Secure Electronic Registration and Voting Experiment

Last updated

Secure Electronic Registration and Voting Experiment (SERVE) was an experiment by the Federal Voting Assistance Program (FVAP) to allow military personnel and overseas citizens covered by the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) to vote in elections in the United States via the Internet. [1] [2] While called an experiment, SERVE included participation from 51 counties including up to 100,000 voters and ballots cast would have been counted toward actual election results. [3] [4] According to the SERVE security report, there were "two groups of eligible voters: (1) American citizens living outside the U.S., and (2) military personnel and their dependents, regardless of whether they reside in the U.S. or overseas." [5]

Contents

The project was contracted by FVAP to Accenture, who in turn subcontracted Avenade, Hart InterCivic, Hewlett-Packard, VeriSign, election.com, and others. [6] [7]

The project was cancelled in 2004 after a report critical of the program was published. [4] Accenture, who acquired election.com in 2003, [3] has received criticism for its role in SERVE and other failed and cancelled electronic voting and registration projects. [8]

Background

There are millions of Americans living overseas in at least 100 countries. [9] In the early 2000s, Americans living abroad needed to take several steps to be able to vote in their home districts, often having to correspond via mail numerous times in order to obtain identity information and permission to be able to get a mail-in-ballot. This also presented a problem, because some of the countries that are housing Americans do not have the most reliable mail systems. [5] With legal-binding deadlines to register and cast ballots, this time-consuming process may hinder many individuals from voting. According to the Security Analysis report, the Secure Electronic Registration and Voting Experiment was established to minimize time spent voting by creating an online platform, which would allow Americans overseas greater access to vote. This began as a small project of 84 voters in 2000, but was expected to be implemented in 50 countries with seven corresponding US state elections by 2004. This would have included around 100,000 ballots, in an attempt to one day develop a system with the capacity to include all overseas Americans. [5]

Security report analysis

In order to assess SERVE's security, professionals from various backgrounds conducted an analysis. They analyzed and documented many weaknesses in SERVE. The report first discussed the likelihood that cyber-attacks would succeed against SERVE, as well as to what extent an event such as a hacker breakthrough could compromise an election. The report states that "the software of SERVE is totally closed and proprietary", an inadequate inspection of SERVE before its launch allowed it "to be vulnerable to various forms of programmer attacks". This is critical information in the voting world. According to the report, a potential hack into SERVE "could result in large-scale, selective voter disenfranchisement, and/or privacy violation, and/or vote buying and selling, and/or vote switching even to the extent of reversing the outcome of many elections at once". This means that if SERVE is implemented, elections as important as the Presidential could be completely fraudulent without any trace of a culprit. Finally, it was the critics' place to suggest any potential solutions that could remedy SERVE's vulnerabilities. Their report states, "that the vulnerabilities described cannot be fixed by design changes or bug fixes to SERVE," it explains that, "the vulnerabilities are fundamental in the architecture of the Internet and of the PC hardware and software that is ubiquitous today". It concludes that "there really is no good way to build such a voting system without a radical change in overall architecture of the Internet or some unforeseen security breakthrough". [5]

As discussed by many experts, including a project manager at the Center for Public Integrity and a research fellow at Harvard's Kennedy School of Government, security was the largest threat to the SERVE program. [10] These security risks were put to the test in 2010 when J. Alex Halderman, a professor of Computer Science at the University of Michigan, took on a challenge issued by the District of Columbia to see if Halderman's students could hack their new Internet Voting system. [11] Halderman's Computer Science students were quickly successful. The students not only managed to disable the system but also were able to add votes, change votes, and manipulate the program so that once voters cast their ballots, the University of Michigan fight song would play. These hacking results were immediately turned over to the DC system team in order to strengthen the security wall of the program. Within days, the DC experiment was terminated as the security risks were deemed too high and the threats of fraud and corruption were undeniable.

Subsequent studies have reinforced the enormous difficulty of the requirements for secure online voting, and defined the research and development needed in creating end-to-end auditable voting systems. [12]

MOVE Act

In order to give overseas voters more time and make it easier for them to vote, in 2009 the Military and Overseas Voter Empowerment Act (MOVE Act) was enacted.

