Pentagon pushed email voting for troops despite security concerns
By GREG GORDON | McClatchy Newspapers | Published: November 4, 2012
WASHINGTON — Counties in 31 states are accepting tens of thousands of electronic absentee ballots from U.S. soldiers and overseas civilians, despite years of warnings from experts that Internet voting is easy prey for hackers.
Some of the states made their technological leaps even after word spread of an October 2010 test of an Internet voting product in Washington, in which a team of University of Michigan computer scientists quickly penetrated the system and directed it to play the school’s fight song. The Michigan team reported that hackers from China and Iran also were on the verge of breaking in.
Election watchdogs, distraught over what they fear is a premature plunge into Internet voting, put most of the blame on an obscure Defense Department unit that beckoned state officials for 20 years, in letters, legislative testimony and at conferences, to consider email voting for more than 1 million troops and civilians living abroad.
The Pentagon’s Federal Voting Assistance Program persisted in its below-the-radar pitch even after Congress refused to endorse any form of Internet-related voting, delegating that responsibility largely to the National Institute of Standards and Technology in 2005. Seven years later, the national institute still says more research is needed.
Congress balked after Deputy Defense Secretary Paul Wolfowitz scrapped a live demonstration planned for the 2004 presidential election because of security concerns.
Election officials from Mississippi to Washington state who’ve embraced email and fax voting say that it’s worth a small risk to protect troops’ voting rights, and that hackers also could attack other types of electronic voting widely used at U.S. polling places, such as digital and optical scanners.
But most states have begun requiring verifiable paper trails for those systems, an option that is difficult to incorporate in Internet voting, and which compromises privacy.
It’s unclear to what degree the tiny Pentagon program influenced states to pass a flurry of laws permitting Internet-related voting, but the Federal Voting Assistance Program and its recently departed chief, Robert Carey, are drawing fire for allegedly overstepping their mission.
David Jefferson, a computer scientist at California’s Lawrence Livermore National Laboratory — who calls email and fax transmission “by far the most dangerous forms of voting ever implemented in the U.S.” — said the Pentagon program’s and Carey’s advocacy “have done grave damage to U.S. national security, and it will be very difficult to undo it.”
Jefferson, who doesn’t work on ballot security issues at Lawrence Livermore but has studied them for a decade and is on the board of the Verified Voting Foundation, an election watchdog group, said that partisan, criminal or foreign hackers could alter emailed or faxed votes in several ways.
For example, he said, they could intercept ballots as they hop from server to server and — without detection — transform losers into winners. Or “malware” could sit silently on a voter’s computer until he sends his ballot, which it could instantly divert to the malware designer for modification before it reaches election officials.
Suzannah Goodman, director of government watchdog Common Cause’s voting integrity project, said the Federal Voting Assistance Program leadership’s advocacy was “irresponsible,” given the security warnings.
“State lawmakers and election officials trusted FVAP, thinking that the Department of Defense wouldn’t support online voting for the troops if it wasn’t secure,” she said.
Carey, a former Navy pilot and Senate Republican aide who became something of a crusader for upgrading the military’s “1950s-style, paper-and-pen” voting during his three-year tenure that ended in July, rejected the criticism.
“I don’t believe that I was an evangelist for the electronic return of the voted ballot,” he said. “I was not going to stand in the way of election jurisdictions who wanted to pursue full Internet voting on their own authority.”
He called Jefferson a zealot who wants no zero risks in electronic voting but “ignores the fact that 200,000 to 250,000 military voters are unable to successfully cast their ballots,” a reference to what the military turnout would be if it matched that of other voters.
But Carey’s successor, acting Federal Voting Assistance Program chief Pamela Mitchell, said her office is “not advocating for or against Internet voting” of any kind.
The Pentagon program’s prodding wasn’t the only pressure exerted on state officials, who have wide latitude to set voting procedures. Military groups have long lobbied them to provide redress for the disenfranchisement of military and overseas voters, especially those in combat zones who’ve had a hard time getting paper ballots in on time. In the 2008 presidential election, 35 percent of military and overseas civilians’ votes were nullified because they arrived flawed or too late.
More than 60 percent of the states have gone high-tech.
