
New Jersey To Allow Voting By Email - sethbannon
http://www.state.nj.us/governor/news/news/552012/approved/20121103d.html
======
jre
In Switzerland, some states have ran internet voting trials. Recently, the
state of Geneva ran one and a citizen was able to vote twice[1]. The
administration then fixed the problem by removing the duplicate vote and then
told everybody how e-voting was a success.

Of course, some people complained because a system that allow someone to vote
twice doesn't work. The biggest problem though was that they were able to fix
it by removing a vote, meaning they could identify the votes and remove it
without problems.

The bottom line is : from a technical/cryptographical perspective, the system
is a joke (and they don't want to give access to the code). And that's my fear
with e-voting : it seems like governments agencies (and their contractors)
have a tendency to screw up very badly when it comes to new technology, at
least in Switzerland. And I don't want to vote through an half-assed online
system using MD5 and a 64 bits RSA key.

[1] [http://www.tdg.ch/high-tech/web/Un-citoyen-a-pu-voter-
deux-f...](http://www.tdg.ch/high-tech/web/Un-citoyen-a-pu-voter-deux-
fois/story/18941094) (in French)

~~~
bluelu
You are making a wrong assumption here. It's no problem that you can identify
that someone has voted twice. It would be a problem if that person could prove
that he voted for a certain person.

Have a look at the papers of <http://www.infsecmaster.ethz.ch/people/maurer>

He also has a very good lecture on information hiding/binding principles where
these principles are explained.

~~~
lifeisstillgood
If my vote is encrypted and put in an envelope that has my name on it, then it
very very much matters.

If you cam find two envelopes with my name, you can find out what my vote is (
I mean somewhere there is a decryption key)

Physical voting strips most links out from who voted and what they voted (you
prove who you are at the desk then walk in and vote on a piece of paper in no
way related to your name.

That is either impossible electronically or relies on unverifiable trust in
the code. I know if someone looks over my shoulder. I cannot look at the code
running - even if it is open source I cannot see what is really running.

~~~
ramchip
Not necessarily, it's possible to find two envelopes with e.g. a hash of your
name, without knowing your name.

~~~
barrkel
So you hash everyones' name, then you have a reverse mapping.

~~~
lifeisstillgood
Plus once you have my envelope you have my vote - we don't trust you or the
code btw

------
sageikosa
Not sure how it will apply, but in the US, by Federal law, the process for
voting in any state cannot be changed any closer than 30 days before the
election. The voter ID law in PA was in limbo a month before the election, and
had to be deferred because the challenges couldn't be resolved by the early
October deadline.

Regardless of how this is couched, I can see the potential for challenges.

~~~
kmontrose
I was under the impression that was because the PA law was challenged on
discrimination/disenfranchisement grounds which falls under the Voting Rights
Act. I want to say certain states _do_ have to get pre-approval before any
voting changes under the VRA due to a history of voter discrimination, but I'm
pretty sure PA isn't one of them.

Not aware of any blanket deadline on changing voting processes, do you know
which law that's in?

~~~
sageikosa
There is some stuff in Title 42 Chapter 20 Subchapter I-A section 1973c about
alterations that might restrict, but these changes in NJ probably would be
construed as extending or preserving the franchise.

My knowledge on the matter is a bit fuzzy and goes back to 2000 with Florida's
electors. Title 3 Section 5 seems to cover this, but only lists 6 days before
appointment of electors, and 6 days before meeting of electors; and only when
controversy arises.

A bit too dense with commas, prepositional phrases and conjunctions for me to
decipher. I find D&D easier to understand than US election law.

------
vegardx
My problem with "e-voting" has never been the security aspect, but how easy it
would be to manipulate. Given how even some elections can be, just getting
that last 1% of votes (I know the American system is somewhat different, as
you need mandates, not votes, but I'm talking generally) could tip it in your
direction. With traditional voting, a person usually has to meet, in person,
to vote. With "e-voting" you could easily forge tons of votes, even with
actual people, just by social engineering and forging of documents.

~~~
colmmacc
Arguably having a "correct" winner matters the least in tight elections. If
the margin of victory is as-low as 1% then it hardly matters which candidate
wins - that election is already subject to the influence of weather, chance,
accident and human counting error.

There really is no supernatural magic to democracy that invests within the
winner a moral or judgemental superiority. The ceremony and culture we
surround democracy with can create that illusion. In an almost holy way, we
anoint the winner and assign to them a minor god-like status. Their choice is
said to reflect the will of the people, to be the personification of a
mandate. But rationally, we should realise that a candidate who wins by 1% is
about as likely to lose if the election was run the next day.

What's scary about e-voting is that democracy is really only very good at
preventing complete tyranny. Potential tyrants are unlikely to gain enough
votes. But with e-voting, errors of 50% are as easy and as likely as errors of
1%.

~~~
zem
one problem is that when last-lousy-point fraud is used to tip a tight
election one way rather than the other, the election has now _provably_ gone
to the party that was willing to win it by unethical means.

------
InclinedPlane
Erm, doesn't this end up potentially exposing everyone's voting choices? I
guess anonymous voting isn't important right?

