into account. "We didn't just learn about these concerns today."
After reading about the fiasco in the USA over this, I'm hardly surprised to hear this. They are quite correct - the internet's very PRESENT nature makes for poor security.