Online Voting Lacks Security: Traditional Ballots Remain The Standard

Nevada’s election chief says the state’s much-ballyhooed new system for electronically delivering absentee ballots to troops and other citizens overseas isn’t an “online” voting system, even if it offers those abroad the option of emailing marked ballots to county clerks.

But his boss, Nevada Secretary of State Ross Miller, described the system differently in testimony to Congress last year, boasting that it would allow voters abroad “to request, mark and deliver a ballot to their county without the need of a printer or a scanner.”

The office of Pentagon Inspector General John Rymer is taking a hard look at systems like Nevada’s to see whether they’re violating a prohibition on the use of Defense Department grant money to create online voting systems, a spokeswoman for Rymer said. The prohibition was spurred by concerns that those systems are vulnerable to hackers.

Republican Rep. Joe Wilson of South Carolina, chairman of a House Armed Services subcommittee on military personnel, and the panel’s ranking Democrat, California Rep. Susan Davis, wrote to Rymer last June requesting “a full and thorough investigation” to determine whether they’re designed to return votes electronically.

So far, the Inspector General’s office said, Rymer has ordered only an “assessment” of whether grant recipients are skirting the rules; a review not previously disclosed.

At Wilson’s and Davis’ request, the inspector general’s office also is examining how an obscure Pentagon unit, whose task is to facilitate absentee voting overseas, spent $85 million in research funding from 2009 to 2013, Rymer’s office said.

The Pentagon’s Federal Voting Assistance Program gave much of that money in grants to states and counties for voting system upgrades in what has become a race to capitalize on technology that makes it easier for troops stationed overseas to cast their ballots. About 30 states, most of which received grants from the program, have developed some form of online voting.

The problem is that numerous cybersecurity experts warn that votes cast over the Internet, including through email, are vulnerable to vote tampering or even large-scale schemes to rig elections. Another drawback is that they do not create a verifiable paper trail in the event of a recount, as do many state electronic voting systems.

When Hurricane Sandy battered New Jersey eight days before the 2012 election, an emergency order by New Jersey’s secretary of state allowing voters to email or fax their ballots broke a state law barring Internet voting and “made voting severely vulnerable,” a new report by the Constitutional Rights Group at Rutgers University’s law school concluded.

In 2004, Congress stopped Pentagon funding for online voting until the National Institute of Standards and Technology concluded it was secure. The agency has yet to issue an all-clear signal, stating in 2012 that secure Internet voting is not yet feasible.

Some states have seemed to ignore the red light, and the Voting Assistance Program under its former director, Bob Carey, was accused of encouraging the allegations Carey has denied.

Dr. Joseph Patten, Chair of the Department of Political Science and Sociology said that if a shift to online voting isn’t the case, California has devised a voting system that could impact voter turnout.

The program said Friday that “there is no directive from Congress that expressly prohibits online voting” until the National Institute of Standards and Technology “signs off,” but that it has “expressly” barred use of grant money for that purpose because of the lack of federal security standards.

Dr. Stephen Chapman, associate professor of political science, said, “There are too many problems associated with verification and possible fraud or manipulation of the outcome. Especially in the current political context when many states are trying to push for voter identification laws in the name of voter fraud (although there are partisan motivations as well), it is doubtful any state would consider moving to online voting. “

Voting system vendors and a number of states easily circumvented its initial prohibition, imposed in 2012, on use of grant money to electronically return marked ballots. It cost nothing to email the ballots or little for states to buy an added feature providing for their electronic return.

After voting integrity groups protested and members of Congress took interest, new leaders of the Voting Assistance Program incorporated tougher language in grants awarded since last year. Applicants now are required to certify that they not use grant money “to develop a system for the electronic return of a marked ballot” nor “use the system components developed with grant funds after the award ends” for casting ballots electronically.

Even so, Miller, a Democrat who is now running for Nevada attorney general, told Congress in November 2013 that his state’s system copies one in Montana and is designed to “facilitate” the online return of a ballot.

Developed in-house with a $386,500 Pentagon grant, it uses troops’ encrypted Common Access Cards for security and allows them to use an electronic digital signature to register, obtain and sign absentee ballots, which they can either send via their own email accounts or print and mail to county clerks.

John Sebes, chief technology officer for the California-based Open Source Election Technology Foundation, said that email is “the most convenient and least secure transport mechanism,” and that there are multiple ways for hackers to tamper with the process.

However, Scott Gilles, who runs the Election Division in Miller’s office, said officials of the Voting Assistance Program approved the system and that it is “well within the boundaries of the law as well as the boundaries of the grant.” Program officials said that Nevada’s system is in compliance.