Electronic voting fraud--all the other types

By Andy Oram
October 20, 2008 | Comments: 1

For years we've heard about the risks and failures of electronic voting. But election fraud takes place outside the voting place as well--in fact, a lot of it is aimed at keeping people away from voting places altogether. Today, the Electronic Privacy Information Center, Common Cause, and the Lawyers Committee for Civil Rights Under Law have released comprehensive reports describing schemes found on the Internet that expedite fraud--and how to combat these schemes.

The EPIC report describes actual incidents as well as potential risks, and lists some preventative and recovery measures that individuals and professionals in the field can take.

The Common Cause report describes applicable state and federal laws, and suggests changes to combat the fraud.

Voting fraud is largely based on the same two aspects of Internet use that underlie other violations of privacy and personal rights: data collection and disguising the origin of information.

Collecting and cross-linking data on individuals

Political organizations over the past decade have adopted the same targeting tactics used by companies on their customers: they preserve as much demographic data as possible about individuals and build up profiles by combining data from many sources. Most of this is legal and non-fraudulent, however uncomfortable you might be about having so much sensitive data in the hands of people who aren't looking after your interests. But the same data collection can help identify targets for scamming.

Traditional scams focused on particular neighborhoods, such as passing out leaflets meant to scare immigrants in neighborhoods with large Latino or Asian populations. Internet data collection allows similar scams with more effective targeting.

Grassroots Journalism By the People, For the People

We the MediaWe the Media — In We the Media, nationally acclaimed newspaper columnist and blogger Dan Gillmor shows how anyone can produce the news, using personal blogs, internet chat groups, email, and a host of other tools. He tells the story of this emerging phenomenon and sheds light on this deep shift in how we make--and consume--the news.


The possibilities in the EPIC report verge on the paranoid: they envision ISPs snooping on their users' traffic and altering it or collection data from it for voting-related attacks. Carefully constructed web sites can attract certain types of voters--for instance, by offering a book about some narrow political issue that excites the "base." They can collect the IP addresses of visitors and link it to other databases.

Disguising the origin of information

The Internet casts a cloak of anonymity over communications ranging from email to registrations on social networks and gaming sites. Possibilities go far beyond rumor-mongering, such as the famous email claiming Barack Obama was a Muslim.

Social networks encourage people to form groups based on very loose associations and to share their personal information on such groups. This opens the door both to misleading campaigns and to harvesting of personal information.

For instance, a small but disciplined group of people could join a candidate's site and then spring some false information shortly before the election. If they make it look like several uncoordinated individuals supported the claims, the rest of the group may believe it.

Opponents of a candidate or a cause can even set up a group that claims to favor it. They can then pass out false information at a crucial time, such as the day before the election. This resembles auction scams, where a seller offers many low-cost items and builds up a good reputation before cheating someone with a high-cost item.

Voice over IP opens ways for people delivering false information to appear on Caller ID as legitimate sites.

Good old phishing and pharming attacks direct people to fake sites for voting information or registration. An indirect and more sophisticated version of such techniques infects a user's computer and then alters the search terms submitted to a search engine, the user's browser history, or even the hosts file used to look up domain names.

Most phishing and spam laws focus on financial scams; the Common Cause paper advises extending the laws to punish people who pretend to offer government functions such as voting information.

The special challenges of voting

Voting is perennially frustrating and fascinating. It's fundamental to the functioning of society, but most people pay hardly any attention to the candidates or the issues, and devote minimal time to voting. ready pool of victims.

One example of this on the Internet involves search results. Because search is the entry point to information for most Internet users, it also becomes a target for people with misleading information. Besides standard SEO techniques, such as using meta-information to come up high in rankings, organized groups can coordinate links in order to make particular pages come up artificially high. A relatively benign example was the "miserable failure" campaign The EPIC report recommends that voting officials, candidates, and interest groups view search engine results regularly.

Another aspect making voting so subject to manipulation is its time-sensitivity. There's no recourse if a problem is discovered with a ballot, a voting machine, or a person's registration on the day of the election. Similarly, if you post something to a blog or send out an email shortly before the election, your opponent may not be able to react effectively.

Recognizing this, a Nevada statute set up an expedited process for a candidate to report false claims and get a ruling. However, the process turned out to be too expedited, according to the Common Cause report. Because it didn't leave enough time for deliberation and accurate rulings, a court overturned the law.

The people who will read the EPIC report are not the ones who most need the information; we already are intensely involved in the election process. But we need to keep our knowledge current with that of the scammers. Two years from now, the next major election will probably turn up a new generation of scams.


You might also be interested in:

1 Comment

Elections are one of the more complicated events of modern political discourse.
It is not the paranoia that drives the need for election protection, but history. This May EPIC held a tutorial on E-Deceptive Campaign Practices after noting incidents in both the Democratic and Republican primary and caucus elections.

Deceptive North Carolina robo calls (http://www.pamshouseblend.com/showDiary.do?diaryId=5228)
Iowa e-mail deception against Romney http://www.politico.com/blogs/jonathanmartin/1107/Another_dirty_trick_against_Mitt_in_Iowa.html,
Kentucky’s Secretary of State warned voters against fake political Web sites:
http://www.sos.ky.gov/secdesk/mediacenter/coverage/article73.htm
Hacker Redirects Obama Web site to Clinton’s
http://news.netcraft.com/archives/2008/04/21/hacker_redirects_barack_obamas_site_to_hillaryclintoncom.html

CFP Tutorial Web page: http://www.cfp2008.org/wiki/index.php/E-Deceptive_Campaign_Practices:_Elections_2.0

As always the best defense is a great offense – this is also true for voting information services. EPIC continues the important work of identifying tactics and pursuing strategies to enhance election information security.

News Topics

Recommended for You

Got a Question?