But Halderman, along with a team of researchers, easily broke into the system, and showed how they could modify and replace marked ballots in the system. The researchers even tweaked the system so that voters would be greeted with the University of Michigan fight song when they landed on the vote confirmation page.
The election officials in charge of such systems do not have the technical expertise or the resources needed to detect or protect their systems against such attacks, Jefferson said. "The kind of attack that Halderman did can be repeated anywhere at any time," with little response, he said.
In addition, Web-based voting systems are vulnerable to the same security threats that face other websites. These threats include DNS routing attacks, man-in-the middle attacks and denial-of-service attacks and can prevent voters from casting their ballots. The client systems that eligible voters use to cast their ballots are equally vulnerable, Jefferson said, noting the possibility of numerous attacks where a voter might cast a ballot and have no way of knowing whether the ballot was intercepted, modified or cast at all.
Electronic voting systems of the sort proposed for use in this year's general elections do not provide anywhere near the auditability provided by paper votes, he said. While there are mechanisms to ensure that the same voter does not cast multiple ballots, there is nothing to prove that a ballot was cast in the manner that the voter intended, he said.
"Once you put ink on paper, you can't change it without that change being easily detectable," Jefferson said. "Paper is indelible. People can see it, track it and read it." He noted that the only country with an Internet voting system comparable to the U.S. is Estonia. Other countries have tried e-voting technology and have either gone back to paper voting or are reconsidering it, he said.
"What we are asking every state, every jurisdiction to do is not use Internet voting," Jefferson said. "It is OK to transmit blank ballots over the Internet" to overseas and absentee voters, he said, but not ballots that have been filled in.
Susannah Goodman, director of the election reform project at the watchdog group Common Cause, said states that are moving ahead with Internet voting plans would do well to look at states such as New York and California, which have said they will not adopt such measures because of security concerns.
"Knowing what we know, it is not a verifiable form of voting. It is not a safe form of voting," she said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at 
@jaivijayan or subscribe to Jaikumar's RSS feed 
. His email address is jvijayan@computerworld.com.
See more by Jaikumar Vijayan on Computerworld.com.
Read more about Security in Computerworld's Security Topic Center.
Free Insider Guide
Rising salaries boost IT optimism, though not everyone is feeling upbeat. Our survey of 4,000+ IT workers shows who's riding the wave and why. Use our interactive tool and compare your own paycheck. Read more...
Copyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
