Download: [Adobe .pdf version]
Why Internet Voting is Dangerous
By Dr. Barbara Simons
Internet voting is the transmission of a voted ballot or vote choices over the internet by using a web-based system (e.g. voting from a laptop), attaching a voted ballot (typically a pdf file) to an email, or sending a fax over the internet.
The federal government has invested more than $100 million over 15 years in unsuccessful attempts to develop a secure online voting system, ultimately concluding that it currently is not possible to develop a secure system. Furthermore, there are no federal standards, and there is no federal testing or certification of online voting systems. Some of the reasons for the insecurity of online voting include:
The election server can be hacked. We hear of successful breakins almost daily. A very partial list includes the Justice Department, the Department of Homeland Security, the Office of Personnel Management (OPM), Pentagon email, Chrysler (Jeep cars), Sony, the Internal Revenue Service, Target, Anthem Health Insurance, the White House, JP Morgan, Kmart, the State Department, AOL, Google, Symantec, Yahoo!, Northrop-Grumman, Juniper Networks, Charles Schwab, the FBI, Adobe, and the U.S. Postal Service. How can a voting system vendor be expected to protect its system, when so many vastly larger companies and agencies with enormous security expertise and huge budgets can be successfully penetrated?
The voter’s computer or mobile device is vulnerable. Malware (malicious software) can change votes while leaving no evidence, so that neither the voter nor election officials can detect it. Such malware can be released by anyone in the world, from a disgruntled individual to a political partisan to an enemy nation.
Voters can be disenfranchised by Distributed Denial of Service attacks that clog up the election official’s server so that it becomes essentially impossible for legitimate ballots to get through. Spoofing and phishing attacks involving forged emails that appear official can steal a voter’s credentials or trick the voter into “voting” at a fake website.
Online banking and other online transactions are different from voting. Banks lose millions of dollars annually because of money-stealing malware planted on the customers’ machines. The stolen money is quietly replaced because it is less expensive than building new buildings and hiring new tellers. By contrast, with an Internet voting system, stolen votes cannot be replaced. Because of the secret ballot, there is no mechanism for the voter or election official to ensure that ballots were not hacked in transit and that all the votes are legitimate. This makes online elections especially vulnerable to undetected hacking.
Even if an election breach were detected, the secret ballot makes it impossible to determine which ballots are legitimate and which have been tampered with, thereby making attacks on online voting uncorrectable. While voters must be positively identified to ensure eligibility, the identity of the voter must not be linked to the cast ballot. This is a challenge that has not been solved by any vendor.
Every internet voting system ever subjected to independent expert security review has been found to have fatal security and/or privacy vulnerabilities. There has been only one open public test of an online voting system in Washington, DC in 2010. The system was fully compromised within 36 hours and all the votes changed without detection by the D.C. Board of Elections. Since then, Internet voting vendors have refused to allow their systems to be tested under realistic threat conditions.
Vendor claims can’t be trusted. Vendor security claims are unsubstantiated and in direct contradiction to the best assessments of federal researchers after years of research and analysis.
The losers may not trust the outcome. In Estonia the Centre Party, the second largest political party, has challenged election results, because they do worse with votes cast over the Internet than with paper ballots. Consequently, a portion of the population considers the elected government to be illegitimate, not a healthy situation for a democracy. Adding to the Centre Party’s suspicions, a study by independent experts in 2014 demonstrated that there were significant security problems with the Estonian Internet voting system. The Internet portion of the Estonian elections may be completely on the up and up. The problem is that no one can prove or disprove the legitimacy of the elections, because there is no way to validate the vote count in elections that use electronic ballots.