The current issue and full text archive of this journal is available at www.emeraldinsight.com/1750-6166.

htm

Internet voting in the USA: analysis and commentary

Mohammed Awad and Ernst L. Leiss
Department of Computer Science, University of Houston, Houston, Texas, USA
Abstract
Purpose The rst American internet voting (I-voting) implementation was in 2000. Since then many attempts and trials have taken place in this eld. This paper aims to analyze these various attempts and discuss their benets and vulnerabilities. Design/methodology/approach I-voting can provide ease to elderly citizens and people with disabilities. Some also believe that the convenience that the internet offers will attract young voters, and hence increase voter turnout. I-voting can also solve the problems of late delivery of absentee ballots which leads to discarding the votes. Findings Election ofcials believe that I-voting can be considered a valid voting option if it offers at least the same level of security as traditional remote voting methods. On the other hand, many data security experts doubt that the current internet infrastructure is safe enough to support such an important function. I-voting is still far from being a voting option for US citizens residing in the States; however, it is considered a promising alternative to facilitate voting for those living overseas. Originality/value The authors believe this paper contains the most comprehensive analysis of the I-voting trials that have been carried out in the USA over the last decade. Keywords Elections, Internet, Citizen participation, United States of America Paper type Research paper

Internet voting in the USA

45

1. Introduction In this paper, the term e-voting is principally used to describe a system that allows voters to record their votes at a polling place using an electronic machine; whereas, the term internet voting (I-voting) is used to describe a remote voting process that might take a place from an unsupervised location on a non designated machine. People might assume that I-voting is as easy as buying a book online, but this is not the case. Voting is a crucial and precise process that cannot afford mistakes; thus, it requires more secure systems than those used for the purpose of e-commerce. Another reason that makes it harder to implement a secure I-voting system is the conict between the requirements of the electoral system. The fact that voters cast their ballots secretly makes it hard to prove that the elections were performed securely without harmful interference from ofcials or hackers. In e-commerce systems, a buyer can always get a receipt to prove his purchase or the amount he was charged. This is something that should not be done in I-voting system, due to fundamental voting regulations (preventing vote trading), which means that the voter will have to trust that his vote will be submitted the way he intended and that the system is secure and private enough that no one will be able to view or change his ballot. Another difference between e-commerce and I-voting systems is the lack of authentication methods in the previous system. For example, it might be acceptable for a wife to use her husbands credit card to make a purchase online, but it is considered a security failure if she votes in his place (Rubin et al., 2004). In 2000, a report by The California Internet Voting Task Force was released. The reports conclusion rejected the idea that I-voting can completely replace traditional

Transforming Government: People, Process and Policy Vol. 5 No. 1, 2011 pp. 45-55 q Emerald Group Publishing Limited 1750-6166 DOI 10.1108/17506161111114644

