NIST Report Identifies Security Threats, Possible Controls for Overseas Voting
From NIST Tech Beat: December 23, 2008
Electronic technologies could be deployed immediately and reliably to augment slower postal mail for distributing ballots to U.S. citizens living abroad, but using telephone, e-mail, and the Web to transmit completed ballots still faces significant, unresolved issues, according a new report* released today by the National Institute of Standards and Technology (NIST).
Funded by the Election Assistance Commission (EAC), the new NIST report provides the first wide-ranging look at the security threats associated with potential electronic technologies for overseas voting and identifies possible ways of mitigating these threats. The need to verify that each completed ballot comes from a registered voter while preserving voter privacy and to ensure that the ballot has not been changed in transit makes the threats to the return of voted ballots by e-mail and Web “difficult to overcome,” according to the study.
The report discusses how postal mail and four electronic transmission options (telephone, fax, e-mail, and Web sites) could be used in the overseas voting process. It identifies issues and threats associated with using these methods to register voters, distribute blank ballots and return voted ballots. In addition, the report suggests control measures, such as cryptography and back-up communication lines, for mitigating some of the specific threats identified.
Overseas citizens follow the rules of their home states, which typically have their own specific laws covering how overseas citizens register and vote. Overseas voting generally relies upon postal and military mail as the mechanism to distribute and receive election materials though some states have begun to distribute blank ballots by fax or e-mail. At this time there are no guidelines that document best practices for fax, e-mail or Web-based distribution of ballots. Developing such best practices, according to the report, could help states develop methods for distributing ballots using these transmission methods and potentially improve the procedures and technical controls already in place in the states currently using these systems.
For more details, see the NIST news release “Electronic Methods Potentially Secure for Sending Blank Ballots Overseas; Serious Issues Remain for Receiving Votes.”
* A. Regenscheid and N. Hastings. A Threat Analysis on UOCAVA Voting Systems (NISTIT 7551), National Institute of Standards and Technology, December, 2008. Full report at http://vote.nist.gov/uocava-threatanalysis-final.pdf.