Iowa has only dipped its toe into the vortex of email voting. Other states are diving in because it sounds so convenient. They should step back if they want their ballots to be secure.

Here's computer security expert David Jefferson, writing two weeks ago:

I am very concerned about the widespread push toward Internet voting in the U.S., of which email voting is just one kind. Neither the Internet itself, nor voters’ computers, nor the email vote collection servers are secure against any of a hundred different cyber attacks that might be launched by anyone in the world from a self-aggrandizing loner to a foreign intelligence agency. Such an attack might allow automated and undetectable modification or loss of any or all of the votes transmitted.

While all Internet voting systems are vulnerable to such attacks and thus should be unacceptable to anyone, email voting is by far the worst Internet voting choice from a national security point of view since it is the easiest to attack in the largest number of different ways.

Jefferson goes on to list some of the pitfalls beginning with lack of privacy. Iowa allows return of ballots by email only for people in war zones. We require the voter to acknowledge in writing that he understands his ballot is no longer secret.

But Jefferson goes on to list more pitfalls Iowa is not acknowledging: Vote manipulation while in transit, malware being attached to the email ballot, server attacks, denial of service attacks, etc.

He is not expecting things to get more secure in the future:

These facts will not change: These vulnerabilities are facts about email voting. They are fundamentally built in to the architecture of email, of the Internet itself, and of the PCs and mobile devices that people vote from, and are not going to change for as far ahead into the future as anyone can see. Anyone’s security claims to the contrary should be treated with extreme skepticism. No amount of encryption (even if it were used for some parts of the voting infrastructure), no amount of firewalling, no use of strong passwords or two factor authentication, no amount of voter signature checking, and no other security tricks of the trade are sufficient to materially change these facts.

All the same problems apply to ballots returned by FAX, Jefferson says.

Iowa Secretary of State Matt Schultz is warning about unauthorized voting. He claims–without evidence–that Iowa should fear impersonators at the polling place. He thinks he can prevent this by requiring voters to produce photo ID cards. He says this will make our elections more secure.

If this is not just a voter suppression scheme, if he really worries about secure voting, he should hold the line against email voting.

cross-posted at IowaVoters.