Wednesday, October 25, 2006

This time, Internet voting is being deployed

In 2004, I served on an external peer review panel member for SERVE. Working with David Jefferson, Barbara Simons, and David Wagner, who were also on the panel, we published a report entitled A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE). This report led to the cancellation of that risky project.

Well, the Federal Voting Assistance Program (FVAP) is at it again, this time in the form of the Interim Voting Assistance System (IVAS), which is being deployed for this election. I reunited with my co-authors of the SERVE report to publish a new report titled Internet Voting Revisited: Security and Identity Theft Risks of the DoD’s Interim Voting Assistance System. At the end of the report, we summarize the risks of the new system, and I'll repeat them here:

  1. Tool One exposes soldiers to risks of identity theft. Sending personally identifiable information via unencrypted email is considered poor practice. No bank would ask their customers to send SSNs over unencrypted email, yet Tool One does exactthat. This problem is exacerbated by potential phishing attacks.
  2. Returning voted ballots by email or fax creates an opportunity for hackers, foreign governments, or other parties to tamper with those ballots while they are in transit. FVAP's system does not include any meaningful protection against the risk of ballot modification.
  3. Ballots returned by email or fax may be handled by the DoD in some cases. Those overseas voters using the system sign a waiver of their right to a secret ballot. However, it is one thing for a voter's ballot to be sent directly to their local election official; it is another for a soldier's ballot to be sent to and handled by the DoD – who is, after all, the soldier's employer.