Sunday, November 8, 2009

Internet Voting Too Dangerous -ESPECIALLY for Our Military

Our overseas troops need help voting, and while internet voting sounds like a good idea, even a pilot is too dangerous to consider in this new age of Cyber Warfare. We cannot ask our troops to put their personal safety at risk by the act of casting a ballot. We must carefully ask - what problem are we trying to solve, exactly and how do we solve it?

"An overwhelming majority of military and overseas voters did not return ballots to the United States in 2006, costing local election offices staff time and money" Greensboro N-R.
Seeking to remedy that, congress passed a law that contains "pilots" allowing for internet voting for our military. The pilot is in the Federal Military and Overseas Voter Empowerment Act, (Move) in Section 589. The Federal Voting Assistance Program (FVAP) will oversee the program. FVAP sent a letter to all 50 states election offices with a 2010 legislative agenda that recommends states adopt internet voting pilot programs for military. Unfortunately, legislatures in Alabama, Colorado, and Massachusetts are taking action to participate in the internet voting pilots for military. Additionally Franklin County Washington officials wish to participate and ultimately have full blown internet voting and eliminate the state's paper ballot requirement.

The problem is that Internet voting cannot yet be made secure and opens our elections and troops to cyber warfare. And internet voting opens up the troops' ballots and the personal information on them, as well as possibly exposing troop location. It also does not solve the real problem identified by the Pew Foundation in the report
No Time to Vote and creates many new problems.

The national Verified Voting Foundation lists several serious technical and non technical issues that have to be addressed BEFORE any internet voting pilots are implemented. See excerpt of Verified Voting's statement signed computer technologists:

Computer Technologists’ Statement on Internet Voting

...Several serious, potentially insurmountable, technical challenges must be met if elections conducted by transmitting votes over the internet are to be verifiable.

A partial list of technical challenges includes:
• The voting system as a whole must be verifiably accurate in spite of the fact that client systems can never be guaranteed...
• There must be a satisfactory way to prevent large-scale or selective disruption of vote transmission over the internet....
• There must be strong mechanisms to prevent undetected changes to votes, not only by outsiders but also by insiders...
• There must be reliable, unforgeable, unchangeable voter-verified records of votes that are at least as effective for auditing as paper ballots, without compromising ballot secrecy....
• The entire system must be reliable and verifiable even though internet-based attacks can be mounted by anyone, anywhere in the world...

...Before these conditions are met, “pilot studies” of internet voting in government elections should be avoided, because the apparent “success” of such a study absolutely cannot show the absence of problems that, by their nature, may go undetected. Furthermore, potential attackers may choose only to attack full-scale elections, not pilot projects.

Still want to try Internet Voting? Think twice about it:

Hackers cracked military systems and cut mains power
10th November 2009 ...Jim Lewis, director of the Center for Strategic and International Studies, who prepared a report on cyber security for President Obama. Lewis claims that in 2007 an unknown foreign power penetrated "all of the high tech agencies" including the Department of Defense and "probably the NSA". The attackers downloaded terabytes of data.

This time last year, an attacker was able to access US military
computer systems that were directly involved in war operations in Afghanistan and Iraq. This access allowed the perpetrator to spy and potential control systems. They were, in the words of Lewis, "part of the American military command."

Cyber attacks traced to N. Korea
The Associated Press Friday Oct 30, 2009 SEOUL, South Korea — The North Korean government was the source of high-profile cyber attacks in July that caused Web outages in South Korea and the United States, news reports said Friday.

Oct 22, 2009: *The Commission has approved for public release a contracted report entitled: Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.The government of the People’s Republic of China (PRC) is a decade into a sweeping military modernization program that has transformed its ability to fight high tech wars. [Read THE PDF REPORT

Preparing for cyber warfare The scramble for position on a new, global battlefield has begun, but it's not clear yet if state secrets, financial data and privacy can be defended...But, in truth, cyber spying is equal opportunity and has an amazing wealth of targets to go after.

