The report says security vulnerabilities could jeopardize the privacy of Internet voters and make it impossible to verify vote totals; cast votes could even be altered.
The computer scientists who wrote the report are David Wagner from the University of California, Berkeley, Avi Rubin from Johns Hopkins University, David Jefferson from the Lawrence Livermore National Laboratory, and Barbara Simons, a computer scientist who is an active technology policy consultant.
The four looked at a voting system called Serve, which is part of the U.S. Federal Voting Assistance Program run by the Department of Defense. When fully operational, it would allow about 100,000 uniformed services personnel and U.S citizens abroad to cast votes over the Internet. There are currently about 6 million U.S. overseas voters.
The system is being readied for trial use by 50 counties in seven states during the 2004 primary and general elections. A spokesman from the U.S. Department of Defense did not respond to a request for comment.
In the 34-page report, made available late Wednesday, the researchers warn that the Serve system is vulnerable to the wide spectrum of attacks that are launched against business-technology systems every day, including insider abuse, denial-of-service attacks, spoofing, as well as virus attacks targeted at the PCs of Internet voters. They also warn of automated vote buying.
One of the primary flaws, the researchers say, is that the Serve system provides no auditable paper trail to confirm the final vote should the system come under attack, or to even refute claims that the system was compromised.
"The vulnerabilities we describe cannot be fixed by design or bug fixes to Serve," the report states. "These vulnerabilities are fundamental in the architecture of the Internet and of the PC hardware and software that is ubiquitous today."