Supporting Military and Overseas Voters
Dr. Alec Yasinsac, Dean of the University of South Alabama School of Computer and Information Sciences (CIS) is proud to support military members and their families by helping find ways to improve their ability to cast their votes. In 2008, the School of CIS lead a security review for the Operation Bravo Foundation's Okaloosa Distance Balloting Pilot that established controlled voting terminals (kiosks) for overseas and military voters in Germany, Japan, and England (shown in the adjoining picture).
Early this year, Alec Yasinsac was Distinguished Speaker at the Overseas Vote Foundation (OVF) 2009 Third Annual UOCAVA Summit - Press Conference where he called for an end to the time and complexity penalties imposed on overseas and military voters by the present absentee voting system.
In May, Dr. Yasinsac provided testimony to the U. S. Senate Rules Committee on military voting and testimony to the U. S. House of Representatives Committee on House Administration on challenges to military and overseas voters. That testimony argued for state and federal sponsored pilot projects to exercise electronic voted ballot return and to remove barriers to improving voting access to military and overseas voters.
In June, Dr Yasinsac was a panelist on the issue of "Voting Over the Internet" at the 2009 Computers, Freedom and Privacy conference. There, he addressed risk issues of electronic ballot return for overseas and military voters. The panel reached consensus on the validity of the controlled voting terminal architecture exercised in the Okaloosa Distance Balloting Pilot as suitable for pilot projects.
In partnership with Alabama Secretary of State Beth Chapman, the School of CIS is presently leading a team of experts in conducting a Voting System Risk Assessment that will be used by the Elections Assistance Commission (EAC) and elections officials throughout the United States to make voting system certification and use decisions. This project will examine risks to remote balloting systems such as Vote By Mail, Vote By Phone, and other Electronic Voted Ballot Return approaches that can support overseas and military voters.
For those with questions, see the Frequently Asked Questions below, or contact the University of South Alabama School of Computer and Information Sciences at 251.460.6390.
Frequently Asked Questions
1. What is a UOCAVA voter?
Answer: UOCAVA is the acronym for the federal law entitled: "Uniform and Overseas Civilian Absentee Voter Act". This law provides guidance in establishing voting procedures for military members and their families stationed stateside and overseas and for U. S. citizens that reside overseas.
2. Why can't UOCAVA voters just vote by mail?
Answer: The Vote By Mail system has proven to be painfully inadequate, disenfranchising thousands of military members and their families in each election cycle. There are several problems with VBM for military members.
(1) The present system does not provide sufficient time for military & overseas voters to vote.
(2) Mistakes by military & overseas voters are markedly unforgiving as compared to other voters.
(3) Vote by Mail is inherently insecure for military & overseas voters.
(4) Military members move frequently, so their mailing address is not stable
(5) Postal systems are notoriously slow, particularly for overseas military members.
(6) VBM is very complex for military members and their families. In order to cast one ballot, paper may have to cross the ocean between the military voter and their voting jurisdiction six times, with opportunity for delay between each mailing. Compare their challenges to Minnesota voters that walked up to the polling place on election day and both registered and cast their ballot in one thirty minute session and it becomes clear how badly the present system penalizes military voters.
See the written testimony for the U. S. House of Representatives Committee on House Administration for more information about VBM problems for military and overseas voters.
3. Didn't the 2004 SERVE report prove that Internet voting is too dangerous to try?
Answer: No, it didn't. The SERVE report identified a myriad of challenges to widespread Internet voting on private computers, but it did not consider ways to exploit the power of electronic voted ballot return in the more limited military and overseas voter environment using controlled (non-privately owned) computers.
See the extended discussion and the U. S. House of Representatives Committee on House Administration written testimony for more information about the SERVE Report and security risks on the Internet.
4. So what is the answer?
Answer: There is no silver bullet, but we advocate attacking the problem in a way that has a chance of bringing electoral parity to military members, federal service members serving overseas, their families, and other overseas citizens by engaging electronic voted ballot return pilot projects. These pilots would design and test various approaches that optimize opportunity and cost tradeoffs, while ensuring safety of the voting environment.
5. Are there minimum security requirements for pilot projects that test electronic voted ballot return in real elections?
Answer: Yes, we suggest at least the following four.
a. Ensure there is a limited sized voting population
b. Apply strong information security techniques to the supporting application and communication system
c. Use a centrally owned and controlled voting station
d. Capture, retain, and compare electronic and physical ballot representations for every ballot cast
6. What would you test in an electronic voted ballot return pilot project?
Answer: The first objective of an electronic marked ballot return pilot is to assess the functional effectiveness of the piloted approach. That is, the pilot must determine if the exercised approach works under the limited pilot environment. There must be precise, measurable success criteria and a plan to validate these functional results.
While functionality is the most visible pilot focus, an essential element is for the pilots to demonstrate, or offer convincing evidence, that the approach used in the pilot environment can, or cannot, reasonably be transitioned into an operational environment. That is, the pilot must be designed to determine whether the system has a good chance of succeeding under real world conditions.
In addition to functionality and scalability, pilot projects should examine multiple architectures to optimize cost and complexity to the greatest extent possible. For example, pilots should exercise virtual private networks, cryptographic voting systems, and document delivery/upload systems.
Additionally, the elephant in the room in many discussions on military voting is the capability to leverage military networks in the voting process for military and overseas federal service voters. Thus, pilots should be designed to exercise controlled voting terminals transmitting across military networks and using selected military computers as voting terminals, transmitting across military networks
Pilots that exercise multiple architectures are preferable to single architecture pilots.
Finally, a pivotal aspect of any pilot must be to capture financial data sufficient to estimate implementation costs.
