Verified Voting Blog: Groups continue to urge Puerto Rico Governor Vázquez Garced to veto internet voting bill

Today, key members from Verified Voting, the American Association for the Advancement of Science (AAAS), the American Civil Liberties Union (ACLU), the Brennan Center for Justice, and Protect Democracy met virtually with the Puerto Rico Governor’s office to urge Governor Wanda Vázquez Garced to veto P.S. 1314 before it becomes law on May 16. If passed, the bill would establish a pilot program for online voting during the 2020 election cycle, and ramp up to making online voting the default option for Puerto Rican voters by 2028. ICYMI, on March 19, three dozen experts joined Verified Voting in sending a letter to Governor Vázquez Garced outlining the dangers of internet voting  Read our blog post from March 20, or view the letter here:

DOWNLOAD ENGLISH VERSION

DOWNLOAD SPANISH VERSION

Dear Governor Vázquez Garced,

We, Verified Voting, the undersigned computer scientists and cybersecurity experts, write to urge you to veto Senate Bill 1314 which proposes implementing a system of internet voting in Puerto Rico. Under the provisions of this bill, Puerto Rico would phase in internet voting as the sole option for Puerto Rican citizens. As explained more fully below, internet voting cannot be accomplished securely and provides no meaningful way to verify that the computers captured or counted votes accurately. This concept is settled science, notwithstanding efforts to increase internet voting use in some areas. In the current climate when nation states have sought to interfere in other nations’ elections, Puerto Rico’s bill is a risky move. Indeed, last year the Report of the Select Committee on Intelligence of the United States Senate made bipartisan recommendations, among them that “states should resist pushes” to move their elections online because in their words, “no system of online voting has yet established itself as secure.” 1

Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. That means that votes could be manipulated or deleted on the voter’s computer without the voter’s knowledge, local elections officials cannot verify that the voter’s ballot reflects the voter’s intent, and the voter’s selections could be traceable back to the individual voter. Such a system could violate protections guaranteeing a secret ballot, as outlined in Section 2, Article II of the Puerto Rico Constitution.

The pending legislation references a “secure” method of voting. No such system is commercially available despite the use of insecure internet voting methods in some other states and countries. For Puerto Rico to attempt to develop such a system on its own would be prohibitively expensive. The Department of Defense and National Institute for Standards and Technology (NIST) spent millions of dollars attempting to do just that and abandoned the program when it became clear that no secure method of voting is available.2  Specifically, NIST stated:

The study concluded that Internet voting systems cannot currently be audited with a comparable level of confidence in the audit results as those for polling place systems.  Malware on voters’ personal computers poses a serious threat that could compromise the secrecy or integrity of voters’ ballots. And, the United States currently lacks a public infrastructure for secure electronic voter authentication. Therefore, NIST’s research results indicate that additional research and development is needed to overcome these challenges before secure Internet voting will be feasible.

The National Academies of Science, Engineering, and Medicine in 2018 released the report entitled Securing the Vote: Protecting American Democracy 3 which gives the following recommendation:

5.11 At the present time, the Internet (or any network connected to the Internet) should not be used for the return of marked ballots. Further, Internet voting should not be used in the future until and unless very robust guarantees of security and verifiability are developed and in place, as no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.

In short, any plan to develop a system of internet voting goes against recommendations, would incur significant costs, and would be guaranteed to fail to secure votes.

Internet voting is the most vulnerable method of voting

Anyone in the world, including foreign nation states, criminal organizations, or our domestic partisans, can attack any Internet voting system, attempt to change votes, violate privacy, or disrupt the election – possibly in a completely undetectable way.  The kinds of attacks that are credible threats and elevate the risk of voting via the internet include the following:

  • Voter authentication attacks (i.e. forged voter credentials)
  • Malware on voters’ devices (e.g., viruses, Trojan horses, malicious code embedded in software updates) that can modify votes undetectably
  • Denial of service attacks (slowing some key part of the system to a crawl, or crashing it, either by overwhelming it with traffic or taking advantage of a bug)
  • Server penetration attacks (remote break-in and control of the election server)
  • Spoofing attacks (directing voters to a fake voting site instead of the real one)
  • Widespread privacy violation (by any of several methods, taking advantage of the fact that online voters must transmit their names with their votes)
  • Automated vote buying and selling schemes (with cryptocurrency payments, e.g. Bitcoin, in exchange for votes)

More importantly, the security of the device that voters use to cast their votes is unknowable. The device may already be corrupted with malware or viruses that could interfere with ballot transmission or even spread that malware to the computer at the elections office on the receiving end.

Attacks cannot be prevented, recovered from, or even reliably detected

Cyber security experts agree that completely preventing attacks is impossible despite the use of best practices in cybersecurity.  Resiliency, namely the capability to recover from an attack or error, is a critical component of cybersecurity protection. With insecure internet voting, no trustworthy record of the voter’s choices exists, and therefore it is impossible to perform meaningful audits or recover from an attack or a hack.

Safer alternatives should be explored

While we are sensitive to the issues described in the legislation, we strongly urge you to explore more secure policy choices to address these issues, i.e. extending the deadline for receipt of voted ballots sent through the mail.

Puerto Rico should not embark on a costly exercise to introduce internet voting that will increase the risk to unacceptable levels for the citizens of Puerto Rico.  We endorse the ACLU of Puerto Rico’s January 29, 2020 letter to you and emphasize the burden internet voting will place on the fundamental right to vote.  Should Puerto Rico enact this bill, certainly litigation challenging its legality and burden on the right to vote will follow.

