Slashdot Mirror
Absentee Ballots by Email?
tordia writes "Bruce Schneier has come out against a plan proposed by the Missouri Secretary of State, Matt Blunt. Blunt's proposal would allow "soldiers at remote duty stations or in combat areas cast their ballots with the help of e-mail." The plan arose when Jim Avery, a Missouri State Representative and National Guard soldier currently on active duty in Iraq, told Blunt that the fax machines required by the current Missouri absentee ballot law are rare, but most soldiers have access to computers.
A spokesman for the Secretary of State's office downplays the privacy and security considerations by saying, "If the soldier is uncomfortable with this process, he or she should not consider this option".
I agree with Bruce when he says "This is troubling"." Like many things, this is a wonderful idea in theory; it's just that darn implementation that things get...messy.
If I understand it correctly its not just a plain email. It is a scanned signed PDF file that will be electronically transfered after being approved. Those can be forged but if they keep count on both ends of the number of approved votes then there really shouldn't be a problem. If there is a number difference.. however.. then would they have to throw all the email votes out?
It's not as bad as it might sound. The only "internet-type" involvement in the process is actually data being moved over MILNET. Very little of MILNET is publicly accessible. When the ballots get to the DoD, they are faxed to the appropriate election officials in Jefferson City, MO.
Not ideal, but it's not as insecure as I would have imagined.
"There is no night so forlorn, no mood so bleak, that it cannot be infused with pleasure by tender meat..." - R.W. Apple
That would imply that all soldiers can vote on the same day. That's not the case. At any given time soldiers are off post conducting missions, or even simply traveling in convoys. The purpose of the absentee balot is that it can be filled out and sent on more than one day. Also, many soldiers are to spread out and remote to have an official and proper ballot station set up. Are they supposed to set up the booth in the back of a truck?
Not to be overly critical, but in the article it states that soldiers still have the option of mailing their ballots. (this was somewhere around that inane comment that if they were uncomfortable with email voting they could use some other method.)
Voting by email could work, but probably not with the scheme being proposed.
Every military member has a CAC card which serves as a military ID but it is also a smartcard. Every person in the DoD is issued a digital certificate by the DoD when the card is issued. It should just be an academic exercise to create a voting station where the user inserts his CAC, votes and receives a confirmation that is encrypted with the user's public key and signed with the appropriate private key as an audit trail. I think this scheme fulfills the requirements for a "trusted" voting system. Voters are securely authenticated, votes are audited and cryptographically secured. Of course, the flaw usually lies in the implementation...
No, he didn't. The media speculated for several weeks that he would, despite the fact he and Leiberman were constantly ruling out going down that path.
Not only that, but there are a few other details that make this a little different.
.mil domains. The military owns the entire domain. Implement a verification procedure, such as a reply-to-sender that "I received your vote. Please reply to this email to let me know that you actually sent it."
.mil enclave, but I'm on base right now and can't check.) Every member of the military should have three certificates that are issued by one of the military's private PKI servers. The three certs are intended for identification (such as logging into computers and web sites), email signing and email encryption.
.mil domain, and that is signed and encrypted by two different PKI certs issued by private and extremely well protected PKI servers isn't the gaping security hole that "Just send your vote by email" makes it sound like.
First, all of the email will be coming from
Second, the military ID card (the CAC, or Common Access Card) is a Smartcard. (Hopefully, the link works. I'm not positive that it's accesible from a machine outside the
This doesn't make the scheme foolproof or provide airtight security. But an email that is verfied as coming from a
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
Soldiers in combat are rarely cut off from the rest of America's physical presence for very long. Ammunition, food, and other materiel are supplied by American supply lines, even far forward at the front. Those lines also deliver mail, as part of the US Postal Service extended to military requirements. These ballots can be sent securely through those supply lines, as they always have been. Most soldiers can send their ballots in advance of deployment to the front, which is almost always planned long before. Their disadvantage in access to "late breaking news", after their vote but before Election Day, is consistent with the other liberties soldiers voluntarily suspend when accepting military command. Corruption of their right to secrecy, and corruption, through selective demographic ballot under/service, of the people's right to equal access to all voters, is not consistent with military service defending the Constitution.
--
make install -not war
Absentee ballots cast statewide by Republican voters following the illegal solicitation of absentee ballots by the Florida Republican Party: 50,000?
Absentee ballots that could not be read by voting machines, but were illegally "duplicated" by county election officials: 10,000 (60% Bush?)
Overseas military ballots that were not legal, but were counted because of massive pressure from the Bush campaign: 680 (71% Bush)
http://democrats.com/display.cfm?id=181
Absentee ballot law (FL GOP)
The Florida Republican Party sent a letter with Jeb's signature and the Florida state seal urging Florida Republicans to vote by absentee ballots. But Florida law (which was made even stricter in 1998) is not a "vote-by-mail" system - voters must have a valid reason for voting by mail. The Republican Party was thus encouraging Republican voters to break the law.
Florida's absentee ballot laws were tightened because of the 1997 Miami absentee ballot scandal that resulted in the voiding of ALL absentees and the overturn of the election. The man who engineered that massive fraud - Mayoral candidate Xavier Suarez - played a key role in the GOP absentee effort in 2000.
