Steve Quayle News Alerts

February 6, 2004; Page A12
By Dan Keating
Washington Post Staff Writer

The Pentagon has canceled plans to collect votes over the Internet from military personnel and civilians abroad for this fall's presidential election because of security concerns.

The $22 million pilot project was intended to be used by about 100,000 voters from 50 counties in seven states. State election officials said they were told late Wednesday that it would not be used to count votes included in election results.

Computer-security specialists released a report last week saying the Internet and personal computers are so inherently vulnerable that the entire election could be undermined. That report was followed by requests from the overseas wings of both the Republican and Democratic parties not to be used as "guinea pigs" in a system where their votes might not be secure.

Overseas voters will be able to cast Internet ballots as part of a test intended to learn more about online voting. But to cast an actual vote in the presidential election, they will have to fill out and return the traditional paper absentee ballots.

The greatest security concern is the personal computer of the individual voter, said Paul W. Craft, an election official from Florida, one of the participating states. A virus or other hidden program in a voter's computer could monitor keystrokes and intercept -- or change -- votes. "They decided they could not mitigate that risk sufficiently for the 2004 election. We would not have used it unless they addressed that risk," he said.

The other states in the experiment are South Carolina, North Carolina, Utah, Arkansas, Washington and Hawaii. Craft said he supports continuing the experiment. Sticking to an arbitrary deadline can lead to unnecessary risks, he said, but taking time to fully develop the system could pay off in the long run.

Florida's 2000 election debacle led to calls for upgrading voting technology and improving collection of ballots from overseas voters. Internet voting has grown as an attractive choice, because it is easy and does not require purchasing expensive voting equipment.

R. Michael Alvarez, a California Institute of Technology political scientist who has a $1.8 million grant to monitor the project, wants to see the Pentagon's experiment continue.

"As a scientist trying to study it, I hope it will be used in ways that allow us to test it, with demonstration voting or mock voting or whatever, to get a closer look at the claims that have been raised about security," said Alvarez, who is co-director of the CalTech-MIT Voting Technology Project.

This year's experiment will make possible a more thorough technology test, said James McAvoy, spokesman for Accenture eDemocracy Services, the consultant developing the system. If there is no risk of election results being affected, the experiment can include a team of hackers trying to attack it, he said. The developers can then find out whether their security measures are sufficient.

"The demonstration is a way for us to prove that the Internet is viable, valuable and secure enough to use for casting absentee ballots," he said.

The security specialists who criticized the project were invited to participate in Alvarez's review.

"It's all the credit to them for inviting us onto the security panel when they anticipated we would say negative things about it, and then taking our advice that seriously. It's really incredible," said Avi Rubin, an associate professor of computer science and the technical director of the Information Security Institute at Johns Hopkins University.

No spokesman from the Federal Voting Assistance Program, which is based in the Pentagon, was available for comment yesterday afternoon.

http://www.washingtonpost.com/wp-dyn/articles/A17147-2004Feb5.html