Benefits, risks of e-mail ballots weighed
By GEOFF ZIEZULEWICZ | STARS AND STRIPES Published: May 23, 2010
An increasing number of states will offer Americans living overseas a chance to return their completed ballots over the Internet this November.
But cybersecurity experts and voter advocates contend that these well-intentioned efforts ignore the technical vulnerabilities of sending a voted ballot as an e-mail attachment, potentially subjecting this midterm contest to electronic vote rigging and hacking.
Sixteen states will allow ballots to be e-mailed back to the States, while 29 states and territories will allow the faxing of completed ballots, according to the Pentagon’s Federal Voting Assistance Program. Some states will allow this electronic transmission only in emergency situations or within certain counties.
State election officials say that despite security concerns, transmitting voted ballots over the Internet will help ensure more overseas Americans get their vote counted, improving the dismal return rates among overseas voters.
But despite the best intentions of politicians and election officials, the potential for manipulation of e-mailed ballots is rife because of the very nature of most e-mail — an easily accessible system that is used by many but understood by few, according to David Jefferson of the Verified Voting Foundation, a nonprofit organization dedicated to publicly verifiable elections.
“The best analogy,” Jefferson said, “is what would it be like if you conducted an election where people voted in absentee ballots with pencil, on a postcard which isn’t even in an envelope, and it was delivered hand to hand to hand to the county. That’s an analogy to how e-mail works.”
“E-mail itself isn’t secure,” said Susan Dzieduszycka-Suinat, president of the Overseas Vote Foundation. “It doesn’t go direct from one computer to another. It has quite a few stops, and at every stop the content can be manipulated.”
Under the current overseas voting system, states set their own regulations regarding deadlines and acceptable methods of blank and voted ballot transmission. Part of the fiscal 2010 defense bill mandated states provide electronic means for requesting and receiving a ballot, but not for the return of voted ballots.
The e-mailing of voted ballots is an initiative many states are choosing to take on their own, although the FVAP lobbied states to adopt such methods last October.
“This is catching on because politicians and election officials like to wave the flag and say they’re doing something for our boys overseas,” said Jefferson, also a computer scientist at Lawrence Livermore National Laboratory. “They have no clue about the cybersecurity problems the United States faces.”
The overseas voting system has a troubling track record of votes not being counted, with only 67 percent of ballots requested by military members being successfully cast in 2008, according to FVAP Director Bob Carey.
“There is always going to be security concerns,” he said, “but the fact of the matter is our current system has a third of absentee ballots never returning.”
A survey of 24,000 overseas voters conducted after the 2008 election by the Overseas Vote Foundation found that 22 percent of voters were unable to successfully cast a ballot. Despite these shortcomings, computer experts say the trade-off is not worth it and voting rates could be improved by expediting mail services or Internet voting that includes a verifiable paper trail.
If there is no paper trail for these ballots, Jefferson said, voters will not know if their vote is counted.
Some states, such as South Carolina and Delaware, have allowed e-mailed or faxed ballots for a few years.
South Carolina’s legislation allowing overseas voters to send their ballot back via e-mail or fax has been in effect since 2006, according to Chris Whitmire, a spokesman for the state’s election commission.
Local election officials received positive feedback from overseas voters regarding the option to e-mail or fax back a voted ballot in 2008, he said.
“You have to balance the security of the ballot with allowing people to vote,” he said. “We believe of course that it’s more important to provide everyone with a real opportunity to vote. It’s a balance and in this case we felt that there is some risk that you undertake.”
But Whitmire said the state’s election commission does not know how many voted ballots were received via e-mail or fax.
FVAP is shopping a system to the States this year that would allow voters to cast their vote online. But voters will still have to print the ballot out, sign it and mail it back. Twenty-five states have signed on for the program.
By its very nature, e-mailing or faxing back a voted ballot requires the voter to cede a degree of privacy in the name of expediency, said Elaine Manlove, who heads up voting efforts in Delaware, which has allowed faxed and e-mailed ballots since 2008.
“Our perception was the military wanted their votes counted, even if that was the way they sent them back,” Manlove said.
While state officials may have good intentions in allowing electronic transmission of voted ballots, they don’t understand the risks associated with such practices, Dzieduszycka-Suinat said. Furthermore, states have no overarching regulations addressing security concerns with e-mailed ballots, she said.
“It’s not like the hackers can’t find out where these ballots are being sent to,” she said. “They can get these e-mail addresses and intercept every single one.”
The potential for a congressional shake-up this election makes the vulnerability of e-mailed ballots that much more troubling for critics.
“If our elections weren’t so attractive for hackers, who would care?” Dzieduszycka-Suinat said. “Nobody is going to stop these states until someone disputes the outcome of the election.”