More online voting risks and opportunities for skulduggery

Since our founding, we have been warning of the risks of Internet voting and ignoring science. We are currently amazed at our own legislators, risking military voters rights, dismissing the scientific facts and the practical evidence of the impossibility of internet voting. Yet, we have overlooked some of the risks, literally right in front of our nose.

More Risks Right In Front Of Our Nose

An ongoing story starting late last week highlights those dangers.  B. F. has a post describing intended or accidental suppression which brought those issues to my attention (Note: We use the initials B.F. and a tinyurl intentionally and instructively, just in case you might want to bring this post to the attention of your friends through an email, post, or Facebook link.)

Here is a summary of what happened to B.F.:

If you use an AOL email address, AOL is doing you the favor of making sure you do not receive email containing any links to [B.F.’s site] in it.

Not email from a [B.F. site] address, mind you, as if I were a spammer or something (which, obviously, I’m not), but any email from anybody that has a link to this site, or to one of our news stories.

I learned this swell news early this week when someone was kind enough to let me know that their attempts at sending a link to this site to a friend bounced back to them with an error message. That error message was “HVU:B2”. What is that error?:

* 421 HVU:B2
o There is at least one URL or domain in your e-mail that is generating substantial complaints from AOL members. Resolution will require opening a support request.

That’s right, “substantial complaints” from someone, whatever that means, will result in no links to stories at [B.F.’s site] getting through to any of AOL’s millions of members. And they will never know about it.

Again, these are not even emails from [B.F’s site]. They are simply emails from anybody to any AOL email address which has my domain linked in the body of the email.

Neat, huh? I wonder what would happen if there were “substantial complaints from AOL members” about, say, Or Or Would that result in millions of members not being able to receive any email that links to anything at those sites? Sounds like a great way to [expletive verb] someone you don’t care for politically, doesn’t it?…

So far, I’ve spoken to at least 10 different AOL support people on the phone, since clicking the “support request” URL they offer in the error message seen above actually takes you to someplace on the “AOL Postmaster” that doesn’t actually give you the form you supposedly are to fill out to deal with this issue.

It took a day or two, and several more calls to more very nice AOL tech support people who told me they couldn’t help me in the slightest…

Most ironically, and so that you are open to the interpretation that these are not intended but simply the result of bureaucratic incompetence:

I finally looked up the AOL corporate website online, found the numbers for the “Corporate Media Inquiries” department, figuring I’d either get help or get an on the record comment about this mess and about the fact that AOL is censoring members emails for them, and spoke to another very nice person whom I told about the situation, explained that I was a journalist, not a spammer (and besides the notes being rejected didn’t even need to come from my address to get rejected), mentioned the irony that I even write news for Huffington Post from time to time,

But from personal experience I would call it unintentional arrogance. Over the years, I have put up with similar problems from both AOL and Google:

  • I am webmaster for a 501.c3 organization that runs annual tournaments for children.  Over the years AOL has, to my knowledge, blocked us at least twice. It took some time, each time, to realize this was happening. Both times, I did manage to get through the bureaucracy and get it fixed after some time.  Once was because a spammer used some of our email addresses.  Another time when a board member sent an email that had some key words in it that had AOL classify our site as a spammer.
  • A couple of years ago we had problems  when a couple of my WordPress sites fell victim to some WordPress vulnerabilities with  malware added from sources unknown. Malware with potential for spreading viruses.  The good news is that Google informed me and provided tools, so that it could be quickly corrected. But the bad news was that the sites were banned for several weeks from Google search results and provided users with messages that warned of the dangers of my sites.

Withing the last month, a popular news site was hacked and completely taken down such that it had to essentially be rebuilt.  And just this weekend another popular reader supported  news site sent this message to donors:

We learned that right in the middle of our spring campaign this past week that our secure credit card processor was offline for several hours on a few occasions. Donations were not processing. If you encountered this and gave up, please try again.

So what? What can we learn?

  • Incidents like these may be intentional, untended, or bureaucratic arrogance.
  • They point the way to intentional disruption.
  • They point the way to intentional disruption covered up as unintended, well meant policies. Who is against protection from spam and viruses? Asking users to report concerns?
  • In cases like AOL’s  policies, when users are able to nominate spammers, dangerous, or offensive sites, or email addresses. – these policies can be used by others to assist in their agendas. It would not take any computer expertise. Beyond the simple cases, expert unethical hackers could infect sites and use policies like Google’s to their advantage.
  • Each of these examples either went unnoticed for several days, took away capabilities for several days once they were discovered, often inadvertently.
  • No matter how noble the intention or accidental, the result can be disruption and in some cases defamation in what could be a critical time period.
  • Most of all recognize that these are common occurrences. Much more widespread than the samples that each of us is aware of or listed here.

What does this have to do with online voting and democracy?

  • Any of these problems , or similar problems, can occur to any web site, any email account, any time – including those associated with voting, campaigns, and news, all vital to democracy.
  • Voting vulnerabilities include: Online voting, online registration, campaign web sites, campaign emails etc.  The impact of such vulnerabilities varies.
  • Many solutions to speeding military and overseas voting include sending election notification and voting materials by email. These would likely come from a known url and email account, which could be blocked. Presumably any form of online voting would require notification and information be sent electronically, unless overseas voters are expected to find and keep checking the site for upcoming elections and availability of materials.
  • We all know email is unsafe, vulnerable to hacking and blocking. These vulnerabilities highlight the possibility of easier and unintentional methods of blocking email return of ballots, email used for voter registration, or email communications/questions between voters and election officials.
  • Voting itself and access by remote military and overseas voters is conducted in very short windows.  A site blocked or down for even a day can discourage/disenfranchise someone who has infrequent opportunities for internet access.

Despite the risks we remain in favor of email notification and web access to election materials for military and overseas voting, but the high risk of using the internet, email, or fax for the return of votes is unacceptable.

I agree with our current Secretary of the State, Denise Merrill in her testimony this year:

  • In the future, it is conceivable that we could move in the direction of online voting.
  • But the problem is, the technology to make sure no one can hack into an online voting system and distort the vote totals has not yet been developed.
  • We want to make voting more convenient, but not at the expense of the security or integrity of our elections…
  • …there is no on-line voting system secure enough to protect the integrity of the vote…

Leave a Reply

You must be logged in to post a comment.