Reeling from the devastation of Hurricane Sandy, the state of New Jersey has taken the unprecedented step of allowing displaced voters to cast their votes by e-mail in Tuesday's elections. While New Jersey law has previously allowed electronic submission of ballots by voters overseas, the new program could involve a much larger number of voters. And it's being implemented with much less time to get the details right.

In a directive issued over the weekend, Lieutenant Governor Kim Guadagno announced anyone displaced by the hurricane would be considered an overseas voter for legal purposes. These voters will be allowed to request a last-minute absentee ballot by e-mail and submit the completed ballot by e-mail as well. As a security precaution, New Jersey law also requires that a hardcopy of the same ballot be sent by air mail to county election officials.

Matt Blaze, a computer security expert at the University of Pennsylvania, cataloged all the ways this scheme could go wrong. "Aside from the inherent security issues with e-mail, the rushed pace creates the biggest challenges here," he wrote on Sunday. "Each county now has to work at breakneck speed to develop robust processes for voter outreach, managing ballot requests, processing e-mailed ballots and secrecy waivers, etc."

"Basically, each county has less than two days to figure out how to design and deploy a full-scale voting system that the loser of each race will have considerably more than two days to figure out how to challenge."

Scaling problems

"Systems that work on a small scale almost never work without significant change at a large scale, and the problems of 'scaling up' are often invisible until it is too late to do anything about them," Blaze wrote. "Even if e-mail voting has been used in the past for a relatively small number of overseas and military voters (voting under non-emergency conditions and with plenty of advance planning), the large number of newly displaced voters requires engineering new processes for informing voters about the process, processing their e-mail applications, and receiving, recording, and counting their completed ballots."

Blaze points out that e-mail voting is vulnerable to all of the same problems as garden-variety Internet voting. The computers used to submit the ballots are potentially susceptible to malware, and the mail servers used to receive the ballots are potentially hackable. Online elections undermine the secret ballot, a problem made even worse by the requirement to compare the electronically-submitted ballot to its paper counterpart.

And the rush to implement the system in a matter of days could easily lead to additional problems: overloaded servers or county personnel, unforeseen technical glitches, voters whose votes are invalidated because they misunderstand the rules and fail to complete all the steps needed to cast a valid vote.

Ed Felten is a computer scientist at Princeton who has done key e-voting research, and he shares Blaze's concerns. But in a Sunday blog post, Felten argued the state's plan may be the best of some bad options.

"I am in no way a fan of online voting," Felten wrote. "Just last week I hosted an online symposium where experts talked about the many barriers to secure online voting. But under these circumstances I can understand why the State has taken the steps it has." Still, Felten says he would "strongly oppose any long-term move toward online voting."

If you're a displaced voter in New Jersey, voting by e-mail is not your only option. Blaze notes that voters also have the option to cast their vote at an alternative polling place anywhere in the state. This approach has some problems of its own, but it has "the significant advantage of following an established, existing process that uses a paper with a physical chain of custody." Blaze recommends that "NJ residents who can't get to their normal polling places should probably try to vote in person by provisional ballot first, and only if that fails for some reason resort to the riskier and less certain e-mail voting method."