NIST scientists have been conducting research into the use of electronic technologies to support overseas and military voting, including casting ballots over the Internet. In 2008, NIST released NISTIR 7551, A Threat Analysis on UOCAVA Voting Systems, which analyzed the use of several electronic technologies for different aspects of the absentee voting process. This research concluded that widely-deployed security technologies and procedures could mitigate many of the risks associated with electronic ballot delivery, but that the risks associated with casting ballots over the Internet were more serious and challenging to overcome.
Based on that research, NIST developed two documents covering security best practices for UOCAVA voting, NISTIR 7711, Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters and NISTIR 7682, Information System Security Best Practices for UOCAVA-Supporting Systems. These two documents serve as companion documents to one another. NISTIR 7711 covers security best practices and considerations for election officials considering the use of electronic mail or Web sites to expedite transmission of voter registration materials and blank ballots. NISTIR 7682 provides best practices for IT professionals charged with configuring and administering IT systems used to support UOCAVA voting.
In early 2011, NIST released NISTIR 7770, Security Considerations for Remote Electronic UOCAVA Voting, which studied Internet voting in more detail. This report identified and analyzed current and emerging technologies that may mitigate risks to Internet voting. It also identified several areas that require additional research and technological improvements. The study concluded that Internet voting systems cannot currently be audited with a comparable level of confidence in the audit results as those for polling place systems. Malware on voters' personal computers poses a serious threat that could compromise the secrecy or integrity of voters' ballots. And, the United States currently lacks a public infrastructure for secure electronic voter authentication. Therefore, NIST's research results indicate that additional research and development is needed to overcome these challenges before secure Internet voting will be feasible. NIST plans to continue to work with our partners in the public and private sectors on these issues.