By now, just about everyone connected to the Internet is familiar with this process: Required to fill out and sign a form of some kind, you ask for and receive a hyperlink via email. You open the link, find the form you need (perhaps a pdf), download it, print it, fill it out and mail it off. That’s a common practice, though increasingly old-school by today’s online standards. There doesn’t seem to be anything particularly risky about the transaction; few would think twice about conducting business that way. But while integrity is important in all transactional realms, it rises to precious when we’re talking about voting. And that’s why a similar process, new this year and slated to be part of Maryland’s primary election in June, has some civic-minded computer security experts sounding alarms about the potential for fraud. … The three experts who wrote to the board about this in 2012 were David Jefferson, a computer scientist based at the Lawrence Livermore National Laboratory in California; J. Alex Halderman, assistant professor of electrical engineering and computer science at the University of Michigan; and Barbara Simons, a retired IBM computer scientist and an expert on electronic voting. They are part of network of vigilant computer security experts who independently assess state elections systems and report their concerns.
“We have identified severe security vulnerabilities in Maryland’s online voter registration system,” Jefferson and his colleagues wrote state elections officials in September 2012. “These problems leave the system open to large-scale, automated fraud, and make the Maryland system among the most vulnerable of all the states’ new online voter registration systems.”
The letter said, in boldface: “Given the grave potential for harm, we urge the State of Maryland to take immediate defensive steps to safeguard the online voter registration system or else shut down the system.”
That statement was reiterated in a follow-up letter last February. In an interview Tuesday, Jefferson said he and his colleagues have never received a response.