Link

Could Email Undermine the 2012 American Election?

In the aftermath of Hurricane Sandy, some of the polling stations that would have been used by Americans to cast ballots are gone. Moreover, some citizens in New Jersey are unlikely to either find their new polling station or take the time to find a station and vote. Quite simply, they’re rebuilding their lives: presidential politics aren’t necessarily centre of mind at the moment.

In the wake of the disaster, New Jersey will let some voters cast their ballots by fax and email. One American expert has identified a range of possible attack vectors that could be used to compromise people’s votes. He’s quoted as saying,

Those are just some of the more obvious and potentially catastrophic ways a direct security failure could affect this election … The email voting scheme has so many ways it can fail or that doubt can be cast on the integrity of the results, that if a race somewhere in New Jersey is decided by email ballots, it seems almost guaranteed that we’re going to have a bunch of mini-2000-in-Floridas all over the state.

In addition to basic security concerns around voting, it’s critical to understand that voting by email (effectively) removes secrecy provisions. Messages will not have to be encrypted, meaning that if employees cast their ballots at work then their employer(s) could ascertain how their employees are voting. This is an incredibly serious issue.

In the best of worlds, the New Jersey elections won’t rely or depend on the emailed votes to determine a winner. This said, even if the votes don’t change the local results – if individuals win seats by sufficient margins that the emailed ‘ballots’ wouldn’t affect who won – the national vote could the endangered if the New Jersey voting system is connected to the national system. The risk, here, is that if an attacker could compromise the New Jersey voting infrastructure (perhaps by sending an infected attachment to an email message) then the rest of the infrastructure could also be compromised. Such an attack, were it to occur, could compromise not just the New Jersey results but, potentially, races across the United States.

While it’s evident why the government decided to let people vote by email – to ensure that Americans could cast their ballot despite the horrific natural disaster – these good intentions could result in very, very bad results. Worse, it could encourage trust and confidence in online voting systems more generally, systems that simply cannot be adequately secured (for more as to why, see this and this). While paper ballets are infuriating for many they remain an ideal means of confidently expressing voting intentions. While alternate approaches certainly need to be considered to let people vote, especially in times of crisis, voting by email is not an idea that should have been contemplated, let alone adopted, as a solution to the Sandy-related voting problems.