Related Research Articles

Premier Election Solutions, formerly Diebold Election Systems, Inc. (DESI), was a subsidiary of Diebold that made and sold voting machines.

Electronic voting is voting that uses electronic means to either aid or take care of casting and counting ballots.

<span class="mw-page-title-main">Edward Felten</span> American computer scientist (born 1963)

Edward William Felten is the Robert E. Kahn Professor of Computer Science and Public Affairs at Princeton University, where he was also the director of the Center for Information Technology Policy from 2007 to 2015 and from 2017 to 2019. On November 4, 2010, he was named Chief Technologist for the Federal Trade Commission, a position he officially assumed January 3, 2011. On May 11, 2015, he was named the Deputy U.S. Chief Technology Officer. In 2018, he was nominated to and began a term as Board Member of PCLOB.

<span class="mw-page-title-main">Help America Vote Act</span> 2002 election law

The Help America Vote Act of 2002, or HAVA, is a United States federal law which passed in the House 357-48 and 92–2 in the Senate and was signed into law by President George W. Bush on October 29, 2002. The bill was drafted in reaction to the controversy surrounding the 2000 U.S. presidential election, when almost two million ballots were disqualified because they registered multiple votes or no votes when run through vote-counting machines.

<span class="mw-page-title-main">Electronic voting in India</span> Component of Indian electoral system

Electronic voting is the standard means of conducting elections using Electronic Voting Machines (EVMs) in India. The system was developed for the Election Commission of India by state-owned Electronics Corporation of India and Bharat Electronics. Starting in the late 1990s, they were introduced in Indian elections in a phased manner.

Vote counting is the process of counting votes in an election. It can be done manually or by machines. In the United States, the compilation of election returns and validation of the outcome that forms the basis of the official results is called canvassing.

<span class="mw-page-title-main">Barbara Simons</span> American computer scientist

Barbara Bluestein Simons is an American computer scientist and the former president of the Association for Computing Machinery (ACM). She is a Ph.D. graduate of the University of California, Berkeley and spent her early career working as an IBM researcher. She is the founder and former co-chair of USACM, the ACM U.S. Public Policy Council. Her main areas of research are compiler optimization, scheduling theory and algorithm analysis and design.

An absentee ballot is a vote cast by someone who is unable or unwilling to attend the official polling station to which the voter is normally allocated. Methods include voting at a different location, postal voting, proxy voting and online voting. Increasing the ease of access to absentee ballots is seen by many as one way to improve voter turnout through convenience voting, though some countries require that a valid reason, such as infirmity or travel, be given before a voter can participate in an absentee ballot. Early voting overlaps with absentee voting. Early voting includes votes cast before the official election day(s), by mail, online or in-person at voting centers which are open for the purpose. Some places call early in-person voting a form of "absentee" voting, since voters are absent from the polling place on election day.

Voter verifiable paper audit trail (VVPAT) or verified paper record (VPR) is a method of providing feedback to voters using a ballotless voting system. A VVPAT is intended as an independent verification system for voting machines designed to allow voters to verify that their vote was cast correctly, to detect possible election fraud or malfunction, and to provide a means to audit the stored electronic results. It contains the name of the candidate and symbol of the party/individual candidate. While it has gained in use in the United States compared with ballotless voting systems without it, it looks unlikely to overtake hand-marked ballots.

<span class="mw-page-title-main">Election Systems & Software</span>

Election Systems & Software is an Omaha, Nebraska-based company that manufactures and sells voting machine equipment and services. The company's offerings include vote tabulators, DRE voting machines, voter registration and election management systems, ballot-marking devices, electronic poll books, ballot on demand printing services, and absentee voting-by-mail services.

Electronic voting in Estonia gained popularity in 2001 with the "e-minded" coalition government. In 2005, it became the first nation to hold legally binding general elections over the Internet with their pilot project for municipal elections. Estonian election officials declared the electronic voting system a success and found that it withstood the test of real-world use.

