This article originally appeared on Electronic Frontier Foundation’s website on February 4th, 2019
Experts agree: Internet voting would be an information security disaster. Unfortunately, the Commonwealth of Virginia is considering a pair of bills to experiment with online voting. Pilot programs will do nothing to contradict the years of unanimous empirical research showing that online voting is inherently vulnerable to a variety of threats from malicious hackers, including foreign nations.
EFF strongly opposes Virginia H.B. 2588 and S.J.R. 291, and all online voting. Instead, EFF recommends that absentee voting, like all voting, be conducted with paper records and risk-limiting audits, the current state-of-the art in election security.
The first problem with Internet voting is the most basic: If citizens vote with their own phones and laptops, and those phones and laptops have malware on them, that malware can manipulate the vote. Consider all the spam in your inbox every day. Lots of it comes from compromised machines. Voting on such compromised computers would mean handing our elections over to whoever controls the biggest botnet.
Relatedly, any Internet voting infrastructure is vulnerable to DDoS attacks. The Commonwealth of Virginia seems to have forgotten that just two years ago, the Mirai botnettook down big chunks of the Internet. A botnet operator could perform DDoS attacks against election servers, making it harder to vote. Or they could attack home Internet services in specific neighborhoods, tilting an election in favor of one candidate or another by selectively suppressing votes.
… EFF proudly joined with Verified Voting and other voting experts to ask the Virginia General Assembly to reject H.B. 2588 and S.J.R. 291. Read the letter here.