UC Berkeley News


The SPRG report: Much ado about ... something?

29 January 2004

In the week following release of the Security Peer Review Group (SPRG) analysis urging that the SERVE system be shut down, both proponents and opponents of the fledgling system have traded charges and rebuttals in the media. Here’s a sampling of the back and forth:

“The bottom line is, we feel the solution can’t be a system that introduces greater risks just to gain convenience.”
— David Wagner, Berkeley assistant professor of computer science and SPRG member [The New York Times, Jan. 21]

“I understand the problems that people overseas have voting … and I believe we have to make it a lot easier for them. But SERVE is the wrong solution.”
— David Dill, professor of computer science, Stanford University [The New York Times, Jan. 21]

“ History has shown that when people have the opportunity to tamper with an election, they do.... I believe foreign governments, other politicians, and terrorist groups pose threats, as well as the lone hacker who wants to get noticed.”
— Avi Rubin, SPRG member [Washington Post, Jan. 22]

George Schu, a vice president at VeriSign, which designed the security architecture of SERVE … said the risks could be managed: “E-commerce has blossomed because it took a risk management approach to the Internet.”
[The Mercury-News, Jan. 22]

“ Denial of service attacks against e-commerce result in reduced business, whereas in voting, they result in disenfranchisement.”
— Avi Rubin, SPRG member [washingtonpost.com, Jan. 23]

“ We absolutely understand that the Internet is insecure. But we have incorporated many protections and features in the system that we’ve developed to mitigate those risks.”
— Carol Paquette, SERVE manager, Department. of Defense [Wired News, Jan. 26]

“ I think they believe our concerns are exaggerated—that it’s not really possible to undermine the election to the extent we say it is, or it’s all theoretical and academic.”
— David Jefferson, SPRG member [Wired News, Jan. 26]

“ The American people understand that life is all about taking intelligent risks to gain meaningful rewards. In the high-tech industries, if not in certain academic circles, we call that progress.”
— Harris Miller, president, Information Technology
Association of America [
internetnews.com, Jan. 22]

“ [Some] think the value of the experiment outweighs the risk; we don’t.”
— David Jefferson, SPRG member [Wired News, Jan. 26]