David Jefferson: Email Voting — A National Security Threat in Government Elections

Security expert David Jefferson, articulates the vulnerabilities of email voting, perhaps the most vulnerable form of Internet voting (and that is saying a lot, since all forms of Internet voting are very risky). <read>

David Jefferson is a computer scientist and researcher at Lawrence Livermore National Laboratory in California where he studies cyber security and ways to protect the nation’s military, civilian, and government networks from cyber attack.  He is also the Chairman of the Board of Verified Voting, and has been studying electronic and Internet voting for over a decade, advising five successive California Secretaries of State on voting technology issues.


Neither the Internet itself, nor voters’ computers, nor the email vote collection servers are secure against any of a hundred different cyber attacks that might be launched by anyone in the world from a self-aggrandizing loner to a foreign intelligence agency. Such an attack might allow automated and undetectable modification or loss of any or all of the votes transmitted.

While all Internet voting systems are vulnerable to such attacks and thus should be unacceptable to anyone, email voting is by far the worst Internet voting choice from a national security point of view since it is the easiest to attack in the largest number of different ways.

The technical points I am about to state are not my opinions alone. The computer security research community in the U.S. is essentially unanimous in its condemnation of any currently feasible form of Internet voting, but most especially of email voting. I strongly urge legislators in states considering e-mail voting to request testimony from other independent computer network security experts who are not affiliated with or paid by any voting system vendor. Email voting is extremely dangerous in ways that people without strong technical background are not likely to anticipate.

Here are the problems with email voting:

1. Lack of privacy:

2. Vote manipulation while in transit:

3. Server penetration attacks:

4. Ballot files can carry malware into the election network:

5. Voters’ computers infected with malware:

6. Denial of service attacks:

7. Email ballots are unauditable; attacks are undetectable and irreparable:

8. Multiple simultaneous attacks:

9. These facts will not change:

10. Similar problems with FAX voting:

11. Move toward Internet distribution of blank ballots.

For these reasons I strongly urge states that do not currently provide for email voting not to start down that path. In my professional opinion this path leads only to a major risk to U.S. national security, exposing our elections to easy manipulation by anyone in the world.


Leave a Reply

You must be logged in to post a comment.