AB 1403: Email Voting (2017)


Introduction

For the 5th time in 6 years the Voting Rights Task Force is opposing yet another Internet voting (IV) bill, AB 1403. In this case, it is a bill that allows overseas voters to send back a completed ballot as an email attachment.

In general. the main reasons why Internet voting is not ready for use in government elections are:

  • it is not safe;
  • it will not be safe any time soon;
  • even if it were “safe”, it is not transparent; we cannot know what is really going on inside the computers, and should not trust the results;
  • being paperless, we cannot independently check or recount the results, so there is no way to prove to the losers that they lost; and
  • there is no way to recover from the inevitable cyber-meltdown (how do you refund a secret vote?).

This is explained in depth in an earlier post on my on my web site [1]. The same issues also apply to email voting.

The analysis of the bill by the Assembly Elections Committee consultants is here: http://aelc.assembly.ca.gov/sites/aelc.assembly.ca.gov/files/AB%201403%20%28Obernolte%29.pdf

Note: An “Advanced Persistent Threat” (APT) is NSA speak for a group of very skilled, very well organized, very well resourced computer hackers. They usually work for a government. [2]

What have we learned since just last summer?

  • The DNC was hacked, probably by an APT [3]. Another country was using the Internet to interfere in American elections.
  • Voter registration databases in Illinois, Arizona and Riverside county were hacked …
  • … leading the FBI to issue a detailed security warning [4] …
  • … followed by (finally!) the Department of Homeland Security declaring our election infrastructure to be part of America’s critical infrastructure – meaning that it is both very valuable, and vulnerable. [5]
  • Iin late March, an article appeared entitled “It’s easier to hack an election than eBay’: confessions of a Belarusian hacker” [6]
  • On March 31, 2017, former CIA Director Woolsey cautioned that “There’s a real danger here, because approximately 25 percent of our voting machines in the United States do not have paper backups, so if the electronics have been tampered with, you will never know, and you can’t do a recount…We’ve got to get that fixed…The rest of this is very minor by comparison.” [7]
  • In sum: security for our elections, especially on the Internet is getting more dangerous, not less.

Blockchain (Bitcoin) Technology

With reference to “modern” blockchain technology that many claim will solve IV security problems, computer security experts wrote: “Blockchains are useful, and can certainly be part of a secure voting solution. But they are only a small piece – they do an adequate job of solving an easy part of the security challenges in Internet voting, but nothing at all to solve the hard parts.” [8]

Voting by Email:

  • Please note that an email contains a public “envelope”, showing the addressee – a specific, targetable county elections office – and the sender, about whom many organizations now have “big data”, to the point of knowing how most people will vote.
  • Emails travel on the Internet through many computers (routers) on their way to their destination. From overseas, this can include computers in Russia, China, Iran, and other undemocratic countries. This poses several problems:
    • Email attachments are not encrypted, which makes it easier for any computer to “photoshop” or just swap the ballots and accompanying valid signatures – which many organizations such as credit card companies and supermarkets have.
    • Email accounts can be hijacked – how many of us have received emails apparently from the account of a friend saying that they are stuck somewhere, and could you please send some money? The same thing can be done with an email carrying a ballot. It appears to come from a voter, but how does a county elections office really know?
    • If forging email “envelopes” and ballots is too tricky, a router can simply block them, stop ballots from known senders from arriving at the elections office.
  • There is no reliable way of even knowing if an attack has occurred.
  • Many ballots would be sent using PDF files. What many people do not know, a PDF flie, like an MS Word DOC file, can contain computer code, ie: it can infect any computer it touches, including central county election systems.
  • With no paper trail, there is no way to recover from a serious problem. Again, how do you refund a secret vote?
  • There are also no provisions for checking that the ballots are received and counted correctly.
  • Then there is the threat of insider and denial of service attacks on county election email servers. The attacks on the DNC proved that somebody has mastered the art of hacking email systems. Those in LA and San Diego Counties would be fat targets for disrupting an election.
  • The bill requires voters to waive their right to a secret ballot. In certain employment situations, including the military, that may not be fully voluntary. In any case, the NSA is collecting all emails anybody sends, especially from overseas.
  • The main point is: emails over the Internet is not a secure way to send voted ballots. Indeed, we would like to see a higher voter turnout, but Chinese or Russian hackers should not be allowed to vote in Californian elections at all, let alone massively.

