Online banking, ecommerce, e-filing taxes. Moving print documents and in-person services online–even those full of sensitive information–has been an inexorable trend for decades. And voting has moved in that direction too, in 32 U.S. states and several countries, starting in those simpler times of the 1990s and early 2000s.
That was a giant security blunder, according to a new report from tech and election experts that urges a return to good old paper ballots.
“This is a position consistently that computer scientists have been saying for a decade, and computer scientists are the ones who you think would be the most favorable to the idea [of online voting] because, we invent the things.” So says Jeremy Epstein, vice chair of the U.S. Technology Policy Council at the ACM, billed as the largest association of computing experts.
He co-authored the report, which has the dry but ominous title, “Email and Internet Voting: The Overlooked Threat to Election Security,” together with experts from Common Cause Education Fund, the National Election Defense Coalition, and the R Street Institute.
It counted about 100,000 online ballots cast in 2016, based on reports from county election offices. But the real number could be much higher: Sixteen states with online voting, including Massachusetts and New Jersey, didn’t send in any reports. “It appears that, in some cases, it could be that there are enough votes being cast online that they could flip elections if they were manipulated,” says Epstein.
A chain of horrors
The common practice of emailing ballots is like breakdancing in a minefield of security threats. Hackers can intercept the data on its way to polling authorities, says the study, changing votes in a way that no one can trace. Or malware, some form of which is on up to a third of all computers, can surreptitiously alter what voters type in. It can also plant yet more malware in the PDF or JPEG files that voters email in.
This could lead to the ultimate nightmare scenario. An election worker clicks on an infected attachment, which spreads malware across the network at a county or state election office. It then infects the configuration files that are loaded, via memory cards, onto all voting machines and scanners for every election. Even if those machines aren’t online, the bug still gets in. “Without fanfare, one email has swung an election,” says the study.
Even short of such a meltdown, just tampering with the relatively small number of online votes could be enough to flip the polls in the close races that are becoming more common around the world, says Liz Howard, counsel for the Democracy Program at NYU’s Brennan Center for Justice. She agrees that online voting can’t be made safe with today’s technology.
Howard has firsthand knowledge of the subject, given her experience serving as deputy commissioner for the Virginia Department of Elections from 2014 to 2018. Four years ago, well before the election meddling of 2016, the state put out a study concluding that beefing up Virginia’s online voting security would cost $1 million to set up and another $1 million to run each year, adding 20 to 25 percent onto the state’s annual election budget. “And I don’t know whether or not that program that we were suggesting would satisfy today’s cybersecurity experts,” says Howard.
Going back to paper
Virginia ultimately decided to abandon online voting altogether–despite having a large number of residents serving in the military. The federal government originally pushed for online voting to help service members stationed far from home cast ballots, and they are still the main group using those services in the U.S. But even many states with online voting are trying to cut back. “Historically Alaska was the most at risk,” says Epstein, since anyone could cast an absentee ballot online. The lieutenant governor recently pulled back from that, says Epstein.
“Some states have taken proactive steps to further limit the population that qualifies for online voting or have restricted or prohibited it completely,” says Howard. That runs parallel to ditching the once voguish direct-recording electronic voting machines, where people tap a screen rather than feeding hand-marked paper ballots into a scanner. Like online ballots, these machines have no paper trail that auditors can double-check. (Five states–Delaware, Georgia, Louisiana, New Jersey, and South Carolina–will still be using such machines in this election.)
The return to paper is happening in other countries, too. In 2017, France dropped its plans to let citizens living abroad vote online for legislative elections.
“Everyone who has tried, with the exception of Estonia, has subsequently backed away,” says Epstein, “because they’ve seen the risks and they’ve seen how bad the software was… and therefore the problems they got into.”
The Baltic nation’s system is tied to the Estonian ID card, a state-issued smart card for secure online authentication and encryption. “That somewhat reduces the risk, compared to the U.S.,” says Epstein, who notes that studies have still found plenty of risks. “So it’s not as bad as what people are looking at here, but it’s still really, really bad.”
And no other technologies will completely close the security gap, according to the report. “Blockchain is no magic bullet,” it says. The trendy encrypted ledger technology could help, by making it harder to change votes once they have been cast. But it wouldn’t stop spyware on people’s computers from manipulating the votes before they get written to the ledger, nor would it help with the fraught process of verifying that the person casting the vote is who they say they are.
Similar weaknesses exist for end-to-end encryption between voters and election authorities. And it’s hard to tell if you’re even getting it. “One of the challenges we’re seeing is the vendors are seeking to be buzzword-compliant by claiming the use of some of these technologies when they’re really not,” says Epstein.
It wouldn’t matter if they were telling the truth, according to Howard. “No cybersecurity expert that I’m aware of was willing to endorse any sort of platform or tool as secure for online voting,” she says.