Common Cause Kentucky and Verified Voting: Kentucky House Members Must Act to Protect the Votes of our Troops

Despite Claims of Online Voting System Vendors, House Vote Today Risks the Security of Overseas Military Ballots

As the Kentucky House prepares today to vote on SB 1, a bill designed to make voting easier for overseas Kentuckians and military personnel, Pamela Smith, president of Verified Voting, a national nonpartisan group dedicated to protecting our elections in the digital age, and Richard Beliles of Common Cause Kentucky, issued the following statement:

“We urge House members to assess the dangers of Internet voting with clear eyes. Far from protecting the votes of our troops, allowing the ballots of overseas voters to be cast via Internet places those votes at risk to hacking and tampering – at a time when we are learning more and more about the extent of penetration of the Chinese and others into our nation’s networks.

Internet voting is the least secure form of voting, and those who claim that current voting systems use high standards of encryption and protection ignore the technological reality that there is no current system that is safe from penetration.

The goals behind SB 1 are laudable, as is the intention behind the push to make voting more accessible for our troops. But the dangers of Internet voting are such that, in an attempt to strengthen voting rights for military members, the House runs the risk of imperiling that right instead.

We urge the House to pass SB 1 without provisions that allow the return of voted ballots electronically.”

Fact and Fiction About Electronic Voting

1. Fiction: Internet voting systems are impenetrably, or absolutely secure.

Fact: Those who claim that Internet voting systems are secure are not national security experts. They are vendors of online voting systems, who are marketing their products to election officials around the country, making promises of security, voter authentication and verifiability. Their claims have not been subject to publicly reviewable tests or any type of government certification.

The National Institute of Standards and Technology (NIST) is the federal agency responsible for studying and evaluating Internet voting security. For years NIST has studied and evaluated the security tools available to protect voted ballots traveling over the Internet. It has looked deeply at what can and cannot be done to safeguard online ballots and prevent successful attacks. NIST has published several reports on its findings and last year it issued a statement which summarized its work and conclusions to date. NIST advised that with the security tools currently available, secure Internet voting is not “feasible”[1] and more research is needed before the security challenges can be overcome. Any claim by a vendor that it has developed a secure Internet voting system is in direct contradiction to NIST’s best assessment after years of research and analysis.

2. Fiction: Email voting is not Internet voting.

Fact: There is a common misunderstanding that returning voted ballots by email or digital fax is not voting over the Internet. Email and digital faxes both travel over the Internet and are subject to attacks, deletion or tampering. Any time a voted ballot is transmitted by email, digital fax or an Internet voting portal, those ballots travel over the Internet and are subject to tampering or deletion by attackers anywhere in the world.

3. Fiction: Dozens of states already allow voting over the Internet and there have been no successful hacks.

Fact: While it is true many states have allowed online voting, any assumption that their systems are secure and have not been compromised is unproven. Skilled hackers are able to breach systems and erase any trace of their actions, so there is no way to know if these systems have been infiltrated and compromised. It has been estimated that most network hacks are not detected for more than a year. Just because states have not identified a cyber attack on an online voting systems doesn’t mean it was not compromised, or won’t be in future elections.

4. Fiction: Internet voting systems travel over secure Department of Defense networks.

Fact: Even for military voters, the Internet voting systems available today do not utilize a DoD network. Any systems used today connect to the public Internet and are subject to attack from hackers anywhere in the world. Some vendors claim or allude to using private systems that are separate from the public Internet. But even virtual private systems still rely on the public Internet and are vulnerable.

5. Fiction: Internet voting systems in use today have been approved by the Department of Defense.

Fact: Vendors have boasted that their systems have been purchased by the Department of Defense. The implication is that the Department of Defense endorsed use of these systems for online voting. This is inaccurate. The Department of Defense has purchased some of these systems to deliver blank ballots online only, but not to transmit (return) the voted ballots. The federal government did not intend these systems to be used to transmit voted ballots over the Internet because of the unsolved security risks.[2]

6. Fiction: Internet voting systems can provide secure voter authentication. Or, online voting systems utilize military CAC cards.

Fact: Vendors have made claims that their systems can authenticate voters’ identities however voter authentication over the Internet remains an unsolved problem. As NIST concluded, “the United States currently lacks a public infrastructure for secure electronic voter authentication.”[3] And while the use of CAC card could, someday, provide reliable voter authentication, it is unclear if any Internet voting system available today is able to incorporate the use of the CAC card. According to NIST, the use of the CAC card is difficult and expensive to deploy with technology available and does not cover non-military UOCAVA voters.[4]

7. Fiction: Internet voting systems can be checked for accuracy.

Fact: Vendors often claim that their systems can be audited, but it is impossible to conduct a meaningful audit of ballots sent over the Internet with today’s technology. Attacks can alter a voter’s ballot without his or her knowledge, just as attacks on banking systems that transfer funds without the account owner’s permission are undetectable.[5] These attacks would also be imperceptible to the vendor or election official, and because we vote by secret ballot, it is virtually impossible to conduct a meaningful audit of an election in which ballots are transmitted over the Internet. According to NIST, “ensuring remote electronic voting systems are auditable largely remains a challenging problem, with no current or proposed technologies offering a viable solution.”[6]

[1] http://www.nist.gov/itl/vote/uocava.cfm

[2] According to Department of Defense communication to Congress regarding its purchase of online balloting systems from Everyone Counts and others, the systems were purchased to deliver blank ballots online, allow a voter to mark the ballot and then print the ballot for return by mail; the systems are not to be used to send the voted ballot back over the Internet. The communication reads “[t]he voter will be able to mark the ballot with all selected candidates,[ .] and then print the ballot with State specific casting instructions and pre-addressed envelope for the voter to print out with a hard copy, sign with a wet signature and return by postal mail. These systems are the same as the front end of what a voter would experience in a full internet voting system. The [system] stops the online process at the online marking of the ballot and supports the postal return of a hard-copy, “wet” signature ballot.” http://comptroller.defense.gov/defbudget/fy2012/budget_justification/pdfs/03_RDT_and_E/DHRA.pdf

[3] http://www.nist.gov/itl/vote/uocava.cfm

[4] NIST 7770 “Security Considerations for Remote Electronic UOCAVA Voting ” http://www.nist.gov/itl/vote/upload/NISTIR-7700-feb2011.pdf

[5] However, in the case of funds stolen through malicious software in the user’s computer, the lost funds may be recoverable because of Federal laws limiting retail banking losses. These limits do not apply to commercial bank accounts.

[6] Ibid.