Elections:

Action Plans Needed to Fully Address Challenges in Electronic Absentee Voting Initiatives for Military and Overseas Citizens

GAO-07-774: Published: Jun 14, 2007. Publicly Released: Jun 14, 2007.

Additional Materials:

Contact:

Brenda S. Farrell
(202) 512-5559
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) protects the rights of military personnel, their dependents, and overseas citizens to vote by absentee ballot. The Department of Defense (DOD) and others have reported that absentee voting, which relies primarily on mail, can be slow and may, in certain circumstances, serve to disenfranchise these voters. In 2004, Congress required DOD to develop an Internet-based absentee voting demonstration project and required the Election Assistance Commission--which reviews election procedures--to develop guidelines for DOD's project. In 2006, Congress required DOD to report, by May 15, 2007, on plans for expanding its use of electronic voting technologies and required GAO to assess efforts by (1) DOD to facilitate electronic absentee voting and (2) the Commission to develop Internet voting guidelines and DOD to develop an Internet-based demonstration project. GAO also assessed DOD's efforts to develop plans to expand its use of electronic voting technologies. GAO interviewed officials and reviewed and analyzed documents related to these efforts.

Since 2000, DOD has developed several initiatives to facilitate absentee voting by electronic means such as fax or e-mail; however, some of these initiatives exhibited weaknesses or had low participation rates that might hinder their effectiveness. For example, the 2003 Electronic Transmission Service's fax to e-mail conversion feature allows UOCAVA voters who do not have access to a fax machine to request ballots by e-mail and then converts the e-mails to faxes to send to local election officials. DOD officials told us, however, they have not performed, among other things, certification tests and thus are not in compliance with information security requirements. The 2004 Interim Voting Assistance System (IVAS)--which, DOD reported, enabled UOCAVA voters to request and receive ballots securely--cost $576,000, and 17 citizens received ballots through it. The 2006 Integrated Voting Alternative Site (also called IVAS)--which enabled voters to request ballots using one tool, by mail, fax, or unsecured e-mail--raised concerns, from Congress and others, that using unsecured e-mail could expose voters to identity theft if they transmit personal data. While this IVAS displayed a warning that voters had to read to proceed, it did not advise them to delete personal voting information from the computers they used. DOD spent $1.1 million, and at least eight voted ballots were linked to this 2006 IVAS. Both the 2004 and 2006 IVAS were each implemented just 2 months before an election. DOD also has a Web site with links to guidance on electronic transmission options, but some of this guidance was inconsistent and could be misleading. DOD officials acknowledged the discrepancies and addressed them during GAO's review. The Election Assistance Commission has not developed the Internet absentee voting guidelines for DOD's use, and thus DOD has not proceeded with its Internet-based absentee voting demonstration project. Commission officials told GAO that they had not developed the guidelines because they had been devoting constrained resources to other priorities, including challenges associated with electronic voting machines. Furthermore, they have not established--in conjunction with major stakeholders like DOD--tasks, milestones, and time frames for completing the guidelines. The absence of such guidelines has hindered DOD's development of its Internet-based demonstration project. To assist the Commission, however, DOD has shared information on the challenges it faced in implementing prior Internet projects--including security threats. GAO observed that DOD was developing, but had not yet completed, plans for expanding the future use of electronic voting technologies. Because electronic voting in federal elections involves numerous federal, state, and local-level stakeholders; emerging technology; and time to establish the initiatives, developing results-oriented plans that identify goals, time frames, and tasks--including addressing security issues--is key. Without such plans, DOD is not in a position to address congressional expectations to establish secure and private electronic and Internet-based voting initiatives.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: On April 26, 2010, the Election Assistance Commission (EAC) issued a "Report to Congress on EAC's Efforts to Establish Guidelines for Remote Electronic Absentee Voting Systems." The report stated that, to date, the EAC has not established electronic absentee voting guidelines as required under Section 589(e)(2) of the National Defense Authorization Act of 2009. The report did include a "Roadmap Timeline for the Development of Remote Electronic Absentee Voting Guidelines in Support of the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA)". The Roadmap highlights a number of efforts that the EAC along with the National Institute of Standards and Technology (NIST) and the Department of Defense's (DOD) Federal Voting Assistance Program (FVAP) have or plan to undertake to move towards the development of the remote electronic absentee voting guidelines. For example, the EAC, NIST, and FVAP are in the process of conducting a kiosk-based remote voting pilot project that will be used to help inform the final guidelines development process by providing information regarding the security and logistical challenges of a remote electronic voting system.

