Schneier on Security

A blog covering security and security technology.

« The Security of Checks and Balances | Main | Getting Out the Vote: Why is it so hard to run an honest election? »

October 29, 2004

Mail-in Ballot Attack

Ampersand lives in Oregon, which does its voting entirely by mail. On Monday -- the day a lot of Oregon voters got their ballots -- someone knocked over Ampersand's "No on 36" sign and stole his mailbox, presumably hoping to get his ballot and prevent him from voting "no" on Amendment 36. In fact, he'd happened to receive his ballot the previous Saturday, but it could easily have worked.

From "Alas A Blog"

On Monday, someone came into our yard, knocked over our "No on 36" sign, and stole our mailbox (with Monday's mail inside it).
I doubt this was just random vandalism; Oregon mailed out voter ballots last week (Oregon does the vote entirely by mail), and a huge number of Oregonians got their ballots on Monday. So I think someone grabbed our mailbox and ran hoping that they'd get our ballots and thus keep us from voting against measure 36.

I doubt this was part of any widespread effort. Surely anyone doing it on a large scale would get tired of hauling off mailboxes, and just steal the mail inside. It's also hard to avoid getting caught, since you have to steal the mail during the day -- after it's delivered but before the resident comes home to get it.

Still, it is interesting how the predictably timed mailing of ballots, and the prevalence of political lawn signs, enables a very narrowly targeted attack.

Posted on October 29, 2004 at 2:12 PM • 6 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

Israel Torres • October 29, 2004 3:29 PM

this is a prime example of how simple the mechanisms in play are with almost anything done on a mass scale. This includes drivers licences, social security cards, credit cards, receiving boxes of checks, packages (ups/fedex)... the original design was to make it easy not secure. So when someone puts it together that it really is this easy to screw over "a system", and maybe even "the system" and that opportunity presents itself to benefit the exploiter then it is an action hard to deny oneself. Sure, it doesn't make it right. But perhaps it shouldn't be made to make it so easy. And enter catch-22.

Israel Torres

Tim Maddux • October 30, 2004 8:50 AM

Oregon county election officials will mail a replacement ballot to you if you call them, or you can go to the county election office and pick it up. Which is a hassle, but not as lousy as having your mailbox stolen.

davee • November 1, 2004 6:10 AM

It always amazes me that mailboxes are *outside* the confines of the house in many places in the US. We have a 'letterbox' here in the UK and this means that all post comes straight into the house on delivery. *grins*

Randall Smith • November 1, 2004 1:56 PM

I agree with davee that residential mailbox security is amazingly lax in the U.S. Most suburban mailboxes don't even lock, leaving both incoming and outgoing mail wide open to thieves (as far as I can tell, they basically are designed solely to keep the mail from blowing away!).

I was actually happy to live in a high-density residential area where we have a joint mailbox at the end of the street which is locked (the mail carrier has a master key that opens the whole thing to put in the mail, and the residents have individual keys that open up individual boxes). However, last weekend someone took a crowbar to the box, pried it open, and stole everyone's mail. The Post Office said there had been several similar attacks that morning, so evidently it was a ring of some kind.

It seems like the USPO is way behind the curve on this problem, and needs to be advancing both procedures and products (locking boxes for individual residences, e.g.) to secure the transfer of mail between carrier and recipient.

Larry Spencer • December 7, 2004 4:03 PM

If you want to eliminate the worry of mail theft, check out this mailbox! It's a tank. I think the only way to break into it is to take the whole thing. http://www.seattleluxe.com/cgi-local/...

Kay • November 5, 2006 3:05 AM

I'm with the British. The only way to actually stop the theft is to have the mail carrier put the mail through the door slot. We used to do this, once upon a time. It was switched to mailboxes at one point and then switched to the mass lockboxes. All this was done for the convenience of mail carriers. While I appreciate that, I think if we are going to leave mail theft as a federal offense, than we should focus on the process being secure, instead of convenient. FYI - the lockboxes are a favorite target of mail thieves because they can swipe masses of mail in one fell swoop. It's a common theft problem. I moved to a townhome complex when I downsized my home. Every few weeks there is a message from the mail carrier saying that the boxes were found open. I have used my key to open my box and had the whole thing swing open. So, it's either home delivery through the slot or we all have to drive down to the Post Office for one of their boxes - and you have to pay for those...

Post a comment

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

Subscribe via Kindle

Blog Menu

Search

Powered by DuckDuckGo

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D