I am thrilled to be able to report that the California email voting bill SB908, was defeated in the Assembly Elections Committee. It needed 4 votes to pass the 7 member committee. There was 1 vote in favor, 3 opposed, 2 abstentions, and 1 absent. The same bill that sailed through the Senate 23-11.
This is a clear victory for small but dedicated groups of election integrity advocates, working in conjunction with Debra Bowen’s office, and networking throughout the state and the country. The message was clear, concise, and compelling, (email voting is way too risky) and repeated to the committee members many times by all of you over the past 2 1/2 weeks.
We wish to thank everybody for their solidarity. We are looking forward to more such victories in the future.
Jim & the Voting Rights Task Force
We fail only if we quit, and we are not quitting.
Why Email Voting Is Dangerous
- Legislators are supporting the bill because they want to help the troops. The legislative analysis did a poor job of looking at technical issues of “photoshopping” the ballots as they are relayed across the global Internet. The analysis also failed to look at insider and denial of service attacks which can affect county elections servers.
- In just one week, the CIA, IMF, US Senate, CityBank, and other high security sites were all hacked.
- Emails travel through many computers (routers) on their way to their destination. From overseas, this could include computers in Russia, China, Iran, and other undemocratic countries. Email attachments are not encrypted, which makes it easier for any computer to “photoshop” the ballots and and accompanying signatures.
- There is no reliable way of even knowing if an attack has occured. With no paper trail, there is no way to recover from a serious problem. Also, there are also no provisions for checking that the ballots are received and counted correctly.
- Chinese or Russian hackers should not be allowed to vote in Californian elections at all, let alone massively.
- The bill requires voters to waive their right to a secret ballot. In certain employment situations, that may not be fully voluntary.
- The main point is: Emails over the Internet is not a secure means to transmit voted ballots.
What To Do
- Please write the legislators.
- You can use a sample letter that has been prepared here.
From the Experts
Debra Bowen, California Secretary of State.
“I believe we must continue to remove as many barriers as possible to ensure California’s military voters and their dependents are able to fully participate in their democracy. However, the return of voted ballots by email is too risky
given current technology and security standards.”
Letter to Senator Runner, April 27, 2011
Dr. David Jefferson, Cyber Security Expert,
Lawrence Livermore National Laboratory and voting technology advisor to five California Secretaries of State.
“While all Internet voting systems are vulnerable to such attacks and thus should be unacceptable to anyone, email voting
is by far the worst
Internet voting choice from a national security point of view since it is the easiest to attack in the largest number of different ways. … The computer security research community in the U.S. is essentially unanimous
in its condemnation of any currently feasible form of Internet voting, but most especially of email voting.”
Email Voting: A National Security Threat in Government Elections
David Jefferson’s Comments to the FCC on Internet Voting,
and the Computer Technologists’ Statement on Internet Voting
Dr. Ron Rivest, Cyber Security Expert, MIT
“It is child’s play these days to hire a botnet to send out tens or hundreds of millions of spam email messages; I doubt the filters on most election jurisdiction servers would be able to cope… And of course, you can target servers according to the politics of the targeted jurisdiction.”
Overseas Vote Foundation
“Private email over the Internet is not a secure method
of transfer for documents containing your confidential identity information. This is why Overseas Vote Foundation recommends that voters return their ballots by regular mail and fax.” (not email!)
Emailed Ballots: A Security Assessment
Let’s Hear It: Do You Want to Email Your Ballot?
“I believe that we will block or at least alter the email voting bill in the California Assembly Elections Committee. The same bill that sailed through the Senate 23 to 11. A major difference will be that a small but dedicated network of advocates is organizing opposition to the bill. We know now that calls and emails are pouring into assemblymembers’ offices, all opposed. Six years ago, it was difficult just to be heard. Now we are better organized, and definitely influencing legislation. At some point, we will be helping to write it. We only fail if we quit. We are not quitting. Democracy is too important.”
– Jim Soper Takes On Internet Voting in California
More Good Links
I will add one other point. I lived overseas for 17 years, so the frustration of voting from abroad is personal with me. But as a senior software engineer, and the author of CountedAsCast.com, I know how dangerous Internet voting is, and what the implications of an email voting bill are for California, and for national security. On the balance, email voting is simply not worth the high risks of insider or external attack. “Photoshopping” email attachments as they travel over the Internet through computers in unfriendly countries is just too easy. Also too easy is digitally flooding the email servers of Los Angeles and other large counties on Election Day in a denial of service attack, blocking any hope of ballots arriving on time. The email system proposed offers no redundant backup; no way to collect, count or check the ballots when technology breaks down. And it will.
San Francisco Voting Systems Task Force
In its upcoming report to the San Francisco Board of Supervisors, the Task Force states the following:
“It is well settled that marking ballots in an uncontrolled environment is vulnerable to fraud and coercion — mostly during transportation (of ballot from voter to election officials) wherein marked ballots are subject to risks that are not present in ballots marked in a controlled environment. … Similarly, in discussing remote digital voting, it is well-settled that all forms of remote digital voting also share these vulnerabilities, … Among the risks specific to remote digital voting are insider technical threat and Internet accessibility of remote digital voting systems to adversaries. Insider technical threat is the expansion of the scope of trusted insiders to include IT operations staff charged with managing remote digital voting systems, as well as anyone who is able to obtain IT operations privileges. Internet accessibility is a necessary consequence of using public networks for communication between remote voters and local election officials; anyone anywhere with Internet access has the ability to target remote digital voting systems in order to carry out the same type of Internet based attacks that have succeeded against several organizations with security expertise that far exceeds that of any voting system vendor or election jurisdiction — including Google, Adobe, RSA Security, Federal Voting Assistance program website; and dozens of other large corporations. With the digital-specific risks, both ballot anonymity and ballot integrity are at risk
in many ways that are not applicable to ballots marked in a controlled environment with controlled transportation to election offices facilities. The National Institute of Standards and Technology’s Report NISTIR 7711, which compares the risks for digital remote voting to postal remote voting, states: “In general, these risks are larger than risks associated with traditional postal mail delivery of ballots because the whole world has access to the internet, while few people have access to somebody’s mail.””
– “Recommendation on Voting Systems
“, final draft.