Author: Bo Lipari
For members of the military, their families, and other United States citizens living overseas, voting has always presented unique challenges. Some of these problems include reliable delivery of blank ballots to the voters, secure and timely return of voted ballots, and authenticating that ballots were completed and returned by the same person they were sent to. According to an EAC study, Voting from Abroad: A Survey Of UOCAVA Voters:
“There are no reliable data available on the number of [military and overseas] voters dispersed around the globe; some estimates hover around 4 million. Active-duty military are estimated at 1.5 million and family of military another 1.5 million.“
In 1986 and again in 2009, Congress passed laws looking to improve access to voting for military and overseas voters. And today, as communication technologies like fax and email have become available, states are moving forward with plans for electronic transmission and receipt of ballots, all too often without sufficient regard for the privacy and security issues involved.
UOCAVA and MOVE
In the past, state election laws presented many difficulties to overseas and military voters, and more often than not resulted in reducing access to the ballot rather than improving it. In response, the Uniformed and Overseas Citizens Voting Act (UOCAVA), became law in 1986 covering two groups of people – United States citizens who reside overseas, and active-duty military both within and outside of the United States, along with their eligible family members. UOCAVA requires that the states allow these voters to register to vote, and vote by absentee ballot in federal elections (most states have since adopted laws which mirror UOCAVA for state and local elections). In addition, it provides for an emergency ballot called the Federal Write In Absentee Ballot, that can be used by voters who “have made a timely application for but have not received their regular ballot from the state or territory, subject to certain conditions.”
UOCAVA undoubtedly improved some conditions, but many problems persisted for absentee voters regarding legal requirements for absentee ballots and timely delivery to the voter. Twenty three years later, in 2009, the Military and Overseas Voter Empowerment Act (MOVE) became law. MOVE seeks to improve voting access by eliminating requirements that ballots be notarized, requiring states to make voter registration and absentee ballot applications available electronically (including the UOCAVA required Federal Absentee ballot), and requiring states to allow a 45 day period for voted ballots to be returned. Effective this year, the MOVE act has put election officials under much pressure to implement it in time for the 2010 primary elections. But as states rush to put electronic access to blank ballots in place, too many are allowing voted ballots to be returned electronically as well, something that MOVE does not require, and that presents serious problems of privacy and security.
MOVE and Electronic transmission of ballots
The MOVE Act contains a provision allowing states to undertake “Technology Pilot Projects” which could include the electronic submission of voted ballots. The bill calls for the National Institute of Standards and Technology and the Election Assistance Commission to develop best practices or standards, but did not include a requirement that states adhere to these standards. Nor is there a process for determining compliance with these standards in the proposed projects. Verified Voting has called for a thorough security review of any proposed use of the Internet for transmission of voted ballots. But even without the use of Internet voting or pilot projects, some states seem to have interpreted MOVE to require electronic return of voted ballots, which it does not. MOVE only requires making blank absentee ballots available online. But as this map shows, in the 2010 elections some eighteen states allow some form of return of voted ballots by email, a form of Internet voting for which no security standards or protocols have yet been developed. Still more states allow voted ballots via fax, which today could also entail transmittal over the Internet.
Security Issues with Email Ballot Return of Voted Ballots
One of the great difficulties in securing email is that any given message passes through many different “hands” on its way from sender to recipient. The usual speed of sending email may give the mistaken impression that a message moves from the sender’s computer directly to the receivers. But the reality is that any given email message is moved between, and stored on, many different computers along its journey. And anyone with access to any one of these computers, has essentially unrestricted access to these messages, and the voted ballots they contain. In the words of David Jefferson, computer scientist, voting system security expert, and Board member of Verified Voting:
“Any Information Technology person who operates an email relay in between the voter and his home county can read the ballot, or copy it and forward the copy to a third party, or modify the ballot arbitrarily to change the votes, or filter out ballots he does not like and allow the others to go through. And any of this can be done essentially undetectably. Out of the vast volume of email traffic it is trivial to identify exactly those messages that are ballots simply by the destination email address! ”
That’s bad enough, but there are more intractable problems with email return of voted ballots. Any ballot manipulation done by a person can also be performed by malicious software running on the voter’s computer or any of the computers the message passes through. Email sometimes gets lost in transit, or is duplicated, or bounces, all usually unknown to the sender. Also, email addresses are easy to forge, as we all know by the obvious spam emails we receive which appear to be sent from a friend, or even yourself! As for utilizing email encryption and authentication methods, the difficulties of effectively managing these techniques are so significant that they offer no real remedy. How will a county know for sure that the voted ballot they’ve received via email is really from the person listed in the Sender field, or that the attached voted ballot is the one they sent originally? Again, quoting David Jefferson:
“ From a security point of view, sending ballots by email is comparable to writing them in pencil and sending them on postcards, readable and modifiable by anyone who handles them along the delivery path from sender to receiver.”
Serving the Needs of Military and Overseas Voters
Many people are concerned about remote voting over the Internet, including members of the military. GAO testimony to the Senate Armed Services Committee report says [emphasis added]:
“Service members also commented that the implementation of a secure electronic registration and voting system could increase voter participation and possibly improve confidence among voters that their votes were received and counted. Additionally, service members said that an electronic registration and voting system would improve the absentee voting process by providing an alternative to the mail process, particularly for those service members deployed on a ship or in remote locations. However, at one location, some service members were more comfortable with the paper ballot system and said that an electronic voting system would not work because its security could never be guaranteed.”
The MOVE Act includes many positive provisions that can greatly benefit overseas voters – increasing the available time to vote, removing time consuming restrictions, and allowing electronic delivery of blank ballots, to name a few. But before moving ahead with highly risky methods that are NOT required by MOVE, such as email return of ballots, we must focus on providing and perfecting those benefits that ARE required.
There’s no question that our service men and women, and all voters overseas, must be able to obtain, vote and return their ballots easily, and in a way that ensures there is time enough for them to be counted. It’s also without question that the ability of modern communication technologies like email to provide quick, broad access to ballots prior to voting. But obtaining a blank ballot via email is one thing, returning a voted one quite another. The well known vulnerabilities of email, and its ease of manipulation, simply cannot give the assurance that a voted ballot sent via email will be the same when it is received by election officials. We owe it to all voters overseas to guarantee them that the ballots send are the same ones received back home. Email return of voted ballots simply does not provide that guarantee.