Security issues have prompted election officials in the District of Columbia to suspend a service that aimed to allow overseas voters to cast their ballots via the Web in the November elections.
The vulnerabilities in Washington's new Digital Vote by Mail system were discovered during public testing last week by several security researchers.
Details of the flaws were not immediately available. However, one of them, discovered by a researcher at the University of Michigan, was so serious that it allowed the researcher to take complete control of the system hosting the Web application and tweak it so users who voted would hear a rendition of "Hail to the Victors," a University of Michigan fight song, said one observer of the tests.
A statement on the District of Columbia's Board of Elections and Ethics Web site offered no specific details on the issues that were uncovered. It merely noted that the "current iteration of the ballot return feature" did not meet required security and file integrity standards and was therefore being suspended.
Overseas voters will still be able to use the system to download their blank ballots, print them out, mark them and send them back by mail. They also have the option of sending a copy of their marked ballot back to their precinct by e-mail or fax.
Washington's new digital voting system is designed to make it easier for overseas U.S., military personnel and other citizens to vote in elections. The system is one of many that are being implemented around the country in response to the Military and Overseas Voter Empowerment (MOVE) Act of 2009.
One of the provisions under MOVE requires election officials to provide a Web-based application for delivering ballots to overseas voters. The goal is to allow registered voters who are based overseas to log into a Web site, identify themselves using a previously provided PIN and to download the ballots for their precincts.
Under MOVE, voters are then allowed to print out the ballots, mark them and send them back by mail. They also have the option of sending a copy of their marked ballot back via e-mail or fax.
A third option allows them to use the Web application to digitally mark their ballot and send it back via the same application; this is the method that has now been suspended by election officials as a result of the security concerns.
Jeremy Epstein, a senior computer scientist at SRI International and one of those who have reviewed the design of the system, said on Tuesday that he is familiar with the testing conducted last week by University of Michigan researchers.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
