April 26, 2021
State, Civic, Military, & Veterans Affairs Committee
Colorado House of Representatives
200 E Colfax Avenue
Denver, CO 80203
via electronic submission
RE: Verified Voting Opposition to Senate Bill 21-188
Dear Committee Members,
On behalf of Verified Voting, I write in opposition to Senate Bill 21-188 regarding electronic ballot return. Verified Voting is a nonpartisan nonprofit organization with a mission to strengthen democracy for all voters by promoting the responsible use of technology in elections. Since our founding in 2004 by computer scientists, we have acted on the belief that the integrity and strength of our democracy rely on citizens’ trust that each vote is counted as cast. With this in mind we oppose allowing voted ballots to be returned electronically through insecure means, a dangerous practice that SB 21-188 regrettably expands.
Multiple cybersecurity experts have concluded that internet voting is insecure. The National Academies of Sciences, Engineering and Medicine released a report in 2018 stating that the technology to return marked ballots securely and anonymously over the internet does not exist.1 Additionally, in the lead up to the 2020 General Election, the Department of Homeland Security, the Election Assistance Commission, the Federal Bureau of Investigation, and the National Institute of Standards and Technology told states and election officials that electronic ballot return “creates significant security risks to the confidentiality of ballot and voter data (e.g., voter privacy and ballot secrecy), integrity of the voted ballot, and availability of the system. We view electronic ballot return as high risk. Securing the return of voted ballots via the internet while ensuring ballot integrity and maintaining voter privacy is difficult, if not impossible, at this time [emphasis added].”2 Nothing has changed; no new internet technology has been created to mitigate this risk.
The City of Denver participated in an electronic ballot return pilot for UOCAVA voters in 2019. The Massachusetts Institute of Technology (MIT) performed a security analysis of the vendor chosen to conduct that pilot and found that the vendor “has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a sidechannel attack in which a completely passive network adversary can potentially recover a user’s secret ballot.”3
Some argue that since we can bank on our smartphones then we should be able to vote securely using a smart device as well. As one Citibank executive put it, “not all smartphones are secure, and not all smartphones are secured in the same way. Financial institutions spend a lot of time and money protecting the accounts of their users. We work with phone vendors like Apple and Samsung on security. Are states or the federal government going to spend the same money we spend on security? Not likely.”4
Blockchain does not solve the security issues inherent to internet voting.
The National Academies report states that “blockchain technology does little to solve the fundamental security issues of elections, and indeed, blockchains introduce additional security vulnerabilities.” Blockchain technology is designed to keep information secure once it is received. It cannot defend against the multitude of threats to that information before it is entered in the blockchain, and voters cannot verify their votes are entered into the blockchain correctly without compromising ballot secrecy. Recording ballots on a blockchain also risks ballot secrecy if encryption keys are not properly protected or software errors allow decryption of individual ballots.
We understand the profound challenges you face to assure every voter’s ability to vote. Verified Voting strongly supports interventions to assure voters’ equal opportunity and access to cast their vote — securely and verifiably. Electronic return fails to confer this equality, and it threatens the trustworthiness of the election itself. Recognizing that no current solution is ideal for all voters, we support thoughtful consideration of other secure innovations. We would be happy to participate in further discussions of how to meet the standard of equal access and uncompromised security. One such solution could be providing on-demand services for voters who require them, such as election officials bringing portable accessible voting equipment directly to individual voters.
We realize that Colorado UOCAVA voters are currently permitted to return their voted ballots via fax or email. We regard this as a dangerous precedent to be reversed, not expanded. At a time when election security and public confidence are under attack, electronic return of voted ballots presents a slippery slope to vulnerable and insecure elections. We therefore urge that SB 21-188 be rejected.
- National Academies of Science, Engineering, and Medicine, 2018. “Securing the Vote: Protecting American Democracy.” Washington, DC: The National Academies Press. https://doi.org/10.17226/25120. [↩]
- DHS Memo. https://www.politico.com/f/?id=00000172-9406-dd0c-ab73-fe6e10070001 [↩]
- Massachusetts Institute of Technology, 2020. “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.” https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf [↩]
- Dan Patterson, “Why Can’t I Vote on My Phone?,” CBS News (CBS Interactive, November 2, 2020), https://www.cbsnews.com/news/why-cant-i-vote-on-my-phone/. [↩]