August 5, 2021

Archives for May 2021

Accommodating voters with disabilities

Citizens with disabilities have as much right to vote as anyone else, and our election systems should fully accommodate them. In recent years some advocates have claimed that electronic ballot return, in other words internet voting, is needed to accommodate voters with disabilities. But internet voting is dangerously insecure–in the context of U.S. public elections there is no known technology that can secure vote-by-internet against hacking by insiders or outsiders. So it is worth asking the voters themselves, how they vote and how they want to vote. And it turns out, most voters with disabilities voted by mail-in paper ballot in 2020, and want to continue voting that way.

Currently in the United States, out of 245 million adults, approximately:
3.6 million are in wheelchairs,
6.7 million have difficulty grasping objects,
20 million are visually impaired,
1.8 million are legally blind;
and in all about 35 million report having some kind of disability.

A recent report by Professors Lisa Schur and Douglas Kruse of Rutgers University, “Disability and Voting Accessibility in the 2020 Elections,” provides very useful information. Voting difficulties for people with disabilities declined markedly from 2012 to 2020, mostly because of the large pandemic-related shift to mail-in ballots. 83% of voters with disabilities voted independently without any difficulty in 2020; and 89% were able to vote (independently or with assistance) without difficulty; this compares to 94% of voters without disabilities who were able to vote without difficulty.

The percentage of voters who said that voting at a polling place was “very easy” was almost identical in 2020 between voters with and without disabilities (82% versus 83%). The percentage who said voting on mail-in ballots was “very easy” was also almost identical (79% versus 81%). However, only 64% of those with vision impairments said it was “very easy” to vote by mail.

Regarding the ability to vote independently, only 6% of voters with disabilities needed assistance at a polling place, and 5% needed assistance completing their mail-in ballot; but 11% needed assistance in returning the ballot. 16% of voters with vision impairment needed assistance in the polling place. Of all voters with disabilities who needed assistance in the polling place, only 83% actually received assistance.

The turnout gap

Almost all of these numbers were significantly better in 2020 than in 2012. Either the U.S. has made progress in accommodating voters with disabilities, or the general shift to mail-in ballots accommodates the needs of those voters, or both. In 2020, people with disabilities voted at a 7% lower rate than people of the same age without disabilities.

Voting by smartphone or computer

About 8% of voters with disabilities want to vote fully online by smartphone or computer, compared to 12% of voters without disabilities. Among voters with vision impairment, only 2% wanted to vote this way. Among nonvoters, 27% of those with disabilities (9% of those with vision impairment) and 20% of those without disabilities want to vote online.

Some states offered the option in 2020 of receiving a ballot online, filling it out on the computer, printing it, and mailing the paper ballot. (Or, receiving the ballot online, printing it, marking it with a pen, and mailing it.) This form of remote accessible voting (RAV) is regarded by experts as securable enough in principle* to be used in public elections (see the NASEM report or the CISA report). About 4% of voters with disabilities and 10% of nonvoters (with or without disabilities) would like to vote this way. Professors Schur and Kruse speculate that these small percentages may be because of “lack of familiarity” with this method that “has promise for enabling people with vision impairments to vote confidentially at home.”

Analysis

Electronic ballot return (EBR)–casting ballots over the internet–is known to be insecure, and not securable by any known technology. Many people would like to vote, paperless, on their computers or smartphones–and if were possible to do so securely and fairly and with equal access, I might want to as well.

Even though it’s impossible to make secure, the argument is sometimes advanced that we need EBR to accommodate voters with disabilities. But the Rutgers opinion surveys (quoted above) show that voters with disabilities are less likely than other voters to want this.

You might argue, nonvoters with disabilities need this in order to become voters. But the Rutgers opinion surveys show that nonvoters with vision impairment are less likely to want EBR than other nonvoters. And nonvoters with other disabilities are about as likely to want EBR as nonvoters without disabilities. So I think these arguments–that voters with disabilities want and need EBR—are unsupported by evidence.

Conclusions

This survey data about the actual experiences and preferences of voters with and without disabilities shows that improvements in U.S. election procedures and systems, and the motivation of people with disabilities to vote, have made significant improvements: both in the rate of voting (by people with disabilities) and the ease of voting (in person and by mail).

While we all would appreciate the convenience of internet voting if only it were possible to do that reliably and securely, the proportion of people with disabilities who wish to vote by internet is not appreciably different than the proportion of those without disabilities; and a significantly smaller proportion of voters with visual impairments want to vote that way. So it seems that those voters are not correctly portrayed by the National Federation for the Blind, which has been lobbying hard for electronic ballot return. But recently the NFB has agreed** that EBR is not necessary for a “fair, reasonable, and adequate” system of remote accessible voting, so that’s progress.

What next?

