Internet Voting Revisited:
Security and Identity Theft Risks of the DoD’s
Interim Voting Assistance SystemDavid Jefferson, Avi Rubin, Barbara Simons, and David Wagner
info@servesecurityreport.org
October 25, 2006
We recently learned that FVAP has created a new online system, the Interim Voting Assistance
System (IVAS). IVAS has a similar mission, namely to aid military personnel and overseas
civilians to register and vote in the coming November 7 general election. In this short paper we
present our serious concerns about the security issues posed by this new system.
None of these security concerns is original; all were raised in a DoD internal review, discussed
below.
Risks.
In summary, we see three main risks:
1. Tool One exposes soldiers to risks of identity theft. Sending personally identifiable
information via unencrypted email is considered poor practice. No bank would ask
their customers to send SSNs over unencrypted email, yet Tool One does exactly
that. This problem is exacerbated by potential phishing attacks.
2. Returning voted ballots by email or fax creates an opportunity for hackers, foreign
governments, or other parties to tamper with those ballots while they are in transit.
FVAP's system does not include any meaningful protection against the risk of ballot
modification.
3. Ballots returned by email or fax may be handled by the DoD in some cases. Those
overseas voters using the system sign a waiver of their right to a secret ballot.
However, it is one thing for a voter's ballot to be sent directly to their local election
official; it is another for a soldier's ballot to be sent to and handled by the DoD – who
is, after all, the soldier's employer.
http://servesecurityreport.org/ivas.pdf