Verified Voting Blog: Email Ballots – A Threat to the Security and Privacy of the Military Vote

Last week  the state Massachusetts, intending to improve military voters access to the ballot while serving overseas, approved a law which throws the integrity and security of those ballots into question by allowing their return by email. The original bill contained excellent provisions which would have helped solve one of the biggest problems facing overseas military personnel – timely receipt of absentee ballots. Currently, absentee ballots are sent by conventional mail, which can take two weeks to reach military voters. The problem is further exacerbated when soldiers are deployed in the field where they may not receive mail for long periods of time.

In its original form, the Massachusetts bill allowed military only to acquire an absentee ballot online. The downloaded blank ballot could then be printed, voted on and sent back, greatly enhancing the availability of ballots. But, in an ill conceived last minute addition, the bill was modified to also allow return of voted ballots by email. In terms of voter privacy and ballot security, email return of ballots is one of the worst choices and should never have been inserted in the bill let alone been approved. It’s not like the data wasn’t available. All lawmakers needed to do was consult a 2008 NIST research document which lays out the problems with email return of ballots in gruesome detail.

The Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) became law in 1986 allowing absentee voting by overseas military personnel. As part of the Election Assistance Commission’s mandate to study overseas voting, the National Institute of Standards and Technology (NIST) released a report In December 2008 entitled “A Threat Analysis on UOCAVA Voting Systems“. The report looks at telephone, fax, email and web delivery of absentee ballots, and “presents initial conclusions regarding the use of these electronic technologies and suggested next steps.”

The report examines potential threats to ballot security and voter privacy posed by these technologies. Unsurprisingly, email return of ballots presents huge problems for both. In regard to electronic mailing of ballots, the report notes major vulnerabilities:

Voted ballot return: Sending completed ballots from UOCAVA voters to local election officials can be expedited through the use of the electronic transmission options. However, their use can present significant challenges to the integrity of the election.”

“Denial of service attacks are a significant threat to e-mail-based voting systems. Attackers could flood election e-mail servers with large amounts of illegitimate traffic. This could not only prevent voters’ e-mails from reaching election officials, but could also make it difficult for officials to distinguish between valid and invalid ballots.”

“E-mails are significantly easier to intercept and modify in transit than other forms of communication. E-mails travel through telecommunications lines, network equipment and e-mail servers before reaching the intended recipient. Anyone with access to the infrastructure could read or even modify e-mail messages. In particular, e-mail servers often store messages for a short period of time before passing them on to the next server, or the intended recipient. System operators for these servers could intercept or modify e-mailed ballots. It is unlikely that election officials would be able to identify ballots that had been modified in-transit.”

Also, e-mailed ballots are at risk before and after they are sent to election officials. Voters’ computers could be infected with malicious code capable of disrupting communications with an election official. Very sophisticated attacks may be able to modify digital ballots prior to e-mailing them to election officials.”

E-mail does not provide any guarantee that the intended recipient will receive the message.”

In its summary section, the report is very clear about the dangers posed by electronic return of ballots:

“The use of e-mail to return ballots presents several significant security challenges. Several different computer systems are involved in sending an e-mail from a voter to an election official. Many of these systems, such as the voters’ computers and e-mail servers, are outside the control of election officials. Attacks on these systems could violate the privacy of voters, modify ballots, or disrupt communication with election officials. Because other individuals or organizations operate these systems, there is little election officials can do to prevent attacks on these systems. The security challenges associated with e-mail return of voted ballots are difficult to overcome using technology widely deployed today.”

The NIST report makes it pretty clear that Massachusetts legislators, by allowing return of voted ballots by email,  have put the votes of military personnel at risk. They must go back and correct this mistake. Our men and women in uniform deserve no less.


Comments are closed.