Page last updated at 10:01 GMT, Friday, 25 July 2003 11:01 UK

Why e-voting is a non-starter

The recent crop of stories about computer security flaws show that e-voting would be a disaster, argues technology analyst Bill Thompson.

Person by polling station
E-voting could mean an end to the walk to the polling station

This week's major security alert from Microsoft has highlighted, yet again, the problems we seem to have in writing computer programs that are safe and do only what they are supposed to do.

Computer security firm eEye found a programming error in one of the libraries used by the DirectX graphics subsystem to play MIDI sound files.

If exploited - and there is no evidence that anyone had managed this - then it could have been used by a malicious programmer to build a website or e-mail message that took over a computer running Windows.

Even Windows Server 2003, the latest and supposedly superior version of the operating system, was vulnerable to the attack if the user had changed the default security settings.

As if the problems with operating systems security were not enough, a report into a number of thefts of money from the online banking service of South African bank Absa roundly criticised the security of internet banks generally.

It seems that lots of people had money siphoned from their Absa accounts because their login details - like username, password and personal information - were grabbed by a monitoring program called eBlaster.

This program, sold to let parents monitor what their children are doing on the net, can be secretly installed on someone else's computer, and will send all the information it gathers via concealed email.

This was possible because people were too trusting, and also because the banks did not use any sort of physical proof of identity, like a smart card, or even just a secure digital certificate which was linked to their computer.

E-voting questions

Both the DirectX problem and the issues with online banking should force us to reflect on promises about the security of the computer systems on which we all rely.

Bill Thompson
Paper ballots and physical presence in the polling station make the system too unwieldy to hack. We should keep it that way
Bill Thompson

This was highlighted by the third big security announcement of the week.

A group of researchers at Johns Hopkins and Rice universities in the US got their hands on the source code of one of the most widely-used electronic voting systems, from Diebold Election Systems, and did a security audit on it.

The system they look at is called a "direct election recording", or DRE, system. It runs on specially adapted touch screen systems in voting booths, but it is the software that would form the basis of an online voting system too.

DRE systems were available to over a fifth of people voting in the 2002 US congressional elections.

The researchers found dozens of security holes in the voting system. In order to vote, each person had to insert a special card, but the system did not check that the same person was not voting many times.

It was also possible to change the order that candidates were presented on the screen without changing the internal codes assigned to each one, so that voters could be tricked into voting for the wrong person.

The company has said that the system is secure when it is being used, and has also said that the latest version of their software does not have any problems.

But they are refusing to allow independent analysis of the program's source code, on the grounds of commercial confidentiality. And none of the other systems being installed in the US and touted around the world has been checked over either.

Big risk

The British Government is still set on giving us all easy ways to vote, and the pilots from last year's council elections are being extended.

E-voting trials
Cast your vote via a touch screen system

There is still talk of online voting in the next general election, and of moving away from paper ballots entirely in the future.

Yet every time we get to look inside a piece of software or a security system that has been developed in secret, and built on the top of a compromise between acceptable levels of risk and the cost of doing it properly, we find holes and errors.

This is the reason why we must not move to an online voting system. It cannot be made secure, it cannot be guaranteed and it cannot be trusted, no matter who writes it, and no matter what claims are made.

A democratically elected government of the United Kingdom has massive power. The gains to be made from undermining a general election are just too high for us to take the risk of moving the election online.

Paper ballots and physical presence in the polling station make the system too unwieldy to hack. We should keep it that way.

Your E-mail address:

Disclaimer: The BBC may edit your comments and cannot guarantee that all emails will be published.

Bill Thompson is a regular commentator on the BBC World Service programme Go Digital.

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific