Pentagon pushed email voting for troops despite security concerns

Greg Gordon

WASHINGTON (MCT) — Counties in 31 states are accepting tens of thousands of electronic absentee ballots from U.S. soldiers and overseas civilians, despite years of warnings from experts that Internet voting is easy prey for hackers.

Some of the states made their technological leaps even after word spread of an October 2010 test of an Internet voting product in Washington, in which a team of University of Michigan computer scientists quickly penetrated the system and directed it to play the school’s fight song.

The Michigan team reported that hackers from China and Iran also were on the verge of breaking in. Election watchdogs, distraught over what they fear is a premature plunge into Internet voting, put most of the blame on an obscure Defense Department unit that beckoned state officials for 20 years, in letters, legislative testimony and at conferences, to consider email voting for more than 1 million troops and civilians living abroad.

The Pentagon’s Federal Voting Assistance Program persisted in its below-the-radar pitch even after Congress refused to endorse any form of Internet-related voting, delegating that responsibility largely to the National Institute of Standards and Technology in 2005.

Seven years later, the national institute still says more research is needed. Congress balked after Deputy Defense Secretary Paul Wolfowitz scrapped a live demonstration planned for the 2004 presidential election because of security concerns.

Election officials from Mississippi to Washington state who’ve embraced email and fax voting say that it’s worth a small risk to protect troops’ voting rights, and that hackers also could attack other types of electronic voting widely used at U.S. polling places, such as digital and optical scanners. But most states have begun requiring verifiable paper trails for those systems, an option that is difficult to incorporate in Internet voting, and which compromises privacy.

It’s unclear to what degree the tiny Pentagon program influenced states to pass a flurry of laws permitting Internet-related voting, but the Federal Voting Assistance Program and its recently departed chief, Robert Carey, are drawing fire for allegedly overstepping their mission. David Jefferson, a computer scientist at California’s Lawrence Livermore National Laboratory — who calls email and fax transmission “by far the most dangerous forms of voting ever implemented in the U.S.” — said the Pentagon program’s and Carey’s advocacy “have done grave damage to U.S. national security, and it will be very difficult to undo it.”

Jefferson, who doesn’t work on ballot security issues at Lawrence Livermore but has studied them for a decade and is on the board of the Verified Voting Foundation, an election watchdog group, said that partisan, criminal or foreign hackers could alter emailed or faxed votes in several ways. For example, he said, they could intercept ballots as they hop from server to server and _ without detection _ transform losers into winners. Or “malware” could sit silently on a voter’s computer until he sends his ballot, which it could instantly divert to the malware designer for modification before it reaches election officials.

Susannah Goodman, director of government watchdog Common Cause’s voting integrity project, said the Federal Voting Assistance Program leadership’s advocacy was “irresponsible,” given the security warnings.

“State lawmakers and election officials trusted FVAP, thinking that the Department of Defense wouldn’t support online voting for the troops if it wasn’t secure,” she said.

Carey, a former Navy pilot and Senate Republican aide who became something of a crusader for upgrading the military’s “1950s-style, paper-and-pen” voting during his three-year tenure that ended in July, rejected the criticism.

“I don’t believe that I was an evangelist for the electronic return of the voted ballot,” he said. “I was not going to stand in the way of election jurisdictions who wanted to pursue full Internet voting on their own authority.”

He called Jefferson a zealot who wants no zero risks in electronic voting but “ignores the fact that 200,000 to 250,000 military voters are unable to successfully cast their ballots,” a reference to what the military turnout would be if it matched that of other voters.