<span class="mw-page-title-main">Uniformed and Overseas Citizens Absentee Voting Act</span>

The Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA), P.L. 99-410, 52 U.S.C. §§ 2030120311, 39 U.S.C. § 3406, 18 U.S.C. §§ 608609, is a United States federal law dealing with elections and voting rights for United States citizens residing overseas. The act requires that all U.S. states, the District of Columbia, Puerto Rico, Guam, American Samoa, and the U.S. Virgin Islands allow certain U.S. citizens to register to vote and to vote by absentee ballot in federal elections. The act is Public Law 99-410 and was signed into law by President Ronald Reagan on August 28, 1986.

The Federal Voting Assistance Program (FVAP) is a voter assistance and education program established by the United States Department of Defense (DoD) in accordance with federal law to ensure that members of the U.S. armed forces, their eligible family members, and U.S. citizens overseas are aware of their right to vote and have the tools to do so from the country where they are residing.

Electronic voting by country varies and may include voting machines in polling places, centralized tallying of paper ballots, and internet voting. Many countries use centralized tallying. Some also use electronic voting machines in polling places. Very few use internet voting. Several countries have tried electronic approaches and stopped because of difficulties or concerns about security and reliability.

<span class="mw-page-title-main">J. Alex Halderman</span> American computer scientist

J. Alex Halderman is professor of computer science and engineering at the University of Michigan, where he is also director of the Center for Computer Security & Society. Halderman's research focuses on computer security and privacy, with an emphasis on problems that broadly impact society and public policy.

<span class="mw-page-title-main">Election audit</span>

An election audit is any review conducted after polls close for the purpose of determining whether the votes were counted accurately or whether proper procedures were followed, or both.

Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.

Scytl Election Technologies S.L.U. is a Spanish provider of electronic voting systems and election technology. Founded in 2001 in Barcelona, its products and services are used in elections and referendums across the world.

Voatz is a for-profit, private mobile Internet voting application. The stated mission of Voatz is to "make voting not only more accessible and secure, but also more transparent, auditable and accountable." The company is headquartered in Boston, Massachusetts.

<span class="mw-page-title-main">Electronic voting in the United States</span> Facet of American elections

Electronic voting in the United States involves several types of machines: touchscreens for voters to mark choices, scanners to read paper ballots, scanners to verify signatures on envelopes of absentee ballots, and web servers to display tallies to the public. Aside from voting, there are also computer systems to maintain voter registrations and display these electoral rolls to polling place staff.

References

  1. Boyle, Alan (2003-06-03). "Pentagon launches Internet voting effort for overseas Americans". NBC News . Retrieved 2009-06-25.
  2. "Archived copy" (PDF). Archived from the original (PDF) on 2013-02-17. Retrieved 2013-10-12.{{cite web}}: CS1 maint: archived copy as title (link)
  3. 1 2 "The Ultimate Question: Article detail < Related writings". Archived from the original on 2013-10-15. Retrieved 2013-10-12.
  4. 1 2 Schwartz, John (21 January 2004). "Report Says Internet Voting System is Too Insecure to Use". The New York Times.
  5. 1 2 3 4 Jefferson, David; et al. (January 21, 2004). "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" (PDF). servesecurityreport.org. Retrieved February 16, 2016.
  6. "Hart InterCivic Joins Accenture, VeriSign and Others in Department of Defense Contract Award". Archived from the original on 2013-10-15. Retrieved 2013-10-12.
  7. "Accenture Helps Department of Defense Develop Secure Internet Registration and Voting Demonstration for 2004 Election" . Retrieved March 16, 2016.
  8. "Accenture Epitome Of Incompetence" . Retrieved March 16, 2016.
  9. Costanzo, Joe; et al. (May 17, 2013). "Counting the Uncountable: Overseas Americans". The Migration Policy Institute. Migration Policy Institute. Retrieved February 16, 2016.
  10. Arak, Joel (July 12, 2003). "Americans Abroad To Vote Online". CBS News. Associated Press. Retrieved February 16, 2016.
  11. Weise, Elizabeth (January 28, 2016). "Internet voting is just too hackable, say security experts". USA Today. Retrieved February 16, 2016.
  12. "The Future of Voting: End-to-End Verifiable Internet Voting - Specification and Feasibility Study - E2E-VIV Project". U.S. Vote Foundation. 2015. Retrieved 2016-09-01.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.