"Using a voting system based on the Internet poses a serious and unacceptable risk for election fraud," said David Wagner, an assistant professor of computer science at UC Berkeley, and one of the four authors of the report. "The flaws are unsolvable because they're fundamental to the architecture of the Internet."
SERVE is designed to use standard PCs running Windows and either the Internet Explorer or Netscape Navigator browser to connect to a Web server. Voter registration and voting are done using the browser, and registrations and ballots are stored on a central Web server, which is then accessed by U.S.-based local election officials for downloading the information to their own systems.
Relying on Windows PCs and the Internet is the crux of the problem, said the experts.
"The press is full of stories of viruses and worms [on the Internet]," said Barbara Simons, another of the four who contributed to the report. "All it takes is an infection of the PCs used to access SERVE, and all bets are off."
Simons, Wagner, and their colleagues -- Avi Rubin of John Hopkins University and David Jefferson of Lawrence Livermore National Laboratory -- worry that the inherent insecurity of PCs and the Internet could attract hackers who would like nothing better than to disrupt a U.S. national election by mounting denial-of-service (DoS) attacks on the PCs, inserting bogus Web pages between the PCs and the real Web server to 'steal' votes, or even introduce malicious code to the system that would allow them to alter votes.