We respectfully urge you to veto Senate Bill 1314 to protect the fundamental right to vote of Puerto Ricans.

Respectfully submitted,

Marian K. Schneider, President

Verified Voting

Verified Voting is a national, non-profit non-partisan information and advocacy organization focused exclusively on ensuring the security, integrity, and trustworthiness of computerized election technology. Our mission is to strengthen democracy for all voters by promoting the responsible use of technology in elections. We seek to ensure that Americans can be confident their votes are cast as intended and counted as cast.

The following signatories add their names urging the Governor to veto the bill.

Institutional affiliations are provided only for the purpose of identification and do not imply institutional endorsement or approval of this letter.

David L. Dill

Founder and Member, Board of Directors, Verified Voting

Donald E Knuth Professor, Emeritus,

School of Engineering, Stanford University

 

David Jefferson. Ph.D.

Member, Board of Directors, Verified Voting

Computer Scientist, Lawrence Livermore National Laboratory

 

Ronald Rivest
Institute Professor

Professor of Electrical Engineering and Computer Science
Co-inventor, RSA public key encryption algorithm

Massachusetts Institute of Technology, MIT­­

 

Kevin Shelley

Member, Board of Directors, Verified Voting

Former California Secretary of State

 

Barbara Simons

Chair, Verified Voting Foundation
IBM Research (retired)
Former President, Association for Computing
Machinery (ACM)
Member, Board of Advisors to the U.S. Election
Assistance Commission (EAC)

 

Ron Bandes
Network Security Analyst
President, VoteAllegheny
Director, League of Women Voters of Greater Pittsburgh

 

Alex Blakemore
Computer Scientist
Virginia Verified Voting

 

Matt Blaze

McDevitt Professor of Computer Science and Law

Georgetown University

 

Jeff Bleich

United States Ambassador to Australia (ret.)

 

Duncan Buell

NCR Professor of Computer Science and Engineering

Dept. of Computer Science and E

University of South Carolina

 

Larry Diamond
Senior Fellow, Hoover Institution
Senior Fellow, Center on Democracy, Development & the Rule of Law, Freeman Spogli Institute for International Studies

Bass University Fellow in Undergraduate Education, Stanford University

 

Michael J. Fischer
Member, Verified Voting Board of Advisors

Professor of Computer Science
Yale University

 

John Gage

Member, Verified Voting Board of Advisors

Former Vice President and Chief Researcher

Sun Microsystems

 

Martin Hellman

Member, US National Academies of Sciences, Engineering, and Medicine

Professor Emeritus of Electrical Engineering

Stanford University

 

Candice Hoke

Founding Co-Director, Center for Cybersecurity and Privacy Protection

 

Douglas W. Jones
Associate Professor of Computer Science
Past Chair, Iowa Board of Examiners for Voting
Machines and Electronic Voting Systems
Coauthor of Internet Voting in the United States

University of Iowa

 

Lou Katz
Privacy Advisory Commission

Oakland CA

 

Joseph Kiniry
Principled CEO and Chief Scientist, Free & Fair

Principal Scientist, Galois

 

Carl E. Landwehr

Visiting Professor

Electrical and Computer Engineering

University of Michigan

 

Collin F. Lynch

Assistant Professor of Computer Science

North Carolina State University

 

Neal McBurnett

Member, Verified Voting Board of Advisors

 

John L. McCarthy

Member, Verified Voting Board of Advisors
Computer Scientist (retired), Lawrence Berkeley National Laboratory

 

David Mussington, Ph.D., CISSP

Director of the Center for Public Policy and Private Enterprise

University of Maryland

 

Peter G. Neumann

Chief Scientist, SRI International Computer Science Lab

 

Morris Pearl

Member, Verified Voting Board of Advisors

 

Alexa Raad

Member, Verified Voting Board of Advisors

Alexa Raad, LLC.

 

Mark Ritchie

Member, Verified Voting Board of Advisors

Former Secretary of State, Minnesota

 

John E. Savage

An Wang Professor of Computer Science

Brown University

 

Bruce Schneier

Fellow, Berkman Center for Internet and Society

Fellow, Belfer Center, Kennedy School of Government

Harvard University

 

Kevin Skoglund

Chief Technologist, Citizens for Better Elections

 

Phillip Stark

Professor of Statistics and Associate Dean of Mathematical and Physical Sciences

University of California, Berkeley

 

Susan Dzieduszycka-Suinat
President and CEO
U.S. Vote Foundation

 

Eugene H. Spafford

Professor of Computer Science

Director Emeritus

Purdue University CERIAS

 

Poorvi L. Vora

Professor of Computer Science

The George Washington University

 

Dan Wallach

Professor of Computer Science

Rice University

 

Daniel M. Zimmerman
Principled Computer Scientist, Free & Fair
Principal Researcher, Galois

  1. See Report of The Select Committee On Intelligence United States Senate On Russian Active Measures Campaigns And Interference In The 2016 U.S. Election, Vol. 1: Russian Efforts Against Election infrastructure with Additional Views, at 59 (July, 2019) available here: https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf
  2. NIST Activities on UOCAVA Voting; http://www.nist.gov/itl/vote/uocava.cfm
  3. National Academies Press https://www.nap.edu/catalog/25120/securing-the-vote-protecting-american-democracy

Comments are closed.