The popularity of voting online is growing and will be in place for the presidential election in more than 30 states, primarily for voters living overseas or serving in the military.
But security experts and some senior Obama administration officials fear there is not enough protection for any ballots transmitted over the Internet. They are warning states that any kind of online voting is not yet secure and most likely will not be for years to come.
“We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” Neil Jenkins, an official in the Office of Cybersecurity and Communications at the Department of Homeland Security, said at a conference of the Election Verification Network this spring.
Thirty-two states have some form of electronic transmission of ballots over the Internet, compared with no states with online voting in 2000. In Alaska, for example, all voters can submit an absentee elections ballot online from computers in their own homes.
Missouri offers electronic ballots for members of the military who are serving in a “hostile zone” overseas. North Dakota permits overseas citizens or military members deployed overseas to vote online. And in 20 other states and the District of Columbia, certain voters living abroad will be allowed to return their absentee ballots via email or fax in the upcoming presidential election.
Supporters of Internet voting say the advantages are obvious: a more convenient way to vote that is aligned with modern lifestyles. People bank, shop, read the newspaper, make travel plans and stay in touch with friends online. Electronic voting is also seen by supporters as a way to increase turnout in elections.
But while the convenience of casting a ballot online is appealing, the potential benefits do not outweigh the serious security and privacy risks, Jenkins said, adding that his Homeland Security cyber-division “does not recommend the adoption of online voting for elections at any level of government at this time.”
The risks include the manipulation of votes and election results, which might not be detectable before officials are sworn into office, and the loss of privacy and the confidentiality of voting results if they are intercepted or stolen from servers, he said.
Pamela Smith, president of Verified Voting, a nonprofit organization that advocates for legislation and regulation to promote accuracy, transparency and verifiability of elections, said that at first blush, online voting seems like a good idea to many people.
“Sometimes jurisdictions that are adapting something like this spin it as ‘this is very 21st century, this is the modernization of elections,” Smith said. “But it’s one of those cases where tried and true technology actually works best for elections. Paper ballots have many advantages. When something is online, you don’t have that physical record of voter intent.”
Experts say that states will not be able to protect themselves from experienced hackers, including foreign countries who could meddle with a U.S. election. That is one of the reasons that Ron Rivest, an Internet security expert and professor at the Massachusetts Institute of Technology, gives online voting security “a big fat F.”
“The Chinese are very good at getting into everybody’s systems,” Rivest said. “They’ve attacked most of the Fortune 500 companies successfully.”
In Alaska, voters casting their ballots online see a disclaimer from the state Division of Elections: “When returning the ballot through the secure online delivery system, you are voluntarily waving [sic] your right to a secret ballot and are assuming the risk that a faulty transmission may occur.”
J. Alex Halderman, a University of Michigan professor and director of its Center for Computer Security and Society, cites a pilot project six years ago in the District of Columbia where the public was invited to attack a proposed Internet voting system. Halderman led a team that within 48 hours was able to gain nearly complete control of the server and change every vote.
“We don’t have the technology to vote online safely,” said Halderman, who made a video that shows how his hackers were able to even get inside the security cameras and watch the people running the D.C. system. “It will be decades more before Internet voting can be secure.”
Last year, Utah’s lieutenant governor, Spencer J. Cox, R, oversaw a task force that studied whether Utah should implement Internet voting. The task force concluded that despite the advantage of making voting easier and more convenient, Utah should not use online voting yet because of the security risks.
“An election requires legitimacy, accuracy, and ballot privacy,” the Utah report said. “Weak security in any of these areas will attract attention from those whom have malicious intent. Security compromises among large corporations give us an example of potential problems, and while these companies may accept these problems as the cost of doing business, an election cannot.”
Nevertheless, Utah’s Republican Party decided to experiment with online voting this spring when Republicans were able to vote electronically for the first time in the Utah caucuses in March.
But along with the security and privacy concerns of security experts, Utah voters had many technical problems.
Some frustrated voters tried eight or nine times unsuccessfully to get on to the system; others clicked to vote for a candidate but were sent to another website. Some thought they were approved to vote online, but weren’t. Thousands had lost the 30-digit personal identification number required to vote that had been mailed to them, or it had been deleted or caught up in spam.
A month after the election, it became clear that nearly a third of the people who tried to vote online were unable to do so, Smith of Verified Voting said.
But James Evans, the chairman of the Republican Party in Utah who led the effort to allow Utah residents to vote online, has called it a success.
“We are proud to have taken a leading role in election modernization,” Evans said in a statement after the election. “By offering online voting, we expanded the number of options citizens have to participate and made voting as convenient as possible. Technology proved key in engaging citizens and bolstering democracy.”
(c) 2016, The Washington Post · Sari Horwitz