Last month, Alaska joined Arizona as states that have invited all registered voters to mark and send ballots via online systems that vendors say are secure. North Dakota provides an Internet portal, as well as email and fax options, for military and overseas voters.
Twenty-eight other states, including at least four presidential campaign swing states, are permitting service members and overseas civilians to vote either via fax, e-fax or email, at least under some circumstances, according to a study last summer by Common Cause and the Verified Voting Foundation.
If e-voting increases participation by troops or far-flung civilians on Tuesday, the added votes could be pivotal.
Among presidential swing states, Colorado now allows these voters to email ballots if mail is unavailable, Florida permits them to fax ballots, Iowa accepts emailed or faxed ballots from those in “imminent danger” and Nevada allows email or faxes from those who attest to their voting eligibility under penalty of perjury.
The controversy over the Federal Voting Assistance Program’s role largely surrounds allegations that it ran an end run around Congress.
In passing the Military and Overseas Voter Empowerment Act in 2009 to address continuing obstacles to voting by those groups, Congress directed states to offer blank, electronic ballots to troops and foreign-based civilians 45 days before Election Day. In the three years since, the Pentagon program has paid more than $27 million to help states and counties comply.
The law only authorized electronic voting in pilot projects, but it could not preclude states from approving email or fax transmission over private email accounts or wires not funded by the Federal Voting Assistance Program.
A congressional aide familiar with the matter but not authorized to speak for the record said it’s obvious that Congress’ intent was to discourage widespread electronic voting until security improves.
Hackers have penetrated the National Security Agency, Microsoft, Google and Yahoo, the aide said, so why wouldn’t they be able to manipulate emailed votes arriving in county clerks’ computers in Cuyahoga County, Ohio, or Miami-Dade County in Florida?
In a written statement, the Federal Voting Assistance Program said it urged states to explore email voting from 1990 until 2009 (the year the law was passed) “to allow them to cast a ballot when they would not otherwise have been able to vote.”
But Carey said that he didn’t stop doing so until mid 2010 when he “came to realize that email and fax were actually far less secure than many of the electronic voting systems that are out there now,” and that Internet voting is still several years away.
Before the 2010 elections, Carey’s office asked Congress for $1.7 million to buy electronic voting systems for at least 16 states — systems that would deliver blank ballots but stop at “the online marking of a ballot.”
The systems for 13 or more states contained full Internet voting capability — an option that Carey highlighted in a presentation prepared for state election officials. Apparently, no recipient of a federal system elected to use it that way. Alaska and Arizona used other money to finance their online systems.
When Carey’s program disbursed $24.4 million in grants to states and counties for this election cycle, it explicitly prohibited their use to transmit marked ballots.
Chief election officers or their surrogates in Mississippi, Washington, West Virginia and Utah, all states that got funding from the Pentagon program, said t they are allowing email or fax voting, but not with the Pentagon money.
Mississippi Republican Delbert Hosemann was among five secretaries of state whom the Pentagon flew in 2008 to Afghanistan, Iraq and Kuwait, where they asked troops about their voting concerns.
In a phone interview, Hosemann said he concluded that the “minute opportunity” for hacking was outweighed by the desire of “the people who are standing on the sand dunes” to vote electronically.
Carey’s assertion that the Federal Voting Assistance Program stopped pitching email and fax voting in 2010 appears to conflict with what occurred in Washington state last year.
When legislation to allow email and fax voting arose in the state legislature, the Pentagon “liked (it) so much that they actually had somebody show up and testify for it, without us even asking,” the state’s Republican secretary of state, Sam Reed, said in a phone interview.
Gary Bartlett, executive director of North Carolina’s Board of Elections, said passage of his state’s similar measure was a foregone conclusion in 2010, but a Pentagon liaison appeared anyway “to thank everybody, to encourage it and to see it all the way through the North Carolina House and Senate.”
If the liaisons encouraged email voting legislation, Carey said, “it was contrary to the guidance we gave them.”
However, in a letter to Reed early last year, he urged “the expanded use of email and online transmission for all election materials throughout the entire absentee voting process.”
The Federal Voting Assistance Program’s machinations have caught the attention of at least one senior member of the Senate Armed Services Committee. Republican Sen. John Cornyn of Texas said “federal agencies skirting the implementation of laws is always a concern for taxpayers, which is why Congress must be vigilant in its oversight duties.”