Absentee Ballots by Email? 385
tordia writes "Bruce Schneier has come out against a plan proposed by the Missouri Secretary of State, Matt Blunt. Blunt's proposal would allow "soldiers at remote duty stations or in combat areas cast their ballots with the help of e-mail." The plan arose when Jim Avery, a Missouri State Representative and National Guard soldier currently on active duty in Iraq, told Blunt that the fax machines required by the current Missouri absentee ballot law are rare, but most soldiers have access to computers.
A spokesman for the Secretary of State's office downplays the privacy and security considerations by saying, "If the soldier is uncomfortable with this process, he or she should not consider this option".
I agree with Bruce when he says "This is troubling"." Like many things, this is a wonderful idea in theory; it's just that darn implementation that things get...messy.
Email gateway? (Score:5, Interesting)
And, if they plan to use email, this seems like the perfect chance to try out digital signatures. The military could organize it.
Re:Email gateway? (Score:5, Insightful)
Re:Email gateway? (Score:4, Informative)
The absentee ballot is marked privately by the voter and placed in a provided plain envelope. That plain envelope is placed inside another envelope that has the voter's and witnesses' signatures, plus everything else the law requires for ensuring it is valid.
The election judges validate the absentee ballot by looking at the outer envelope. Once that is done, it is opened and the inner envelopes are put together and shuffled. Since they all look the same, the ballots are anonymous when the inner envelopes are opened and the ballots are counted.
That's how it works in my state, Minnesota, where I serve as an election judge.
The double envelope method is quite common, and is even described in Robert's Rules of Order Newly Revised, where it is recommended for organizations that allow voting by mail.
Re:Email gateway? (Score:3, Informative)
-molo
Re:Email gateway? (Score:5, Insightful)
Just spend the money to setup private voting booths over there. Travel from company to company and allow our guys to vote.
Holy crap. These guys are overthere risking life and limb for "us" and we can't even find a way to allow them to vote?
Right or wrong... they are heros. They need to vote this election more than your average joe!
Re:Email gateway? (Score:5, Interesting)
My nephew was in Iraq. His squad was ambushed, he was shot 3 times - in the arm and in both thighs. He just got back home last week with the purple heart, and earned a medal of valor for setting off a flare after the ambush (which took out their communications as well).
Despite the fact he was wounded in Iraq, he doesn't consider it an unjust war, and plans to vote for Bush. He told me he saw first-hand the difference we've made in that country, and there's no way anyone can convince him that the war was wrong.
Re:Email gateway? (Score:4, Insightful)
No, they're not. Historians, economists, and political science experts (among others) are the ones who can judge. What makes you think your average soldier has any clue what the long-term financial or political ramifications of foreign policy will be?
Oh, and don't assume I'm against the war or don't support the troops. I'm just suggesting you take a step back and think about what you're saying. True, most IT nerds aren't particularly qualified to judge, but neither are most soldiers.
Re:Email gateway? (Score:5, Informative)
Re:Email gateway? (Score:3, Insightful)
Re:Email gateway? (Score:3, Insightful)
Great. Then I'm sure he can't wait to get started in Sudan, Liberia, Uganda, Zimbabwe, Burma, North Korea, Cambodia, Kurdistan, Iran, Angola, Sri Lanka, Kashmir, Tibet, etc.
Oh yeah, and what about the indigenous tribes in the Amazon basin? Now which side to take, the tribes, whose ways of life are being destroyed by outsiders? Or the ranchers, who are exercising
Re:Email gateway? (Score:2)
import oblig.whine.US_centric;
import oblig.disclaimer.I-am_USian;
travel is dangerous (Score:3, Insightful)
Just spend the money to setup private voting booths over there. Travel from company to company and allow our guys to vote.
The most dangerous thing you can do in Iraq right now is travel from company to company. I am all for making voting easy for the soldiers, but I would prefer a method that doesn't incur huge risks (if at all posible).
Re:travel is dangerous (Score:3, Interesting)
Use the existing method of trust and communication. You don't need to send people out, the soldiers should be able to do this themselves. Assign an on-site soldier-representative for each party (chosen by the party.. I mean there MUST be a mildy trustworthy party-faithful for either party in every camp.) The most senior person runs the election, the witnesses ensure that neither party is unfairly tallied and anonymity is preserved.
The normal procedures for secure communciation are used for the officer a
Re:Email gateway? (Score:3, Informative)
Soldiers voting via absentee ballot (in the US, at least) goes back to the election of 1864. For over 100 years, this was the only example of a country successfully holding an election during a civil war.
