Gov Malloy signs bill similar to one he said was risky and unconstitutional last year

Last year in 2012, after several weeks of consideration, Governor Malloy vetoed H.B. 5556 (see Pages 51-55) writing in his veto message:

Upon close examination, however, I find that some portions of this bill likely violate the United States Constitution…I cannot support the bill before me given its many legal and practical problems…
HB 5556 also contains a provision allowing deployed service members to return an absentee ballot by email or fax if the service member waives his or her constitutional right to a secret ballot. I agree with Secretary of the State Denise Merrill that this provision raises a number of serious concerns. First, as a matter of policy, I do not support any mechanism of voting that would require an individual to waive his or her constitutional rights in order to cast a timely, secret ballot, even if such waiver is voluntary. Second, as the Secretary of the State has pointed out, allowing an individual to email or fax an absentee ballot has not been proven to be secure. In 2011, the United States Department of Commerce, National Institute of Standards and Technology, issued a report on remote electronic voting. The report concluded that remote electronic voting is fraught with problems associated with software bugs and potential attacks through malicious software, difficulties with voter authentication, and lack of protocol for ballot accountability. None of these issues are addressed in this bill. To be clear, I am not opposed to the use of technology to make the voting process easier and more accessible to our citizens. However, I believe that these legitimate problems have to be carefully studied and considered before enacting such a provision.

Last year the fax and email voting provisions were a glaring ‘rat’ stuffed into an unrelated emergency bill. Some said the Governor was against the underlying bill, but wanted more cover for the veto. We hoped, that even if that were the case, the accurate analysis of that ‘rat’ would still prevail this year. Apparently not.

There is a distinction without a difference in this year’s bill, S.B. 647, with regard to the elements of the veto message. Last year’s bill specified email or fax return of ballots. This year’s bill requires the Secretary of the State and the CT Military Department to determine a safe method of Internet voting. But all known methods have the same security risks and they all violate the Connecticut and U.S. Constitutions.

We could argue that this year’s bill is worse in at least three regards, requiring two impossible feats by the Secretary of the State, although she will have the help of the CT Military Department the three feats. One which the U.S. Defense Department has found impossible:

• Develop a secure electronic voting system which does not violate the Constitutions.
• Have that system transmit results immediately to the appropriate town hall.
• Develop , implement, and operate such a system at no cost to the state and towns.

Summary Of The Problems With The Bill

• This bill is a threat to the security, accuracy, and secrecy of the votes of our military members and their dependents, and thus to the certified outcomes of our elections.
• It is unconstitutional since it violates the Connecticut Constitution, which states: “The right of secret voting shall be preserved.”
• It requires the Secretary of the State and the Connecticut Military Department to develop a system for secure and private online voting by October 1^st. A task that security experts, computer scientists, and experts at Homeland Security, and NIST (The National Institutes of Standards and Technology) believe is technically impossible.
• It is further complicated by provisions for voting by deployed military dependents. It also is not restricted to deployed military, not even restricted to military actually on duty.
• It sets a requirement for guaranteed receipt immediately in each voter’s municipality. This cannot be accomplished by either fax or email return.
• While online voting through a web page might be developed to meet the guaranteed return requirement, it is also insecure, risks the secret vote, and would be very expensive.
• All known methods of Internet voting would likely violate Connecticut’s Voter Verified Paper Records law established in 2005.

The Requirements of the Bill*
[Our comments in brackets]

