Recently, I wrote about the denial of service (DoS) attack on a Canadian party’s leadership election. In that post, I discussed election officials’ (and their vendors’) responsibility for hardening their systems against such attacks. Moreover, I said said this responsibility exists whether the attack comes electronically or in the real world (aka “meat space” in the words of a programmer friend). Last Tuesday, municipal elections in Anchorage were somewhat chaotic – with ballot shortages across the city and many voters turned away from the polls. The problems appear to have been caused in part by an opponent of an equal-rights proposition who used email and Facebook to urge voters to the polls. Unfortunately, those appeals included incorrect information; namely, that voters could register at the polls and do so outside their home precincts. Alaska does not have election day registration, but rather requires voters to register 30 days before an election. The result was frustration as many voters visited numerous polling places in hopes – for some, in vain – of finding a ballot. The city clerk is investigating the problems and is weighing whether or not they could have been serious enough to invalidate the election.
What’s interesting is that Anchorage’s problems look a lot like a “meat space” DoS attack – large numbers of voters sent to the polls resulting in inconvenience for most and frustration for all. For the record, I am not suggesting that the Anchorage problems were a real-world DoS attack – indeed, the author of the erroneous email has said it would be “an idiotic strategy” to try to crash an election and noting that any ballots by unregistered voters would be caught and removed during the counting process.
Intent aside, however, Anchorage’s problems do resemble a DoS attack; moreover, unlike a wide-ranging conspiracy involving hundreds of voters, in this case the underlying political conditions – high voter interest in a controversial initiative – were such that only a small trigger was necessary to produce a surge of voters that apparently flooded the polls. In addition, it’s incorrect to focus solely on the voters who did go the polls; as the stories of voters suggest, there were valid registered voters who simply gave up because they couldn’t find a ballot. Those are the real targets of a DoS strategy.