BRIAN LIVINGSTON: "Window Manager" from, Monday, January 29, 2001


Posted at January 26, 2001 01:01 PM Pacific

WITH THE PACE of PC sales slowing, a technology that took its first wobbly steps in 2000 may explode in the years to come, sparking a renewed crusade for a computer in every home.

That technology is Internet voting. Because many people still don't have a computer, I'd never suggest that Internet access be mandatory to vote in an election. But after the uproar over faulty counting equipment in Florida and other places, Internet voting is certain to get a serious look.

As I write this, the first private group to enact Internet voting as the result of a U.S. Congressional mandate is conducting its official balloting from Jan. 21 to Jan. 31.

The e-business that's overseeing the process on the Net, Validity Systems (, has so far been able to keep it out of the press in hopes that hackers won't view the event as a challenge.

But I've learned that the world's hacker community has already started probing the company's servers. As a result, this vote may become an excellent case study of what to do, or what not to do, when using the Net to collect ballots for any election.

Haltingly in 2000, several small experiments in voting via the Net attempted to demonstrate the technology -- with mixed results.

Last spring, for instance, the Democratic Party of Arizona tested Net voting in a party primary, but their servers rejected voters who used old browsers with Y2K problems. (Remember those?)

In a more trouble-free case, the U.S. military conducted its own experiment last November. A few hundred volunteers abroad were able to cast their presidential ballots using secure Department of Defense computers.

Validity Systems' effort is the first time Net voting has been set in motion by an act of Congress. That makes this week's balloting more likely to influence future voting reforms in the United States and elsewhere.

The law that launched a thousand clicks is the National Oilheat Research Alliance Act. This bill, steered through Congress last year at the behest of energy lobbyists, requires a vote by heating-oil companies on whether to tax themselves 0.2 of 1 percent of their sales. The funds would pay for an advertising campaign directed at consumers, among other things.

These sorts of industry mandates have been approved many times by Congress. But in this case, the auditing firm that's handling the voting, Gray, Gray & Gray, has supplanted the usual mail-in balloting process with Net voting. That's where hackers get interested. The process almost cries out, "Crack me."

Voters simply type two numbers into their browsers, a PIN (personal identification number) and what the legislation refers to as a VRN (voter registration number). If these numbers are valid, voters enter the system to vote as they please. To see this at work, visit (The "htpps" is required in the address due to the secure server.)

There's no ATM-style card or other means to physically identify voters. Of course, this doesn't inherently mean Validity Systems' servers will be easy to crack.

Validity Systems CTO George Ouzts says his company has taken serious precautions. He says the company's PIN-generation and intrusion-detection techniques are so secure that the company is filing a patent application on them. If he's right and the process resists hack attacks, it may shape the debate about how you'll cast ballots in the future.

Microsoft, Dell, and Unisys announced earlier this month that they plan to sell election officials computerized touch screens. This isn't Net voting, but at least it's a step.

If Internet voting catches on, we might finally be rid of those old IBM punch cards and their hanging chads.