As New Jersey Votes by Email, Security Questions Linger

Email and Information Security Trends 2012

During a lull at the polls on Tuesday, where I was handing out blank ballots to voters, the discussion of voting by email came up. The reason was logical: A college woman came into our polling station distraught because she wanted to make it home to vote in person, but a tree fell onto her parents’ home during Superstorm Sandy. Even if she did go home, there was no place for her to stay and she wasn’t even sure where she’d be voting. It was too late for an absentee ballot and was there anything else she could do? Would she be allowed to vote by email like they could across the river from her home, in New Jersey?

We tried to help the young woman — I have no idea if she was ever able to vote — but it did spur the conversation of whether or not we should be able to vote by email. While everyone else in the room said yes, I was wary. I don’t trust the security, I said. All you need to do is take a look at the news this year and see the number of government entities that have been hacked into or had major security failures. I’m not sure how secure my vote would be. And that doesn’t include the phishing scams that could lead to malware or even to the concerns over computerized voting in polling places or the fraud in creating fake email addresses or the countless other security matters.

According to a Washington Post story, experts share my concerns:

Charles Stewart, a professor of political science at MIT and co-director of the Caltech-MIT voting technology project, said security is a concern. If the military and major banks have been hacked into, e-mail servers for New Jersey can easily be hit with denial of service attacks.

Stewart’s concerns are echoed by Andrew Appel, a Princeton University computer science professor, who was quoted by USA Today:

Internet voting is inherently insecure … and e-mail voting is the most insecure form of Internet voting. It’s quite easy to fake an e-mail return address. E-mail voting is completely untrustworthy and insecure unless it’s backed up by a paper ballot signed by the voter.

Email voting is used by 30 states, including New Jersey, primarily for overseas residents and deployed military. New Jersey normally requires a paper backup to validate the vote sent electronically from overseas, and some experts believe that having a paper backup makes the vote more secure. However, the paper ballot is being bypassed during this unusual time, putting the issue of email voting security front and center in major media outlets.

I bring up this issue after the elections because email security is more than a voting-related issue. Email security should be a commonplace discussion, and not only government, but businesses and other organizations should be regularly exploring ways to make email more secure. We should encourage this current discussion to continue, especially as the holiday shopping season approaches and the tips and advice on how to stay safe on Cyber Monday hit my inbox. Email security is a problem every day, not just on special occasions.