7. I heard you say that there are policy barriers to allowing military resources to be used to support military voting capability. What are they?
Answer: An immediate challenge is that Base Commanders are presently restricted from allowing on-base voting. In the past, this made sense because polling places were organized locally and people on base come from so many different localities so locality-based polling places on military bases did not make sense. Today, polling places have fundamentally changed. Early voting and absentee ballot collection points can now offer military members, federal service civilians, and their families significantly improved voting access if ballot collection can occur on base.
There is longstanding resistance, from both inside and outside the military, to directly involving the military establishment in the voting process. It is time to overcome this resistance. Like dental, medical, and postal services, voting services must be provided as an essential service to military members, federal service employees assigned overseas, and their families.
There are many other policy issues that need to be addressed, but these two are at the forefront.
8. Why do those policy barriers exist?
Answer: Policy is a difficult thing to change. The military is hesitant to take on service requirements that are not directly mission-driven and that reluctance is amplified in trying economic times as we are presently experiencing. Additionally, there are many groups that prefer to bind military and overseas voters which diverts focus from leveraging military capabilities to improve military voting access.
9. What policy changes are necessary?
Answer: As a start, DoD policy should specifically encourage base commanders worldwide to allow states to utilize base facilities as absentee ballot collection points and for other pilot projects that improve voting access for military members, their families, and federal service employees. This could be implemented in the bi-annual DoD Public Affairs Policy Guidance Concerning Political Campaigns and Elections.
10. If the capability to return voted ballots electronically exists, why conduct pilot projects; why not just go for it?
Answer: One thing we know for sure is that making major electoral changes too quickly can do a great deal of damage. The Internet is a dangerous place and we need to carefully evaluate electronic voted ballot return approaches before moving to permanent solutions.
See the extended discussion for more information about security risks on the Internet.
11. If we can pass money around the Internet in large quantities and with this ease, why can't we vote over the Internet too?
Answer: There are two overriding differences between financial systems and voting applications. First, financial systems require records that bind a person to each transaction. Thus, there is a record of who conducted each transaction along with critical transaction details. Conversely, election integrity (and often, state law) requires that voters be irreversibly separated from their selections once their ballots are cast. This severely limits the ability to investigate irregularities, since the fundamental forensic data of who cast which ballot cannot be maintained.
The second difference between voting and financial systems is that financial systems can absorb a significant level of error and inconsistency during financial transactions, yet still maintain a positive profit margin. Voting systems enjoy no such flexibility, since even a very small error rate can result in an errant contest decision.
The fundamental problem is that we can neither prevent nor detect malicious software on privately owned computers. To date, there is no counter argument to this point. This strong theoretic result, that is consistently reaffirmed in practice, dictates that electronic marked ballot delivery systems should not employ privately owned computers, particularly not those that are connected to the Internet.
See the extended discussion for more information about security risks on the Internet.
12. Is the Internet really that dangerous?
Answer: Yes, it is. Anonymity is fairly easy to attain on the Internet, so deterrence to committed intruders is minimized. Additionally, the opportunity for high hacking Return-On-Investment is great and there are organizations that openly advertise on the Internet that they are available to contract for cyber-attacks. Botnets, a particularly sinister type of malicious software (or malware), are pervasive on the Internet. While we do not, and cannot, know the number of infected machines, it is not unreasonable to expect that half of all Internet-connected computers contain some malicious software. This could be devastating to any widely implemented, high stakes Internet application.
See the extended discussion for more information about security risks on the Internet.
13. If electronic voted ballot delivery isn't secure enough for the general population, why is it safe enough for military and overseas voters?
Answer: A pivotal consideration in estimating the risks of networked applications, particularly a voting application, is the size of the prospectively affected population. It is unlikely that an attacker would risk committing a felony, or that a country would risk an international incident, in order to change a few votes with little likelihood of influencing a contest result. Moreover, if they do undertake a low-impact attack, the effect of success in that scenario is, by definition, low.
Conversely, as the stakes rise in terms of the size of the potential population, the cost or risk to the prospective attacker is more easy to justify.
The threat picture for voting applications for military & overseas voters is of low magnitude. If there are six million prospective military & overseas voters spread over more than 3,000 voting jurisdictions (and many more precincts), the opportunity for meaningful mischief is minimal.
Pilot projects will test proposed approaches to ensure that appropriate level of security is in place relative to the risk that they face and that those approaches are able to be kept separate from polling place results.
Finally, the present system disenfranchises military and overseas voters in alarming numbers. One study reports that, in the 2006 election, while 86% of absentee ballots requested by the general population were cast, 27 percent of absentee ballots for military voters were actually received and counted. Given that the risk of electronic marked ballot return is low for military and overseas voters combined with the dramatic opportunity for improvement, moving forward with pilot projects is an acceptable risk-to-return decision.
14. If Internet voting isn't secure enough for all voters, doesn't using electronic voted ballot delivery devalue military votes?
Answer: Precisely the opposite. Military voters are presently disproportionately disenfranchised, which is the true vote devaluation. Moreover, replacing the present vote by mail system provides a quantitative improvement in voter privacy and verification capability.
15. Can't overseas and military voters just use the Federal Write-in Ballot (FWB)?
Answer: The FWB was developed as the last fallback option, where voters legally registered and requested an absentee ballot, but the ballot did not arrive in time, so its application is limited. Moreover, FWB provides only partial enfranchisement since state and local contests do not appear on the FWB.
16. Are there any examples of pilot projects that have undergone rigorous security review?
Answer: Yes, the Okaloosa Distance Balloting Pilot was provisionally certified by the Florida Division of Elections. The employed system underwent virtually all of the testing and evaluation that all voting systems if Florida go through.