Verified Voting Blog: Internet Voting – An Introduction

In a wired world, it was inevitable that the subject of Internet Voting become a hot topic sooner rather than later. But more than just a topic of discussion, this year eighteen states will allow overseas ballots to be returned via email in November’s elections. Yet according to security experts, voted ballots sent via Internet simply cannot be made secure, and make easy and inviting targets for attackers ranging from lone hackers to foreign governments seeking to undermine US elections.

The Pentagon rejected the idea of returning voted ballots via the internet as recently as 2004, when the SERVE (Secure Electronic Registration and Voting Experiment) project was canceled. In a memo, Deputy Defense Secretary Paul Wolfowitz said “In view of the inability to ensure legitimacy of votes that would be cast in the SERVE internet voting project, thereby bringing into doubt the integrity of the election, I hereby direct you to take immediate steps to ensure that no voters use the system to register or vote via the internet.”

There’s no question that voting for military and overseas voters needs to be improved. Too often absentee ballots are not received in time, if at all. Returning voted ballots from voters in hard to reach places (for example remote military outposts) in time to meet state election deadlines is difficult. These are real problems and 2009 saw efforts to improve ballot access for overseas voters kick-started by passage of the Military and Overseas Voter Empowerment (MOVE) Act, passed as an amendment to the Defense Authorization bill.

The MOVE Act addresses many problems facing overseas voters. It requires that states guarantee that absentee ballots are received at least 45 days prior to the election; bans rejection of ballots for overly burdensome requirements such as notarization; allows military and overseas voters to obtain registration forms, ballots and other election materials electronically. But while the MOVE Act calls for electronic distribution of election materials, it is notably silent on the subject of return of voted ballots, with good reason.

Despite that, as states provide electronic delivery of blank ballots, some are using the Internet for return of voted ballots via email attachments. Vendors of online election software, with a vested interest in selling their products, of course downplay the inherent risks and promise the oxymoronic “Internet security”.

But experts in computer security maintain that nothing sent over the Internet is secure. Voter’s personal computers, from which emails are sent, are easily and constantly attacked by viruses, worms, Trojan Horses and spyware. Once a voted ballot is emailed, it moves between many different servers located all over the planet, and is subject to compromise by anyone with access to any of those machines. And the election official on the receiving end has no way to know if the voted ballot she received matches the one the voter originally sent, no matter how well secured their county computer services may be, and no matter how much has been spent licensing software and upgrading their systems.

Over the next few weeks VVBlog will take an in depth look at Internet voting – the legislation, the security issues, what is possible right now, what the states are doing, and most important, what may work to solve the problem of providing sufficient time to vote for the men and women in uniform serving overseas and all overseas civilians. Stay tuned.

5 responses to “Internet Voting – An Introduction”

  1. Lenore Rapalski says:

    Bo, could votes be faxed directly to Commissioners of Elections without interference?

    Good foundation blog.

    Lenore

  2. Bo Lipari says:

    The short answer is no Lenore. Nowadays, fax materials are routed through the same internet channels as email. So FAX is not a solution.

  3. STEFAN EINS says:

    How come payments made on the internet are secure but voting on the internet is not. It still surprises me that the vote count on electronic voting machine can be and has been manipulated but money transactions on electronic ATM machines are secure.

    • Bo Lipari says:

      Stefan, A good question, and one that many folks ask. The answer is that making financial transactions on the Internet is NOT secure. The fact is that cyber crime runs rampant in today’s electronic world, and banks and financial institutions lose millions upon millions of dollars to fraud, with the problem getting worse all the time (to get a sense of the extent of the problem, Google “cyber crime banks”). Of course, banks and financial institutions don’t make a lot of public mention of this, as it would undermine confidence in the system among consumers. So they deal with it using a common business practice – they figure in the losses to cyber crime as part of the cost of doing business, i.e., losses due to electronic fraud become just another business expense.

      This is why credit card companies will typically reimburse you immediately for losses due to cyber crime if they are less than $1000 or so. They factor in the cost of reimbursing the losses to consumers. If financial institutions cannot secure electronic transactions using the best computer security available, how can we consider sending voted ballots over the internet?

  4. STEFAN EINS says:

    Bo,thank you!What you wrote makes sense. As to the old issue: have a judge issue an injunction against the usage of electronic voting machines machines.