Every state is required by the federal Military and Overseas Voters Empowerment Act (the “MOVE Act”) to provide blank absentee ballots to military and overseas voters (“UOCAVA voters”) in at least one electronic format—email, fax or online delivery system. And, every state must do so at least 45 days before an election. This year, that deadline is September 19, 2020.
This federal requirement is limited to sending blank ballots to voters. The MOVE Act allows each state to direct how these ballots are to be returned. Currently, 35 states and territories have gone beyond the federal requirement to allow UOCAVA voters to submit their voted ballots electronically (email, fax or online) as well. This leaves 20 states that require return via post.
This year, postal delivery and consular pouches from abroad will be significantly delayed, and in some cases altogether unavailable. Hundreds of thousands of UOCAVA ballots will be received too late to be counted. What can states do to enfranchise their overseas voters in time for the November 2020 election?
The best solution is to allow and enable ballot return via email. Twenty-six States already allow emailed ballot return, which attests to its efficiency and relative security; even more states are moving in that direction as a result of the COVID-19 pandemic. In July 2020, Vermont amended its procedures to allow for the email return of ballots from countries that do not have reliable postal service to the United States. In mid-August Rhode Island also shifted its requirements, allowing UOCAVA voters to return their ballots by email rather than fax, Missouri has recently confirmed that it will extend the practice they adopted during their primary and allow email ballot return, and Iowa has also moved to email ballot return. Wyoming is working with its counties to provide either fax or email ballot return for their overseas voters.
No state in the US handles more ballot returns by email than Washington State, which transmitted more than 100k ballots to UOCAVA voters in 2016.
King County, Washington, for instance, has assembled a nonpartisan “Alternative Format Ballot Team” within the Elections Administration section to handle email and faxed ballots. The team has its own procedures, guidelines and training; most are paid staff who work for 2-3 weeks during each election season. The team maintains a secure email account to which voters can email their ballots as attachments; the account is completely separate from the broader state election network to mitigate system infiltration.
During election season, the team monitors the email account regularly. When a ballot is received, team members manually download each ballot from the email account, save it to a folder and print it according to their procedures. They also check spam and other background folders to ensure that no ballots are inadvertently sorted there. Voter authentication is generally ensured by signature verification. Once a ballot is received, printed and stored, the signature is compared to the one on record for that voter. In addition, each ballot has a unique serial number which is connected to that ballot and voter. Once authenticated, the printed ballots are fed into the tabulating process just as any ballot received via postal mail. The same basic process is replicated in Oregon and other email states.
Compared to more complicated online voting portals (such as in West Virginia) the security considerations for email ballot return are relatively straightforward. The largest risk vector is attachment security, i.e. someone intercepting an emailed ballot after it is sent by a voter but before it is received by the state elections account. The two manifestations of that risk are (1) election system infiltration from an intercepted ballot and (2) illicit changes to an intercepted ballot - but these risks are small. To protect against the former, most states already have cybersecurity software that performs a threat scan on all incoming attachments; separating the UOCAVA computer from the broader state election system can further mitigate this risk. Regarding the latter, a one-off opportunity to affect a single ballot is simply not the sort of risk that usually materializes. The larger risk in electronic submission would come from a denial of service attack, which would overwhelm election systems and prevent voted ballots from getting through. DNS attacks are very noticeable events, however, and allow election officials the opportunity to respond with other delivery options.
Privacy considerations also arise with emailed ballots. To be sure, such ballots will not remain private and anonymous, but voters who decide to vote by email are informed and must expressly agree to this as a trade-off for a guaranteed counted vote transmitted with ease. In Oregon, for instance, voters must sign a secret ballot waiver form when voting by email. In King County, Washington, there is an affirmative statement to this effect on the online ballot form. States can also decide to compartmentalize the downloading, printing, authenticating, and counting of emailed ballots, thereby reducing the election personnel exposed to email voter identities.
The additional costs of implementing an email ballot return system is minimal. Every state already has online voter registration systems, so they also already have certain electronic security protocols in place. Every state already has some personnel to review, authenticate and tabulate UOCAVA votes received via mail, as well. The only additional cost of allowing emailed ballots is the cost of maintaining and checking a separate email account; saving and printing the attachments; and tabulating more votes—which should be the ultimate goal of any election process.
In the end, all forms of voting carry risks that may be outweighed (or not) by the practicality of enfranchising voters. In 2020, voters face obstacles that have never before been fully appreciated—e.g. the health risk of in-person voting, the disruption of postal services around the world, and the uncertainty of diplomatic pouches. So this year, states that have been slow to modernize their voting methods need to weigh these real and proven obstacles (and guaranteed voter disenfranchisement of several million voters) against the potential cyber risks that would follow from allowing these voters to exercise their right via email—just as a majority of states already allow.