by UOCAVA voters. The goal of the $22
million project was to allow registration and voting over the Internet in the
2004 primaries and general election.
Participation by states and counties
within those states was voluntary. Voters could use any Windows computer,
either their own or a public computer,
like those found in libraries and cyber-cafés. Voters were responsible for the
security of whatever computers they
used. The vendor was Accenture.
In 2003, a group of experts called the
Security Peer Review Group was assembled by the Federal Voting Assistance
Program (FVAP) to evaluate SERVE;
FVAP was charged with facilitating
voting for all UOCAVA voters. Following two three-day meetings with FVAP
and the lead technical staff of SERVE,
the four computer scientists who attended both meetings, including one
of us (Simons), released a report, the
conclusion of which said: “Because
the danger of successful, large-scale attacks is so great, we reluctantly recommend shutting down the development
of SERVE immediately and not attempting anything like it in the future
until both the Internet and the world’s
home computer infrastructure have
been fundamentally redesigned, or
some other unforeseen security breakthroughs appear.”
18
When the report was issued in early
2004, 50 counties in seven states—
Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah, and Washington—were planning to participate
in SERVE. FVAP had estimated the
maximum overall vote total would be
approximately 100,000, including primaries and the general election. On
January 30, 2004 Deputy Secretary of
Defense Paul Wolfowitz said the Pentagon “…will not be using the SERVE
Internet voting project in view of the inability to assure legitimacy of votes that
would be cast using the system, which
thereby brings into doubt the integrity
of election results.”
43 SERVE was subsequently terminated.
Operation BRAVO. In 2008, Operation BRAVO, or Bring Remote Access
to Voters Overseas, provided Internet
voting from secure kiosks for residents
of Okaloosa County, FL. Unlike previous pilot projects, these kiosks were
equipped with printers to create paper
voter-choice records of voters’ ballots.
Voters could verify the records before
leaving the kiosk, after which the records were flown back to Okaloosa
County for manual reconciliation with
the ballots sent over an Internet-based
virtual private network. Small discrep-ancies in the ballot count were uncovered by law professor Martha Mahoney
of the University of Miami, but, as of
August 2012, BRAVO had yet to release
a formal report explaining the discrep-ancies.
26 The vendor was Scytl.
The Okaloosa County experiment
concerned only a single county. Expanding kiosk-based Internet voting
for all service members would be very
difficult, since the system would have
to deal with tens of thousands of different ballot styles and conflicting state
rules governing ballot presentation,
requirements that would also add significantly to the cost.
The MOVE Act. Instead of Internet
voting, why not allow remote voters to
download a blank ballot from the Internet, print it, and return the voted
ballots by mail? If the blank ballots are
available early enough, most voted ballots should arrive in time to be counted. Such a system might not have the
pizzazz of Internet voting but would
have fewer security issues and almost
certainly involve less cost. That is one
of the reforms dictated by the 2009
Military and Overseas Voter Empowerment, or MOVE, Act. Written to address
the problems of UOCAVA voters, MOVE
requires states to make blank ballots
available electronically at least 45 days
prior to any federal election; UOCAVA
voters may also request and receive
voter-registration and absentee-ballot
applications electronically.
The Military Postal Service Agency
analyzed the handling of absentee
ballots during the 2010 general elec-
tion,
29 finding problems with getting
postal ballots to members of the mili-
tary, though paper ballots were gener-
ally returned quickly. Many had been
electronically downloaded, filled out
by service members, and returned by
postal mail. The average postal delay
for returned ballots was 5. 2 days, well
ahead of the seven-day limit set by the
MOVE Act; 92% of absentee ballots
were delivered within seven days of ac-
ceptance at overseas Military Post Of-
fices (MPOs). Only 118 out of 23,900
voted ballots, most likely from Afghan-
istan or Iraq, took 20 or more days to be
returned from an MPO. The time to get
a voted ballot from a service member
to an MPO ranged from two to 20 days.
Therefore, if election officials provide
downloadable blank ballots at least
45 days before an election, essentially
all members of the military should be
able to return their voted paper ballots
in time to be counted.
Risks
Not satisfied with the significant
speed-up provided by MOVE, Internet-voting advocates continue to call for
the return of voted ballots through the
Internet, either as email attachments
or as some kind of Web form. Doing
either securely would require solving
some of the most intractable problems
in cybersecurity:
The server. In the 2010 D.C. pilot
project, University of Michigan graduate students attacked the election
server over the Internet. Independent
hackers, political operatives, foreign
governments, and terrorists could also
mount such attacks. Local election
officials with little or no expertise in
computer security have little hope of
defending themselves.
Corporate and government vulnerability. Many corporations and government agencies store sensitive or classified information on their computers,
sharing with election officials the goal
of defending against attackers who
might steal or alter such information.
Despite large staffs of security professionals with significant resources,
computers in major corporations and
government agencies have been attacked successfully. For example, a
2008 survey of approximately 1,000
large organizations worldwide found
the average loss per organization from
intellectual property cybertheft was
about $4.6 million.
19 A December 2009
report from the Computer Security Institute ( http://gocsi.com) surveying 443
U.S. companies and government agencies found 64% had reported malware
infections during the preceding year.
36
A major China-based Internet attack
on Google and many other companies
in late 2009 showed that even major corporate sites are vulnerable. The attack
targeted Gmail accounts of Chinese
human-rights activists and Google’s
own intellectual property, including