The Nov. 6 presidential election is the first in which almost half the states will permit Americans in the military or overseas to cast ballots via e-mail or online, raising concerns that voting may be vulnerable to hacking or cyber attacks.
The BGOV Barometer shows that 23 states and the District of Columbia will permit some degree of Internet-enabled voting for armed forces personnel and U.S. citizens living abroad, according to data compiled by the Overseas Vote Foundation. Among contested states in the presidential race, Nevada, Colorado, Iowa and North Carolina will allow e-mailed ballots, raising the possibility that the winner of a state’s electoral votes might depend on a few thousand electronic ballots.
“From a security point of view, it’s the riskiest form of voting ever invented,” said David Jefferson, a director of the Verified Voting Foundation, a Carlsbad, California-based non-profit that works to improve the security of online and electronic balloting.
While the probability of an organized hacker attack may be low, “the potential damage is so large that we have to treat it as a threat to U.S. national security,” said Jefferson, a computer scientist at the Lawrence Livermore National Laboratory, in Livermore, California.
Jefferson called for banning the e-mailing of voted ballots. He said cyber attacks can alter ballots or make them disappear and can compromise voter secrecy.
“The return of voted ballots via e-mail inherently risks loss of privacy,” Pam Mitchell, acting head of the Federal Voting Assistance Program, the Pentagon office charged with supporting overseas and military voting, said in an e-mailed statement. “The individual voter must balance the possible exposure of the individual’s identity against the opportunity to exercise the right to vote.”
In 2008, the last presidential election year, members of the military and U.S. citizens abroad cast more than 637,000 ballots in 45 states that reported totals to the U.S. Elections Assistance Commission.
A similar volume is expected this year, according to the OVF, an Arlington, Virginia-based non-partisan group that promotes voting by Americans living abroad.
About 5 percent of overseas voters in 2010 used e-mail to cast their ballots, according to an OVF survey. If that rate holds for this election, as many as 32,000 ballots would be returned via e-mail, and some election officials predict the rate will be higher.
While the risk is fragmented because e-mailed votes are dispersed among at least 24 jurisdictions, “It’s just not secure,” said Susan Dzieduszycka-Suinat, OVF’s chief executive officer. “We are very pro-technology. But we have to know where to draw the line. We believe it’s essential to have a paper trail.”
The 2009 Military and Overseas Voter Empowerment Act requires election officials to send ballots to eligible voters 45 days ahead of the election, including by e-mail or other electronic delivery, if requested.
That should leave enough time for voters to print out, complete and mail back ballots, Dzieduszycka-Suinot said.
Even so, Johnnie McLean, deputy director of the North Carolina State Board of Elections, predicts eligible voters will make heavy use of e-mail to return ballots this year.
“Almost 100 percent are going to be returned that way,” McLean said in an interview. “It’s human nature. If there’s a deadline, people will wait until almost the deadline.”
In 2008, 12 states permitted e-mailed ballot return, with eight of them restricting use to emergencies.
For the November election, 18 states and the District of Columbia allow military voters, and in some cases other U.S. civilians living abroad, to send voted ballots via the Internet, according to information compiled by the OVF.
While most of those states use e-mail, at least two, Arizona and North Dakota, allow ballots to be uploaded to an elections website. Another five states limit e-mail use to emergencies, according to OVF.
The increasing use of Internet-based ballot return is a worrisome trend to J. Alex Halderman, a professor of electrical engineering and computer science at the University of Michigan, who in 2010 led a team of researchers that hacked into a District of Columbia online voting system during a mock election being held as a test.
In two days, Halderman’s team changed votes and rigged equipment so it could determine how everyone voted.
It took an additional two days for elections officials to respond to the hacking even though Halderman’s group tweaked the system to play the University of Michigan fight song whenever someone cast a ballot.
The District canceled plans to use the system in a real election.
E-mail is even less secure than an Internet voting system, Halderman said in an interview.
“It’s a dangerous trend that its use is increasing,” Halderman said. “I would be more and more concerned as these numbers grow because we’re seeing increasingly close elections.”
Not everyone shares his concern.
“We do have a secure system,” said McLean, the North Carolina elections official, declining to describe it. “If I told you what it was, it wouldn’t be secure, would it?”