[IP] a new DoD Internet voting scheme
Begin forwarded message:
From: Barbara Simons <simons@xxxxxxx>
Date: October 25, 2006 1:23:21 PM EDT
To: Dave Farber <dave@xxxxxxxxxx>
Cc: info@xxxxxxxxxxxxxxxxxxxxxxx
Subject: a new DoD Internet voting scheme
Dear Dave,
PLEASE CIRCULATE:
My colleagues David Jefferson, Avi Rubin, David Wagner and I have
just released a short paper about the government's IVAS system that
involves absentee voting using email and fax and ballot distribution
over the Internet. See
http://servesecurityreport.org/ivas.pdf
We wanted to bring this to your attention because we believe this
system poses significant risks, as described in this excerpt from our
article:
In summary, we see three main risks:
1. Tool One exposes soldiers to risks of identity theft. Sending
personally identifiable information via unencrypted email is
considered poor practice. No bank would ask their customers to send
SSNs over unencrypted email, yet Tool One does exactly that. This
problem is exacerbated by potential phishing attacks.
2. Returning voted ballots by email or fax creates an opportunity for
hackers, foreign governments, or other parties to tamper with those
ballots while they are in transit. FVAP's system does not include
any meaningful protection against the risk of ballot modification.
3. Ballots returned by email or fax may be handled by the DoD in some
cases. Those overseas voters using the system sign a waiver of their
right to a secret ballot. However, it is one thing for a voter's
ballot to be sent directly to their local election official; it is
another for a soldier's ballot to be sent to and handled by the DoD –
who is, after all, the soldier's employer.
Regards,
Barbara Simons
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/