PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page

PRIVACY Forum Digest      Sunday, 27 February 2000      Volume 09 : Issue 09


            Moderated by Lauren Weinstein (         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
                 Cable & Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

        Internet Voting - A Recipe for Trouble!
           (Lauren Weinstein; PRIVACY Forum Moderator)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"".  Mailing list problems should be reported to

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


     Quote for the day:

        "Dream of me with croutons."

            -- King Henry II (Peter O'Toole)
               "The Lion in Winter" (Avco Embassy; 1968)


Date:    Sun, 27 Feb 2000 15:10 PST
From: (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Internet Voting - A Recipe for Trouble!

Greetings.  While I do not plan to routinely post announcements for PFIR
(People For Internet Responsibility) in their entirety here in the PRIVACY
Forum Digest, I'm making an exception today.  The topic of the statement
below is Internet Voting, a concept with serious ramifications, and serious
problems, which could deeply impact all of us around the world.  We're not
talking about some abstract concept far in the future--in the U.S. the first
official election use of Internet (Web) voting is just a couple of weeks
away!  As you'll see, there are many reasons to be very concerned about this
entire area--with privacy issues being among the many potential dramatic



Date:    Sat, 26 Feb 2000 14:19:53 -0800 (PST)
From: (PFIR - People For Internet Responsibility)
Subject: PFIR Statement on Internet Voting

                    PFIR Statement on Internet Voting


        PFIR - People For Internet Responsibility -

        [ To subscribe or unsubscribe to/from this list, please send the
          command "subscribe" or "unsubscribe" respectively (without the 
          quotes) in the body of an e-mail to "". ]


Greetings.  As the election season gets into full swing, the concept of
voting via the Internet has been receiving a great deal of attention.  The
Arizona Democratic Party is in fact about to hold what they say is the first
legally-binding U.S. public election (their presidential primary in early
March) which will allow Web-based voting.  This is being touted as a major
and obvious step forward.  In reality, this rush to permit such voting could
be a highly risky proposition, riddled with serious technical pitfalls that
have rarely been discussed.

Some of these issues are fairly obvious, such as the need to provide for
accurate and verifiable vote counts and simultaneously enforcing rigorous
authentication of voters (while still making it impossible to retroactively
determine how a given person voted).  Certainly all software involved in the
election process (even when online voting is not contemplated) should have
its source code subject to inspection by trusted experts unrelated
to the firms providing those software systems.  When "off-the-shelf"
software is being used for such applications, this presents an interesting
set of problems, to say the least.

But even with such inspections, these systems are likely to have bugs and
problems of various sorts, some of which will not be found and fixed quickly.
This is just an inescapable fact when it comes to virtually all software,
but could have remarkably serious consequences if such unavoidably complex
software systems become integral to virtually all aspects of the actual
voting process.

Perhaps of far greater concern is the apparent lack of understanding
suggested by permitting the use of ordinary PC operating systems and
standard Web browsers for Internet voting.  While the use of digital
certificates and "secure" Web sites for such voting can do a reasonable job
of identifying the connections and protecting the communications between
voters and the voting servers, those are unfortunately not where the biggest
risks are lurking.

In recent cases of mass releases of credit card numbers and other customer
information, it wasn't the communications paths that were compromised, but
security at the servers themselves, even though they were touted as secure
and used advanced encryption technology for communications with customers.
Even with the best of intentions and efforts at good software design, the
same kinds of security failures leading to private information disclosure or
unauthorized modifications are possible in an Internet voting environment,
just as we've seen in the commercial arena.

Another area of serious concern is the ease with which voters' PCs could be
compromised prior to elections by hostile software (which could be
inadvertently loaded onto these systems via e-mail attachments,
innocent-appearing Web downloads, or many other means) and could be designed
to silently and invisibly alter the voter's input, ballot selections, and
displayed output, with no clue to the voter or the voting server that this
has occurred.  Deployed on a sufficiently large scale (which might actually
not need to be very large in the case of tight races) election results could
actually be altered through such software manipulations.  There is no
obvious technique for avoiding the possibility of such tampering without
resorting to "single-use" operating systems and specialized voting software,
which would need to be specially booted (from distributed floppy disks or
CD-ROMs) on voters' systems, presenting significant configuration

The recent rash of Internet distributed denial of service attacks provides
vivid evidence of how simple it is for "invisible" malevolent software to be
distributed to unsuspecting users' computers.  Even existing versions of such
software could potentially be altered to subvert Internet voting in the
manner described above.  Which brings up another point--imagine the ideal
targets that Internet voting servers would make for denial of service
attacks.  What better way to demonstrate power over the Internet than to
prevent people from voting as they had expected?  At the very least it would
foster inconvenience and anger.  Such attacks would also be likely to foster
increased concerns regarding how Internet voting might skew voter
participation in elections--between those persons who are Internet-equipped
and those who do not have convenient Internet access.

Trust in the election process is at the very heart of the world's
democracies.  Internet voting is perhaps the perfect example of an
application where rushing into deployment could have severe negative
repercussions of enormous importance.

Lauren Weinstein or
Co-Founder, PFIR: People For Internet Responsibility -
Moderator, PRIVACY Forum -
Member, ACM Committee on Computers and Public Policy


End of PRIVACY Forum Digest 09.09

PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.