DOD gives Internet balloting another try

New features put service members in touch with elections officials in their home districts

Federal Voting Assistance Program

The Defense Department is testing a new program that delivers ballots and registration materials via the Internet to service members deployed overseas. But experts and critics have assailed the program’s implementation and lack of security. Four outside computer security experts, led by David Wagner of the University of California at Berkeley, found that the system is vulnerable to identity theft and hackers.

DOD first used the Interim Voting Assistance System (IVAS) in 2004. It has updated the system with two new features that connect overseas military employees to local elections officials in their home districts. The features rely on a secure messenger service developed by DOD’s Federal Voting Assistance Program.

The first new feature lets service members fill out voter registration cards and e-mail them to local elections officials, who then send electronic ballots via e-mail. A second new feature saves registration information on a secure DOD server, which allows an elections official to pick up that information and drop off PDF ballots. Even if service members use the new features, they still must send their completed votes by traditional mail, officials said.

The computer scientists who evaluated the IVAS system published a report in October stating that DOD has not tested IVAS in previous elections and that the department has not published an outside security evaluation. “In such a system, there is no way to provide effective oversight and no provision for outside observers,” the experts wrote.

In 2004, Wagner’s group criticized security features of DOD’s Secure Electronic Registration and Voting Experiment program. DOD subsequently canceled the program.

An internal DOD report also criticized the IVAS system. In August, the department prepared an internal evaluation that faulted the system for transmitting voter information via unsecured e-mail. Such traffic “is easily monitored, blocked and subject to tampering,” according to the internal report. “The publication of e-mail addresses of voting officials subjects those offices to attack, effectively blocking votes.”

In 2004, only 108 counties participated in IVAS, and 17 voters downloaded ballots, the DOD report states. The report adds that the required identity information includes service members’ names, Social Security numbers and dates of birth — all forms of identification that identity thieves can easily steal.

David Chu, undersecretary of Defense for personnel and readiness, defended the system at a Sept. 28 Senate Armed Services Committee hearing. “There is no perfect security system, and so we believe that e-mail is reasonably secure for these purposes,” he said.

Chu testified that DOD’s role is limited to expanding access to voter procedures and educating service members about local regulations. “Voting in the United States is ultimately a local responsibility,” he said.

State officials, such as Deborah Markowitz, Vermont’s secretary of state and president of the National Association of Secretaries of State, praised the initiative but said that better communication between DOD and local officials is crucial to its future success. The updated IVAS system was completed in August and implemented by DOD’s Business Transformation Agency in only three weeks.

Markowitz said local rules will continue to hamper the program. For example, Vermont requires voters to take an oath during registration in the presence of a notary, which is impossible to do electronically, she said.

Rep. Holt blasts DOD’s e-ballot initiativeRep. Rush Holt (D-N.J.) said he believes the Defense Department is putting service members’ right to a secret vote in jeopardy with its new plan for Internet voting.

In a Nov. 2 letter to Defense Secretary Donald Rumsfeld, Holt said DOD’s Interim Voting Assistance System (IVAS) might do more harm than good because soldiers must sign a waiver of their right to a secret ballot in order to use it. Warfighters should not feel that their employer is privy to their voter information, he said.

Holt said he also believes the program exposes soldiers to vote tampering and identity theft by failing to protect sensitive information. “No bank would ask their customers to send Social Security numbers over unencrypted e-mail, yet the IVAS does exactly that,” he wrote.

— Josh Rogin

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group