TG 5,1

voting (Alvarez and Hall, 2004). Such a conclusion was based on the fact that for I-voting to be unbiased this would require an equality of internet access for all voters, a problem dened as Digital Divide (Alvarez and Hall, 2004). Despite the fact that internet access rates have risen signicantly in the last decade, the internet is still not equally accessible to all individuals (either due to technology literacy or low income). Some studies have shown that the digital divide is a durable and lasting issue (World Information Society, 2007). 2. Possible threats to elections Voting over the internet (VOI) presents several threats, such as: . an attacker takes over the voters computer; . an attacker shuts down the network with viruses or worms; . denial of service (DoS) attacks: An attacker sends a series of messages to the web site and oods the network; and . spoong: The attacker fools individuals into believing that they are receiving legitimate data when this is not the case. Additionally, traditional voting may result in service denials, such as voters being denied easy access to polls and polling places opening late, closing early, and running out of ballots. Traditional voting can also be insecure. In Dallas, Texas, absentee ballots mailed were stolen (Alvarez and Hall, 2004). Interception and tampering with absentee ballots is very similar to Trojan horse attacks. There is no doubt that such an attack over the internet can be more harmful since it can be executed on a larger scale. 3. Technical solutions One of the most troubling threats is a DoS attack. Such an attack can be very harmful and might ood the network for a long time. However, the threat can be mitigated by conducting the I-voting period over several days. Making I-voting optional alongside traditional voting can also help saving the elections in case the DoS cannot be avoided. Other concerns such as physical security issues exist. Physical security refers to the host servers that process I-voting and to the voters computers from which they cast their votes. Securing the servers host is a complicated task. A server host should be able to control access to host computers, and it should also protect against loss of service from digital providers and against physical destruction of the facility where data is stored. It is important to have monitoring systems and rewalls, which can be helpful in detecting and isolating harmful attempts, such as DoS attacks. Securing the voters computer can be challenging. Vote trading and lack of privacy are some of the threats that voters and some states have accepted since the day they approved absentee voting methods. However, in the case of I-voting, additional threats exist, such as Trojan horses, viruses, and other undetectable attacks. Such threats might compromise the privacy or integrity of thousands of voters. One of the proposed solutions for this problem suggested designing an I-voting system where a voter must reboot his computer and install a clean, simple and secure operating system and cast the vote using it; after that the user can uninstall it and use his previous operating system (Alvarez and Hall, 2004). Another suggestion was to force voters to scan their computers using antivirus software before voting. This antivirus software checks for malicious code that might affect I-voting (Alvarez and Hall, 2004).

46

In traditional voting, the process of authentication is based on trust, by certifying on a form that the voter is who he claims to be. A voter can identify and authenticate himself in regular cases by showing an ID. In the case of absentee voting, voter authentication is done by comparing the signature on the ballot to the one on the registration form. I-voting might be able to implement identication and authentication procedures more securely than the traditional approach. This can be done in multistep procedures. First, voters register online or personally; after that they are provided with credentials that allow them to vote online. Providing the voter with a user name and a password can add extra security on the system. After authentication, the connection between the voter and the voting server must be established using standard secure techniques such as SSL protocol (Alvarez and Hall, 2004). Once the voter casts his ballot it is very important to encrypt it in order to ensure voters privacy. A good approach to prevent ballot tampering would be using the public key method. This gives the voter the chance to check if his vote has been changed. I-voting is a complex issue, but there is no doubt that much vulnerability can be mitigated if a high level security is designed into the system, and the Estonian elections were proof of this (Estonian National Electoral Committee, 2007). 4. The beginning of I-voting In this section, we will describe the rst attempts at I-voting in the USA. In 2000, the rst US attempt of I-voting was by the Republican Party in the State of Alaska in the Republican straw poll. The second I-voting trial was in Arizona as part of the Democratic Party primary elections (Alvarez and Hall, 2004). However, the rst I-voting project created to target a general election was called VOI. The VOI project was intended for citizens away from their voting residence and overseas. These Americans are covered by the Uniformed And Overseas Citizens Absentee Voting Act (UOCAVA). The Department of Defense (DoD) is responsible for implementing UOCAVA voting procedures. Before VOI, voters in the UOCAVA category used to obtain, complete, and send a Federal Post Card Application (FPCA). The FPCA served as both an absentee voter registration method and as a request for an absentee ballot. Once the county ofcials received and processed the FPCA, an absentee ballot was sent to the voter. Voters ll out the ballots and send their votes back. In 2000, many problems occurred because of the previously mentioned procedure. Many ballots were lost or arrived after the deadline and thus were rejected, and others were rejected because they were not lled out correctly (United States, 2001). Around 66 percent of the rejected FPCA were invalidated because they were missing a home address. About 25 percent were rejected because they had an illegible mailing address. The rest were rejected because of unclear handwriting, or a lack of a signature or a witness signature. It was clear that FPCA was confusing and not easy to ll out. The VOI project aimed to reduce the number of rejected ballots by creating a user-friendly system with the ability to alert voters, preventing them from submitting incomplete ballots (Alvarez and Hall, 2004). VOI involved developing registration and voting software for the system and handling hardware purchases for all participating election jurisdictions. VOI supported only computers with Microsoft Windows 95/98 version. Participants were sent a CD-ROM with the software necessary to register and vote. This CD included a version of Netscape with 128 bit encryption and browser plug-ins to operate the VOI system. Voters also had to have a DoD issued digital certicate, known as DoD public key infrastructure (PKI), which was

