Holding an election is complicated. Holding an election eight days after a historically significant disaster? Probably exponentially so. This is the circumstance in which the state of New Jersey will find itself tomorrow. Gov. Chris Christie has ordered counties to provide ways for people who have been displaced by Hurricane Sandy to vote in Tuesday’s election by fax and email. The system will follow in part a similar scheme developed for New Jersey residents serving overseas in the military to cast their ballots. To say that no one is going to be happy with the result, no matter what it is, is probably understating it. To the extent that the process is understood — it was at this writing still in the process of being implemented — it will work like this.
On Election Day, those who have not yet taken advantage of early voting opportunities must by 5 pm local time print and return either by email or fax an Electronic Ballot Application. (Some counties are using or accepting other forms. See this story at NJ.com for more on that.) Once you’ve filled out and returned that form, you’ll get a response with instructions for how to vote, a secrecy waiver form and a ballot, all of which must be returned by 8 pm local time.
Military personnel are required to file a paper ballot by mail after sending an electronic vote, but right now there is some lack of clarity as to whether or not that will be required of displaced email and fax voters. Alternately, if you are displaced, you can still vote in person by finding the nearest polling place and voting with a provisional ballot.
Laying aside the obvious fact that many people in New Jersey have more immediate concerns — staying warm, staying fed, rebuilding their lives in the wake of the disaster — the opportunities for difficulty and the risk of problems are, in theory, numerous.
Voting via the Internet can be done successfully when there is sufficient infrastructure in place to support it. The nation of Estonia, a former Soviet Republic, has allowed electronic voting since 2005 when it launched a pilot project to coincide with some municipal elections. That year only 9,800 people, or less than 2 percent of the more than 1 million eligible voters, voted electronically. Last year, the figure had risen above 140,000, or more than 15 percent of eligible voters.
Estonia has something that New Jersey doesn’t: A mandatory smart card ID. It looks like a state drivers license with a chip in it. The chip contains a set of cryptographic keys used to protect and authenticate the stored data, which includes the name, gender and other information about the person. Email is by its nature inherently insecure. It can be spoofed, hacked, used to introduce malware into a target system and as the delivery mechanism for numerous other very bad things. There are an awful lot of people who work in the computer security business who will recoil at the very idea of the sanctity of democracy in New Jersey being entrusted to email.
There are additional security concerns: The servers receiving the votes will be connected to the Internet, and therefore vulnerable to remote attack. Shared computers in libraries and community centers where displaced people might vote will not have been properly secured in a way that will guarantee against tampering. And even if secured in some way, what’s to stop some digital trouble makers — like, say, Anonymous to name but one — from launching a disruptive denial of service attack on some unsuspecting county, or indeed the entire state, as a way of proving some inane ideological point? The mind reels at all the ways that this could go wrong.