Pentagon email voting plan attacked as insecure

In an attempt to make voting a lot easier for soliders stationed overseas, the Pentagon is allowing GIs to vote via unencrypted email, The Washington Post reports. But security experts warn that the Pentagon's Federal Voting Assistance Program is a brain-dead attempt that ignores basic security protocols.

"E-mail traffic can flow through equipment owned and operated by various governments, companies and individuals in many countries," Joel Rothschild, a Navy Reserve captain, said in an August report prepared for the Pentagon. "It is easily monitored, blocked and subject to tampering."

"No bank would ask their customers to send Social Security numbers over unencrypted e-mail," said a recent report's co-author, David Wagner, a professor of computer science at the University of California at Berkeley. But that is what the system allows, he said.

And it gets worse - email is being combined with faxing in what experts say is a "dangerous" combination.

In Colorado, Jefferson County elections official Shawna Weir said she has received three ballots that soldiers sent by e-mail. The service members -- two in Iraq and one on a ship -- e-mailed their ballots to a federal facility in Virginia, which then faxed them to the county.

The combination of faxing and e-mail "is about as dangerous as you can get," Wagner said. "It's got all of the problems with unencrypted e-mail, plus your ballot is being routed through the Department of Defense. Will soldiers feel free to vote their conscience when they know that the DOD may be able to see how they voted? How do we know that the DOD or their contractors haven't modified soldiers' ballots in transit?"

According to J. Scott Wiedmann, deputy director of the Federal Voting Assistance Program, the email is sent in "read-only" format and can't be altered. Voters are also encouraged to mail in an original copy of their ballot as a backstop, he said.