-- From an Oct. 25, 2006 report by independent computer scientists and security experts on the Dept. of Defense's new overseas military voting system.
Last month we reported on the Defense Department's newly announced scheme to allow military and overseas ballots to be cast via the Internet. It was pointed out, among other concerns, that in many cases troop and overseas citizen votes would be subject to conversion from unsecured email voting into faxed documents by a private company who, in turn, would then forward the vote to the appropriate county jurisdiction.
The San Jose Mercury News quoted experts at the time who charged the system was "ripe for fraud" as military voters would apparently not be warned that their ballots might be seen by others and transferred into faxes, etc. by "a private contractor whose top executives have made political contributions to Republican Party organizations."
Underscoring those initial reports today, a group of independent computer scientists and E-Voting experts including David Jefferson of Livermore National Laboratories, Avi Rubin of Johns Hopkins, David Wagner of UC Berkeley, and Barbara Simons, a former researcher for IBM, have released an alarming short paper warning of "significant risks" found in the newly announced plan from the DoD's "Federal Voting Assistance Program" (FVAP).
The group had been members of a scientific peer review panel for a previous DoD Military and Overseas Internet voting scheme in 2004. At the time, they found the plan featured "a large number of security risks and vulnerabilities, including denial of service attacks, insider attacks, viral attacks on voters' PCs." That experimental program was subsequently cancelled after the findings.
But now, in September of this year --- just over one month ago --- the DoD announced and implemented their new scheme for military and overseas citizen voting via the Internet, to be used this November 7th without any public testing or peer review whatsoever.
According to today's report, the new DoD voting scheme --- known as the "Interim Voting Assistance System" (IVAS) --- has been put in place without any "publicly available external security examination" and has "never been used in a public election before (not even in a primary)."
The scientists say that security concerns about the new, untested system include loss of privacy and identify theft for the military and overseas voters and, even more troubling, they found the system to be vulnerable to hackers and tampering by governments both foreign and domestic.
From the report's troubling introduction:
IVAS was announced to the public only last month (September), and has been designed and built only over the last several months, an extremely short time for a system of this complexity and importance. The current system has never been used in a public election before (not even in a primary), and has not been subject to any publicly available external security examination. The technical specifications have not been made publicly available.
In an email received by The BRAD BLOG this morning, Simons summarizes the report's three main findings, characterized as "serious concerns about the security issues posed by this new system."
Her succint, yet alarming, email is posted in full below....
My colleagues David Jefferson, Avi Rubin, David Wagner and I have just released a short paper about the government's IVAS system that involves absentee voting using email and fax and ballot distribution over the Internet. See
We believe this system poses significant risks, as described in this excerpt from our article:
In summary, we see three main risks:
1. Tool One exposes soldiers to risks of identity theft. Sending personally identifiable information via unencrypted email is considered poor practice. No bank would ask their customers to send SSNs over unencrypted email, yet Tool One does exactly that. This problem is exacerbated by potential phishing attacks.
2. Returning voted ballots by email or fax creates an opportunity for hackers, foreign governments, or other parties to tamper with those ballots while they are in transit. FVAP's system does not include any meaningful protection against the risk of ballot modification.
3. Ballots returned by email or fax may be handled by the DoD in some cases. Those overseas voters using the system sign a waiver of their right to a secret ballot. However, it is one thing for a voter's ballot to be sent directly to their local election official; it is another for a soldier's ballot to be sent to and handled by the DoD -
who is, after all, the soldier's employer.
Please help us circulate the document.