This week, as University of Michigan computer technologists revealed in stark fashion the risks of Internet voting, Verified Voting, Common Cause, and Voter Action worked to halt an effort to expand the electronic return of voted ballots in Washington State. The Secretary of State of Washington has proposed an emergency rule that would allow voters to send their votes home to election officials via e-mail. In a letter to the Secretary this week, the three organizations and a cooperating attorney wrote that e-mail balloting is not required by Federal or State law, and exposes voters’ ballots to unacceptable risk of error or fraud.
This week, Dr. Alex Halderman and his students at the University of Michigan provided a powerful demonstration of the wisdom of avoiding the electronic submission of voted ballots for the foreseeable future. Professor Halderman’s team hacked the District of Columbia’s pilot Internet voting portal for the District’s overseas and military voters, changing the contents of encrypted ballots and re-encrypting them,discovering the identities and user PINs of voters – as well as noting attempts by users in Iran and China to gain access to the DC voting system.
The Michigan team’s own state Legislature prohibited electronic return when it amended Michigan election laws to comply with the Federal Military and Overseas Empowerment (MOVE) Act. Approximately one third of the States do not provide for any form of electronic return, including fax return (which, given the decline of fax machines and the rise of online fax services, is in most cases likely to involve Internet transmission of votes). Washington State statute allows overseas and service voters to fax ballots home, but only if county election officials receive the physical original prior to the election certification deadline, and only if the voter waives the secrecy of his or her ballot.
The proposed emergency rule would still require voters to send hard copies of their e-mailed ballots home in order for their votes to be counted – a commendable policy. Yet, if the physical ballot must be returned, allowing it to be e-mailed compromises voter privacy with little gain in convenience. Of all potential forms of electronic ballot return, e-mail poses some of the severest security challenges, including denial of service attacks, and essentially unmitigable risks to voter privacy; most states that allow e-mail ballot return require that the voter waive any to a secret ballot.
Verified Voting applauds the Secretary of State of Washington for seeking to provide optimal service to military and overseas voters, but e-mail balloting is a dead end that we hope the Secretary reconsiders.