~~~
maratd
What makes you think you have anonymous voting now? You must identify yourself
when entering a polling station and each vote is tracked, in the event of a
recount.

The same type of anonymity can be provided by an automated program parsing
emails that I can write in about an hour.

I'm proud that my state will be among the first to move in this obvious
direction. Unfortunate that it had to be under such circumstances.

~~~
27182818284
The fact that I just asked two people who work for the election commission and
they confirmed for me that they know that I did vote (which makes obvious
sense) but not who I voted for.

You identify yourself to one person that is checking the registry. That person
is supervised by another person to make sure there is nothing strange going on
there. If OK, you're given a ballot in a plastic holder. After marking ballot,
you slide your paper ballot into the secured box by letting it drop out of the
plastic container. This means nobody but you saw your choice and now it is
mixed in with all of the others. Later, during a recount, they can see who
indeed voted, but not who they voted for. They only get the numbers.

~~~
specialist
I've been lied to so many times by so many election administrators, I would
take Thatcher's advice: Trust, but verify.

There's a difference between CANNOT tell how you voted, vs we didn't look.

~~~
27182818284
Don't worry, I do mean the "cannot" version. Reread my post and note how I
described the process. Asking the people I knew who had worked at the election
commission in the last few years was only to confirm what I had concluded from
my own experiences voting. The method used (in my state at least) does not
have a way to identify me personally, even if a corrupt politician stole all
the boxes post election and emptied them in his office. So that takes care of
the "won't" case vs the "cannot" case.

~~~
specialist
We cool. Thanks for following up. I assumed too much about your circumstances.

Paper ballots cast at a poll site is the only way to absolutely ensure voter
privacy. The Australian Ballot method. The reason it works is because the
ballot box scrambles the order of ballots, so they can't be tied to individual
voters. (There are some exceptions, like very small precincts.)

Voting electronically eliminates that anonymizing scrambling. If it scrambled
the order, they'd never be able to audit the process.

Postal ballots (aka vote by mail) has to be done just right to protect voter
privacy. Many jurisdictions don't scramble the ballots because of the added
expense.

------
danso
Good thing NJ isn't a swing state or the lawsuits would already have been
filed by now.

* First thing that comes to mind: how ready is NJ.gov for a denial of service attack?

~~~
phlyingpenguin
To be fair, voters have more to vote on than the presidential election. Maybe
that still means lawsuits should be flowing, but I don't thing it being a
swing state or not is really the issue here.

------
raldi
Is it a plain text email? A special PDF? A Windows executable?

~~~
pudquick
From what I can tell about this, it seems to work like:

1.) Overseas / abroad resident has to apply for the email ballot. This should
go through some sort of human approval process, making sure that the names for
those particular voters voting in this method are recorded - to compare
against in-person voting locations and ensure no double-voting. Hopefully
should any double+ voting occur, this ballot will be invalidated.

2.) They are either faxed or sent, via email, an electronic PDF form based
ballot. These PDF forms are true forms in that they allow for the voter to
type in entries and save the new version (complete with entered information).

3.) The faxed form would be faxed back, with entries. The PDF version would be
sent back, with entries, via email.

Unless Adobe has (once again) extended the PDF format to include encryption of
PDF form entries, then yes, the emailed returned ballot will expose the
voter's preferences via plaintext transmission.

The only way they'd be able to avoid that would be to have, for instance, an
https accessible website that allows for PDF ballot upload. Somehow I doubt
this is what they're doing.

~~~
mjn
That doesn't sound much less secure than how I voted, as an expat.

I did the following:

1) Applied for a ballot by email, using a scanned Federal Post Card
Application (FPCA) sent to the county clerk of the county I last resided in.

2) A ballot was sent to me by post. This is just a big piece of paper with
some stuff printed on it.

3) I check the boxes I want to vote for.

4) I mail back my ballot.

Overall it doesn't seem much harder to spoof the existing process, since
there's no verification of who sent back the ballot. The only security is that
there might be various codes (or bar-codes) on that paper ballot which you'd
have to know something about to fake.

~~~
weaksauce
Computers change the scale of things. with that you would have to print out
many forms on paper that was not normal copy paper with identifying barcodes
on it and then mail each ballot back after signing the form and marking each
form individually. With an electronic version a lot of that hassle is taken
out of the equation.

------
ghayes
I love the idea and how this moves us forward. Instead of mailing an absentee
ballot, you have identical authentication of e-mailing that ballot instead of
placing it in the mail. Despite the complications for privacy, tracking and
disenfranchisement, an ID system similar to Estonia's[1] with private-key
cryptography would make online voting much more authentic than we currently
use (most US districts do not require photo identification at the voting
booth).

