Matt Blaze is a UPenn professor, and one of the most important security researchers working on electronic voting.
What I don't understand about NJ's plan is, why don't they just delay the NJ statewide elections? NJ isn't really in contention in the Presidential race; the only tricky election is Menendez's for Senate --- not because he could lose, but because the Senate needs the election wrapped up. Christie isn't up for election, nor (obviously) is Lautenberg.
So they could limit the potential damage/controversy here; let people provisionally vote for President (Romney won't challenge the results; NJ is going for Obama the way Utah is going for Romney), and wait a couple weeks for the rest of it.
Yes, for President. Which is my point. The Constitution does not compel New Jersey to hold statewide elections on any particular day.
In fact, if they go ahead with the email plan, they may have to vote on some random other day anyways, when the controversy over challenges forces a re-vote.
Ah, I see what you're saying. Well, as a practical matter, I'm pretty sure NJ would have to amend its state constitution to change election day for local office. I'd be very surprised if that's even legally possible to accomplish before Tuesday.
That certainly does not preclude early voting by mail. Mail-in ballots are entirely preferable to the inconvenient and understaffed polls in most every other state.
I am curious: Does the US have any webbased citizen identification system? In the netherlands we have something called 'digid.nl' which might not be up to e-voting standards, but it is at least a lot more secure and reliable way to identify and authenticate citizens.
Digid.nl is sort of like a firewalled openid. Government websites like the dutch tax office will redirect you to there to authenticate, you get redirected back with a token, and the government website can verify that token with the digid servers. Effectively moving most security/privacy problems to 1 single service that is done right, instead of leaving it to every ministry to get it right.
What perhaps is a bigger problem than if it is secure enough, is does it have enough penetration? I'm sure the US constitution has something to say about the election booths needing to be accessible to the majority (if not all) of the people. If this many people are displaced, is it reasonable to expect that if not a house they have access to internet?
Fun fact: DIGID.NL was secured by Diginotar, the SSL CA that got hacked, tried to cover it up, and later had to admit that fraudulent certs for many of the most popular sites on the Internet had been issued by their hacker.
The US Constitution does not have much specific to say about how voting is accomplished. Each state is allocated a certain number of electors. It's left up to the states to determine how they're apportioned to candidates. The candidate who receives a majority of electoral votes wins.
In practice, it's 2 centuries of precedent set by the courts and laws set out by the legislatures, stemming from the principles in the Constitution (rather than any specific mandate from the Constitution), that determine the specifics of what is and isn't OK in an election.
We have a relatively old Constitution (as liberal Constitutional governments go), and it changes very, very rarely.
Did you bring up the Diginotar hack/scandal because you think having a citizen authentication system is a terrible idea? I think the diginotar incident showed more of how bad the SSL CA situation really is than of the lacking security of digid.
I personally think digid is a great idea, and actually that it should be opened up and extended to allow more (non-government) organisations to make use of it for true "real name" authentication.
I brought up the Diginotar hack because the security of the Digid system depended on an organization that was so thoroughly owned up that it was forced out of business, and I felt like that was relevant to a discussion about centralizing the authentication of citizens to a single organization that could be trusted to get things right.
- The number of total votes by email may not be greater than the margin anyway
- In-person voting also has basically no authentication, and there's been little to no voter fraud incidents
- To commit large scale fraud you'd need to identify a large list of people who definitely are registered and didn't vote in person. You'd then need to request ballots and respond for each person individually. Shouldn't it be very easy to spot a pattern, were someone to attempt this?
My biggest concern would be that it unfairly favors some demographic more than another (which the OP brings up). But that's still better than disenfranchising everyone.
To be honest, I'm fairly impressed with the reaction time and the lack of technophobia on the part of the NJ govt. Its a simple solution that does a lot of good.
No, it probably doesn't matter. Voters are only allowed to cast ballots via email if they've been displaced by the storm (or are a first responder on-site mitigating storm damage), and must request a ballot from their precinct to vote via email. The number of people who will cast these ballots will probably be way below the margin, and all of them will be traceable in the event of a close election or recount.
In-person voting fraud is a non-issue because it's extremely risky and it's self-limiting -- how many polling places could one person possibly hit in a single day? Your time would almost certainly be better spent helping your favored candidate's (legal) get out the vote operation.
"- The number of total votes by email may not be greater than the margin anyway"
You're thinking about the presidential race, which, for NJ, should be decisive. What you're forgetting about are city and state wide campaigns which could be decided by a few hundred or even a few dozen votes.
Sidecomment, but worth noting is that whenever there's debate in Sweden about electronic voting, the biggest opponents are always the Pirate Party. They're the ones who would arguably have the most to gain if their supporters could just do it over the internet, but because they're computer-savvy, they know what an incredibly difficult problem it is.
We'll stick to papers and envelopes and ballot boxes, thank you very much.
To put this in context, I live in New Jersey. I understand the concerns about security with email voting. Though I think the bigger issue will be the lack of power and access to polling stations. Even though power has been restored to the majority of households there are still ~500,000 households without power. Who knows how many polling stations have been affected. In addition many areas have curfews and limited access either because of downed lines, blocked roads, and or flooding. Even with all this I have a feeling few people will be voting via email. I think NJ is just trying to give people as many options as possible because of how large of an impact this storm has had.
Because the problem isn't tallying the votes; it's that a sizable chunk of the electorate is displaced due to the storm and can't get to their polling places.
What I don't understand about NJ's plan is, why don't they just delay the NJ statewide elections? NJ isn't really in contention in the Presidential race; the only tricky election is Menendez's for Senate --- not because he could lose, but because the Senate needs the election wrapped up. Christie isn't up for election, nor (obviously) is Lautenberg.
So they could limit the potential damage/controversy here; let people provisionally vote for President (Romney won't challenge the results; NJ is going for Obama the way Utah is going for Romney), and wait a couple weeks for the rest of it.