Earlier today, I tweeted that “voting by mail is a huge privacy and security risk, and states should be discouraging it a lot more.” This generated a number of confused responses, so I thought I’d elaborate a bit.
When thinking about security issues, it’s important to understand what your “threat model” is. If you’re trying to secure your company against fraudulent behavior by customers, you’ll take very different steps than if you’re worried about an unscrupulous employee.
There are (at least) two basic threats to a voting system. One is that people will be allowed to vote when they’re not entitled to. This might be because they’re non-citizens, convicted felons, residents of another jurisdiction, have already voted, etc. Another threat is that a voter will be enticed or coerced into casting a vote that’s different from his or her true preference.
These are different problems, both conceptually and practically. We use a variety of methods for protecting against the former threat, including voter registration, checking IDs or proof of registration, recording the reported names and addresses of people who vote, and so forth. The primary defense against the latter is the secret ballot: since no one knows how you voted, no one can coerce you into voting in a particular way.
The former threat has gotten all the attention because Republicans in recent years have worked hard to portray it as a growing problem. (Claims my colleague Jim Harper has greeted with skepticism) They’ve pushed for rules that (among other things) require a photo ID to vote. The debate is intensely partisan because everyone understands that the people most likely to be disenfranchised by such legislation (or in the Republican version the ones most likely to commit voter fraud) are likely to vote for Democrats.
Anyway, that’s not what I was talking about. To the contrary, vote-by-mail is probably more resistant to voter fraud than some traditional voting schemes because they create a fairly extensive paper trail. Rather, my point was about the effect of vote-by-mail schemes on voter secrecy. Imagine if an employer, who everyone knew to be a Republican, required his employees to request absentee ballots and show them to him before they were submitted. Think of an abusive husband who insists that he and his wife fill out their ballots together. Or imagine a political operative going around a low-income neighborhood paying people $50 if they let him fill out their ballots for them. This kind of corruption is very hard for voting officials to detect. And more insidious, voters themselves may not even realize that it’s unethical.
Now, there are some circumstances, such as soldiers stationed overseas, where absentee voting is unavoidable. But traditionally, to get an absentee ballot you had to give a specific reason that you would be unable to make it to your regular polling place on election day. But in the last couple of decades a growing number of states are dropping these restrictions, allowing anyone to vote by mail without giving a reason. And the states of Washington and Oregon are moving towards mail-in voting as the default option. Although this is moderately more convenient for voters (and election officials!), the effective abandonment of the secret ballot is too high a price to pay.