Internet voting in the USA

47

TG 5,1

48

used to verify the voter during both the registration and the voting sessions. In order to get the DoD PKI, voters had to apply in person, and download the digital certicate into a oppy disk within a short period of time (Alvarez and Hall, 2004). To vote, voters logged into a central server that authenticated their digital certicate. Once the voter was authenticated, an electronic version of the FPCA appeared on the voters screen. After the voter lled in the form, it was submitted directly as an encrypted object to the appropriate local election ofce (LEO). Once the electronic form was submitted, the voter could check his registration status online anytime. After the VOI system approved the voters electronic application, the voter could immediately login to the central server and initiate a voting session (Alvarez and Hall, 2004). During this session, the server requested the appropriate election ofce to send the appropriate ballot. The voter lled in the ballot which was also submitted as an encrypted object back to the LEO. Once the LEO received the electronic ballot, the voter was sent an electronic return receipt (Alvarez and Hall, 2004) (Figure 1) (Department of Defense, 2001). VOI was conducted in a very small scale. A total of 127 eligible volunteers from ve different states were chosen out of which 84 voted. The majority of the volunteers were uniformed service members. The potential voters were spread over 28 states in 12 countries. The estimated cost for the VOI project was $6.2 million (Department of Defense, 2001). The low participation was the biggest criticism, as the sample size made it very difcult to evaluate the effectiveness of the I-voting system. Not to mention the huge cost per vote: the estimated cost of using Direct Recording Electronic (DRE) machine is $12 per vote, but for VOI it was $74,000 per vote (Alvarez et al., 2007). VOI had a help desk that was open 24 hours a day, seven days a week. During the help disk operation, it received 71 calls; all were resolved. However, 71 calls from 84 voters is still a very high ratio. These calls were related to different issues. For example, some of these calls were related to downloading DoD PKI, errors accessing the VOI web site, and troubles downloading the Netscape navigator (Alvarez and Hall, 2004).
(1) Citizen workstation (2) FVAP server segment
DoD PKI Floppy disk Citizen work station Internet Internet Internet LEO Administrative work station Uninterruptible power supply FVAP HUB LEO router

