Absentee Ballot Cyberhack In Florida Offers Disturbing Lessons About Vote-by-Mail And Internet Voting
Originally posted at The Brad Blog
One month ago, The Miami Herald’s Patricia Mazzei unleashed an excellent investigative report on an attempted series of online cyberhacks of absentee ballot requests prior to last August’s primary election in Miami-Dade County, Florida.
Mazzei’s article describes the mysterious attempt by someone to request more than 2,500 absentee ballots for elections in three different Miami-Dade districts using anonymous proxy Internet Protocol (IP) addresses from foreign countries to hide the real identity of the requester. A grand jury looked into the matter [PDF] of the “phantom” requests, but was hamstrung by the fact that they were not told — the article says it was due to administrative confusion — that the initial IP addresses used to make the absentee ballot requests were actually not from overseas, but local to Miami-Dade. Had prosecutors had that information, they might have been able to zero in on the culprits, rather than close the investigation late last year without identifying a suspect.
The case has now reportedly been reopened, but the length of time since the initial event may have allowed the trail run cold. Hopefully we will find out soon.
Last week, the story suddenly received a lot of fresh attention after it was picked up by NBC News’ Gil Aegerter, who describes what happened as the “first known case” of such a cyberattack on a U.S. election.
Setting aside, for now, the point as to whether this is the first such attack — I’ve reported quite a bit of evidence of several others over the years (the NBC report links to a number of stories I’ve broken on these matters, including one of my stories at ComputerWorld in 2007 describing a malicious virus that struck Sarasota’s contested 2006 special election for the U.S. House where some 18,000 votes ultimately disappeared from the touchscreen voting machines) — there are a few key points and lessons from this story that I’d like to underscore, despite the fact that the mainstream corporate coverage has been pretty decent here for a change.
Additionally, one of several key remaining mysteries in the story — one that I’ve been trying to make sense of over the past several weeks, since learning of the story — may now have an answer, or at least a new and troubling clue.
Potential Clue to One of the Story’s Central Mysteries
Aside from the identity of the failed “bad guy(s)” here, and why the prosecutors weren’t originally notified about the Miami-Dade IP addresses in the first place, there has been another major “unknown” in the story originally headlined by The Miami Herald as “The case of the phantom ballots: an electoral whodunit.”
That “unknown” has been how the scheme was supposed to have affected the elections in question, had it not been discovered and stopped. Since the absentee ballot requests were made on behalf of “infrequent voters” (who would otherwise be unlikely to show up to vote in person), and scheduled to be sent to their normal address, where they are registered, how would anybody then be able to use those ballots to game the elections with fraudulent votes?
“It doesn’t make any sense to me why someone would do that, because you’d still need the person to [vote for you],” said one of the NJ-based consultants for two of the candidates (brothers) involved in two of the races.
“Had the requests been filled,” the Miami Herald’s Mazzei goes on to suggest, “short of stealing the ballots from mailboxes, the campaigns would have been able to flood the targeted voters with phone calls, fliers and home visits to try to sway their vote.”
“Persuade enough of them,” she suggests, “and you might flip the race.”
But that seems a fairly sloggy way to try and have an effect on election results. On Friday, BlackBoxVoting.org’s Bev Harris offers up a more reasonable (and disturbing) scheme that could have been planned here, had the operation not been interrupted before it fully played out.
She points out that the printing and mailing of absentee ballots is generally jobbed out to third-party contractors by election officials. The third parties are given the database of voters who have requested absentee ballots and then they take care of the job from there. Often, the company hired for this job is publicly known and vetted, but that contractor sometimes then hires yet another outfit to do the actual work of printing ballot envelopes and mailing them out to voters.
“If you have a few thousand strategically targeted extra ballots that you know are bogus, and you reroute the database to an off-the-public-record consultant during the print-and-mail phase, you can deliver those ballots anywhere you want,” Harris writes. “They can all be sent to the same address; no one would know.”
“I’m not sure what vendor Miami-Dade County is using to print and mail ballots; some Florida counties use Runbeck, out of Arizona by way of Tampa. But regardless of who they use, it isn’t the Miami-Dade elections people who actually do the mailing. Whoever does the print-and-mail phase has both the absentee request database and total control over where absentee ballots go.”