Re:Email gateway? (Score:3, Interesting)
But as the parent poster said, enlisted personnel, including those serving far from home, have been eligible to vote in every election since 1864. And
Re:Email gateway? (Score:3, Interesting)
More than digital signatures. (Score:5, Interesting)
One word: eFax (Score:3, Informative)
Its a decently reliable service that isn't too expensive. If anything, they should give the service to them for free and get some good PR!!
Security (Score:5, Insightful)
That's the worst excuse for bad security I have ever heard, and I think that if it was applied on all other systems, it would be a huge disaster. Look at the ATM for example. What if instead of a bank card, we shifted to an email scheme for withdrawing and depositing money? Email cheques are fairly secure but they have a password scheme and they don't rely soely on email. There's also no private information being transferred with an email cheque, just a link that requires a password over a secure connection. But what if we just made up email money and passed it around? Huge security flaw there. Take it one step further, why not add salt to the wound, by suggesting that if you don't like the insecure system, don't use it! Duh.
If soldiers send their private info over email, this also produces a security risk if the enemy gathers intel on soldiers to use against their families. Bad bad bad idea.
I'm one of the admins of Gmailforthetroops.com [gmailforthetroops.com] and we've had to let everyone know that we only want soldiers to privately provide their
Re:Security (Score:2)
Wow, um... (Score:3, Interesting)
Do you think fax lines are secure? Any enemey stophisticated enough to break into military computer systems probably isn't going to bother taking revenge on individual soldure's families.
And for a lot of these guys, the choice is between this and not voting at all given the unavailability of faxes and regular mail.
Re:Wow, um... (Score:5, Insightful)
Email is a lot easier to intercept than faxes. Faxes require physically tapping into the line. Email simply requires any ISP have any computer on their local network which the data passes through en-route from the military computer to the voting office be comprimised, *or* tapping into the lines.
And, it's not just a "not voting/voting with risk to your family" situation. It's a "someone who doesn't like the statistical balance of your unit's politics and launches a DDOS attack on you when you would normally be voting. Or its a case of someone phishing (what was it, 22% of all phish emails work?). Or a case of a worm whose sole task is, apon propogating, to send out a ballot voting for candidate X. Or a dozen other things.
Re:Wow, um... (Score:3, Insightful)
Do it right. (Score:2)
In Canada, we have proxy voting. I think if I were a soldier overseas, I would much rather proxy my vote to my wife or someone I trust. That could be handled using snailmail and it would be fine.
I think the point you're missing is that email sniffing is arm's length and can successfully be a
Re:Wow, um... (Score:5, Informative)
First, all of the email will be coming from
Second, the military ID card (the CAC [army.mil], or Common Access Card) is a Smartcard. (Hopefully, the link works. I'm not positive that it's accesible from a machine outside the
This doesn't make the scheme foolproof or provide airtight security. But an email that is verfied as coming from a
Re:Wow, um... (Score:3, Insightful)
Re:Wow, um... (Score:2)
Re:Security (Score:2)
I just know that if I were in the field right now, I would rather send a ballot by email than not to have the opportunity to vote at all. I won't campaign for anyone, but I don't really care if someone knows who I voted for. Al least not this yea
Why email voting is a bad idea (Score:3, Informative)
* Loss of anonymity. This is an important characteristic that prevents vote-buying or reprisals against people who vote "incorrectly" (since there's no way for a political party to find out who voted which way). If you're sending via an email system, and the system is secure, it's a pretty damn good bet that you're exposing your ide
Re:Why email voting is a bad idea (Score:3, Interesting)
* Loss of anonymity. This is an important characteristic that prevents vote-buying or reprisals against people who vote "incorrectly" (since there's no way for a political party to find out who voted which way). If you're sending via an email system, and the system is secure, it's a pretty damn good bet that you're exposing your identity (via signed, encrypted email or whatnot).
* Loss of the local privacy guarantee. Voting booths are secured. Who might be looking over your shoulder when you vote?
Again,
"If it's insecure, just don't use it"? (Score:5, Insightful)
Hypothetical Example:
1000 people eligible to vote.
600 actually vote:
200 use secure method. They vote 150 for candidate A, 50 for candidate B.
400 use insecure method. They vote 220 for candidate A, 180 for candidate B.
Total legitimate votes: 370 for A, 230 for B.
Now Mr. Vote-Hack adds 200 phantom votes for B, through the insecure method.
Did anyone's vote count, aside from Mr. Vote-Hack?
In some systems, unless the entire system is secure, securing parts of it doesn't really matter.