(3) LEO server segment

Uninterruptible power supply

LEO HUB

LEO server 1 Printer

FVAP router Citizen work station

Citizen work station

FVAP administrative work station

Figure 1. Diagram of the VOI system architecture

FVAP server

Intrusion detection system

E-B allot tool server

LEO router

LEO HUB

LEO server 5 Printer LEO administration work station

Printer

Uninterruptible power supply

Modem

Despite the small sample and the fact that voters were self-selected volunteers who were motivated by the VOI project, studies showed that VOI could work and that it did not suffer any serious glitches or problems that led to loss of votes. Also, there was no evidence of VOI suffering from any security violations (Alvarez and Hall, 2004). VOI results indicated that this approach could signicantly promote the enfranchisement of UOCAVA voters, in particular in the military service (Alvarez et al., 2007). 5. The SERVE project In 2004, under the supervision of DoD, the Secure Electronic Registration and Voting Experiment project (SERVE) was launched. SERVEs goal was to facilitate registration and voting over the internet. Unlike VOI, SERVE tried to follow basic experimental design principals. A review team known as the Security Peer Review Group (SPRG) was assigned to assess the project (Rubin et al., 2004). The SERVE experiment was mainly interested in facilitating the election process for citizens living outside the USA and for military personnel. The Federal Voting Assistance Program (FVAP) was hoping that SERVE would replace the absentee voting method in the 2004 election, providing that it is, at least, as secure as the absentee voting (Alvarez et al., 2007). 5.1 SERVE system components The SERVE system consists of the following four components as shown in Figure 2 (Magi, 2007): (1) Voter application (VA). A web application that is only supported by Windows platforms and can run either using Netscape or Internet Explorer. (2) Network server. It performs ballot encryption and data transmission. (3) Votes storing server (VSS). The server where ballots decryption happens. (4) Votes counting server (VCS). The server where decrypted votes are counted. SERVE had many VCS, one for every participating election ofce. 5.2 SERVE voting process In order to be able to use the SERVE system, a voter must enroll in the program. Once the voter is dened as eligible to use SERVE, he is issued a username and a password. The SERVE system was supposed to be active for 30 days before the Election Day; during this

Internet voting in the USA

49

Votes storing Votes counting server server

Network server Firewall Voter application Votes counting server

Figure 2. SERVE system components

TG 5,1

50

period a voter could access the web application using the provided login information. If login was successful, a trusted ActiveX control or a Java applet was downloaded to the voters computer. After that, the candidates list showed up; once the voter made his choice, a random number was generated and both the vote and the random number were encrypted using the SERVEs public key. Then, the network server transmitted the encrypted ballot and the voters personal information to the VSS (Rubin et al., 2004). The VSS veried that the voter had not voted before and generated an appropriate response. After that, the personal information and the encrypted ballot were separated from each other. Copies of both the encrypted ballot and the voters list were sent to the appropriate VCS where the ballots were decrypted using the private key. If the decrypted ballot had the correct format then it was counted. The VSS retained a copy to ensure that no voter can cast more than one ballot (Rubin et al., 2004). 5.3 SPRG report Four of the ten SPRG members for the SERVE project came up with a security analysis report addressing many threats and possible security vulnerabilities. Based upon this report, the SERVE project was terminated. One of the SPRG members biggest concerns was the lack of a voter veried audit trail. Old DRE machines did not include a paper trail, which made it impossible for the voters to ensure that their votes were not modied. Many states made the addition of paper audit trails to DREs mandatory (VeriedVoting.org, 2010). However, when voters are voting over the internet, there is no guarantee that their votes are submitted they way they intend. A voter veried audit trail also serves as a backup in case of a system failure (Rubin et al., 2004). Privacy was another concern for the SPRG dissenters. The goal of SERVE was to provide the same level of privacy provided by the absentee voting method. In some states, the absentee voting method maintained the voters privacy by using the inner and outer envelope approach. The voter puts his vote in the inner envelope and his name on the outer one. The election ofce maintains voter privacy by separating the inner from the outer envelope and not opening them at the same time. SERVE encrypts the ballot, which makes it hard to decipher without the private key which is generated by the LEO. The report showed many concerns with this approach. For example, the LEO might be able to match the votes to the voters if an election ofcer keeps downloading the votes so frequently that he obtains one vote a time. This can be deduced since SERVE keeps on its server a list of voters names to make sure they will not vote more than once. This list is viewable by all the LEOs. Another concern related to the privacy issue is the fact that ballots and each voters name remain unencrypted on the server for a short period of time till the system makes sure that this is the voters rst attempt to vote (Rubin et al., 2004). The report also discussed the possibility of votes buying and selling on a very large-scale. This can be done over the internet in different schemes. For example, a voter can sell his voting credentials (user name and password). Another scheme of vote trading would be providing the voter with an ActiveX component that is compatible with SERVE. Once downloaded by the voter, the buyer can make sure that the seller voted according to his terms. The report included many other vulnerabilities and possible threats. The report claimed that SERVE suffers the same vulnerabilities of absentee voting plus other threats due to the nature of the current internet platform. Since the internet has no national

