Experts on voting security and computer technology warned Monday that New Jersey's plan to allow residents displaced by Hurricane Sandy to cast ballots by e-mail could be easily undermined by hacking or other forms of fraud.
Lt. Gov. Kim Guadagno (R) announced Saturday that registered voters uprooted by last week's storm can apply by e-mail or fax to their county clerk for a mail-in ballot and return it — by e-mail or fax — no later than 8 p.m. Tuesday.
"This has been an extraordinary storm that has created unthinkable destruction across our state and we know many people have questions about how and where to cast their vote in Tuesday's election," said Guadagno (R), who also oversees voting as New Jersey's secretary of state, in a statement. In New York, voters unable to use their regular polling places will be allowed to cast a provisional ballot at any polling place in the state, under an executive order issued by Gov. Andrew M. Cuomo (D).
Most states have shied away from voting by e-mail and fax because of security concerns. Researchers said there is little to stop anyone from creating new e-mail accounts under the names of residents of disaster-hit areas such as Atlantic City and pretending to cast votes for them.
"How do you know that person is really who they claim to be? If a server receives e-mail, how do you verify the authenticity of that voter? It's a big challenge, particularly in an ad hoc situation like this," said Ron Rivest, a professor of computer science at the Massachusetts Institute of Technology.
New Jersey has more experience than most states with e-mail and fax ballots. It accepts those electronic forms of voting from military service members and from residents living overseas.
But Charles Stewart, a professor of political science at MIT and co-director of the Caltech-MIT voting technology project, said security is a concern. If the military and major banks have been hacked into, e-mail servers for New Jersey can easily be hit with denial of service attacks.
"There is a lot of worry of whether the current Internet is secure enough to prevent a malicious attack that could close down a site. That is a bigger concern than spoofing or fraudulently sending in an e-mail," Stewart said.
Ernest Landante, a spokesman for Guadagno, said officials are confident of the system's integrity.
He said county clerks who issue the electronic ballots confirm the voter's identity by matching his or her signature against voter registration records. After the voter faxes or e-mails the ballot back to the clerk, it is set aside until the election is over and checked against the in-person voting records to make sure that someone who voted electronically did not also vote in person.
"We are doing this only because this has been an extraordinary event," Landante said. "I've lived in New Jersey my whole life and have never seen anything like it . . . It would be awful if a voter who wanted to vote in a national as well as local election couldn't get access to a ballot."