Re:Rig the election with procmail! (Score:3, Funny)
Just Make It Work (Score:2)
- Require the soldier to acquire a legitmate absentee ballot through the regular mail. (Upside: No forging a million servicemen. Downside: Screams about huge costs of sending physical paper in a war zone. Also, military on extended operations wo
Yesss! (Score:5, Funny)
Oh crap, did I just say that out loud?
Re:Yesss! (Score:4, Funny)
Re:Yesss! (Score:5, Interesting)
Re:Yesss! (Score:5, Insightful)
A lot of us libertarians used to vote republican too. Funny how Bush and the neocons destroyed everything the Republican party once stood for - small government, stay out of business, etc; and turned it into a far bigger-spending-party (record deficits immediatlly after Clinton's record surplus) than even the democrats, and turned it into the party of the Church - and human rights bashing not only overseas but to gays (marriage) and minorities (patriot act) at home as well.
It'll feel wierd as a libertarian to vote for a democrat, but the republicans really changed the last couple years.
Re: (Score:3, Insightful)
Spam (Score:2, Funny)
Secure (Score:3, Insightful)
Re:Secure (Score:2)
Mailbombs away! (Score:5, Insightful)
So maybe the spammers will decide who gets to be president this time, instead of the Supreme Court.
Durrr (Score:2)
Prediction (Score:5, Funny)
John Kerry: 80,000 out of 150,000 votes
George Bush: 160,000 out of 150,000 votes
Re:ummm... (Score:2)
Re:ummm... (Score:2)
Hey, it worked for GWB...
Re:ummm... (Score:3, Funny)
Hey, that's a good reason to vote for John Kerry! Save the environment, keep JK's SUVs in the garage! Vote him into office and he won't drive for four years!
Hmmm...I'm not sure that's really a good reason. Then again, it beats anything else I've come up with. (Except, o
This after Diebold? (Score:5, Insightful)
Seriously, after all the controversy over the heavily developed Diebold e-voting system, who comes out and says, "let's do it by email!".
If this refers to the SMTP/IMAP/POP3 email system then one wonders why such an insecure system would be considered.
With today's encryption technologies, it shouldn't be that big of a deal to do it securely, but suggesting to do this over standard email after all of the Diebold e-voting fear is rather bold.
Re:This after Diebold? (Score:2)
I don't get why this is a problem. First, I would guess they'd only be allowed to do this on the military network. Second, the recipient can PRINT the email, and it's now no different than a fax.
Re:This after Diebold? (Score:5, Informative)
Who's to say that the emails coming from soldiers would even be from the soldiers at all?
C'mon people... standardized paper ballot, a pencil X and a little bit of saliva on the envelope, and a walk to the outgoing mail bag. It shouldn't be that hard!
Where are the experts?? (Score:5, Interesting)
I know cryptology is complex but christ, there are a few tenants that even I have picked up reading his most excellent newsletters. Am I the only one who reads these? I can see it now: the US government winds up in Schneider's 'dog house' along with the rest of the shady dealers.
And me having to vote from Vienna
Re:Where are the experts?? (Score:5, Funny)
Kudos - I don't think my landlord knows jack shit about cryptography... ;)
Re:Where are the experts?? (Score:3, Insightful)
Bruce has a rare combination of the mental accuity required to be a security researcher and expert, and the ability to write well enough to be understood by large swaths of the population. A lot of security people will try to explain to the non-tech person that blocking ICMP will help to avoid DDoS attacks, but you have to keep SMTP open to allow e-mail, even though that will result in spam getting through but im
Re:Where are the experts?? (Score:2)
You are one of the privileged few. The rest of us just get to read only the excellent ones.
Damn, I must be on the wrong list, because I only get the bogus newsletters.
That's alright, because I'm already on the [air guitair] WILD STALLIONS list!
doesnt the military.... (Score:5, Insightful)
a week before Nov 2, simply gather up everyone's ballots (sealed in envelopes), then mail them back home. IIRC, this is what was done in 2000, and many other elections pre-fax machines.
Re:doesnt the military.... (Score:5, Insightful)
Re:doesnt the military.... (Score:2)
USPS is usually one of the first services set up of soldiers but for any services at all to be set up a large enough camp must first exist.
Re:doesnt the military.... (Score:3, Informative)
Re:doesnt the military.... (Score:2, Insightful)
Yes. And in 2000, Al Gore sucessfully challenged several thousand military absentee ballots in Florida because they arrived late.
Re:doesnt the military.... (Score:3, Informative)
ripe for spoofing? (Score:2, Interesting)
it could happen (Score:2, Interesting)
Smart Card Voting Cards! (Score:2)
Of course, I'm sure someone here will be happy to point out to me why it's a bad idea.
