What is “internet voting”?
“Internet voting” is often called “electronic ballot return” and means returning a voted ballot over the internet — including via mobile apps, email, fax, or via a website.
Is there any evidence that internet voting is secure?
No. Many credible cybersecurity experts warn that internet voting is unsafe and, if implemented, makes U.S. elections easy targets for attackers who seek to change election outcomes or sow distrust in our democracy. In its 2018 consensus report, Securing the Vote, the National Academies of Sciences, Engineering and Medicine stated bluntly:
At the present time, the Internet (or any network connected to the Internet) should not be used for the return of marked ballots. Further, Internet voting should not be used in the future until and unless very robust guarantees of security and verifiability are developed and in place, as no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.
Similarly, in the lead up to the 2020 General Election, the Department of Homeland Security and three other federal agencies told states and election officials that electronic ballot return “creates significant security risks to the confidentiality of ballot and voter data (e.g., voter privacy and ballot secrecy), integrity of the voted ballot, and availability of the system. We view electronic ballot return as high risk.”
Does internet voting keep a voter’s ballot private?
Every voter has the right to vote privately, but a voter’s identity must also be confirmed to ensure no one else votes in their name. This combination of privacy and identification is impossible with current internet voting technology. Internet voting exposes voters to widespread privacy violations by taking advantage of the fact that online voters must transmit their names with their votes. These privacy violations compromise a voter’s right to a private ballot.
Can election officials conduct an audit of an election if internet voting is the primary voting method?
Voter-verified paper ballots are considered the most secure way of voting. These paper ballots can be audited and recounted to confirm election results. In contrast, ballots cast via the internet cannot be meaningfully audited. Even if an election official prints an electronically received ballot, the voter never interacted with the printed copy and cannot verify it is correct, meaning the printout cannot reliably document voter intent.
What types of attacks threaten the security of votes cast over the internet?
No internet-connected system of any kind, let alone a voting system, is invulnerable to attack, whether the votes are transmitted by email, fax, a web portal, or via a mobile app. Vulnerabilities include:
- Voter authentication attacks (forged voter credentials)
- Malware on voters’ devices (malicious code hidden in apps or software updates) that can modify votes undetectably
- Denial of service attacks (slowing or crashing the system by overwhelming it with traffic or taking advantage of a bug)
- Server penetration attacks (remote break-in and control of the election server)
- Spoofing attacks (directing voters to a fake voting website instead of the real one)
- Voter coercion through automated vote buying and selling schemes (payment in exchange for votes)
What makes internet voting less safe than everything else I do on the internet?
While voting from a phone might sound nice, current internet voting technology does not allow votes to be both verifiable and untraceable back to the individual voter. A jurisdiction could track a voted ballot back to the voter via an IP address, email address, or the submitted email attachment. This limitation is not a problem for services like mobile banking and e-commerce, where online transactions should be traceable to individuals.
The security of the actual device that voters cast their votes on is also unknown. The voter’s device may already be corrupted with malware or viruses that could tamper with a ballot, interfere with ballot transmission, or even spread that malware to the elections office computer that receives the online ballot.
Who regulates internet voting?
Unlike physical voting equipment, there are currently no federal standards, testing, or certification procedures to regulate internet voting systems.
But internet voting vendors say their systems are secure.
Vendors of online election systems have a strong interest in selling their products. Through their public relations, marketing, and lobbying efforts, they consistently downplay the inherent risks of internet voting. The fundamental threats to internet voting systems currently have no strong solutions. Click here to see studies and security assessments conducted on these systems.
What about blockchain?
Blockchain is marketed by internet voting vendors as an adequate solution to internet voting vulnerabilities, but votes stored on a blockchain are susceptible to tampering before they enter the blockchain. Blockchain technology is designed to keep information secure after it is received and cannot defend against the multitude of threats to that information before it enters the blockchain. Voters cannot verify their votes are entered into the blockchain correctly without compromising ballot secrecy. Recording ballots on a blockchain also risks ballot secrecy if encryption keys are not properly protected or software errors allow decryption of individual ballots.
What secure, accessible options are available for voters?
Every voter has the right to vote privately and anonymously, and know that their votes were counted as cast. With the right resources, jurisdictions can conduct elections safely and securely for all voters. Recommendations for making voting more accessible include:
- Sending an electronic blank ballot that a voter can mark, print, and verify with assistive technology and then print and return to the elections office via mail or at a drop box
- Making mail ballots more compatible with various assistive technologies
- Having ADA-compliant drop box locations and more inclusive policies for collecting and returning mail ballots on behalf of voters with disabilities
- Ensuring that accessible voting equipment is available and functioning at polling places
- Ensuring that all in-person polling locations are fully compliant with ADA requirements
- Making accessible voting equipment available curbside and even taking accessible equipment and/or printers to voters at their homes so they can vote privately and independently
More investment, research and collaboration is needed to develop better options for voters with disabilities that meet their needs while also protecting our elections and the ballot secrecy of the voter in ways that internet voting does not. Internet voting is often touted as a cure-all, but it poses its own issues with accessibility — even beyond security concerns. With security and disability rights groups working together, we can ensure every voter casts a private ballot with justified confidence that it will be counted as cast.
What about military and overseas voters?
The Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) requires states to send absentee ballots to military and overseas voters at least 45 days before Election Day. Many states count military and overseas ballots that are postmarked before Election Day even if they arrive a few days late. In addition to these supports, overseas voters can:
- Receive their blank ballots electronically
- Use the Federal Post Card Application to request a ballot
- Use the Federal Write-In Absentee Ballot if their ballot does not arrive in time
- For military voters, return their ballot with free Defense express mail service in general elections
- Access Department of Defense resources to help with successful ballot return
- In some states, use Common Access Card for digital signatures required in voting
Find out more about resources available to active duty military and overseas voters at fvap.gov.