Noel Runyan, a California computer scientist and voting expert who is legally blind, writes [with my explanations in brackets],

Instead of resorting to more uncontrolled use of electronic ballot return (EBR), election reform bills such as S.1. should focus on encouraging and providing funding for effective ways to address the needs of voters with disabilities. For example, several concrete activities for which S.1. could provide grants are:
1.        Independent testing and reporting about the security and usability of remote accessible voting systems. [That is, systems that allow the voter to download a ballot, mark it using an accessible interface, print it, and mail it; these are securable in principle but some vendors’ products are insecure or really difficult to use.]
2.        Development of scanning apps for accessible verification of paper ballots with ballot mark-sensing optical character recognition (OCR). [That is, suppose a blind voter uses a ballot-marking device or computer to mark a ballot, which then gets printed out for ballot-return, to avoid the severe insecurities with electronic ballot return. The voter would like to be able to use a smartphone app to see what’s printed on the ballot. Such apps already exist for many kinds of documents, but what’s needed is an app that can understand the concept of “filled in ovals” that indicate votes, and correlate them to the candidate names.]
3.        Support and guidelines for different types of mobile voting, including: bringing ballots and portable voting equipment to senior centers and retirement facilities, and “Go-to-Voter” services where election officials bring portable accessible voting directly to individual voters (most Oregon counties provide such service).
4.        Improving accessibility of pre- and post-election related information, more accessible county election websites and Personalized Election Results (PER) summarizing election results based on the voter’s own precinct. [That is, some text-based web site designs are readily accessible to blind voters through the use of screen-reader browser plug-ins, but other web sites that rely heavily on graphics and images without alternate text can be difficult or impossible to interpret with screen-reader plugins. This problem plagues both commercial websites (online shopping) and noncommercial web sites (county election web sites), and there are many things that election administrators could do to improve the accessibility of their web sites.]

[Noel Runyan continues,] I’d like to see improvements to voting accessibility for all voters, and especially for those with disabilities. But we can do that without having to trade away privacy and security for the assumed benefits of EBR for a few.


Footnotes.

*In principle it can be adequately secure to deliver unvoted ballots to voters by electronic means, for the voter to print and mark at home and mail back on paper, or mark on a home computer and then print and mail. The reason it’s securable is that the voter can verify what’s printed on the paper, and it’s the same piece of paper that will be counted by the voting machine or in a recount or audit. But actual implementations of this voting mode–actual “remote accessible voting” products offered by certain vendors to states and counties–are not necessarily secure. See this article.

** The NFB has lobbied in many states and in the U.S. Congress for electronic ballot return (that is, internet voting), and has sued many states. However, in 2020 the NFB of Virginia’s lawsuit against the State of Virginia led to a consent decree in which the NFB and State agreed on a system of remote accessible voting (RAV) that includes, among other things: “[Virginia] will make available to all localities a tool that will allow print disabled voters to electronically and accessibly receive and mark absentee ballots using screen reader assistive technology (the Ballot Marking Tool). … Any voter who utilizes the Ballot Marking Tool shall still be required to mail or physically return their absentee ballot to the relevant general registrar. … The agreement represents a fair, reasonable, and adequate resolution of this dispute and is squarely in the public interest.”

Phone number recycling creates serious security and privacy risks to millions of people

By Kevin Lee and Arvind Narayanan

35 million phone numbers are disconnected every year in the U.S., according to the Federal Communications Commission. Most of these numbers are not disconnected forever; after a while, carriers reassign them to new subscribers. Through the years, these new subscribers have sometimes reported receiving calls and messages meant for previous owners, as well as discovering that their number is already tied to existing accounts online

In this example from our study, the phone number (redacted in the screenshot) had a linked Facebook account but is available to Verizon subscribers through the online number-change interface.

While these new owner mixups may make for interesting dinner party stories, number recycling presents security and privacy issues as well. If a recycled number remains on a previous owner’s recovery settings for an online account, the adversary can obtain that number and break into that account. The adversary can also use that phone number to look for your other personally identifiable information online, and then impersonate you with that phone number and PII. These attacks have been talked about through anecdotes and speculation, but never thoroughly investigated.

In a new study, we empirically evaluated number recycling risks in the United States. We sampled 259 phone numbers available to new subscribers at two major carriers, and found that 215 of them were recycled and vulnerable to either account hijackings or PII indexingthe two scenarios we described prior. We estimated the inventory of available recycled numbers at one carrier to be about one million, with a largely fresh set of numbers becoming available every month. We also found design weaknesses in carriers’ online interfaces and number recycling policies that could facilitate number recycling attacks. Finally, we obtained 200 numbers from both carriers and monitored incoming communication. In just one week, we found 19 of the 200 numbers in the honeypot were still receiving sensitive communication meant for previous owners, such as authentication passcodes and calls from pharmacies.

The adversary can focus on likely recycled numbers…
…while ignoring possibly unused numbers.

Phone number recycling is a standard industry practice regulated by the FCC. There are only so many valid 10-digit phone numbers, which are allocated to carriers in blocks to individually assign to their subscribers. Eventually, there will be no more blocks to allocate to carriers; when that happens, expansion will essentially be capped. To prolong the usefulness of 10-digit dialing (think of all the systems that need replacing if we suddenly switch to 11 digits!), the FCC not only has strict requirements for carriers requesting new blocks, but also instructs them to reassign numbers from disconnected subscribers to new subscribers after a certain timeframe (45 to 90 days). Number recycling is one of the reasons we have been able to put off this doomsday scenario from 2005 to beyond 2050. It is also the reason vulnerable numbersand number recycling threatsare so prevalent.

In our paper, we recommend steps carriers, websites, and subscribers can take to reduce risk. For subscribers looking to change numbers, our primary recommendation is to park the number to use as an inexpensive secondary line. By doing so, subscribers can mitigate some of the threats from number recycling. Last October, we responsibly disclosed our findings to the carriers we studied and to CTIA—the U.S. trade association representing the wireless telecommunications industry. In December, both carriers responded by updating their number change support pages to clarify their number recycling policies and remind subscribers to update their online accounts after a number change. Although this is a step in the right direction, more work can be done by all stakeholders to illuminate and mitigate the issues.

Our paper draft is located at recyclednumbers.cs.princeton.edu.