    Recommendation: To improve the Election Assistance Commission's efforts to comply with the direction from Congress to develop the Internet absentee voting guidelines, the Commission should determine, in conjunction with major stakeholders like DOD, whether the Commission's 2007 Internet voting study and any other Commission efforts related to Internet or electronic voting are applicable to DOD's plans for Internet-based voting, and incorporate them where appropriate.

    Agency Affected: Election Assistance Commission

  2. Status: Closed - Implemented

    Comments: On April 26, 2010, the Election Assistance Commission (EAC), issued a "Report to Congress on EAC's Efforts to Establish Guidelines for Remote Electronic Absentee Voting Systems" which contained a "Roadmap Timeline for the Development of Remote Electronic Absentee Voting Guidelines in Support of the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA)." This Roadmap was developed in conjunction with the National Institute of Standards and Technology (NIST) and the Department of Defense's (DOD) Federal Voting Assistance Program (FVAP) and highlights a number of efforts that the EAC along with NIST and FVAP have or plan to undertake to move towards the development of the remote electronic absentee voting guidelines. For example, the EAC, NIST, and FVAP are in the process of conducting electronic voting pilot projects using existing technology that will be used to help inform the final guidelines development process by providing information regarding the security and logistical challenges of a remote electronic voting system. FVAP stated that the Roadmap serves as its plan for the development of a remote electronic voting system, and that it is not proceeding with an electronic voting demonstration project until the standards for electronic voting from the EAC are in place. In the meantime, the FVAP official stated that FVAP is working with the EAC and NIST to ensure that the standards consider the security parameters necessary to operate.

    Recommendation: To improve the security and accuracy of DOD's electronic and Internet initiatives, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to create an integrated, comprehensive, long-term, results-oriented plan for future electronic voting programs that specifies, among other things, the goals to be achieved along with tasks including identifying safeguards for the security and privacy of all DOD's voting systems--both electronic and Internet. The plan should also specify milestones, time frames, and contingencies; synchronize them with planned development of the Commission's guidelines for Internet voting; and be developed in conjunction with major stakeholders--including state and local election officials, the Election Assistance Commission, overseas voting groups, and each of the armed services. The plan should also include initiatives that will be done well in advance of federal elections, to allow adequate time for training and dissemination of information on the options available to UOCAVA voters.

    Agency Affected: Department of Defense

  3. Status: Closed - Implemented

    Comments: In response to our recommendation, DOD developed an internal checklist which staff use when a change occurs to ensure consistency in online information. The checklist contains steps that staff must take when changes are made to (1) state legislative changes, (2) the Voting Assistance Guide, (3) Voting Assistance Guide addresses, (4) Voting Assistance Officer workshop slides or self-administered training, and (5) any other pages on the website.

    Recommendation: To improve the security and accuracy of DOD's electronic and Internet initiatives, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to institutionalize a process to review online UOCAVA guidance to ensure that DOD provides accurate and consistent information to UOCAVA voters.

    Agency Affected: Department of Defense

  4. Status: Closed - Implemented

    Comments: In response to our recommendation, DOD updated its Federal Voting Assistance Program website in June 2008 with an automated Voter Registration and Ballot Delivery Tool, which incorporated a cautionary statement on the login page for the new tool. The statement warns the user that the computer may have saved some of the user's personal data and instructs the user to check the browser's help file to determine how to delete any private data that has been stored during the session. The FVAP updated website also includes a disclaimer webpage, which contains an expanded version of the cautionary statement. Specifically, this statement recommends users delete all personal data from the public computers they use before logging off the system.

    Recommendation: To improve the security and accuracy of DOD's electronic and Internet initiatives, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to incorporate lessons learned into plans for future systems such as those we identified, including adding cautionary statements to future ballot request and receipt systems to warn UOCAVA voters to remove personal data from their computers.

