US email voting scheme dubbed 'risky'
- 6 November 2012
- From the section Technology
A decision to let US citizens displaced by storm Sandy vote by email has been dubbed "risky" by security experts.
New Jersey officials let people displaced from their homes by Sandy vote via email as if they were living overseas.
The hasty decision drew criticism and forced election officials to put in place a postal backup plan.
Other problems emerged as some voters report that email inboxes set up to gather votes are already full.
"It's really maddening," Jason Tanz, an editor at tech news magazine Wired, who lives in Essex County, told Buzzfeed, adding that the state's officials had a duty to make sure the email voting plan worked.
Flood waters meant many had to abandon their homes, and others left because they had no electrical power. In addition public transport in New Jersey has been disrupted and roads are hard to navigate because of the storm.
New Jersey residents can take advantage of e-voting by emailing or faxing a request for an absentee ballot. These are more usually used by US military and diplomatic staff based overseas, expatriates and travellers who are out of the country on election day.
Massively expanding email voting and squeezing it into a tight timetable was a "risky" measure, said security expert Matt Blaze in a blogpost.
"The security implications of voting by email are, under normal conditions, more than sufficient to make any computer security specialist recoil in horror," he wrote. Email was not, by its very nature, "authenticated, reliable, or confidential", he said,
The big problem that was likely to catch out New Jersey officials was the sheer number of people that wanted to take up the option, he said.
"Systems that work on a small scale almost never work without significant change at a large scale," he said, adding that he had doubts about whether email votes would be secured against "tampering and loss" either by corrupt officials or hackers.
Motivated attackers could also target email inboxes with attacks that bombarded them with data and made it impossible to send in a vote.
Mr Blaze's comments were echoed by Princeton computer scientist Prof Andrew Appel, who said net voting was "inherently insecure" and that email was the "most insecure form of internet voting". Prof Appel also said using email voting meant citizens had to surrender their right to make a choice anonymously.
Fears about the security of email voting led New York to abandon plans to use it.
In a bid to allay some fears about email voting, New Jersey officials said anyone who votes electronically must also send in a paper ballot recording their preference.
Pam Smith, of the Verified Voting Foundation, which opposes any use of e-voting that does not involve a follow-up paper vote, said there was a better option for those that could not get to their designated polling station.
"You can vote at any polling place in New Jersey and you won't lose privacy," she said.