Even though this article on voting security is five years old, the basic requirements have not changed and astonishingly little progress has been made in establishing secure voting systems in real-world elections.
Much remains to be done to make decision makers aware of the threats to the security of both Internet voting and electronic voting machines. In addition to the widely known and discussed issues of electronic voting machines, Internet voting has the major (and, in practical terms, unsolvable) issue of running in an uncontrolled environment.
Thus, many software vulnerabilities, including viruses, worms, and rootkits, affect the integrity of the voting system. Malware for e-voting systems would also include programs that users willingly install to, for instance, sell their votes. While many threats also exist in the traditional voting process, electronic voting increases the risk because attacks scale much better online.
This article summarizes the security evaluation performed on SERVE, an initiative to make voting easier for military personnel deployed overseas and for nonresident US citizens. SERVE is even riskier than the much-criticized voting machines because it is deployed on the voters’ PCs; clearly, local malware and rootkits may compromise the integrity of the entire voting process. Vulnerabilities include vote buying and insider attacks. Due to the security analysis, the Pentagon decided not to implement SERVE for the 2004 election.