Report: Online voting possible, but challenging
January 2, 2009
WASHINGTON — Election officials could use faxes, e-mail and online programs to more quickly deliver voter registrations and ballots to overseas voters with minimal risk, according to a study released last week.
But the report notes that tallying votes through the Internet or faxes still carries considerable security questions. Researchers from the National Institute of Standards and Technology acknowledge that the methods would speed up the overseas voting process but say those problems would require considerable attention to solve.
"It’s really going to be up to election officials to decide what risks they’re willing to accept," said Andrew Regenscheid, co-author of the NIST study. "It’s not always easy to say which option works worse than the others."
The report, funded by the Election Assistance Commission, took more than a year to compile. NIST officials called the study the first to identify the potential threats to various voting system options, and hope it will be used as a baseline for future improvements.
Military Postal Service Agency officials said they returned more than 520,000 absentee ballots worldwide during the presidential election cycle this year. Typically the ballots take several weeks to travel from downrange bases to local election offices.
The NIST study says those "inherent delays" in the postal system encourage examination of the newer, quicker options.
Nearly every state now allows voters to request registration forms via fax or e-mail, and at least 12 allow ballots to be sent overseas electronically. But the NIST report notes there is no nationwide standard model for that or for accepting votes electronically.
Researchers identified 19 potential risks for e-mailed ballot returns and 17 more for online ballot programs, significantly more than the problems facing faxed ballots.
For example, an online voting site could require registered voters to have password to fill out a ballot. The report notes that phishing scams could trick voters into giving up that information, hackers could snarl or shut down the site on Election Day, and programmers could insert malicious code to influence vote totals.
Officials face similar problems verifying whether e-mailed ballots actually come from a specific voter, and could be vulnerable to sophisticated attacks from hackers.
Still, the report does not advocate any one voting method over another.
"Our goal is to outline some best practices, but the rest is up to election officials," Regenscheid said.
To read the full report on online voting, go to www.nist.gov.