Internet Voting Revisited: Security and Identity Theft Risks of the DoD’s Interim Voting Assistance System (PDF; 123 KB)
Source: David Jefferson, Avi Rubin, Barbara Simons, and David Wagner (external peer review panel for SERVE, DoD’s Secure Electronic Registration and Voting Experiment)

In 2004 the Defense Department Federal Voting Assistance Program (FVAP) built and intended to deploy a voting system called SERVE, the Secure Electronic Registration and Voting Experiment, designed to help military personnel and overseas civilians to register and vote in the primary and general elections of that year. As members of an external peer review panel for SERVE, we published a report entitled “A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE),” available at http://servesecurityreport.org. In the report we identified a large number of security risks and vulnerabilities, including denial of service attacks, insider attacks, viral attacks on voters’ PCs, and many others. Shortly after publication of the report, the DoD terminated the program, citing security concerns.

We recently learned that FVAP has created a new online system, the Interim Voting Assistance System (IVAS). IVAS has a similar mission, namely to aid military personnel and overseas civilians to register and vote in the coming November 7 general election. In this short paper we present our serious concerns about the security issues posed by this new system.

This entry was posted on Monday, November 6th, 2006 at 3:56 pm and is filed under Documents in the news, Military and defense, Political process, Privacy, Technology. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.