Election security researchers agree — online voting isn’t ready for ‘prime time’
With the increasing prevalence of the internet in daily life and the ability to turn paper processes digital, as with online banking or learning management systems, some politicians and election officials have called for an online voting system to be set up to encourage more Americans to vote. However, most election-security researchers say creating a secure, large-scale online voting system for a national election is not feasible using the technologies that are available today.
Securing an online election presents a major challenge, according to researchers. Such a system could only reliably operate if it could be confirmed that each voter’s device were secure and not infected by some sort of malware, adversaries were unable to hack internet connected networks to interfere with election results and that every voter’s identity could be explicitly authenticated.
But as it stands, there is no technology that can ensure ballots are only being cast by eligible voters, to unequivocally secure election results from tampering and prevent hackers from interfering with the devices and networks necessary for online voting, said Philip Stark, an associate dean of mathematical and physical sciences at the University of California, Berkeley, who counts himself among the skeptics of online voting’s feasibility.
“There’s no way to secure online voting,” Stark said. “Experts are almost universally agreed that online voting is the worst possible option from a security standpoint. … Online voting is simply not ready for prime time. There are far too many vulnerabilities in online voting proposals that would leave our elections too susceptible to hacks.”
‘Not ready for prime time’
This is a major concern when it comes to voting because elections are predicated on the fact that ballots can be trusted and verified as credible reflections of voters’ choices.
According to a recent survey by the 100 Million Project, an initiative run by the Knight Foundation dedicated to encouraging Americans to vote and educating them on political issues, nearly half of all students who are eligible to vote in the November presidential election said they have major doubts about the fairness of the election.
“One of the main concerns was just thinking about whether or not there was going to be voting interference from a foreign kind of entity,” said Anne Schwichtenberg, director of research for College Pulse, a survey research and analytics company that helped conduct the survey.
However, this concern of election fairness and foreign interference is associated with the current methods of voting, in which paper ballots are cast by each voter. But in online voting environments, the threat of foreign interference and election hacking would only increase, Stark said.
“Online voting is simply not ready for prime time. There are far too many vulnerabilities in online voting proposals that would leave our elections too susceptible to hacks, something that election security researchers and experts roundly agree on,” said Chris Deluzio, policy director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security.
Not so simple
Designing a system that allows eligible voters to cast ballots online is much more difficult than creating an online banking portal or a learning management system for students to submit homework, Stark said. Because voters’ identities are kept secret in an election, he said, auditing ballots in an online voting system to verify their fidelity is impossible.
“[In elections] you need to absolutely know that the person at the other end of the transaction is a legitimate voter and you need to be able to keep track of who’s voted,” Stark said, “but you absolutely want to avoid even the possibility that you can associate the voter with the vote.”
So unlike online banking, in which transactions can be associated with a specific account holder to prevent fraudulent charges and spot account tampering, an online voting system has no such process for recourse.
“You can’t associate the vote to the voter,” Stark said. “You don’t get a receipt. It’s not like a bank statement at the end of the month.”
The need to preserve voter anonymity creates security challenges for an online election system, he said, because should hackers interfere with voting and change the results of an election, there are no physical ballots that election officials can recount or a means to reach out to individual voters to confirm their ballot was cast correctly.
An online voting system would also be threatened by malware on voters’ devices or unsecured networks. Put simply: Everything can be hacked, especially systems that are connected to the internet.
“It’s not quite as simple as some might dream necessarily,” said Theodore Allen, associate professor and integrated systems engineer at Ohio State University. “My impression is that [online voting] doesn’t seem to be that promising a direction.”
Early efforts
But despite election-security experts roundly criticizing online voting and stressing that that old-fashioned paper ballots read by optical scanners are still the most secure medium for collecting and counting votes, some lawmakers and election officials have pushed the idea of using online voting in hope that it would increase overall voter turnout, like Utah state Rep. Michael McKell, who sponsored legislation that would order election officials to explore statewide use of mobile-voting software based on blockchain technology.
Blockchain, which stores transactional data on a public ledger that’s difficult to fake or alter, has already been employed by several companies in an effort to create a secure online voting system, but with limited success.
The mobile voting company Voatz attempted to create a secure online voting system that addresses the challenges of identity verification and ballot anonymity, claiming that election security and integrity are maintained on its system through the use of blockchain, biometrics and hardware-backed key storage modules on the user’s device.
The platform has been used to collect ballots from deployed military members in West Virginia, and has also been tested by the City of Denver and Utah County, Utah.
However, a study conducted by MIT researchers exposed a number of vulnerabilities in the system that allowed adversaries to alter, stop, or expose a user’s vote, including attacks in which an adversary could potentially recover a user’s secret ballot. The study also found Voatz also had privacy issues stemming from its use of third-party services. The company has disputed some of that study’s claims and says it fixed the rest of the vulnerabilities, but researchers like Stark still say the use of blockchain still does not protect against the security threats facing an online voting system.
Similarly, OmniBallot, another mobile voting system that relies on blockchain — and is to be offered by the states of Delaware and West Virginia as an option for active-duty military members, other overseas residents and voters with physical disabilities — has also had several vulnerabilities exposed in its system. The platform was found to be vulnerable to hacking that could expose or manipulate how a person’s ballot was cast without being detected either by voters or officials tallying results, according to a paper published by researchers at MIT and the University of Michigan. OmniBallot at one point also had no privacy policy, researchers found, though the company appeared to update its website shortly after the paper’s publication.
Privacy protection
Despite all this, Stark said, the salient fact is that blockchain solves the wrong problem.
“It doesn’t help you authenticate voters to figure out whether this person really is eligible,” he said. “It does nothing to ensure that the votes that are committed to the blockchain are indeed the votes that the voter intended. All it does is ensure that whatever gets put in the blockchain can’t be altered without being detected.”
However, some researchers are still working to develop online voting systems that overcome the current security and privacy challenges, hoping that an online voting system could still be possible. One proposed solution to verify that ballots have not been altered, developed by Juan Gilbert at Clemson University, uses computers and camera equipment to allow eligible “televote” from a distance.
In Gilbert’s proposed process, voters first cast their ballots online. They then enter a live video conference session with the remote election official who verifies the voter’s identity, prints out a copy of the ballot and asks the voter to confirm it was printed correctly before it’s cast into the ballot box.
But even in this system, the key issue of voter privacy persists. The election official is able to see the vote being cast, and video streams can be hacked.
“The problem with that is obviously that really doesn’t protect your privacy at all,” Stark said.
Another web-based voting system, called iVote, has also been proposed as a secure way to cast ballots online, with the option to use a telephone-based vote verification service that reads back the received vote to the voter as confirmation it was recorded correctly. But after being used in an election in New South Wales, Australia, an audit of the system found that 10% of verification attempts had failed to retrieve any vote at all, despite an electoral commission initially declaring that of the voters who used the verification service, none of them had identified anomalies with their votes.
Although these proposed systems and ideas aim to address the key privacy and security challenges of online voting, none have come close yet, say Stark and other researchers. But hoping that an online system could one day be developed and change the way that elections are held, many researchers are continuing to investigate new technologies and propose new ideas for internet voting. But for now, the majority of election security researches agree that the old-fashioned paper ballots are the most secure way to cast votes, but even that method is not immune to threats facing the upcoming election.