The scheme, as Harris envisions it, then would require a “bad guy” to make the absentee ballot requests and an accomplice either at the final print-and-mail outfit — or somewhere else along the chain of custody of the absentee ballot database — to change the addresses where those illegitimately requested ballots were to be sent. As prosecutors are said to be looking into this case again, they may want to ask some questions of whoever might have received access to that absentee ballot request database.
See the BBV article for a bit more background on some of the shady players who can be found in the absentee ballot print-and-mailing business, as well as a few more details on potential suspects in the FL case revealed by common threads between the three elections in question.
The several other points that I wanted to flag here are as follows:
Vote-by-Mail is a Terrible Idea
—We have long decried the many perils of absentee balloting and Vote-by-Mail (VBM) elections. This latest FL hack points out just another reason why VBM is always troubling and, far and away, the most frequent place where ballot fraud is known to occur. Republicans love to suggest that (Democratic) voters are committing fraud by misrepresenting themselves at the polling place — thus, draconian, disenfranchising polling place photo ID restrictions are needed, they pretend. But they know they are lying. That type of fraud is incredibly rare. They know that most of this type of chicanery, where it exists, is done via absentee balloting, which polling place photo ID restrictions that Republicans are pushing in state after state, does absolutely nothing to deter.
Adding in the points raised by Harris about how absentee ballot databases are often processed outside of public oversight, and you’ve got another reason to be concerned. Such ballots, she notes, “need never be mailed at all,” if a bad operator decides to game an election in this way.
You Call That a “Safeguard”?!
—The Miami Herald story offered one disturbing revelation that I haven’t seen commented upon elsewhere. Moreover, it’s reported as a “feature,” as opposed to a “bug” in the Miami-Dade online absentee ballot request system.
“There are other safeguards, too,” Mazzei notes in describing how the attack was stymied when the software flagged the suspicious activity as coming from several single IP addresses. “When a voter submits an absentee request online, Miami-Dade doesn’t automatically send a ballot. The request is reviewed by an elections department staffer, who must manually sign off on sending it.”
That is considered a “safeguard”?! I’d consider that very troubling, frankly. It means that one election official can determine whether or not any number of voters actually receive the absentee ballot they’ve requested. It sounds like a great way for a “bad guy” election insider to suppress the votes of just about anybody they may choose.
The Most Disturbing Aspect: The Menace of Internet Voting
—The real message in this story is not about the perils of online registration and absentee ballot requests systems, even though that has, understandably, been at the center of most of the coverage. The real message here is about the dangers of using the internet for voting! The push for online voting has, insanely, been increasing over the past year or so. We’ve taken to describing it as the Internet Voting Virus as it spreads to places like California, where even Democrats are ignoring virtually every world-class computer science and security expert in order to push for this horrible idea.
In the NBC report, a number of the experts we’ve turned to over the years in our own stories and interviews here are quoted trying to offer those same warnings again, in the wake of what happened in the case of the failed online absentee ballot requests.
J. Alex Halderman, the University of MI computer science professor behind the successful remote hack of a mock Internet Voting system, which had been set to be used in a real election in Washington D.C. the following month in 2010, and the hack of a touchscreen voting machine that turned it, literally, into a game of Pac Man, tries to warn that the failed cyberattack in Florida was just the tip of the iceberg.
He explained to NBC’s Aegerter that “an attack somewhat more sophisticated than the one in Florida, completely within the norm for computer fraud these days, would likely be able to circumvent the checks.”
David Jefferson of Livermore National Laboratory, and a member of the Board of Directors at Verified Voting, once again warns, as he has many times here in the past, that the security of electronic voting and registration systems currently in use, as well as the insane schemes currently being used and planned for internet voting, are serious threats to national security. “The legitimacy of government depends on it being impossible for single parties to change the results of elections,” he told Aegerter.
“Whoever did this is clearly capable of engaging in online registration fraud (in states such as Maryland and Washington with weak authentication),” Jefferson told me via email some weeks ago, “or online vote fraud.”
Jeremy Epstein, a senior computer scientist at SRI International, warns about the perils of internet voting in the NBC story as well. “The overwhelming consensus of the computer science community is don’t do it, it’s a bad idea.”
And, finally, Cleveland State University’s election integrity expert and law professor Candice Hoke cut right to the chase, warning that while politicians may see internet voting as a way to increase turnout for their voters and election officials may see such schemes as a way to save money on polling sites, ballot printing costs and manual labor, the real costs to democracy ultimately outweigh everything else.
“It’s cheap,” she said, “if you don’t care whether elections are stolen.”