Facts about Email Voting

(Or Why Return of Voted Ballots Should Not be Permitted via Email)

Use of E-mail for Return of Voted Ballots:

The use of e-mail to return ballots presents several significant security challenges. Several different computer systems are involved in sending an e-mail from a voter to an election official. Many of these systems, such as the voters’ computers and e-mail servers, are outside the control of election officials. Attacks on these systems could violate the privacy of voters, modify ballots, or disrupt communication with election officials. Because other individuals or organizations operate these systems, there is little election officials can do to prevent attacks on these systems. The security challenges associated with e-mail return of voted ballots are difficult to overcome using technology widely deployed today.

(Source: http://www.nist.gov/itl/vote/upload/uocava-threatanalysis-final.pdf)

…unlike banking on the Internet or via ATM … a process which is open to oversight before, during, and after by all involved parties, the secret ballot system used in U.S. elections — where it’s impossible to verify the accuracy of the “transaction” after it’s been made and the identity of the voter must be kept forever a secret — cannot be done safely at this time on the Internet. (Source: http://www.bradblog.com/?p=8118)

(Source: https://www.overseasvotefoundation.org/technology_map_2010)

Private email over the Internet is not a secure method of transfer for documents containing your confidential identity information. This is why Overseas Vote Foundation recommends that voters return their ballots by regular mail and fax. (Source: https://www.overseasvotefoundation.org/Email-Ballot-Security)

1) Ease of automation of email attacks: There is no corresponding hazard for VBM.

2) Lack of ability to detect email attacks: Physical attacks on snail mail ballots, unless done slowly and carefully with good tools, would be detectable.  The only simple undetectable attack on snail mail is to throw ballots away based on where they came from without opening them to determine whether they are favorable or not to the attacker – not a very sharp attack at all.

3) Speed and simplicity of email attacks: Once installed, an email attack package would work silently and efficiently and could handle all of the ballots that happened to be routed through that particular server.  The only way to achieve a similar attack effect for snail mail would be to have a big boiler room operation with many people in league at a postal service location.

4) The potential for foreign cyber attacks: Email attacks do not have to be perpetrated by insiders or employees of ISPs that run email relays.  Any foreign agency might attack an email server remotely and control it, or a botnet criminal syndicate, or an enterprising lone hacker.  There is no corresponding attack mode for snail mail.

(Source: https://www.overseasvotefoundation.org/Email-Ballot-Security

Recommendations:

  1. Remove the return of voted ballots from HB 3074 due to security concerns.

  2. Authorize the use of the Federal Writein Absentee Ballot FWAB) for state and local elections in Oregon as other states do.

  3. Integrate more proactively with the Federal Voter Assistance Program (FVAP). Currently no link to this program can be found either on the Secretary of State’s Elections Division website or on the Oregon Military Department’s website.

  4. Do a cost/benefit analysis of sending UOCAVA ballots via trackable express services such as USPS Express Mail, FedEx or UPS with paid return of ballots using the same service.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: