New military Evoting lacks security, critics say

An electronic system set up last month by the U.S. Department of Defense to help overseas soldiers and other military personnel and contractors cast ballots in U.S. elections lacks security safeguards, critics say.

The department’s Federal Voting Assistance Program (FVAP) launched a Web site on Sept. 1 to help military personnel and civilian employees access voting information and local ballots.

The program, dubbed the Integrated Voting Alternative Site (IVAS), provides instructions for personnel on how to submit local ballots by fax machine or e-mail, said J. Scott Wiedmann, deputy director of FVAP. The ballots are not directly cast by the agency for security reasons, he said.

Wiedmann noted that the program does not provide encryption for e-mailed ballots.

The site also lets personnel download a Federal Post Card Application (FPCA) form that can be filled out to request an absentee ballot from local elections officials, Wiedmann said.

David Wagner, a professor of computer science at the University of California, Berkeley, said submitting ballots via e-mail or fax presents myriad security problems.

For example, he said, unencrypted e-mails can be intercepted and read by others. Wagner also noted that the FPCA form requires the voter’s date of birth and Social Security number, which means soldiers face the risk of identity fraud by sending the form via fax or e-mail.

“No self-respecting bank would tell me to e-mail them my bank account number and Social Security number over unencrypted e-mail,” said Wagner. The IVAS system ought to provide the requisite secure communications, he said.

Wiedmann said that the IVAS site offers Secure Sockets Layer encryption and that it warns voters of e-mail security concerns. He also noted that the site warns that votes may be viewed by those collecting the data.

“It’s more important to these voters that they participate in the vote than in maintaining secrecy,” he said.