Bloomberg News

Security of N.J. E-Mail Voting After Storm Is Questioned

November 06, 2012

New Jersey E-Mail Voting After Storm Questioned as Security Risk

A computer screen on the desk of Ocean County voting officials in Toms River, New Jersey, review email applications for voting in a special early mail voting arrangement to allow citizens of the areas affected by Hurricane Sandy to vote on short notice in the national and local election. Photographer: Paul J. Richards/AFP/Getty Images

New Jersey’s plan to let residents displaced by Hurricane Sandy vote by e-mail is raising concerns among computer scientists that the ballots may be vulnerable to hacking or online manipulation.

Under a directive issued on Nov. 3 by New Jersey Governor Chris Christie’s administration, displaced voters and emergency responders may submit their ballots via e-mail or fax, an option already available to military and overseas voters. The Christie administration today extended the deadline for displaced voters to submit electronic ballots from today to Nov. 9, citing the “extraordinary volume” of ballot applications.

E-mail isn’t encrypted, so ballots are at risk of being viewed or modified in transit, and neither the sender nor recipient would know it, David Jefferson, a director of the Verified Voting Foundation, a Carlsbad, California-based non- profit that works to improve the security of online and electronic balloting, said in an interview.

“It’s about the worst form of voting that has so far been devised from a security point of view,” said Jefferson, a computer scientist at the Lawrence Livermore National Laboratory in Livermore, California. “This is a lawsuit waiting to happen.”

An influx of e-mailed ballots creates risk for the computer systems that will have to handle and process them, Matt Blaze, a professor of computer and information science at the University of Pennsylvania in Philadelphia, said in a telephone interview.

Election officials are going to be opening ballots as e- mail attachments, which is a common way for hackers to distribute malicious software, Blaze said.

Mischief Potential

“The potential for mischief that not only affects an individual voter’s e-mail ballot but affects the election results for an entire county is really significant,” he said.

Blaze said he didn’t think e-mail voting would affect the outcome of the presidential race in New Jersey, where polls have showed President Barack Obama leading Republican challenger Mitt Romney. Still, he said, it could be a factor in local elections that sometimes are decided by a handful of votes. If the losers of those races challenge the integrity of the e-mail voting, that could result in contested elections, he said.

“You never want to make such a significant change so close to the election, or on the eve of the election,” J. Alex Halderman, a professor of electrical engineering and computer science at the University of Michigan, said in a telephone interview. “It’s a recipe for more chaos, unfortunately.”

Changed Votes

E-mail voting is insecure because it’s hard to authenticate the voter, the ballots can be intercepted and changed, and the computer servers that store them can be hacked, he said.

The security of state government computer networks is facing increased scrutiny. South Carolina’s Department of Revenue said Oct. 26 that as many as 3.6 million Social Security numbers and 387,000 credit and debit card numbers were exposed in a cyber attack.

Halderman in 2010 led a team of researchers that hacked into a District of Columbia online voting system during a mock election being held as a test.

In two days, the team changed votes and rigged equipment to determine how everyone voted. It took an additional two days for election officials to respond to the hacking, even though Halderman’s group tweaked the system to play the University of Michigan fight song whenever someone cast a ballot.

The District canceled plans to use the system in a real election.

‘Extraordinary Storm’

New Jersey is encouraging voters to use electronic voting as one option to help alleviate pressure on polling places in the wake of the “extraordinary storm,” the state’s lieutenant governor, Kim Guadagno, said in an Nov. 3 news release. Guadagno is also New Jersey’s secretary of state.

Displaced voters may apply for a mail-in ballot via e-mail or fax to their county clerk. If the application is approved, the clerk will send a ballot to a voter by e-mail or fax, and voters can send it in electronically, according to the release.

All New Jersey voters casting electronic ballots receive instructions to immediately mail the physical version of their ballot materials to their county’s board of election as an “extra level of security,” Ernest Landante, a spokesman for the state’s lieutenant governor, said in an e-mail.

Almost half the states and the District of Columbia permit Americans in the military and living overseas to vote by e-mail or online in today’s election, according to data compiled by the Overseas Vote Foundation, an Arlington, Virginia-based non- partisan group that promotes voting by Americans living abroad.

Nationally, about 5 percent of military and overseas voters in 2010 used e-mail to cast their ballots, according to a survey by the foundation. If that rate holds for this election, as many as 32,000 ballots would be sent via e-mail, not counting the tally from storm victims in New Jersey.

To contact the reporter on this story: Eric Engleman in Washington at eengleman1@bloomberg.net

To contact the editor responsible for this story: John Walcott at jwalcott9@bloomberg.net


Later, Baby
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

 
blog comments powered by Disqus