boundaries, the attacks can be launched from anywhere. Other threats that SERVE or the internet, in general, suffer from, are the huge variety of potential attacks and the inability to detect some of these attacks (Rubin et al., 2004). Inspired by some successful I-voting trials, in particular the Swiss and Estonian elections, the US DoD released a report in 2007 that studied the possibility of I-voting implementation in future elections (Department of Defense, 2007). 6. Operation BRAVO In 2008, Okaloosa County in Florida decided to launch Operation Bring Remote Access to Voters Overseas (BRAVO) on its own with private funding. Okaloosa County, one of the participants in the VOI project in 2000, was hoping to provide a better voting service to its 20,000 overseas voters. The countys election ofce was disappointed that none of the previous pilot projects had moved beyond the experimental phase (Operation BRAVO, 2007). Unlike previous pilots, where voters used their own personal computers to vote, BRAVO voters voted using monitored kiosks. An overview of the BRAVO system is shown in Figure 3 (Clarkson et al., 2008). Operation BRAVO was developed, tested, and approved, all between December 2007 and September 2008. This operation was implemented in cooperation between local government, industry, academia, and state government. Okaloosa County installed three special kiosks outside air force bases in England, Germany, and Japan (Ziezulewicz, 2008). Two kiosk workers sat up and operated the systems at each site. These polls were open from October 24, 2008 until November 2, 2008. Of the 900 self-selected voters expected to participate, only 93 actually did (Operation BRAVO, 2008). Okaloosa County partnered with Scytl Secure Electronic Voting to develop an electronic absentee voting system. In order to lower the budget, the BRAVO foundation decided to use the Scytl data center to store the encrypted votes instead of upgrading their own data center in Okaloosa County (Operation BRAVO, 2008). Storing such critical data in Barcelona, Spain, raised many concerns (McCrea, 2008). 6.1 The BRAVO Scenario Once the voter cast his ballot, it was electronically enclosed in a digital envelope and encrypted using the Okaloosa County election key. After that, the digital envelope was

Internet voting in the USA

51

Internet VPN Voter V Voting kiosk/client C SSL over VPN Voting proxy Voting service S Bridge laptop Mixing server M

Poll worker Issuing point O client Polling center

Credential provision service P Scytl data center

Canvassing board E Election center

Figure 3. BRAVO system overview

TG 5,1

52

signed with a unique digital certicate given to each voter. Once the ballot was secured, it was transferred to the data server in Barcelona, where it was stored until the end of the election period. The voter was issued a receipt so that he could check, at the end of the elections, that his ballot was counted through Oskaloosa Countys web site without revealing his selections. At the close of polls, the Okaloosa canvassing board met to collectively reconstruct the elections private key in order to decrypt the ballots. The results were incorporated manually into the nal election tabulation report (Operation BRAVO, 2008). 6.2 Scytl Secure Electronic Voting Scytl systems have been used in Spain, Switzerland, Finland, the Philippines, Argentina, and numerous other countries (Operation BRAVO, 2007). Pnyx, Scytl software, was customized to meet Okaloosa Countys requirements and standards. Okaloosa County election ofcials justied choosing Scytl, a foreign private company, based on its success in other countries. 6.2.1 Pnyx Components. Pnyx consisted of the following four components (Florida Division of Elections, 2008): (1) The voting client. A Java applet running on a standard web browser. The voting client is responsible for authenticating the voters, displaying the correct ballot style and encrypting the ballots. (2) Secure voting servers. Pnyx consists of three kinds of servers, the servers that verify the electronic identity of the voters, the servers that execute the cryptographic protocol, and the servers that store the encrypted ballots. (3) The bridge laptop. A laptop that is used to download an encrypted electronic ballot box from voting servers using a VPN connection. (4) The mixing server. A server that is used to create the election cryptographic keys before the polls open; it also decrypts and mixes the ballots after the polls close. 6.2.2 BRAVO security. The goal of Operation BRAVO was to replace the absentee ballots with a more reliable system. Operation BRAVO hoped to achieve better performance, while providing at least the same level of security. In order to ensure BRAVO security, the following environments had to be considered: . Kiosk sites. This environment includes two procedures, ballot casting and voter authentication. . Data centers. This environment includes securing the voter registration database and safely storing the votes. . Okaloosa county election ofce. The security of both the mixing server and the bridge laptop must be ensured. . Communications. This means securing the communications between the voting system components in order to prevent outsider attacks. 6.3 Analysis of Scytl remote voting software The Security and Assurance in Information Technology (SAIT) Laboratory at Florida State Universitys (FSU) was commissioned by the Florida Department of State, in order to evaluate the Pnyx software.