[1] <http://en.wikipedia.org/wiki/Estonian_ID_card>

~~~
zorlem
It certainly moves us forward, but I'm not sure I like the direction.

With the traditional (paper ballot) voting there are several principles that
are key to the legitimacy of the election process:

1) The paper ballot could be verified by any citizen and doesn't require any
specific knowledge. Any voter could be sure that his vote is accounted for
correctly. The ballots could be counted and re-counted without any technical
obstacles and alterations. Various NGOs, organizations and individuals could
act as guardians of the fair and independent process. This is very important
as it provides trust in the process by making it more open. It's technically
impossible to make the electronic process easily verifiable and tamper-proof.
Any verification will require specialized knowledge, automatically barring a
majority of the citizens from any verification. In most democratic elections
the process is open to participation by the members of the general public as
either observers (controllers) or counters.

And I'm not even talking about gaping security problems that have been
discovered in the past with eg. Diebold's e-voting machines [1][2][3] - I
never quite understood how the citizens of USA and the government could accept
such a thing in the first place as this undermines the whole election process.

2) The paper ballot leaves a trail that is easy to verify and rather difficult
to falsify on a large scale without leaving a ton of traces. This process has
been refined and improved for a long time and is quite durable if followed
properly. Electronic voting (either remote or using e-voting machines) on the
other hand provides lots of opportunities for errors and fraud - software
bugs, accidental or deliberate software modifications, poor UX choices, etc.
The incentives and the payout of fraud are simply too big.

3) It provides decent protection against double-voting. Double voting with
paper ballot is still possible, but is so hard to implement on a scale of any
significance, that it's almost pointless.

4) Paper ballot guarantees the secrecy of the voting. This might not seem very
important for countries like USA where oppressive regimes are not the norm,
but is crucial for other places where vote bullying or outright buying are
rampant. Even if I was in USA I'd prefer to keep my political preferences and
whom I vote for to myself. I wouldn't want elected officials to use my
competitor's services only because the CEO enticed his employees to vote for a
particular candidate (yes, I do realize that lobbying and political campaign
financing are closely tied in USA, but that's tangential).

The Germans have considered electronic voting in 2009 and their Constitutional
Court has declared electronic voting as non-constitutional. The motives, in
English, could be found on the court's press pages [4].

The technical details of the Estonian system in English could be found on
their site [5].

[1] <http://www.salon.com/2011/09/27/votinghack/>

[2] <http://www.securityfocus.com/news/11391>

[3] <http://www.blackboxvoting.org/presskit.html#hack> (terrible design, but
has a lot of info)

[4]
[http://www.bundesverfassungsgericht.de/en/press/bvg09-019en....](http://www.bundesverfassungsgericht.de/en/press/bvg09-019en.html#)

[5] <http://www.vvk.ee/public/dok/Yldkirjeldus-eng.pdf>

------
mikesun
somebody tell the governor to read this:

"Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic
Voting". Aviel Rubin.

<http://amzn.com/0767922107>

~~~
specialist
It's a good book. I love the quote about "electronic voting being crack for
conspiracy theorists". But the conclusion is correct: Electronic voting cannot
preserve voter privacy or ensure the public vote count. So it shouldn't be
used. Note that Rubin also worked on the SERVE project for the DoD, reaching
the same conclusion. But the money people keep the dream alive.

------
pjbrunet
This is not secure. At the very least, you're trusting Google, Yahoo and
Microsoft to not alter or drop votes. This is a terrible idea.

------
EGreg
First thing that came to mind for me was ... what about email spoofing or just
a lot of unverified emails?

------
rsheridan6
Ultimately this will end up benefiting the Democrats, since they tend to have
a harder time turning out voters, and anything that makes voting easier tends
to help them.

~~~
MiguelHudnandez
Would you refer to some sources supporting your argument?

~~~
rsheridan6
Well, it's conventional wisdom. Here's a source that says bad weather
suppresses turnout to the benefit of Republicans.
[http://blog.chron.com/sciguy/2012/10/weather-affects-
electio...](http://blog.chron.com/sciguy/2012/10/weather-affects-elections-so-
how-does-election-day-look/)

The principle is the same.

We also have Republicans favoring and Democrats opposing laws requiring voters
to show ID, because they both know which side benefits in relative terms from
making voting more difficult.

------
rat87
I read this as vote by mail and was excited, voting by email is damn stupid.

------
patrickgzill
headline should read: New Jersey to Allow New Form of Election Fraud

------
mdonahoe
Hopefully it has good security.

Any chance this will become the norm for all states?

~~~
activepeanut
I'd love to be able to vote thru the internet, with a state-issued certificate
to authenticate me. It'll be a while before society's tech savvy enough for
this tho so I won't hold my breath.

~~~
0x0
That sounds like fun, until the old man in the house makes everyone sit down
in front of the computer and submit their votes for the "correct" party...

~~~
mjn
Isn't that already a concern with voting by mail?

------
dotcoma
You're going to have a Nigerian President next time, America...

