The security risks of internet voting have been well-documented by cybersecurity experts, including two of the premiere scientific organizations in the world – the National Academies of Science, Engineering and Medicine, and the American Association for the Advancement of Science.
The Election Assistance Commission (EAC), the Federal Bureau of Investigation (FBI), and the National Institute of Standards and Technology (NIST) also issued guidance to states warning about security concerns with any voting system that uses the internet.
What types of attacks threaten the security of votes cast over the internet?
No internet-connected system of any kind, let alone a voting system, is invulnerable to attack, whether the votes are transmitted by email, fax, a web portal, or via a mobile app.
- Voter authentication attacks (i.e. forged voter credentials)
- Malware on voters’ devices (e.g., viruses, Trojan horses, malicious code embedded in software updates) that can modify votes undetectably
- Denial of service attacks (slowing a key part of the system to a crawl or crashing it by overwhelming it with traffic or taking advantage of a bug)
- Server penetration attacks (remote break-in and control of the election server)
- Spoofing attacks (directing voters to a fake voting website instead of the real one)
- Widespread privacy violations by any of several methods, taking advantage of the fact that online voters must transmit their names with their votes, which also violates a voter’s constitutional right to a private ballot
- Voter coercion through automated vote buying and selling schemes (with cryptocurrency payments, e.g. Bitcoin, in exchange for votes)
What makes voting less safe than everything else I do on my phone?
Voting, unlike many of the other ways we use our phone, requires both secrecy and verifiability. We need our votes to be both verifiable yet untraceable back to the individual voter, two things that are difficult to do at the same time. A bank account, for example, is not anonymous. The user can verify the amount and alert the bank if something is wrong. If an electronic vote is changed, the voter would never know. Voter-verified paper records are needed to provide an anonymous way to check that votes are counted as cast. (For more on this topic, see David Jefferson’s article.
Why can’t I use a personal phone to vote with a secure app?
For one, if voters use their own device the security of the actual device that voters cast their votes on is unknown. The voter’s device may already be corrupted with malware or viruses that could interfere with ballot transmission or even spread that malware to the computer at the elections office on the receiving end of the online ballot.
But internet voting vendors say their systems are secure.
Vendors of online election systems have a strong vested interest in selling their products. Through their public relations, marketing, and lobbying efforts they consistently downplay the inherent risks of Internet voting, but these are fundamental threats categories, some of which currently have no strong solutions.
What about blockchain?
The National Academies of Sciences report states that “blockchain technology does little to solve the fundamental security issues of elections, and indeed, blockchains introduce additional security vulnerabilities”. Blockchain technology is designed to keep information secure once it is received. It cannot defend against the multitude of threats to that information before it is entered in the blockchain, and voters cannot verify their votes are entered into the blockchain correctly without compromising ballot secrecy. Recording ballots on a blockchain also risks ballot secrecy if encryption keys are not properly protected or software errors allow decryption of individual ballots.
What if going to the polls isn’t safe due to a pandemic?
Every voter has the right to vote privately and anonymously, and know that their votes were counted as cast. With the right resources, jurisdictions can conduct elections safely and securely for all voters through voting by mail. Mailed ballots provide a voter-verified paper record of the voters’ choices and are not vulnerable to the same types of wide-scale attacks that votes sent over the internet are.
What about military and overseas voters? What if they can’t get a ballot in time?
The Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) requires a 45-day lead time for military ballots. Because of this, almost every overseas voter can receive, mark, and return a paper ballot in a timely manner. Additionally, many states count military and overseas ballots that are postmarked before election day even if they arrive a few days late.