While most voters will cast their ballots at polling stations in November, online voting has been quietly and rapidly expanding in the United States over the last decade. Over 30 states and territories allow some form of Internet voting (such as by email or through a direct portal) for some classes of voters, including members of the military or absentees.
Utah just passed a law allowing disabled voters to vote online; and Alaska allows anyone to cast their ballots online. And there were recent news reports that Democratic and Republican national committees are contemplating holding primaries and caucuses online. We estimate that over three million voters now are eligible to vote online in the U.S.
But online voting is fraught with danger. Hackers could manipulate enough votes to change the results of local and national elections. And a skilled hacker can do so without leaving any evidence.
Estonia is the world leader in using online voting for its national elections. Its government has done a great deal to improve the security of the system, which is now used by up to 25% of voters. The country’s “I-voting system” is touted by proponents of online voting in the U.S. to claim that secure Internet voting is possible.
It isn’t. Early in May an international team of independent security experts accredited by the Estonian government reported severe security vulnerabilities in that country’s “I-voting system.” Elections, the researchers found, “could be stolen, disrupted, or cast into disrepute.”
The team recommended that Estonia’s online voting system “be immediately discontinued.” One researcher, J. Alex Halderman of the University of Michigan, has said that “Estonia’s Internet voting system blindly trusts the election servers and the voters’ computers. Either of these would be an attractive target for state-level attackers, such as Russia.” Another researcher, Harri Hursti from Finland, concluded, “With today’s security technology, no country in the world is able to provide a secure Internet voting system.”
While the U.S. has not adopted online voting to the extent that Estonia has, recent allegations by the U.S. Department of Justice that Chinese hackers have been infiltrating several major American corporations since 2006 reveal again how difficult it is to safeguard any system connected to the Internet, and how easy it is for a skilled attacker to remain undetected for months and years. The underlying architectures of the Internet, the personal computer and mobile devices present numerous avenues of attack, making it impossible to safeguard a voting system with the security tools that are currently available. Methods of attack continue to become more sophisticated, well-resourced and damaging.
Well-meaning state legislators and local election officials in the U.S. are being pressed by vendors of online voting systems to adopt Internet voting—despite warnings from federal officials. The Department of Defense cancelled an Internet voting project for soldiers in 2004 because it felt it could not ensure the legitimacy of the votes, and the project has not been reconstituted. In a 2011 report, the National Institute of Standards and Technology, the federal agency tasked with researching Internet voting, concluded that secure Internet voting is not currently feasible.
First, NIST’s report noted, “it is extremely difficult to protect against software attacks” on personal computers outside the control of election officials “that could violate ballot secrecy or integrity or steal a voter’s authentication credentials.” Second, “remote electronic voter authentication is a difficult problem.” Third is the problem of “ensuring remote electronic voting systems are auditable,” with “no current or proposed technologies offering a viable solution.”
The move to online voting is motivated by good intentions: to improve access to the ballot box for voters who may have difficulty exercising the franchise, and to reduce costs. And the Internet offers enormous potential to improve the voting process through responsible uses such as online voter registration with appropriate safeguards, providing information on and the location of polling places, sample ballots, blank absentee ballots and more.
But offering voters a voting method that is not secure and cannot ensure their vote will be counted as they were cast does them, and this country, no favors. Given the stakes, online voting should be shelved until it can be made secure.
Mr. McConnell is senior vice president at the EastWest Institute in New York, and the former deputy under secretary for cybersecurity at the U.S. Department of Homeland Security. Ms. Smith is president of Verified Voting Foundation.
This article first appeared in The Wall Street Journal on May 29, 2014.