BlogLetterverified voting

Download PDF

February 14, 2022

Senate Committee on Judiciary
State of Rhode Island
82 Smith Street
Providence, RI 02903
via email

RE: Verified Voting Opposes Senate Bill 2118 (Electronic Transmission of Voted Ballots)

Dear Committee Members,

On behalf of Verified Voting, I am writing in opposition to Senate Bill 2118 which would allow ballot return via the internet. Verified Voting is a nonpartisan nonprofit organization with a mission to strengthen democracy for all voters by promoting the responsible use of technology in elections. Since our founding in 2004 by computer scientists, we have acted on the belief that the integrity and strength of our democracy rely on citizens’ trust that each vote is counted as cast. Ballot return via the internet (including mobile, email, fax, or website) fails to confer that trust.

Multiple cybersecurity experts have concluded that internet voting is unsafe and insecure. The National Academies of Sciences, Engineering and Medicine released a report in 2018 stating that the technology to return marked ballots securely and anonymously over the internet does not exist.1 Additionally, in the lead-up to the 2020 General Election, the Department of Homeland Security, the Election Assistance Commission, the Federal Bureau of Investigation, and the National Institute of Standards and Technology told states and election officials that electronic ballot return “creates significant security risks to the confidentiality of ballot and voter data (e.g., voter privacy and ballot secrecy), integrity of the voted ballot, and availability of the system. We view electronic ballot return as high risk. Securing the return of voted ballots via the internet while ensuring ballot integrity and maintaining voter privacy is difficult, if not impossible, at this time [emphasis added].”2 Nothing has changed; no new internet technology has been created to mitigate this risk.

Many believe that with changing technology the time has come to introduce internet voting into the voting process. Researchers from the Massachusetts Institute of Technology and the University of Michigan conducted a security review of the Democracy Live online voting system. They found that “OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers…. In addition, Democracy Live, which appears to have no privacy policy, receives sensitive personally identifiable information—including the voter’s identity, ballot selections, and browser fingerprint— that could be used to target political ads or disinformation campaigns.”3 Unlike other internet transactions, voting must simultaneously maintain ballot secrecy while still providing a verifiable record of the voter’s intent. Internet voting simply does the opposite.

Last legislative session a bill very similar to this one was introduced but failed to pass. At the time, the Rhode Island Board of Elections voted to oppose that legislation. We would call on this Committee to once again prevent the expansion of electronic ballot return. There is currently no internet technology available that allows for the secure transmission of voted ballots while also maintaining voter privacy and ballot verifiability. Rhode Island has pioneered the use of risk-limiting audits to verify election results, yet expanding electronic ballot return jeopardizes your ability to conduct those audits effectively.

Language within the bill seems to suggest that if an approved system is used, one that meets certain requirements, it can be deemed safe and secure. Sadly, no system can meet such requirements. Today’s internet simply is not equipped with the needed safeguards to transmit voted ballots electronically in a secure manner.

We understand the profound challenges you face to assure every voter’s ability to vote. Verified Voting strongly supports interventions to assure voters’ equal opportunity and access to cast their vote – securely and verifiably. However, internet voting of any kind is not the answer. Recognizing that no one solution is ideal for all voters, we support thoughtful consideration of secure alternatives, such as Remote Accessible Vote by Mail (RAVBM) or go-to- voter services. RAVBM allows for electronic delivery of a blank ballot to the voter so they may use their own equipment at home to mark their ballot, print it out and return the paper ballot to their elections office. Go-to-voter services enable bipartisan teams to bring accessible, certified voting equipment directly to voters to allow them to cast their vote independently, securely and verifiably. The contested 2020 election underscores the importance of being able to examine voted paper ballots, not just digital artifacts. A recent report published in the Journal of Cybersecurity warns, “While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures.”4

We realize that UOCAVA voters are currently permitted to return their voted ballots via fax or email. We regard this as a dangerous precedent to be reversed, not expanded. At a time when election security and public confidence are under attack, expanding use of insecure technology in the voting process would result in unprovable election results. We urge this Committee to reject Senate Bill 2118.

Respectfully submitted,
Mark Lindeman, Ph.D.
Director

  1. National Academies of Science, Engineering, and Medicine, 2018. “Securing the Vote: Protecting American Democracy.” Washington, DC: The National Academies Press. https://doi.org/10.17226/25120. []
  2. DHS Memo, 2020. https://www.politico.com/f/?id=00000172-9406-dd0c-ab73-fe6e10070001 []
  3. Security Analysis of Democracy Live Online Voting System, 2020. https://internetpolicy.mit.edu/wp- content/uploads/2020/06/OmniBallot.pdf []
  4. Sunoo Park, Michael Specter, Neha Narula, Ronald L Rivest, MIT, Going from bad to worse: from Internet voting to blockchain voting, Journal of Cybersecurity, Volume 7, Issue 1, 2021, https://doi.org/10.1093/cybsec/tyaa025 []