Security expert: no way to secure Internet voting WBBM Newsradio 780 CHICAGO (WBBM) -- An Internet security expert says there's no way Internet voting can reliably replace paper ballots to ease the expense of election day.John Hopkins University computer science professor Avi Rubin spoke one day after Lake County, Ind., sat out a transit referendum because county commissioners didn't have a spare half million dollars to fund the election....The ultimate problem, he says, is one of authentication: there's just no guaranteed way to tell who is who at either end of the voting connection.Rubin says banking transactions are fine on the Internet because there's a back-office trail that can always be followed. But he says there's no secure way to ensure whether the person casting or counting a private ballot, is who they claim to be

6. : Computer Technologists'
statement on internet voting

A comment on the May 2007 DoD report on Voting Technologies for UOCAVA Citizens (pdf)
David Jefferson, Avi Rubin, Barbara Simons
In 2003 the Department of Defense engaged our services to review its SERVE Internet voting project. The project was subsequently killed because of the numerous and fundamental security problems with it that we documented in a report we issued in 2004 ( ).
We are concerned that this new report appears to be trying to persuade readers that SERVE was a successful project and that Internet voting can be made safe and secure. Unfortunately, it does not accurately reflect the degree of concern that we and
many others have expressed about Internet voting....

Finnish Internet voting election thrown out by court
In this election, which is referred to in the article as an "e-voting" election but was actually an Internet voting election, 2% of all ballots (232 ballots) were simply lost, unrecoverably, by the voting system. A lower court had accepted the loss of 2% of the ballots as an acceptable error, even though the lost ballots would almost certainly have affected who won and who lost municipal seats since they are frequently decided by 1 or 2 votes.

Internet voting doesn't address the real problem anyway. According to the Overseas Vote Foundation:
"The number one reason that many overseas and military citizens are unable to vote is missed registration and ballot request deadlines."


In North Carolina, the State Board of Elections has come up with a simple way to address this issue of registering military, updating their registrations when they move and getting them the right ballots. On Oct 8, 2009 the NC State Board of Elections
sent a letter to Robert Gates, Secretary of DOD enlisting their cooperation. An excerpt:

"I request that the Department of Defense, in its operation of military pay/personnel offices in North Carolina, agree to be designated as a voter registration agency. This designation would allow military citizens helped by your agency to be offered the same voter registration services given by state and county public services agencies to the persons they serve. "
This idea makes sense and should work. Govt agencies are very good at voter registration when they try. We saw this when North Carolina enforced Section 7 of the Voting Rights Act more vigorously in 2008, resulting in government agencies assisting increased numbers of their clients in registering to vote.

We can also enact some of FVAP's 2010 Legislative Initiatives:

  • expand the use of the Federal Write-In Absentee Ballot,
  • removel of notarization and witnessing requirements, and
  • enfranchise the overseas voting age children of U.S. citizens who are eligible to vote under UOCAVA.
  • allow faxing or emailing blank ballots to troops - but never fax/email voted ballots

With those four FVAP initiatives, plus having the DOD assist troops with voter registration issues and voting, we can greatly improve the military franchise while protecting the secrecy and security of their votes.

Our troops deserve a secure, accurate, auditable ballot that they may cast in secret. They should not be asked to put their own personal security at risk in order to vote. Internet voting cannot be done safely at this time. Internet voting should be the last resort after solving all the other problems which hinder prompt return of ballots, not the first.

Lawmakers and policy makers can learn more about improving the military voter franchise as well as risks of internet voting from the national organizations Verified Voting and the Overseas Vote Foundation

About us: The North Carolina Coalition for Verified Voting is a grassroots non-partisan organization fighting for clean and verified elections. We study and research the issue of voting to ensure the dignity and integrity of the intention of each voting citizen. The NC Voter Verified Coalition has consistently fought for increasing access, participation and ensuring the voter franchise. Contact Joyce McCloy, Director, N.C. Coalition for Verifiable Voting (ph)336-794-1240

Sign up to receive email updates from our blog at