Tomorrow’s election is coming, and there’s nothing New Jersey can do to postpone it. So to cope with the aftermath of Hurricane Sandy, which left millions in the Northeast without power and forced many to evacuate from their homes, state officials decided late on Saturday to allow displaced citizens to vote using email or fax. Citizens who want to vote remotely can request a ballot via phone or email, and then return a completed ballot via email or fax to their county clerk’s office. As Lt. Governor Kim Guadango explains, “the State of New Jersey is committed to holding a fair, open, transparent, and accessible election on Tuesday.” The order seems well-intended, and could make voting more accessible for many citizens, but experts are concerned that email voting forces voters to give up their anonymity, that votes submitted by email may not be counted, and that security vulnerabilities could allow the election to be manipulated.
Remote internet voting is controversial in the United States. For more than a decade, security experts have warned about the possibility of hacking and other attacks to disrupt an election or tamper with the results, with even the most secure polling systems imaginable being vulnerable to various network attacks like denial-of-service or hacking. Writing about the most ambitious remote internet voting effort in the last decade, security experts said that the vulnerabilities are not limited to specific systems, but “are fundamental in the architecture of the internet and of the PC hardware and software that is ubiquitous today.” And while some internet protocols may be more secure than others, when it comes to voting, email isn’t one of them.
As secure systems expert Matt Blaze wrote yesterday, “the security implications of voting by email are, under normal conditions, more than sufficient to make any computer security specialist recoil in horror.” Of course, natural disasters are not normal conditions, and Blaze acknowledges that “there are compelling reasons for New Jersey officials to to act quickly to create viable, flexible, secure, and reliable voting options for their citizens in this emergency.” However, he says the vote-by-email option, while admittedly flexible, is dangerously insecure and unreliable.