from the you've-absolutely-got-to-be-kidding-me dept
You may have seen the news over the past few days that displaced New Jersey voters are being allowed to (sorta) vote via email. Or, rather, they would be allowed to vote via email if the state's election officials could manage to act like they know what they're doing. Instead, reports indicate massive amounts of people have been unable to request ballots at the email addresses originally provided. This is causing frustration and confusion across the state, but the real absurdity shows up in Essex County.
Aware of the problems with the official e-mail system, Essex County Clerk Christopher Durkin suggested an alternative option: "Displaced voters can email a request for a ballot at email@example.com," according to a post on the Facebook page of the town of West Orange, NJ. Interestingly, security researcher Ashkan Soltani notes that Durkin's Hotmail address has his mother's maiden name as a "password recovery" question. This means that anyone who can figure out Durkin's mother's maiden name could seize control of his Hotmail account and intercept voters' official ballot requests.I'll be clear in saying that I understand that the situation in New Jersey is a difficult one and I'm sure election officials there are simply trying to do their best under the circumstances. Unfortunately, Durkin's best appears to suck. You simply cannot put something of such importance (voting) in the hands of someone who cannot either provide a working and secure email address for ballot access or, at the very least, take the most trivial security steps on another email address. We all want every citizen to be able to have their voice heard, but not at the cost of massive security risks.