Fax transmissions can be relatively secure, but faxed ballots may be left unattended "for several hours," the report says. "Fax machines would likely be left in a room at the election office receiving faxes throughout the day," the report says. "This gives would-be attackers time to view sensitive personal information or destroy valid registration forms."

E-mail can be intercepted or blocked, the report adds. "E-mail does not provide any guarantee that the intended recipient will receive the message," the report says. "An attack on DNS [Domain Name System] servers could route e-mails to an attacking party. This would not only result in voter disenfranchisement, but also the loss of sensitive voter information."

While there are no reports of such an attack being successful, a recent vulnerability was discovered in DNS servers that could have been used to create such an attack, the report says.

There are also a number of less sophisticated attacks that could disrupt e-mail voting, the report says. "A denial-of-service attack could flood election officials with a massive number of fraudulent e-mails," the report says. "The number of e-mails could quickly overwhelm the election official’s e-mail server, preventing legitimate registration forms from reaching election officials."

Web-based voting could use encryption to guard against data leaks, but denial-of-service attacks powered by botnets are still a potential problem. "A successful denial-of-service attack would overwhelm the election Web server with traffic, preventing legitimate voters from sending registration and ballot request materials," the report says. "It is very difficult to protect against denial of service attacks from an attacker with a large amount of resources."