US Military's Votes at Risk

From: Barbara Simons <simons@acm.org>

Date: October 25, 2006 1:20:19 PM EDT

To: electionintegrity@googlegroups.com

Subject: [ElectionIntegrity] a report on a new DoD Internet voting scheme

Dear all,

My colleagues David Jefferson, Avi Rubin, David Wagner and I have just

released a short paper about the government’s IVAS system that involves

absentee voting using email and fax and ballot distribution over the

Internet. See

http://servesecurityreport.org/ivas.pdf

We believe this system poses significant risks, as described in this

excerpt from our article:

In summary, we see three main risks:

1. Tool One exposes soldiers to risks of identity theft. Sending

personally identifiable information via unencrypted email is considered

poor practice. No bank would ask their customers to send SSNs over

unencrypted email, yet Tool One does exactly that. This problem is

exacerbated by potential phishing attacks.

2. Returning voted ballots by email or fax creates an opportunity for

hackers, foreign governments, or other parties to tamper with those

ballots while they are in transit. FVAP’s system does not include any

meaningful protection against the risk of ballot modification.

3. Ballots returned by email or fax may be handled by the DoD in some

cases. Those overseas voters using the system sign a waiver of their

right to a secret ballot. However, it is one thing for a voter’s

ballot to be sent directly to their local election official; it is

another for a soldier’s ballot to be sent to and handled by the DoD –

who is, after all, the soldier’s employer.

Please help us circulate the document.

Regards,

Barbara

>

Leave a Reply

Your email address will not be published. Required fields are marked *