Last November, the Federal Voting Assistance Program (FVAP) contacted each State with recommendations for meeting the new requirements established in the MOVE Act with the goal of bringing the absentee voting success rate for Uniformed Service members, their families and citizens residing outside the U.S. in line with that of the general population. Verified Voting strongly supports FVAP’s specific recommendations: providing a 45 day period for ballot transit, removal of notary and witnessing requirements, participation with the Uniform Law Commission efforts towards regularizing rules for overseas voters, and the responsible use of technology to aid in providing voting materials to military and overseas citizens. As an active participant in the Alliance for Military and Overseas Voting Rights (AMOVR), we agree with the principle that “transmitting blank ballots electronically does not risk voters’ privacy while improving the process in all States.” Through these recommendations each state can meet the requirements of the MOVE Act without undue risk to the integrity of the electoral process, and greatly facilitate the voting process for the citizens serving our nation in uniform and others living overseas.
However, some States are considering going beyond these recommendations in ways that could be harmful. Experts in technology such as NIST, the GAO and internal reviewers of Department of Defense projects cite significant concerns with respect to the electronic submission of voted ballots. Such systems would rely on computers, servers and/or networks outside the control of election officials, for which criteria for testing and secure operation have yet to be established. Attacks on such systems could significantly threaten the integrity of elections or the ability of voters to cast ballots. Even minor phishing and spoofing attacks could trick voters into giving up their voting credentials to an attacker.
Considerations of transmitting voted ballots over the Internet stand in contrast to the widespread agreement among officials and experts that voting machines and election management systems should not ever be connected to the Internet. A number of States have by statute, regulation, or the issuance of best-practices guidelines prohibited the connection of voting devices and election management systems to the Internet. As the ballots of voters at home deserve protection from these kinds of security risks, so do the ballots of voters serving the Nation in uniform or of voters living overseas.
Serious, sophisticated attacks on sensitive government and corporate systems once thought to be secure are ever more frequent and relentless, as seen with the recent attack on Google and other corporations with highly trained and equipped computer security divisions. The security challenges posed by the electronic transmission of voted ballots are too formidable to allow the use of such systems at present. Before experimenting with voted ballots transmitted through cyberspace, we must together create a transparent public process to consider how to set cyber-security criteria.
Fortunately, the requirements of the MOVE Act and the recommendations of FVAP provide States with the opportunity to effectively serve Overseas and Military voters without threatening the integrity of our elections. Several States have introduced legislation that would bring these States into compliance with the MOVE Act and securely serve the needs of UOCAVA voters, while avoiding controversial, high-risk methods altogether. We applaud those efforts and urge all States to consider enacting — without going dangerously beyond — FVAP’s recommendations.