Dont Stop The Handcount A Few Problems With Internet Voting

Dont Stop The Handcount A Few Problems With Internet Voting by Rothke, CISSP

... Internet kiosks are appearing in stores, airplanes, hospitals and subway stations. Given the ubiquitous nature of the Internet, why can’t we use it to vote for our elected officials?
...
The quandry with Internet-based voting as opposed to traditional voting is that the Internet attacks are much easier to perform, more detrimental in their outcome, and much harder to detect.
...
"Who is rallying for Internet Voting? While the vendors are behind the concept, who in the security community feels Internet voting is feasible?
I was unable to find a single individual of note who felt it."
...
Dr. Avi Rubin, Principal Researcher at AT&T Labs Research writes in Security Considerations for Remote Electronic Voting over the Internet that "Given the current state of insecurity of hosts and the vulnerability of the Internet to manipulation and denial of service attacks, there is no way that a public election of any significance involving remove voting could be carried out securely." He concludes "One reason that remote electronic voting presents such a security challenge is that any successful attack would be very high profile, a factor that motivates much of the hacking activity to date. Even scarier is that most serious attacks would come from somone motivated by the ability to change the outcome without anyone noticing. The adversaries to an election system are not teenagers in garages but foreign governments and powerful interests at home and abroad. Never before have the stakes been so high."
...
Steve Bellovin of AT&T Labs feels an Internet election could occur, but in no way could it be secure. Bellovin notes that "The problem is the correctness and audibility of the entire system, not just the vote-casting and tabulation. Given how difficult it is to get software correct, why do we think that this code would be correct? And how would we ever audit the vote, afterwards?
As for the access and convenience aspect...

Ben Rothke, CISSP, CISM, QSA, Senior Security Consultant, BT Global Services

Ben Rothke is a New York city-based, senior security consultant with BT Professional Services and has over 15 years of industry experience in informatioin systems, security, and privacy. His expertise lies in risk management and mitigation; security and privacy regulatory issues; design and implementation of systems security; encryption, cryptography, and security policy development; and a specialization in the financial services and aviation sectors. Prior to joining BT, Ben was with AXA, Baltimore Technologies, Ernst & Young, and Citicorp. He provides security solutions to many Fortune 500 companies. Ben is the author of Complete Security -- 20 Things Every Employee Should Know (McGraw-Hill) and is a contributing author to Network Security: The Complete Reference (Osborne) and The Handbook of Information Security Management (Auerbach). He writes a monthly security book review for Security Management and is a former columnist for Information Security, Unix Review, and Solutions Integrator magazines. Ben is a frequent speaker at industry conferences, such as CSI, RSA, MISTI, NetSec and ISACA.