Internet Voting Roundup: At the Not-OK Corral

Texas likes to do things big.  But when it comes to Internet voting it is as they say “All hat and no cattle”.  As reported in Election Line Bexar County successfully tests email ballots for military members<read>

Under a bill approved by the Texas Legislature, in 2014 Callanen was allowed to not only email ballots to service members, but she was also able to accept voted ballots via email from military members serving in hostile fire zones.

According to a report from the secretary of state’s office, the pilot program in Bexar was a success even if the numbers were small. In the May 2014 primary the county received three ballots via email and in the November 2014 general election eight ballots were returned via email.

Service members must first sign an affidavit confirming that they are indeed in a hostile fire zone. Then they are assigned a one-time use secure email address, are sent their ballot, allowed to vote it and return it to the county.

Three ballots, eight ballots pretty slim test an not much success to fill much of a hat.  We point out that there is not much to a “secure email address” unless those service members use some very very strong and difficult encryption methods along with the county.  Others wonder how that email address was sent to those service members – Was it through some secure email address developed by the service member? Perhaps they could help out Sony, whose email was allegedly hacked by North Korea, and with those same emails provided for all to see at Wikileaks. We wonder how much did such security such cost to develop our purchase? – we will learn this a bit later.

“It took a lot of push and shove,” Callanen said “[Because] the presumption was that it was so close to Internet voting. We had to make sure it was absolutely secure.”

That seems to be a pretty common error – that emails are somehow sent without the Internet or somehow do not constitute Internet voting.  Emails use the Internet and if anything are less secure that online voting.  Perhaps because, in addition to compromise in transit, they are easily and often,  must be, seen by people – local election officials:

The county has a dedicated computer set up in the tabulation room to receive the ballots. Only three people in the office, all who have also signed sworn affidavits, including Callanen, have access to the computer. Once received, the ballot is remade onto an optical scan ballot, put in a secrecy envelope and treated like any other ballot.

And apparently that “secure email” came at very little cost and effort:

“We did this on a thin dime,” Callanen said. “Sure it takes some time to have the computer people set up the emails, but we’ve gone from mailing thousands of ballots to emailing them.”

We can be sure it works because they did an apparently confidential (secure?) survey that proved how wonderful it was.  They actually claim about 1400% a response rate from the small base of users, supposedly in combat zones:

Following the elections, Callanen surveyed the service members using Survey Monkey to find out how they felt about the process and got back more responses to the survey — 117 — than they did ballots.

“The general response was that it’s wonderful,” Callanen said. “I wish you could see the raw, unedited comments we got.”

Obviously they did not use a secure email to send the survey to the actual users.

Meanwhile, just how secure is Internet/Email voting?  Some good and not so good news from McClachyDC: As states warm to online voting, experts warn of trouble ahead <read>

The not so good news and some good news:

A Pentagon official sat before a committee of the Washington State Legislature in January and declared that the U.S. military supported a bill that would allow voters in the state to cast election ballots via email or fax without having to certify their identities.

Military liaison Mark San Souci’s brief testimony was stunning because it directly contradicted the Pentagon’s previously stated position on online voting:

It’s against it.

Along with Congress, the Defense Department has heeded warnings over the past decade from cybersecurity experts that no Internet voting system can effectively block hackers from tampering with election results.

And email and fax transmissions are the most vulnerable of all, according to experts, including officials at the National Institute of Standards and Technology, which is part of the Commerce Department.

San Souci declined to comment. A Pentagon spokesman, Lt. Cmdr. Nathan Christensen, said the Defense Department “does not advocate for the electronic transmission of any voted ballot, whether it be by fax, email or via the Internet.”

The Washington state legislation is dead for this year. But the episode provides a window into how the voting industry, with an occasional boost from the Pentagon, is succeeding in selling state and local officials on the new technology, despite predictions of likely security breaches.

It’s also put state lawmakers and election officials at odds with their counterparts in the other Washington: the nation’s capital…

Susannah Goodman, director of a voting integrity project for the citizens’ lobby Common Cause, worries that many state officials lack the technical expertise to avoid being manipulated by the vendors.

“I’ve seen the vendors characterize their products as being secure when the most prominent cybersecurity experts in the country will tell you they’re not,” she said. “The state legislators and the election officials are only hearing from one side. . . . That’s putting our democracy at risk.”

For example, election officials in Washington’s Pierce and King counties, which include the Tacoma and Seattle metro areas, offer voters the option of faxing or emailing ballots. They said the process was not online voting – even though emails travel over the Internet.

We always tend to side with science and the best independent expert analysis, and tend to be skeptical of vendors seeking profit and officials looking for the easy way to look good.


Leave a Reply

You must be logged in to post a comment.