Secure Electronic Registration and Voting Experiment

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Election technology
Terminology
Testing
Technology
Manufacturers

Secure Electronic Registration and Voting Experiment (SERVE) was an experiment by theFederal Voting Assistance Program (FVAP) to allow military personnel and overseas citizens covered by the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) to vote in elections in the United States via the Internet.[1][2] While called an experiment, SERVE included participation from 51 counties including up to 100,000 voters and ballots cast would have be counted toward actual election results.[3][4] According to the SERVE security report, there were "two groups of eligible voters: (1) American citizens living outside the U.S., and (2) military personnel and their dependents, regardless of whether they reside in the U.S. or overseas."[5]

The project was contracted by FVAP to Accenture, who in turn subcontracted Avenade, Hart InterCivic, Hewlett-Packard, VeriSign, election.com, and others.[6][7]

The project was cancelled in 2004 after a report critical of the program was published.[4] Accenture, who acquired election.com in 2003,[3] has received criticism for its role in SERVE and other failed and cancelled electronic voting and registration projects.[8]

Expansion[edit]

In 2013, the Migration Policy Institute published a report that claimed there were "2.2 million to 6.8 million Americans" living in at least 100 countries.[9] Up until this time, Americans living abroad would have to take several steps to be able to vote in their home districts, often having to correspond via mail numerous times in order to obtain identity information and permission to be able to get a mail-in-ballot. This also presented a problem, because some of the countries that are housing Americans do not have the most reliable mail systems.[10] With legal-binding deadlines to register and cast ballots, this time-consuming process may hinder many individuals from voting. According to the Security Analysis report, the Secure Electronic Registration and Voting Experiment was established to minimize time spent voting by creating an online platform, which would allow Americans overseas greater access to vote. This began as a small project of 84 voters in 2000, but was expected to be implemented in 50 countries with seven corresponding US state elections by 2004. This would have included around 100,000 ballots, in an attempt to one day develop a system with the capacity to include all overseas Americans.[11]

Security implications[edit]

As discussed by many experts, including a project manager at the Center for Public Integrity and a research fellow at Harvard’s Kennedy School of Government, security was the largest threat to the SERVE program.[12] These security risks were put to the test in 2010 when J. Alex Halderman, a professor of Computer Science at the University of Michigan, took on a challenge issued by the District of Columbia to see if Halderman’s students could hack SERVE.[13] Halderman’s Computer Science students were quickly successful in hacking this voting system. The students not only managed to disable the system but also were able to add votes, change votes, and manipulate the program so that once voters cast their ballots, the University of Michigan fight song would play. These hacking results were immediately turned over to the SERVE system team in order to strengthen the security wall of the program. In the end, the SERVE experiment was decidedly terminated as the security risks were deemed too high and the threats of fraud and corruption were undeniable. The implications of the students’ capabilities to break through the security wall of a highly advanced system to alter and change votes for elections illustrates the intense impacts that Internet hackers could potentially have on an internet voting system.[according to whom?]

Security report analysis[14][edit]

In order to accurately assess SERVE’s security, professionals from various backgrounds conducted an analysis. These four individuals – as shown on the first page of the report – critiqued the weaknesses SERVE showed and narrated their findings in this report. A summary of their findings is as follows. The report first discussed the likelihood that cyber-attacks would succeed against SERVE; as well as to what extent an event such as a hacker breakthrough could compromise an election. The report states that, “the software of SERVE is totally closed and proprietary,” an inadequate inspection of SERVE before its launch allowed it “to be vulnerable to various forms of programmer attacks”. This is critical information in the voting world. According to the report, a potential hack into SERVE “could result in large-scale, selective voter disenfranchisement, and/or privacy violation, and/or vote buying and selling, and/or vote switching even to the extent of reversing the outcome of many elections at once”. This means that if SERVE is implemented, elections as important as the Presidential could be completely fraudulent without any trace of a culprit. Finally, it was the critics’ place to suggest any potential solutions that could remedy SERVE’s vulnerabilities. Their report states, “that the vulnerabilities described cannot be fixed by design changes or bug fixes to SERVE,” it explains that, “the vulnerabilities are fundamental in the architecture of the Internet and of the PC hardware and software that is ubiquitous today” . The final thoughts of the report express that SERVE, as it is now, is impractical for this time, and does not contain the necessary security features to serve its purpose successfully. The report claims that, “there really is no good way to build such a voting system without a radical change in overall architecture of the Internet or some unforeseen security breakthrough”.[citation needed]

References[edit]

  1. ^ Boyle, Alan (2003-06-03). "Pentagon launches Internet voting effort for overseas Americans". MSNBC. Retrieved 2009-06-25. 
  2. ^ http://www.fvap.gov/resources/media/ivas06.pdf
  3. ^ a b http://www.theultimatequestion.com/theultimatequestion/tuq_article_detail.asp?groupCode=8&id=14518&menu_url=related_writings.asp
  4. ^ a b http://www.nytimes.com/2004/01/21/technology/23CND-INTE.html
  5. ^ Jefferson et. al, David (January 21, 2004). "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" (PDF). servesecurityreport.org. Retrieved February 16, 2016. 
  6. ^ http://quickstart.clari.net/qs_se/webnews/wed/dv/Btx-hart-intercivic.RsOO_DaC.html
  7. ^ "Accenture Helps Department of Defense Develop Secure Internet Registration and Voting Demonstration for 2004 Election". Retrieved March 16, 2016. 
  8. ^ "Accenture — Epitome Of Incompetence". Retrieved March 16, 2016.  C1 control character in |title= at position 11 (help)
  9. ^ Costanzo et. al, Joe (May 17, 2013). "Counting the Uncountable: Overseas Americans". The Migration Policy Institute. Migration Policy Institute. Retrieved February 16, 2016. 
  10. ^ Jefferson et. al, David (January 21, 2004). "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" (PDF). servesecurityreport.org. Retrieved February 16, 2016. 
  11. ^ Jefferson et. al, David (January 21, 2004). "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" (PDF). servesecurityreport.org. Retrieved February 16, 2016. 
  12. ^ Arak, Joel (July 12, 2003). "Americans Abroad To Vote Online". CBS News. Associated Press. Retrieved February 16, 2016. 
  13. ^ Weise, Elizabeth (January 28, 2016). "Internet voting is just too hackable, say security experts". USA Today. USA Today. Retrieved February 16, 2016. 
  14. ^ Jefferson et. al, David (January 21, 2004). "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" (PDF). servesecurityreport.org. Retrieved February 16, 2016. 

External links[edit]