Absentee Ballot Law, Voting Rights Act (FL GOP, Seminole County, Martin County)
With the active assistance of GOP Election Supervisors, FL GOP officials sent GOP operatives to illegally alter over 2,500 defective Republican absentee ballot applications, while at least 550 Democratic applications were ignored.
FL Absentee Ballot Law
Pressured canvassing boards in Republican counties to violate Florida's election laws and count clearly illegal overseas Republican absentee ballots, while fighting to prevent Democratic counties from counting similar absentee ballots
14th Amendment, Voting Rights Act
Forced hand counting of heavily Republican absentee ballots that the machines couldn't read - while delaying and blocking hand counting of poll-cast ballots in heavily Democratic counties that the machines couldn't read, thus treating ballots differently and discriminating against black voters
http://democrats.com/display.cfm?id=239
But it is in the "low-tech area" of absentee ballots, as Miami Herald columnist Jim DeFede puts it, "that things get really funky." Most critically, Hood and Gov. Bush have championed a new state law that abolishes Florida's longtime requirement that absentee ballots be witnessed. While some other states, like California, do not require witnesses, no state has Florida's history of institutional vote fraud.
http://slate.msn.com/id/2105524/
So now please tell me if there isn't a reason to be concerned.
Forget Diebold, everyone seems to be forgetting the Letter to the Editor scandal, where the same letter was passed around for troops to sign and then passed off as a letter to the editor in the troops home town. Some of the soldiers whos letters were publish claim they never even signed the things in the first place.
Who's to say that the emails coming from soldiers would even be from the soldiers at all?
C'mon people... standardized paper ballot, a pencil X and a little bit of saliva on the envelope, and a walk to the outgoing mail bag. It shouldn't be that hard!
Where and When?
Soldiers voting via absentee ballot (in the US, at least) goes back to the election of 1864. For over 100 years, this was the only example of a country successfully holding an election during a civil war.
Its a decently reliable service that isn't too expensive. If anything, they should give the service to them for free and get some good PR!!
I'm an economist by degree, and I'm in no more position to judge than anybody else.
Mod point free since 2001
The problem with email voting is not that someone might sniff and read your email on the way, or even falsify votes. Those are pretty easy to fix. The problems are those of:
* Loss of anonymity. This is an important characteristic that prevents vote-buying or reprisals against people who vote "incorrectly" (since there's no way for a political party to find out who voted which way). If you're sending via an email system, and the system is secure, it's a pretty damn good bet that you're exposing your identity (via signed, encrypted email or whatnot).
* Loss of the local privacy guarantee. Voting booths are secured. Who might be looking over your shoulder when you vote?
* Loss of the non-coercion guarantee. If I can just fire off an email, someone can have a *gun* to my head forcing me to vote a particular way.
* Loss of a controlled voting environment. How many Outlook worms does it take to convince people that email clients and desktop systems just aren't all that locked down?
* Loss of voter verifiability. With a paper ballot, I can verify that the card contains the hole that I punched in it. Short of physically substituting cards (something that's a hard to do and much easier to guard against), someone can't attack your vote data. With e-voting, there are a huge number of places to allow a different vote to be submitted than what you wanted -- in the client OS, in the client email system, in the vote-counting system, etc, etc, etc. There are a *lot* of programmers that can be bought off or act in a partisian manner -- and any one can compromise the entire system.
I do think that the men and women dying for our country should have the right to vote. But they also deserve the same guarantees on their voting process that they and the rest of us have enjoyed for a long, long time. If we can't pull them off the front lines long enough to vote...what is it, exactly, that they're fighting for?
May we never see th
Absentee ballots by mail certainly can be anonymous. The "double envelope" method commonly used is very simple.
The absentee ballot is marked privately by the voter and placed in a provided plain envelope. That plain envelope is placed inside another envelope that has the voter's and witnesses' signatures, plus everything else the law requires for ensuring it is valid.
The election judges validate the absentee ballot by looking at the outer envelope. Once that is done, it is opened and the inner envelopes are put together and shuffled. Since they all look the same, the ballots are anonymous when the inner envelopes are opened and the ballots are counted.
That's how it works in my state, Minnesota, where I serve as an election judge.
The double envelope method is quite common, and is even described in Robert's Rules of Order Newly Revised, where it is recommended for organizations that allow voting by mail.
The Dutch Government sponsored the development of an Open Source, GPL-ed solution that is probably more appropriate and less costly in manpower than the proposed matter (not to mention the human chain of trust that has to be established). Allow me to refer you to the paper and an article in The Register, although the paper is in Dutch.
You can also have a look at the code . The Dutch text surrounding the link to the ZIP file is mainly explaining the ZIP file and showing an MD5 checksum for the archive.
In conclusion, there is verified code out there for expat/remote voting, open and accessible. I would start asking questions if anything less was used. Consider the amount of people you need to trust to make this system democratically sound, and the privacy you need to give up. Conspiracy theorists would at this point strongly suspect alterior motives, and in this case I'd actually agree with them..
Insert
A double envelope is not a secret ballot because others can demand to see it before you seal it. Vote buying and coercion I consider basicly the same. A secret ballot thwarts vote buying because the buyer has no way of knowing if you actually voted the way he wanted you to. Same thing for coercion.
-molo
Using your sig line to advertise for friends is lame.