Cyber Voting

New York State Progressive-Democrat Congressmen want to allow absentee voters to return their ballots over the Internet.

Those Congressmen want absentee voters to be able to [emphasis added]

submit ballots for federal, state and local elections using “electronic absentee ballots” submitted by email.

“Government watchdogs” object.

…Reinvent Albany and Common Cause New York said they have “grave concerns” about the proposed legislation. They warned the move would “put the security of New York’s elections at high risk for cyber incidents, and undermine public confidence in election results.”

However well-intentioned such a move might be, those watchdog groups are right about the security failure such a move would present to the sanctity of each voter’s ballot.

They don’t go far enough in their objection, though. Email, even supposedly encrypted email (and who seriously believes the State government is equipped to send and receive encrypted email?) can be hacked. But the real threat is in the enclosed (attached?) ballots. Ballots are too easily forged, and those forgeries, as images attached/enclosed in a putative absentee voter’s returned email, can have malware embedded in them, in a technique known by the cute name “steganography.” Indeed, stenography can embed the malware in the emails themselves.

That malware can contain code that does far more than just infest the ballot or the ballot-counting and -recording and voter registration processes. That malware can be designed—as any script kiddie knows—to spread itself across internal network connections from the voting/voter registration areas of the government’s software to much more lucrative areas of government software and only then execute its mission. That mission can range from a ransomware attack to a denial of service attack to theft of any government data deemed useful by the hacker.

This is an idea whose time should never be.

Leave a Reply

Your email address will not be published. Required fields are marked *