The SAIT review focused on the overall architecture. The Pnyx source code contained thousands of lines and the SAIT team did not manage to test it thoroughly. However, it used some static analysis tools, to scan for potential vulnerabilities in the code. The review team criticized the way C and Java were used, stating that they were not employed properly. The report contained many negative ndings and suggested many actions to be taken (Clarkson et al., 2008). The review team showed many concerns about the cryptography practices in the Pnyx code. For example, SAIT found that Pnyx uses the same key pair twice, once to encrypt votes by the voting client, and once to sign election results by the mixing server. This practice will increase the vulnerability of the system and cause some conicts since each key has a different life time cycle. For example, the signing key should be destroyed after the election, whereas the decryption key should be stored, to be reused during auditing procedures. SAIT suggested using two different key pairs. The SAIT report concluded that Scytl system provided some improvements over the current available overseas voting methods. Scytl provided duplicates that allowed ofcials to manually recount the ballots. Furthermore, the use of cryptography made Scytl more secure than casting a ballot via e-mail or fax. The report stated that voting from specied locations, under the ofcials supervision, provides extra protection (Clarkson et al., 2008). Operation BRAVOs turnout rate was 15 percent, which was three times more than the previous absentee voting methods. And thus, BRAVO was declared to be successful. It is unlikely that Scytl made the changes suggested by the SAIT review team, especially since Scytl did not agree with many of the ndings, and the fact that it had no time to take any action. The Scytl voting system, Pnyx, was implemented in both Finland and Switzerland. Both countries commissioned review teams that came up with similar ndings to SAITs (Clarkson et al., 2008). 7. Conclusion The USA still has major concerns about I-voting. As witnessed in the 2000 Arizona primary, there was a huge variation in the casting methods depending on the level of education, income, age, and race (Alvarez and Hall, 2004). For example, voters of color were less likely to use the internet. The Voting Right Act (VRA) states that, if a voting method makes it harder for non-whites to vote then it is illegal. This means that, at least in Arizona, I-voting will not substitute for traditional voting anytime in the near future. Supporters of I-voting want it to be used as an optional voting method not unlike other unsupervised voting methods (absentee voting and voting by mail). However, many data security experts insist that it can be more risky and may cause more harm than other methods. In Estonia, I-voting is one of three available voting methods. One of the reasons for the success of I-voting in Estonia is widespread access to the internet among its citizens. Another reason is the use of a digital ID card that has a digital certicate embedded within it. Estonians are used to accessing their government services online and using their digital ID card (Magi, 2007). The Estonian Electoral committee does not require voter registration before elections. Instead, voters can vote directly. On the other hand, registration is required in the US and achieving electronic registration is considered very challenging.