• On or before October 1, 2013, the Secretary of the State, in consultation with the Military Department, shall select a method for use in any election or primary held after September 1, 2014 [After the August 2014 Primary]
• may be used by any elector or applicant for admission as an elector who is a  member of the armed forces and expects to be living or traveling outside the several states of the United States and the District of Columbia before and on election day, [Any travel or living change would apply, duty related or not. A National Guard member not deployed but on vacation or a business trip could presumably vote under this act]
• or such member’s spouse or dependent if living where such member is stationed, [It includes spouses and dependents but not those on vacation, at college, or on business trips]
• gives due consideration to the interests of maintaining the security of such ballot and the privacy of information contained on such ballot, [due consideration’ should include assuring the Constitutional requirement of a secret vote be strictly maintained. It should include evaluation by computer security experts, and effective security testing]
• and…ensures receipt, prior to the closing of the polls on the day of the election or primary, of such ballot by the municipality in which the member or member’s spouse or dependent is enrolled or has applied for admission as an elector, if such method is properly utilized by such  member or such member’s spouse or dependent prior to the closing of  the polls on the day of the election or primary. [Thus, it must be guaranteed to be received by some official, inbox, or machine in the appropriate municipality by 8:00pm EST, if voted by 8:00pm EST (i.e. this is immediately). And 8:00pm EST could be almost any hour of the 24 hours in a day, depending on the deployment, business, or vacation location(*)]
• Not later than January 1, 2014, the Secretary of the State shall submit a report, in accordance  with section 11-4a of the general statutes, to the joint standing committees of the General Assembly having cognizance of matters relating to elections and veterans’ and military affairs describing such  method and any legislative changes necessary for its implementation. [But necessary legislation enacted or not, implementation is required by this bill]

* After the bill was passed by the CT House and Senate we sent a letter to Governor Malloy asking for a veto, reminding him of his veto last year.  We made one mistake in that letter – using an older version of the bill, we misinterpreted the time requirement, stating that the bill did not require ‘immediate’ transmittal, but transmittal in four hours, by the close of election day, not the close of the polls. The actual bill creates a tougher, much more difficult barrier to implementation. This post updates portions of the details in that letter to conform to our corrected interpretation.

Analysis of the three known options: Email, Fax, and Online Voting

1. Email is (1) of course, not secure with the NSA listening in, interceptable by bad external actors, and directly accessible by insiders such as email vendors, insiders at data centers all along the way from personal computers or military computers, state computers, local town computers, and every stop along the way. (2) Email cannot meet the mandated fimmediate delivery requirement – often emails take much longer to traverse the Internet, presumably especially from remote locations the military must protect (3) Email frequently is not delivered at all. Several times a year we become aware of emails sent to us that never arrive. (4) Email schemes we are aware of, in other states, all require that an individual in an elections office or town hall receive and print the “ballot” for counting – a clear violation of the secret vote. (5) Email would have to cover personal computers for spouses and dependents, not military computers. And the military member might be on vacation or business in an area where no military computer access is available.
2. Fax, (1) like email is subject to interception in transmission (2) and like mail is subject to individuals in town hall or state government viewing the fax as it is received. (3) Subject to viewing and potential viewing by multiple members of the military as it is passed up the chain-of-command and to the Voting Assistance Officer, as articulated by Representative Alexander. (4) We cannot expect the chain-of-command to pass votes and wake Voting Assistance Officers to pass votes along at all hours and within four hours, nor to provide services to dependents – Note the deployed military chain-of-command also has a war to fight and enemies that might not avoid attacking during that critical four-hour period.
3. Online Voting – By online voting we mean some interactive means of voting on a web page or sending a .pdf ballot under the control of a webpage, not via email. (1) Online voting can be more secure that email or fax voting, yet is still not secure as confirmed by NIST and Homeland Security. And no online voting system has proven secure by sufficient evaluation and testing – in fact, the only system subject to some public testing quickly failed spectacularly and another was broken by an average citizen, while vendors refuse to open their systems to scrutiny.  (2) Online voting may be difficult to administer and use, when the system is too hard to use vendors often blame the voters. (3) Online voting is expensive! Will the state and local officials making home-grown solutions, do better than highly funded vendors or turn to the vendors expensive, ineffective solutions? Such a system would have cost just Edmonton, Alberta $400,000. (4) Online systems entail emailing or paper mailing IDs to the voters – email can be compromised, and avoiding especially slow and unreliable outgoing mail to deployed military is a major motivation for this bill. (5) Once again, online voting cannot be restricted to military computers and serve dependents or serve soldiers away from home, not on Military business.

Another Miracle for the Secretary, Military Department, and Local Officials

The Legislature requires that the report, voting implemented, and run at no cost! It was passed with a note from the Office of Fiscal Analysis stating: “NO FISCAL IMPACT”. Note: A similar, yet less challenging task for the Secretary of the State to evaluate in another proposed bill this year, was estimated at $150,000. (See the Fiscal Note for S.B. 777).