Brad Blog had a story yesterday that I hadn't seen diaried on Daily Kos, and I think it deserves some attention.
When American soldiers vote in the upcoming election, they will be using a brand new, untested internet voting system.
IVAS was announced to the public only last month (September), and has been designed and built only over the last several months, an extremely short time for a system of this complexity and importance. The current system has never been used in a public election before (not even in a primary), and has not been subject to any publicly available external security examination. The technical specifications have not been made publicly available.
A recent report outlines some of the possible threats:
1. Tool One exposes soldiers to risks of identity theft. Sending personally identifiable information via unencrypted email is considered poor practice. No bank would ask their customers to send SSNs over unencrypted email, yet Tool One does exactly that. This problem is exacerbated by potential phishing attacks.
2. Returning voted ballots by email or fax creates an opportunity for hackers, foreign governments, or other parties to tamper with those ballots while they are in transit. FVAP's system does not include any meaningful protection against the risk of ballot modification.
3. Ballots returned by email or fax may be handled by the DoD in some cases. Those overseas voters using the system sign a waiver of their right to a secret ballot. However, it is one thing for a voter's ballot to be sent directly to their local election official; it is another for a soldier's ballot to be sent to and handled by the DoD -
who is, after all, the soldier's employer.
There are hundreds of thousands of soldiers deployed around the world. Stealing their votes could be enough to decide who is in the majority in the House and Senate. How can we protect ourselves against this?
Link