It's better then not letting them vote at all. (Score:2)
On the other hand Missouri isn't a swing state, so none of this matters anyway.
The Show Me State is indeed in play (Score:2)
There is a county in there with almost as much success...
Missouri is right in the middle of the country, with some counties of all types of people.
It is definitely in play.
Alex
Re:It's better then not letting them vote at all. (Score:3, Insightful)
These ballots have already been sent on their way to the folks in the field. There have been a few issues, I've heard, where the blank ballots have not gotten to their destination but that can be rectified by simply sending more blanks.
If the people in the field aren't capable of filling in a blank paper ballot what makes you think they can c
Some thoughts (Score:5, Insightful)
confidence in the election process? What's wrong with having miltary poll stations
in Iraq and then simply flying the ballot boxes back? Sure, it's more expensive
that e-mail but if the US government can spend billions to put a democracy in the middle east
surely a few million dollars could be set aside to insure integrity of the US vote.
Simon
Re:Some thoughts (Score:4, Informative)
Re:Some thoughts (Score:5, Interesting)
Honestly, the simplest system (absentee balloting) seems to be the best in this case, and has worked fine for years. Why we're trying to replace something that isn't broken is beyond me.
Re:Some thoughts (Score:3, Insightful)
Because the people that think logically about the security implications of electoral processes are also the ones who think logically when presented with political arguments.
Such people are (a) a small voting bloc, and (b) do not vote as a bloc. On a votes-per-dollar basis, it's vastly more efficient to rally the party faithful and pander to the rest of the swing vote (who are eas
Send your security concers to /dev/null (Score:5, Insightful)
Oh, I see. If you're worried about security, don't use the system. Right. So, what's to prevent someone from using this system for me in my name? Who decides which ballot is valid in the case of multiple submissions? I certainly hope someone rethinks this idea before it gets implemented. There is simply WAAAAAY too much potential for abuse.
Report at the tabaulating workstation (Score:5, Funny)
Kerry: 1,498
Nader: 1
L337 D00d Linus Torvalds: 82,239,123
Your forgeting somthing... (Score:2, Funny)
Signed scanned approved PDF file (Score:2, Informative)
Great Idea! (Score:5, Interesting)
Why Email... (Score:2, Interesting)
This idea, very bad. (Score:4, Insightful)
Let's say I am an employer, and I say "you'll get fired if you don't vote for candidate X". If the only methods of voting are by secret ballot, the voter is protected. Otherwise the voter might be forced or coerced into using the "optional" un-secret method. (And yes this has happened before!)
On top of that concern, we're using e-mail? I don't trust the e-mail system for anything important at all. Last semester we had to turn in our homework via e-mail in one of my classes, which I had qualms about. Lo and behold, at the end of the semester, two of my assignments didn't get counted by the professor. He insisted that the e-mail system was perfect. This idea, very bad.
Security is for Sissies (Score:5, Funny)
So I wonder what they'll say afterwards...
Spokesman: See, this plan worked perfectly - we got 100% turnout.
Soldier: 100%? How? I didn't use the email voting system.
Spokesman: Sure you did, we have your vote right here. You voted for Kevin Mitnick, and used the reply-to address "haX0r-v0t3r@133t.ru."
Soldier: What?
Spokesman: There you have it folks, as we said beforehand, if they didn't trust it, they wouldn't use it. 100% used it, so clearly 100% trust it. And if 100% of our fighting men and women trust a system they know nothing about, who are you to question it? It's a simple question really: Do you support our soldiers, or are you a terrorist? The terrorists don't want our soldiers to vote.
RTFA (Score:5, Informative)
Not ideal, but it's not as insecure as I would have imagined.
Re:RTFA (Score:2, Insightful)
Is this even allowed according to the constitution?
Sure as long as you trust them it's a good thing, but just think ahead a bit will you?
I'm pretty sure that those people that have lived in a dictature are laughing their ass of just on the thought of including the DoD in the election.
(And don't try the "but the DoD allready handles the election". The difference is that with an old school voting system you have slighly more contro
But how secure is faxing your vote? (Score:5, Interesting)
Oh sure, they can "see" a signature but how many people in the voting office are going to check the signature against the one on file? (IE, how many dead people vote in elections?)
How long would it be... (Score:2, Interesting)
'Apply this rule after the message arrives
with republican or bush in the subject
permanently delete it'
I think we should just let them try to count chads again. There is already enough room for counting errors (regardless of which candidate you support you should aggree) with the limited methods of voting. No need to introduce more error. Let's get the ones we have now working before we pile on more.