Solving the Overseas Ballot Problem

We would also like to echo the comments of others, saying that claims about a major problem with overseas vote by mail are exaggerated, using outdated statistics. With citizens now able to download and print blank ballots, over 90% of the ballots are returning on time. Californians have 60 days to do so. It would be more effective to teach overseas voters that they can download blank ballots than risking email voting.

Having lived overseas for 17 years, overseas voting has been a personal issue for me. But in my judgment, the problem does not merit putting our elections at risk of attack from anywhere in the world via the Internet. An email system cannot prevent it, and has no reasonable way to recover effective attacks.


What the experts say:

Debra Bowen, former California Secretary of State:“I believe we must continue to remove as many barriers as possible to ensure California’s military voters and their dependents are able to fully participate in their democracy. However, the return of voted ballots by email is too risky given current technology and security standards.” [9]

Dr. David Jefferson, Cyber Security Expert, Lawrence Livermore National Laboratory and voting technology advisor to five California Secretaries of State: “While all Internet voting systems are vulnerable to such attacks and thus should be unacceptable to anyone, email voting is by far the worst Internet voting choice from a national security point of view since it is the easiest to attack in the largest number of different ways. … The computer security research community in the U.S. is essentially unanimous in its condemnation of any currently feasible form of Internet voting, but most especially of email voting.” [10]

Dr. Ron Rivest, Cyber Security Expert, MIT:“It is child’s play these days to hire a botnet to send out tens or hundreds of millions of spam email messages; I doubt the filters on most election jurisdiction servers would be able to cope… And of course, you can target servers according to the politics of the targeted jurisdiction.” [11]

Overseas Vote Foundation: “Private email over the Internet is not a secure method of transfer for documents containing your confidential identity information. This is why Overseas Vote Foundation recommends that voters return their ballots by regular mail and fax.” (not email!).[12]


Endnotes

1] “Internet Voting Risks”, https://countedascast.org/internet-voting-risks/

2] “NSA’s chief hacker explains how to keep the NSA out of your business”, https://www.yahoo.com/tech/nsa-chief-hacker-explains-keep-nsa-business-040001861.html

3] “Enhanced Analysis of GRIZZLY STEPPE Activity” https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf

4] “Targeting Activity Against State Board of Election Systems” by the FBI,
https://s.yimg.com/dh/ap/politics/images/boe_flash_aug_2016_final.pdf

5] “Statement by Secretary Jeh Johnson on the Designation of Election Infrastructure as a Critical Infrastructure Subsector,
https://www.dhs.gov/news/2017/01/06/statement-secretary-johnson-designation-election-infrastructure-critical”

6] “It’s easier to hack an election than eBay’: confessions of a Belarusian hacker”, https://www.theguardian.com/world/2017/mar/29/hack-election-ebay-confessions-belarusian-hacker

7] “Ex-CIA director warns about problems Russians could cause in next election”,
https://www.aol.com/article/news/2017/03/31/ex-cia-director-warns-about-problems-russians-could-cause-in-nex/22020795/

8] “Blockchains and Elections”,
https://countedascast.files.wordpress.com/2017/02/blockchainsandelections1610.pdf

9] Letter to Senator Runner, http://www.countedascast.com/california/sb908bowen110427oppose.php

10] “Email Voting: A National Security Threat in Government Elections”, https://www.verifiedvoting.org/email-voting-a-national-security-threat-in-government-elections/

11] “Emailed Ballots: A Security Assessment”,
https://www.overseasvotefoundation.org/Email-Ballot-Security

12] Ibid.

Advertisements
%d bloggers like this: