New Jersey Residents Displaced By Storm Can Vote By Email

First time accepted submitter danbuter writes "In probably the most poorly thought-out reaction to allowing people displaced by Hurricane Sandy in New Jersey [to take part in the 2012 presidential election], residents will be allowed to vote by email. Of course, this will be completely secure and work perfectly!" Writes user Beryllium Sphere: "There's no mention of any protocol that might possibly make this acceptable. Perhaps the worst thing that could happen would be if it appears to work OK and gains acceptance." I know someone they should consult first.

I didn't know

[mwvdlee]

I didn't know New Jersey had over 5 billion residents.
Or atleast that's my estimate of the amount of votes they'll be recieving.

Re:I didn't know

[K.+S.+Kyosuke]

Yes, but they are Swiss. They make perfect watches, have an insane amount of automatic rifles in homes while not thinking twice about not committing crimes with those rifles while eating their famed chocolate, and are otherwise generally badass. Take that, New Jersey! Still think it could work there?

Re:I didn't know

[Albanach]

There was a project sponsored by GNU to develop software that would permit online voting securely. Obviously this would be hugely useful if it were secure and freely available. http://www.gnu.org/software/free/

Production stopped in 2002.

Here's what they had to say, "From my experience of designing and developing GNU.FREE over the past three years it has become clear that creating an Internet Voting system sufficiently secure, reliable and anonymous is extremely difficult, if not impossible. As Bruce Schneier points out "a secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers.""

Of course, it's possible the Swiss know something about secure software development that Schneier doesn't. Or perhaps they're just happy to accept the risks.

Re:I didn't know

[Derek+Pomery]

Even if an online voting system could be implemented in perfect security, I'm still bothered by the fact that the voting booth is supposed to be influence free.

If you go vote, people pressuring you have to stay like 50 metres away from the polling place.

There is no such protection in online voting. A church could put the computer, oh, right in front of the altar and have the congregation line up. Heck. There's a lot of concern about buying votes (personally I'm thinking if you think someone will stay bought for $100 against their conscience, eh, welcome to try). But that whole situation changes with online voting. Again, can have people vote right at their workstation for a bonus in the next paycheck.

I'm sure there'd be proposals of laws against it, but, enforcement is still an issue. Esp since pressure can be as simple as peer pressure.

BTW, on the buying votes front, supposedly each campaign is spending over $1000 per undecided voter in swing states, w/ actual impact of the ads being very hard to measure. Amusing.

Reminds me of all the concern about rich people being able to self-fund campaigns. Should ask Meg Whitman how that worked out for her.

Re:I didn't know

[__aaltlg1547]

Yes, but they are Swiss. They make perfect watches, have an insane amount of automatic rifles in homes while not thinking twice about not committing crimes with those rifles while eating their famed chocolate, and are otherwise generally badass. Take that, New Jersey! Still think it could work there?

Of course they don't commit crimes with the rifles. They already have all the criminals' money.

Official Directive

[Robadob]

This seems to be the official thing about it because there's some stuff going around twitter that it's a lie. http://nj.gov/state/elections/2012-results/directive-email-voting.pdf

It's just absentee voting

[Azathfeld]

You can't just send an email with your vote in it. They're allowing scanned copies of absentee ballots. It's no less secure than absentee voting in general; they'll check the names against the voter rolls just like they do when you vote in person.

Re:It's just absentee voting

All voters in Oregon vote by mail. Each ballot is submitted with a signature on the outside envelope. That signature is matched against the voting rolls before the ballot is counted. The ballot is in a secrecy envelope so the person opening it during the counting process doesn't know whose vote it is.

There are several problems with the process described here that make it different. The first is that an electronic signature can be a scanned copy obtained from a different document. The second, raised elsewhere, is that the ballot is not secret. The third is that someone could electronically modify the ballot during and stage of the process. This seems to be relying on a form of "security by obscurity". For a small number of ballots that is probably sufficient. But if you get a large number of ballots it will be an inviting target for someone trying to alter the outcome of the election.

So it's much worse...

[thrill12]

..as they ask for a "waiver of secrecy": they actually *realize* that the e-mail voting will need the removal of one of they key things in a democratic election: the secrecy of voting. Now an actual record of the vote is transmitted in the clear (when using e-mail) and if anyone coerced said voter they will have undisputable proof what that person voted. I gues the OSCE will write this down in their report...

Re:So it's much worse...

[plover]

Allowing non-secret voting creates the conditions under which coercion can take place.

How do we know Tony Soprano hasn't threatened everyone in the neighborhood to vote for his candidate? Let's say one of Tony's associates is at the polling place, "observing" the election as his right. If he is watching you vote, he can be sure you voted his way. If you have the "choice" of a secret ballot or a non-secret ballot, he could tell you up front "don't be choosing the secret ballot, I need to see your vote. Or else."

If the voter is not given the choice of non-secrecy, that vote can't be subverted. In a secret ballot, the voter can always make their own free-will choice. And only through enforcing ballot secrecy can the election judges be certain that the vote was impartial.

This has been in place...

[bmo]

... already. They are merely letting people be treated like overseas military.

FTFA

"Officials say electronic voting is also an option for emergency workers. The option is already open to New Jersey voters overseas and in the military."

It's not like someone just came up with an idea yesterday.

--
BMO

Re:If the USA was a true democracy

[Guppy06]

If the USA was a true democracy, it would defer the vote until after the clean-up,

"For the duration of the crisis?" Who gets to decide when it's over, the Senate or Caesar?

Democracy cannot be considered a luxury that one can "put off" when times are bad. Rather, the government needs to double down and make sure polling places and post offices are secure and accessible, no less so than food, water and shelter.

Re:Estonia

[plover]

The reporter is obviously confused about the meaning of 'freedom'. The real problems with online voting have less to do with the technology and more to do with the integrity of the process.

Even if an online system worked perfectly, how do you know that when Joe cast his vote that Frank wasn't standing behind him with a gun in one hand and $100 in the other? You don't.

Now, that's a problem with absentee ballots as well, you might say, and you would be right. But the effective difference is the difficulty of scaling fraud up in the physical world as opposed to scaling up fraud in an online world. I might be a rich gangster and hire 10 thugs to influence 10 votes. But as a crooked employer, I could monitor the voting of thousands of employees, and I'd know exactly who is on the short list to be promoted.

Preventing coercion requires the act of moving a voter into a secluded voting booth, with a truly secret ballot.

No worse than paper mail ballots

[goodmanj]

Let me play devil's advocate here. While we all know that email is insecure, as a practical matter the security holes in this are roughly equal to vote-by-mail. Not that that's a good thing, but this doesn't introduce many new problems. The NJ elections directive recognizes this, and treats displaced voters as "overseas" for the purpose of election rules.

Summary of the procedure:
* Your voter registration is already on fiile.
* You email a request for your ballot
* The elections agency marks your ballot number in the registry, sends you a ballot with a unique ID, along with a waiver of secrecy.
* You fill out the ballot and the waiver, and send them back.

Can we spam the election with billions of votes? No. Well, you can send the emails, but they won't have the right ID numbers so they won't be counted.
Can we hijack individuals' votes by voting for them, or by changing their vote via a man-in-the-middle attack? Yes, but you can do this by paper mail too, and it's a one-vote-at-a-time thing.
Do we lose the secrecy of the ballot booth? Yes, but that's lost in vote-by-mail too, and voters choose whether they'd rather submit a non-secret ballot, or trudge through miles of floodwaters to cast their vote in person.

The practical question you've got to ask yourself is not "could someone be disenfranchised by this?" but "will more people be disenfranchised by doing this than by *not* doing it?"

In short, adding "e-" to a technology doesn't miraculously make it evil or cool. And in this case, the security holes are roughly equal to a system already in common use. As a mandatory universal voting system, email voting would be an abhorrent violation of civil rights. As a short-term, *optional* response to a major emergency, it's worth considering.