NIST: Internet voting not yet feasible. (And neither are email and fax voting)

The National Institute of Standards and Technology (NIST) in response to an inquiry, summarized the risks of Internet voting <read>

Internet voting is not yet feasible, researchers from the National Institute of Standards and Technology have concluded. ”Malware on voters’ personal computers poses a serious threat that could compromise the secrecy or integrity of voters’ ballots,” said Belinda Collins, senior advisor for voting standards within NIST’s information technology laboratory, in an May 18 statement. ”And, the United States currently lacks an infrastructure for secure electronic voter authentication,” she added. Collins released the statement in response to an inquiry from Common Cause, a Washington, D.C. nonprofit active in campaign finance and election reform.

“This statement should serve as a blunt warning that we just aren’t ready yet and proves that we can’t trust the empty promises of ‘secure Internet voting’ from the for-profit vendors,” said Susannah Goodman, head of Common Cause’s Voting Integrity Project. ”We urge election officials and state and federal lawmakers to heed NIST’s warning and step back, support further research and STOP online voting programs until they can be made secure,” Goodman added…

The statement is based on two NIST reports:

This 2011 report  Strongly articulates the many risks of Internet voting and the slight mitigations available. It references an earlier report that explains the risks of all types of electronic transmission of voted ballots. Perhaps email voting and fax voting were sufficiently covered in the early report that it was not necessary to spell that out in more detail than the earlier report:

In December 2008, NIST released NISTIR 7551, A Threat Analysis on UOCAVA Voting Systems [3], which documents the threats to UOCAVA voting systems using electronic technologies for all aspects of overseas and military voting. NISTIR 7551 considered the use of postal mail, telephone, fax, electronic mail, and web servers to facilitate transmission of voter registration materials, blank ballots, and cast ballots. It documented threats and potential high-level mitigating security controls associated with each of these methods. The report concluded that threats to the electronic transmission of voter registration materials and blank ballots can be mitigated with the use of procedures and widely deployed security technologies. However, the threats associated with electronic transmission, notably Internet-based transmission, of cast ballots are more serious and challenging to overcome and the report suggested that emerging trends and developments in that area should continue to be studied and monitored.

Here is that earlier report:

Voted ballot return: Sending completed ballots from UOCAVA voters to local election officials can be expedited through the use of the electronic transmission options. However, their use can present significant challenges to the integrity of the election. Use of fax poses the fewest challenges, however fax offers limited protection for voter privacy. While the threats to telephone, e-mail, and web can be mitigated through the use of procedural and technical security controls, they are still more serious and challenging to overcome.

Sadly the CT Legislature passed a bill this year the included email and fax voting, without hearings. The Governor is considering vetoing that bill which may be unconstitutional and risks democracy in the name of soldiers who are dedicated to preserving that democracy.


Leave a Reply

You must be logged in to post a comment.