From The "Journal Of Irresponsible Ideas"


TRENTON, N.J. (AP) — New Jersey will allow residents displaced by Superstorm Sandy to vote by email or fax. 

Officials announced Saturday that registered voters can vote electronically. A resident must submit a mail-in ballot application by fax or email to the local county clerk. 

When the request is received, a ballot will be emailed or faxed back. Ballots must be returned no later than 8 p.m. Tuesday.
There's about 1000 reasons why this is a horrible, horrible idea - and it has everything to do with basic security issues, and nothing to do with Democrat vs. Republican. It would be a bad idea if we were talking about the election for local dog catcher; for a federal election... oi.

Problem #0: Anyone can request a ballot application.  Voter registration or other voter information is a matter of public record in some states.  Say you log in tomorrow morning, see that you can request a ballot application by email... but someone else has already done so, using your name.  How could that happen?  Well, you see...

Problem #1: email is insecure.  Period.  The SMTP protocol is insecure by design.  There goes your secret ballot - anyone with a packet sniffer can see who you voted for.  Even worse, anyone feeling really nefarious can intercept, modify, and then submit your altered ballot, because...

Problem #2: email is not point-to-point. Your message may go through any number of servers before it reaches it's destination.  Each relay server is a point at which your ballot could be intercepted, modified, or just plain lost, because...

Problem #3: email is unreliable.  Say everything else works perfectly, you email your ballot... and one of the servers along the way hiccups.  Do you know the MTA timeout on your primary mail server?  On each of the servers it will be contacting?  At this point, an overall timeout greater than 2 days means your vote will not be counted, because it will arrive after the stated deadline.  But, hey - I'm sure that 's not really a worry.  After all, it's not like a category 1 hurricane has trashed IT infrastructure on the east coast or anything.

Four problems off the top of my head, and I'm not even an email or security expert.  I'm just some random geek who happens to know a bit about the hardware, software and protocols involved.

It's a bad, bad, bad idea.  Whose time has come, apparently.  

No comments: