While the majority of American’s will cast their vote for the next President of the United States by going to the polls this Tuesday, there are a growing number of Americans for whom the option of voting via email is now available. Currently, 32 States, and the District of Columbia, allow military personnel and registered voters living overseas to cast their ballots using email, fax or an Internet portal. However, in light of the recent damage wrought by Hurricane Sandy, New Jersey election officials are allowing voters displaced by the storm to cast their ballots via email as well.
But the question remains – how secure is email voting? Past experience with hackers suggests that they choose the timing of their attacks strategically in order to maximize the amount of disruption they cause. An attack on Election Day would certainly do just that. A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack on email servers could potentially delay ballots and disenfranchise voters. Although the number of online voters is not significant relative to the population at large, any disruption to the normal voting process is likely to raise questions of legitimacy.
Recent history demonstrates that the electoral process is not immune to the increasingly hostile global cyber security environment. For example, elections in Russia and Mexico were accompanied by cyber security incidents that tried to interrupt the election process. This past March, Canadian elections were interrupted with a DDoS attack that forced the voting period to be prolonged.
Of course, one might ask whether hackers and hacktivist groups actually have the ability to carry out such attacks. Unfortunately, the simple answer is yes – they have the technology and the knowledge. Most importantly, however, they are armed with the motivation.