In a wired world, it was inevitable that the subject of Internet Voting become a hot topic sooner rather than later. But more than just a topic of discussion, this year eighteen states will allow overseas ballots to be returned via email in November’s elections. Yet according to security experts, voted ballots sent via Internet simply cannot be made secure, and make easy and inviting targets for attackers ranging from lone hackers to foreign governments seeking to undermine US elections.
The Pentagon rejected the idea of returning voted ballots via the internet as recently as 2004, when the SERVE (Secure Electronic Registration and Voting Experiment) project was canceled. In a memo, Deputy Defense Secretary Paul Wolfowitz said “In view of the inability to ensure legitimacy of votes that would be cast in the SERVE internet voting project, thereby bringing into doubt the integrity of the election, I hereby direct you to take immediate steps to ensure that no voters use the system to register or vote via the internet.”
There’s no question that voting for military and overseas voters needs to be improved. Too often absentee ballots are not received in time, if at all. Returning voted ballots from voters in hard to reach places (for example remote military outposts) in time to meet state election deadlines is difficult. These are real problems and 2009 saw efforts to improve ballot access for overseas voters kick-started by passage of the Military and Overseas Voter Empowerment (MOVE) Act, passed as an amendment to the Defense Authorization bill.
The MOVE Act addresses many problems facing overseas voters. It requires that states guarantee that absentee ballots are received at least 45 days prior to the election; bans rejection of ballots for overly burdensome requirements such as notarization; allows military and overseas voters to obtain registration forms, ballots and other election materials electronically. But while the MOVE Act calls for electronic distribution of election materials, it is notably silent on the subject of return of voted ballots, with good reason.
Despite that, as states provide electronic delivery of blank ballots, some are using the Internet for return of voted ballots via email attachments. Vendors of online election software, with a vested interest in selling their products, of course downplay the inherent risks and promise the oxymoronic “Internet security”.
But experts in computer security maintain that nothing sent over the Internet is secure. Voter’s personal computers, from which emails are sent, are easily and constantly attacked by viruses, worms, Trojan Horses and spyware. Once a voted ballot is emailed, it moves between many different servers located all over the planet, and is subject to compromise by anyone with access to any of those machines. And the election official on the receiving end has no way to know if the voted ballot she received matches the one the voter originally sent, no matter how well secured their county computer services may be, and no matter how much has been spent licensing software and upgrading their systems.
Over the next few weeks VVBlog will take an in depth look at Internet voting – the legislation, the security issues, what is possible right now, what the states are doing, and most important, what may work to solve the problem of providing sufficient time to vote for the men and women in uniform serving overseas and all overseas civilians. Stay tuned.