    Agency Affected: Department of Defense

  5. Status: Closed - Not Implemented

    Comments: As of August 2011, DOD had not implemented GAO's recommendation to improve the security of DOD's electronic and Internet voting initiatives by complying with the DOD Certification and Accreditation Process (DIACAP) guidance for information security. Specifically, the Federal Voting Assistance Program (FVAP) has not demonstrated certification or accreditation of the systems used to support their electronic voting initiatives for either the 2008 or the 2010 elections. In written comments on our report, DOD concurred with our recommendation and stated that it would contract for services to comply with the Federal Information Systems Management Act by applying the DIACAP to the Electronic Transmission Service it used for election support. DOD also stated that it had begun the process to obtain the necessary certification and accreditation of security controls. FVAP entered into an agreement with DOD's Washington Headquarters Services (WHS) in June 2008 to test and certify the Electronic Transmission Service using WHS' certification and accreditation contract. However, the contract as awarded did not include the FVAP test and certification requirements. WHS officials believed that there was insufficient time to certify and accredit the service under the contract due to its expiration at the end of 2008. In May 2010, FVAP entered into a Memorandum of Agreement with a new service provider, the Navy's Global Distance Support Center, to provide support for FVAP's Electronic Transmission Service and other systems. However, the memorandum did not include a provision for specifying the information security requirements that the support systems must meet or require certification and accreditation of these systems, and FVAP did not hold any discussions with the new service provider to ensure that the systems would meet specific information security requirements for the 2010 election. Neither FVAP nor the support center were able to demonstrate that the systems used for FVAP's electronic voting initiatives during the 2010 election period had completed certification and accreditation or obtained approvals for the results of these processes from responsible DOD executives. Moreover, significant security risks were identified in one of the election support systems used during the 2010 election period. That system did not receive approval to operate until after the close of the 2010 election, and the approval was interim while the security issues were to be addressed. Taken together, these events and artifacts indicate that DOD has not systematically applied its information security guidance to electronic voting initiatives, and has thus not addressed our recommendation.

    Recommendation: To improve the security and accuracy of DOD's electronic and Internet initiatives, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to comply with the information security requirements in the DOD Certification and Accreditation Process guidance.

    Agency Affected: Department of Defense

  6. Status: Closed - Implemented

    Comments: On April 26, 2010, the Election Assistance Commission (EAC) issued a "Report to Congress on EAC's Efforts to Establish Guidelines for Remote Electronic Absentee Voting Systems." The report stated that to date, the EAC has not established electronic absentee voting guidelines as required under Section 589(e)(2) of the National Defense Authorization Act of 2009. The report includes a "Roadmap Timeline for the Development of Remote Electronic Absentee Voting Guidelines in Support of the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA)". The Roadmap highlights a number of efforts that the EAC along with the National Institute of Standards and Technology (NIST) and the Department of Defense's (DOD) Federal Voting Assistance Program (FVAP) have or plan to undertake to move towards the development of the remote electronic absentee voting guidelines. In followup discussions with an EAC official, they stated that the Roadmap was developed to respond to the GAO recommendation for an action plan.

    Recommendation: To improve the Election Assistance Commission's efforts to comply with the direction from Congress to develop the Internet absentee voting guidelines, the Commission should develop and execute, in conjunction with major stakeholders--including state and local election officials and DOD--a results-oriented action plan that specifies, among other things, goals, tasks, milestones, time frames, and contingencies that appropriately address the risks found in the UOCAVA voting environment--especially risks related to security and privacy.

    Agency Affected: Election Assistance Commission

 

Explore the full database of GAO's Open Recommendations »

Dec 17, 2014

  • government icon, source: Eyewire

    State and Local Governments' Fiscal Outlook:

    2014 Update
    GAO-15-224SP: Published: Dec 17, 2014. Publicly Released: Dec 17, 2014.

Dec 3, 2014

Nov 14, 2014

Nov 13, 2014

Nov 12, 2014

Oct 31, 2014

Oct 30, 2014

Oct 27, 2014

Oct 24, 2014

Oct 20, 2014

Looking for more? Browse all our products here