Proposals to conduct voting pilots using real elections continue to reappear both in the U.S. and elsewhere, seemingly independent of warnings from computer security experts. While the appeal of Internet voting is obvious, the risks, unfortunately, are not, at least to many decision makers. While very few votes have ever been cast in American elections directly through a web interface, many states already allow military and overseas ballots to be returned via fax and email. Yet voted ballots sent via Internet simply cannot be made secure and make easy and inviting targets for attackers ranging from lone hackers to foreign governments seeking to undermine US elections.
Online Voting: Rewards and Risks (Intel Security, 2014)
Despite that, as states provide electronic delivery of blank ballots, some are using the Internet for return of voted ballots via email attachments. Vendors of online election software, with a vested interest in selling their products, of course downplay the inherent risks and promise the oxymoronic “Internet security”. But experts in computer security maintain that nothing sent over the Internet is secure. Voter’s personal computers, from which emails are sent, are easily and constantly attacked by viruses, worms, Trojan Horses and spyware.
Once a voted ballot is emailed, it moves between many different servers located all over the planet, and is subject to compromise by anyone with access to any of those machines. And the election official on the receiving end has no way to know if the voted ballot she received matches the one the voter originally sent, no matter how well secured their county computer services may be, and no matter how much has been spent licensing software and upgrading their systems.
There is no way to guarantee that the security, privacy, and transparency requirements for elections can all be met with any practical technology in the foreseeable future. Anyone from a disaffected misfit individual to a national intelligence agency can remotely attack an online election, modifying or filtering ballots in ways that are undetectable and uncorrectable, or just disrupting the election and creating havoc. There are a host of such attacks that can be used singly or in combination. In the cyber security world today almost all of the advantages are with attackers, and any of these attacks can result in the wrong persons being elected, or initiatives wrongly passed or rejected. Continue Reading
Current Status of Internet Voting in the United States
Both e-mailing voted ballots and transmitting them through a Web portal are forms of “Internet voting.” And with the proliferation of Internet fax services, we can presume that many voted ballots returned to election officials via fax have in fact been transmitted through the Internet. Internet voting thus can mean voting from an Internet browser in one’s personal computer, or by email attachment, or electronic fax, remote kiosk, or other means of remote electronic transmission. A voted ballot sent through the Internet is no more verifiable than a polling place ballot cast on a paperless direct-recording electronic voting machine – and in fact is exposed to a far greater number of security threats including cyber-attacks such as modification in transit, denial of service, spoofing, automated vote buying, and viral attacks on voter PCs.
In all, 32 states allow military and overseas voters to return ballots electronically. Yet 22 of these states require that voting systems at home use paper ballots or provide voter-verifiable paper records. We cannot overstate this fact: the technological reasons that 35 States have moved toward paper ballots or voter-verifiable paper records for all voters at home and 10 more provide them for voters in at least some counties also apply, with even greater urgency, to voted ballots returned to State and local election officials electronically from outside the country. Of the 32 States that allow electronic return of voted ballots, only New Jersey requires military and overseas voters to return a paper ballot in addition to sending their ballots to election officials in electronic form. This option provides verifiability, if the ballot of record for audits and recounts. Currently no State allows the transmission of voted ballots for stateside voters. You can view the specific provisions for the electronic submission of voted ballots in each of the States at the right of this page.
The Military and Overseas Voter Empowerment (MOVE) Act of 2009
There’s no question that voting for military and overseas voters needs to be improved. Too often absentee ballots are not received in time, if at all. Returning voted ballots from voters in hard to reach places (for example remote military outposts) in time to meet state election deadlines is difficult. These are real problems and 2009 saw efforts to improve ballot access for overseas voters kick-started by passage of the Military and Overseas Voter Empowerment (MOVE) Act, passed as an amendment to the Defense Authorization bill. The MOVE Act addressed many problems facing overseas voters. It required that election officials provide ballots to military and overseas voters 45 days in advance of the election. Election officials must also make applications and blank ballots available electronically. Except for the issues raised by the remaking of ballots in some States, this is an excellent provision that allows technology to expedite the voting process but does not endanger the verifiability of the election. In addition, the MOVE Act established a system through which absent military voters are able to return their voted ballots by expedited mail through the U.S. Postal Service for free. But while the MOVE Act calls for electronic distribution of election materials, it is notably silent on the subject of return of voted ballots, with good reason.
Following enactment of MOVE, as states sought ways to meet new requirements for electronic delivery of ballots to voters deployed or living overseas, some states reached beyond the requirements of the Act. These states started providing electronic channels for return of voted ballots from voters: fax, email and Internet portals for uploading of voted ballots, and in some cases “online mark and send.” The States are under no Federal requirement to permit electronic return of voted ballots, but many do so despite the major security risks. In addition, opportunity for error arises through the “remaking” of returned ballots, whether printed or electronic, onto optical scan ballots by election officials in order to insert the copies into the tabulating scanner. Ballots may be remade if the voter returns a printed and marked copy of an electronically received blank ballot, or if a completed ballot is returned electronically to election officials. In both cases the paper version of the “ballot” election officials receives or prints out currently cannot be scanned. There is little information about how widespread the practice of remaking electronically transmitted UOCAVA ballots is, and it may depend on how many UOCAVA voters vote in a given jurisdiction. For more information and citations see Counting Votes 2012 (PDF)
| David Jefferson on Internet Voting:||Barbara Simons: Internet Voting: Wishful Thinking?:|