Twenty-three states plus the District of Columbia allow military and overseas voters (not domestic voters) to return voted ballots by email, facsimile and/or other Internet transmission; six allow internet return in military in zones of “hostile fire.” Alaska allows it for all absentee voters. But these methods of casting ballots over the Internet are very insecure; ballots returned this way are at risk for manipulation, loss or deletion.
According to the National Institute for Standards and Technology, the agency charged with reviewing the security of internet voting systems, even the most sophisticated cyber security protections cannot secure voted ballots sent over the Internet and that secure Internet voting is not feasible at this time.[1] Even if ballots are returned electronically over online balloting systems that employ security tools such as encryption or virtual private networks, the privacy, integrity or the reliable delivery of the ballot can’t be guaranteed.[2]
Just as important, ballots sent by electronic transmission cannot be kept private.[3] Most States which accept electronically transmitted ballots require voters to sign a waiver forfeiting the right to a secret ballot. In some cases this waiver conflicts with State law or constitution which guarantees the right to a secret ballot.
In light of these facts, cybersecurity experts at the Department of Homeland Security have advised against sending marked ballots back via email or Internet portal.[4] Moreover, the Department of Defense’s Federal Voting Assistance Program (FVAP) has advised that postal return of voted ballots is the most responsible method of ballot return.[5]
At Common Cause and Verified Voting we echo this concern and recommend that all voters protect the integrity and privacy of their votes by returning them by postal mail, rather attempting to return them by email, fax, the web, or any other electronic means. Your vote counts! Be sure that it gets counted in the way you intended!
[1] http://www.nist.gov/itl/vote/uocava.cfm
[2] National Institute of Standards and Technology NIST IR 7551 “A Threat Analysis of UOCAVA Voting Systems,” December 2008 “Defects in the voting system software, or malicious code installed on the voting system by hostile individuals, could cause votes to be recorded improperly, or could modify votes at a later time. Skilled hackers may find vulnerability in the voting system software that would grant them access to voter and ballot information. This could also lead to a loss of voter secrecy, or a loss of election integrity. Sophisticated attacks would leave little or no evidence.”
[3]NISTIR 7700 “[R]emote electronic voting systems have unique concerns about protecting ballot secrecy compared to polling place systems. While an electronic voting machine in a polling place typically does not learn the identities of voters interacting with it, remote electronic voting systems typically must identify and authenticate voters in order to verify their eligibility and provide them with the proper ballots.”
[4] http://www.npr.org/blogs/itsallpolitics/2012/03/29/149634764/online-voting-premature-warns-government-cybersecurity-expert
[5] Defense Human Resources Activity, Federal Voting Assistance Program “2010 Electronic Voting Support Wizard (EVSW) Technology Pilot Program Report to Congress” May 2013