sionals have an obligation to explain
Pilot projects are routinely declared
successes, regardless of any problems
encountered. However, it is dangerous to draw conclusions from a “
successful” Internet voting pilot project.
There is little reason to attack a small
pilot project, and a malicious player
might refrain from attacking a major
election until the new technology is
entrenched. Having claimed success,
independent of proof of the accuracy
of the pilot project, Internet-voting
vendors and enthusiasts routinely
push to extend Internet voting to a
broader group of voters, thereby seriously undermining election security.
Computer professionals must object
to pilot projects that do not plan for an
assessment of the integrity of the election and a public reporting of any dis-crepancies encountered.
Unlike legitimate computer-security experts, malicious attackers are not
likely to publicize their attacks, just as
credit-card thieves do not openly advertise their thefts. When election officials and policymakers ask for proof
that a voting system has been attacked,
it is important to keep in mind that
detecting well-devised attacks is inherently difficult. The burden of proof that
a voting system has not been attacked
should fall on those making the claim,
not the other way around.
Ultimately, the balance between the
integrity of election technology on the
one hand and convenience on the other is both a public-policy and a technological issue. Decision makers must be
warned of all the risks in order to craft
We are grateful to the referees who
provided us with excellent recommendations.
1. adida, b. Panelist remarks at panel on Internet voting.
Electronic Voting Technology Workshop/Workshop on
Trustworthy Elections (san Francisco, aug. 9, 2011);
2. bowden, M. the enemy within. The Atlantic (June
3. CbC news. Computer vandal delays leadership
vote (Jan. 25, 2003); http://www.cbc.ca/news/
4. Claburn, t. Microsoft Finds u.s. leads In botnets.
Information Week (oct. 14, 2010); http://www.
5. degregorio, P. UOCAVA Voting Scoping Strategy.
Washington secretary of state Public record, Jan.
18, 2009; http://www.votersunite.org/info/Wa-Prr-scopingstrategy.pdf
6. district of Columbia and halderman, J.a. thank you to
voters (hacked ballot acknowledgment with Michigan
fight song); https://jhalderm.com/pub/dc/thanks/
7. dunn, J.e. trojan attacks credit cards of 15 u.s. banks.
Techworld (July 14, 2010).
8. estehghari, s. and desmedt, y. exploiting the client
vulnerabilities in Internet e-voting systems: hacking
helios 2.0 as an example. 2010 Electronic Voting
Technology Workshop/Workshop on Trustworthy
Elections ( Washington d.C., aug. 9, 2010); http://
9. FbI. FBI, Slovenian and Spanish Police Arrest
Mariposo Botnet Creator, Operators. Press release,
July 28, 2010; http://www.fbi.gov/news/pressrel/
10. Fisher, d. new service helps attackers get Zeus botnet
off the ground. Threatpost (Jan. 10, 2011); http://
11. Ford, g.r. and Carter, J. To Assure Pride and
Confidence in the Electoral Process. national
Commission on Federal election reform, aug. 2001;
12. the h security. Antivirus Protection Worse than a Year
Ago. heise Media, u.k., dec. 20, 2007; http://www.h-
13. hayden, M. hackers force Internet users to learn
self defense. PBS NewsHour (aug. 11, 2010); http://
14. head, W. hackers use Wikipedia to spread malware.
I T News for Australian Business (nov. 6, 2006); http://
15. helios. http://heliosvoting.org/
16. Infosecurity. McCartney site serves up Zeus malware.
InfoSecurity (apr. 8, 2009); http://www.infosecurity-
17. Jefferson d. email voting: a national security threat in
government elections. VerifiedVoting blog (June 2011);
18. Jefferson, d., rubin, a.b., simons, b., and Wagner, d. a
Security Analysis of the Secure Electronic Registration
and Voting Experiment (SERVE), Jan. 20, 2004; http://
19. kanan, k., rees, J., and spafford, e. Unsecured
Economies: Protecting Vital Information.
technical report. Mcafee, Inc., santa Clara,
Ca, Feb. 2009; resources.mcafee.com/content/
20. keizer, g. Zeus botnet gang targets Charles schwab
accounts. Computerworld (oct. 16, 2010); http://www.
21. kirk, J. Comodo hacker claims credit for diginotar
attack. Computerworld (sept. 2011); http://www.
22. kItV. Voting drops 83 percent in all-digital
election. honolulu, May 2009; http://www.kitv.com/
23. kurtz, g. operation ‘aurora’ hit google, others. Mcafee
security Insights blog, Jan. 10, 2010; http://blogs.
24. leyden, J. uk cybercops cuff 19 Zeus banking
trojan suspects. The Register (sept. 29, 2010); www.
25. M86 security. M86 Security Labs Discovers Customers
of Global Financial Institution Hit by Cybercrime.
Press release, london, u.k., aug. 10, 2010; http://
26. Mahoney, M.r. Comment on Pilot Project Testing and
Certification. eaC, Washington, d. C., apr. 2010; http://
Barbara Simons ( firstname.lastname@example.org) is a retired IbM
research staff member, board Chair of Verified Voting, and
former aCM President.
Douglas W. Jones ( email@example.com) is an associate
professor in the department of Computer science of the
university of Iowa in Iowa City.