This Is Why We Still Can’t Vote Online
Cybersecurity experts are generally on the same page that online voting is asking for trouble.
Image: Galois Video/Vimeo
Online voting sounds like a dream: the 64 percent of citizens who own smartphones and the 84 percent of American adults with access to the internet would simply have to pull out their devices to cast a ballot. And Estonia—a northern European country bordering the Baltic Sea and the Gulf of Finland—has been voting online since 2005.
But ask cybersecurity experts and they'll tell you it's really a nightmare.
We are nowhere close to having an online voting system that is as secure as it needs to be. Ron Rivest, a professor at MIT with a background in computer security and a board member of Verified Voting, said it is a "naive expectation" to even think online voting is on the horizon.
One of the most compelling arguments made in favor for online voting is that it could potentially increase voter turnout. Which is a problem in the US: In 2012, 61.6 percent of those eligible to vote turned out to cast a ballot as opposed to the 58.2 percent that came out in 2008—a 3.4 percentage point decrease. According to the Pew Research Center, the American voter turnout in 2012 was low in comparison to elections in other nations, too.
"Voting is too important to put online."
But Rivest said there's no "hard evidence" to prove that making the process more accessible via the Internet will result in increased voter turnout. And even if one were to accept the unverified assumption that online voting would boost the number of people who vote, a larger dilemma still exists.
"Everyday you read about new break-ins and disclosures of information and the vulnerability of our information infrastructure," Rivest said. "It makes it clear that it's just a place we shouldn't want to go to. Voting is too important to put online—we don't have the tools to make it secure yet. Someday we may, but it's not in the near term."
In 2010, the District of Columbia's Board of Elections & Ethics conducted a pilot project where they built an Internet voting system for overseas and military voters in effort to expedite the absentee voting process. The system was simple: voters would log in, receive a ballot, print the ballot, cast their vote, and upload their ballot to the Internet. In the weeks prior to the general election, a public trial was held to see if the system could be infiltrated.
J. Alex Halderman, professor of computer science and engineering at the University of Michigan, welcomed the opportunity to try to legally break into government software with his students. Within 36 hours, they found a tiny error that gave them full control of the system.
"The flaw that we exploited was just such a small error—in tens of thousands of lines of computer source code, in one specific line the programmer had used double quotation marks instead of single quotation marks and that was enough to let us remotely change all the votes," said Halderman.
Read more: How Secure Is Estonia's E-Voting System?
To have a bit of fun, Halderman and his students did not alert officials of the their finding. Instead, they made modifications so that the University of Michigan fight song would play after a vote was cast. It took officials two days to realize there had been a hack, which spotlights yet another concerning element of online voting: a system could be hacked and, without a calling card like a university theme song, officials could be none the wiser.
While the notion of being hacked makes online voting fragile, voter awareness (or lack thereof) regarding technological vulnerabilities is an added liability. Sometimes sophisticated malware is undetectable but sometimes it has telltale signs. According to Vyas Sekar, a professor of electrical and computer engineering at Carnegie Mellon University's CyLab, "part of the problem is creating the awareness and usability around [online voting]." Until users know how to spot compromised interface, the system is vulnerable to outside intervention.
"There have been a lot of studies showing that users are not very good at using these indicators of when a site is secure and when a site is not sure. It's very easy to fool somebody," Sekar said. "We need to figure out what is the best way to educate and create awareness for users—and what are the right kind indicators that lets people know when things are secure and not secure."
Until users know how to spot compromised interface, the system is vulnerable to outside intervention.
And then there are logistical issues. Rivest made the case that a good election system should not only produce an accurate result, but also have evidence to prove the outcome was correct. "It's easy with computers to get the right results; it's hard with computers to provide credible evidence that those are the right results," he said.
Voter confidentiality and voter authenticity are two other security obstacles, pointed out Sekar. For the voter, there needs to be a system where no data links a given vote back to the voter. And for officials, an online voting process must have a way to authenticate the identity of the voter to ensure it is not an impersonation or a bot. The combination of these issues is what makes online voting "a particularly difficult kind of security problem," according to Halderman.
"That dual requirement is what makes it more difficult than things we do online everyday like banking and e-commerce," he said.
To even conceive a future where Americans can vote online, the many quandaries—protecting voter privacy, confirming voter authenticity, and guaranteeing an accurate and verifiable result—need a resolution, and strides need to be made in online security.
"My take is it's going to probably be decades before we've made enough progress on just fundamental computer security problems before we can offer the same security with online voting that we expect today from paper ballots in a polling place," Halderman said.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.