Dr. David Jefferson,
Lawrence Livermore National Laboratories

"The Inherent Security Vulnerabilities with Internet Voting"

Abstract

Internet voting refers to any system in which voters use ordinary PCs running ordinary consumer software to mark their ballots and transmit their votes via the Internet. At first glance Internet voting is seductive, because it would allow people to vote from anywhere in the world, at any time, and do so through the same medium they might use to study the issues and candidates. The cleanliness, simplicity, and convenience of the idea seem irresistable.

Unfortunately Internet voting systems, besides being vulnerable to all of the problems of electronic voting systems (DREs), are also exceedingly vulnerable to a host of additional common cyber attacks that are rooted in inherent limitations of the PC architecture and of the Internet. In this talk we will briefly describe how Internet voting systems are vulnerable to denial of service attacks, spoofing attacks, malicious code attacks, spyware attacks, remote management attacks, and automated vote selling schemes. These attacks are powerful enough compromise large numbers of votes, either disenfranchizing voters, spying on their votes, changing their votes, are buying votes. These attacks can often succeed, possibly changing the results of an election, and yet go completely undetected. And they can be launched by anyone in the world, from a disturbed teenager to a foreign government.

These vulnerabilities are quite fundamental. They cannot be designed around or fixed with the current generation of PC hardware and software and the current Internet protocols. Until such time as the security architectures of the Internet and the PC have been completely redesigned and the new designs widely deployed, which is probably at least a decade away, Internet voting in public elections must remain out of the question.