NIST finds security problems with overseas e-voting

Efforts to allow members of the U.S. military and other overseas voters cast ballots by e-mail or on the Internet face serious security problems, according to a new U.S. government report.

Even though voting by standard mail has its own problems, the report, from the U.S. National Institute of Standards and Technology (NIST), says that electronic transmission of completed ballots, also including telephone and fax, "present significant challenges to the integrity of the election."

The U.S. Department of Defense experimented with Internet voting in 2003, but dropped a pilot program the next year after security concerns surfaced. A handful of states have experimented with Internet voting, including Florida and Alabama in 2008, prompted by concerns about military mail ballots not being delivered in time to be counted.

The Help America Vote Act of 2002 (HAVA) requires the U.S. Election Assistance Commission (EAC) to study methods of overseas voting, and the NIST report is part of that effort. "IT security is an important aspect of this issue, so EAC asked NIST to conduct a study that would explore the security threats associated with potential electronic technologies for overseas voting, and identify possible ways of mitigating the threats," said Nelson Hastings, co-author of the report.

The NIST report says it's relatively safe to transmit unfilled ballots by fax or e-mail or put them on the Web, but sending filled-in ballots by those methods present problems with security or privacy.

Voting by telephone would require PINs, and PINs can be lost or stolen, the report says. In addition, telephone calls can be tapped, especially VoIP (voice over Internet Protocol) calls, the report says.

Fax transmissions can be relatively secure, but faxed ballots may be left unattended "for several hours," the report says. "Fax machines would likely be left in a room at the election office receiving faxes throughout the day," the report says. "This gives would-be attackers time to view sensitive personal information or destroy valid registration forms."

E-mail can be intercepted or blocked, the report adds. "E-mail does not provide any guarantee that the intended recipient will receive the message," the report says. "An attack on DNS [Domain Name System] servers could route e-mails to an attacking party. This would not only result in voter disenfranchisement, but also the loss of sensitive voter information."

While there are no reports of such an attack being successful, a recent vulnerability was discovered in DNS servers that could have been used to create such an attack, the report says.

There are also a number of less sophisticated attacks that could disrupt e-mail voting, the report says. "A denial-of-service attack could flood election officials with a massive number of fraudulent e-mails," the report says. "The number of e-mails could quickly overwhelm the election official’s e-mail server, preventing legitimate registration forms from reaching election officials."

The IDG News Service is a Network World affiliate.