Internet Voting Revisited: Security and Identity Theft Risks of the DoD’s Interim Voting Assistance System, by David Jefferson, Avi Rubin, Barbara Simons, and David Wagner.
From Avi Rubin’s blog, a summary of the risks of the new system:
“Tool One exposes soldiers to risks of identity theft. Sending personally identifiable information via unencrypted email is considered poor practice. No bank would ask their customers to send SSNs over unencrypted email, yet Tool One does exactly that. This problem is exacerbated by potential phishing attacks.
Returning voted ballots by email or fax creates an opportunity for hackers, foreign governments, or other parties to tamper with those ballots while they are in transit. FVAP’s system does not include any meaningful protection against the risk of ballot modification.
Ballots returned by email or fax may be handled by the DoD in some cases. Those overseas voters using the system sign a waiver of their right to a secret ballot. However, it is one thing for a voter’s ballot to be sent directly to their local election official; it is another for a soldier’s ballot to be sent to and handled by the DoD who is, after all, the soldier’s employer.”
Sorry, comments are closed for this post.