Oh great (Score:2, Funny)
It's not fricken' hard (Score:5, Insightful)
Prediction: the US will be convulsed over the reliability and fairness of its elections procedures every four years for the forseeable future.
Countries using ballot papers and boxes will get their results a bit slower, but will not be convulsed.
As for the argument that e-voting makes it easier for people to vote, thus increasing democratic participation, all I can say is, if you care so little about your vote that you can't be bothered to leave the house to cast it (I"m assuming those who are housebound are catered for) you don't deserve to vote.
Sheesh. I have used up my 'fricken' quotient for today but it was worth it.
Some old technology is very good. Like the bicycle. When I worked in TV we used to bike tapes around rather than using the internet, because as our tech director used to say, "Never underestimate the bandwidth of a man on a motorbike".
Blair/Blunkett (Score:2)
Gee, you're right... (Score:4, Insightful)
The government can use... (Score:2, Interesting)
Email voting could work, but not this way. (Score:5, Informative)
Every military member has a CAC card which serves as a military ID but it is also a smartcard. Every person in the DoD is issued a digital certificate by the DoD when the card is issued. It should just be an academic exercise to create a voting station where the user inserts his CAC, votes and receives a confirmation that is encrypted with the user's public key and signed with the appropriate private key as an audit trail. I think this scheme fulfills the requirements for a "trusted" voting system. Voters are securely authenticated, votes are audited and cryptographically secured. Of course, the flaw usually lies in the implementation...
North Carolina (Score:2)
That is, until this year. They changed the law so now I have to send them a HANDWRITTEN letter requesting an absentee ballot. Why?
Fight for your rights (Score:5, Informative)
why just for military? (Score:4, Interesting)
PGP? (Score:4, Insightful)
It's all about logistics (Score:3, Insightful)
Politicians and technology (Score:4, Insightful)
Why can't they ever just say "We need a way for soldiers to easily cast an absentee ballot" and then let people who know what they are doing come up with the proper system?
This is a problem where I work as well.
Secret ballot (Score:3, Insightful)
Have Americans forgotten this?
Of course, we Canadians take election ballots very seriously. For example, it is illegal to eat your ballot [elections.ca]. This upsets some people [edibleballot.tao.ca]. (No, ballot eating has nothing to do with the topic at hand, I just wanted an excuse to post that.)
The absentee process has two parts (Score:5, Insightful)
1.) The application has to get to the voter somehow. This is not as much of a problem as it once was, because one can email the town clerk and ask for it to be mailed, one's relatives can send it to you, or you can print it out from the Secretary of the State's web site [state.ct.us].
2.) Once the application is filled out, it must be mailed back to the Town Clerk. Currently, the law allows one to fax the application to ensure the ballot goes out in a timely manner, but it must be mailed at the same time it is faxed. If the application is not received in the mail be the close of polls on election day, the ballot is rejected.
3.) When the Town Clerk receives the application, he prepares a ballot and mails it.
4.) Then I get to vote. And mail back the ballot. And hope that it's received in time.
That's a cycle of three or four mail trips across the world. Anybody overseas who wants to vote absentee needs to get going right now to make sure their votes are counted! Incidentally, look at the audit trail absentee balloting leaves in its wake: the completed application, an outer envelope for mailing, an inner envelope to ensure ballot secrecy, and the ballot itself. With the potential for mischief that absentee balloting presents, I am glad all this paperwork exists. However, in the interest of timeliness and of not disenfranchising remote voters, I think the application process, but not the voting itself, can be shortened by using email without sacrificing security. Imagine this process:
1.) The voter emails the town clerk with the required information and a digital signature.
2.) The clerk mails the ballot.
3.) The voter mails back the ballot.
That's two mail trips. That's still a wait, but the process is simpler, there's still an audit trail, the identity of the voter is still verifiable, and the ballot is on good old paper. Why can't states adopt a sensible, middle-ground process like this one? And why doesn't Missouri's chief elections official understand the importance of an auditable vote?
This problem has already been solved.. (Score:3, Informative)
You can also have a look at the code [ososs.nl]. The Dutch text surrounding the link to the ZIP file is mainly explaining the ZIP file and showing an MD5 checksum for the archive.
In conclusion, there is verified code out there for expat/remote voting, open and accessible. I would start asking questions if anything less was used. Consider the amount of people you need to trust to make this system democratically sound, and the privacy you need to give up. Conspiracy theorists would at this point strongly suspect alterior motives, and in this case I'd actually agree with them..
Re:Humm... (Score:2)
Re:Humm... (Score:2)
Re:no way (Score:3, Insightful)
They can then verify the individual votes authenticity with the corresponding public keys.
It could be done.