Internet voting in the USA

53

TG 5,1

It is unlikely that I-voting will be used in US elections in the near future, yet it is considered promising as alternative to facilitate voting for those living overseas. Implementing and evaluating I-voting on such a smaller scale might be a step towards a robust voting system that can be carried out after on a larger scale.
References Alvarez, R.M. and Hall, T.E. (2004), Point, Click, and Vote: The Future of Internet Voting, Brookings Institution Press, Washington, DC. Alvarez, R.M., Hall, T.E. and Roberts, B.F. (2007), Military voting and the law: procedural and technological solutions to the ballot transit problem, Fordham Law Review, Vol. 34 No. 3, pp. 935-96. Clarkson, M., Hay, B., Inge, M., Shelat, A., Wagner, D. and Yasinsac, A. (2008), Software review and security analysis of Scytl remote voting software, available at: http://election.dos. state..us/voting-systems/cert-vote-system/scytl2008.shtml (accessed January 7, 2010). Department of Defense (2001), Voting Over the Internet Pilot Project Assessment Report, Federal Voting Assistance Program, available at: www.fvap.gov/resources/media/voi.pdf (accessed January 6, 2010). Department of Defense (2007), Expanding the Use of Electronic Voting Technology for UOCAVA Citizens, Federal Voting Assistance Program, available at: http://servesecurityreport.org/ dodmay2007.pdf (accessed April 14, 2009). Estonian National Electoral Committee (2007), Reports and Statistics about Internet Voting, available at: www.vvk.ee/index.php?id11509 (accessed February 12, 2010). Florida Division of Elections (2008), Provisional Qualication Test Report, available at: http:// doe.dos.state..us/voting-systems/pdf/ScytlRel1-0Version1-TestReport.pdf (accessed October 17, 2009). McCrea, D. (2008), Re. Electronic transmission of elections materials, Operation Bravo, and related matters, available at: www.oridavoters.org/downloads/OperationBravo.pdf (accessed January 11, 2010). gi, T. (2007), Practical security analysis of E-voting systems, available at: http://triinu.net/ Ma e-voting/master%20thesis%20e-voting%20security.pdf (accessed February 19, 2010). Operation BRAVO (2007), Operation BRAVO solutions, available at: www.operationbravo.org/ our_solutions.html (accessed January 8, 2010). Operation BRAVO (2008), Procedures and system description for secure remote electronic transmission of ballots for overseas civilian and military voters, available at: www.operationbravo.org/ (accessed September 3, 2008). Rubin, A., Jefferson, D., Simons, B. and Wagner, D. (2004), A security analysis of the secure electronic registration and voting experiment, available at: servesecurityreport.org/ paper.pdf (accessed December 15, 2009). United States (2001), Elections Voting Assistance To Military and Overseas Citizens Should Be Improved, General Accounting Ofce, Washington, DC, available at: http://purl.access. gpo.gov/GPO/LPS46660 (accessed January 5, 2010). VeriedVoting.org (2010), Mandatory manual audits of voter-veried paper records, available at: www.veriedvoting.org (accessed January 24, 2010). World Information Society (2007), Bridging the digital divide, available at: www.itu.int/osg/spu/ publications/worldinformationsociety/2007/WISR07-chapter2.pdf (accessed February 15, 2008).

54

Ziezulewicz, G. (2008), Some Florida troops overseas will be able to vote via internet, available at: www.stripes.com/article.asp?section104&article65202&archivetrue (accessed January 2, 2010). About the authors Mohammed Awad is a PhD candidate in the Department of Computer Science, University of Houston. He completed his MSc in Computer Science at the University of Houston in 2006, and his BSc in the same major at Yarmouk University, Jordan in 2003. Mohammed Awads research interests are E-voting and I-voting security. Mohammed Awad is the corresponding author and can be contacted at: maawad@cs.uh.edu Ernst L. Leiss earned graduate degrees in Computer Science and Mathematics from the University of Waterloo and TU Vienna. He joined the Department of Computer Science of the University of Houston in 1979 where he has been a Full Professor since 1992. He has written over 160 peer-reviewed papers and six books and has supervised 15 PhD students. His research interests are in security and high-performance computing.

Internet voting in the USA

55

To purchase reprints of this article please e-mail: reprints@emeraldinsight.com Or visit our web site for further details: www.emeraldinsight.com/reprints