Internet or Online Voting Remains Insecure

Download the factsheet, Online Voting Threatens the Security of Elections (PDF), to learn more.

There is currently “no known technology that can guarantee the secrecy, security, and verifiability of a marked ballot transmitted over the Internet,” according to the National Academies of Sciences, Engineering, and Medicine 2018 report, Securing the Vote: Protecting American Democracy. ¹

Scientists and security experts have documented a number of potential vulnerabilities facing any internet voting platform, including malware and denial of service attacks; voter authentication; ballot protection and anonymization; and how disputed ballots are handled. The lack of a meaningful voter-verified paper record means there is not way to conduct a valid audit of the results. Voting apps and online voting also threaten the secrecy of ballots and the anonymity of voters, bedrock principles of our democracy. Online voting is simply not secure, nor will it be in the foreseeable future. ^{1, 2, 3, 4, 5, 6, 7, 8, 9, 10}

Counties in several states, including West Virginia, Utah and Colorado conducted pilots of the online voting app Voatz as a means for overseas voters, including military personnel, to vote in their home state. Some states announced they intend to use a tool from Democracy Live in 2020. But the risks of online voting are well documented by computer scientists. Over two decades of research have detailed the challenges inherent in creating a secure, secret and verifiable system for voting.^{3, 7}

In May 2020, the FBI, Election Assistance Commission, National Institute of Standards and Technology, and Department of Homeland Security's Cybersecurity and Infrastructure Security Agency warned states that the return of marked ballots online was "high risk." The threat assessment of electronic ballot delivery, marking and return addresses online voting technologies such as Voatz and Democracy Live.

A 2015 report by the U.S. Vote Foundation warned that no current Internet voting system is sufficiently secure and reliable for use in public elections.⁴ In 2018, a joint report from the National Election Defense Coalition, R Street Institute, Association for Computing Machinery US Technology Policy Committee, and Common Cause provided additional cautionary warnings against the validity and security of online voting, citing many of the concerns as the earlier reports. ²

Federal evaluations of internet voting echo concerns voiced by the National Academies and other experts. The U.S. Senate Select Committee on Intelligence, chaired by Sen. Richard Burr (R-NC) stated, “States should resist pushes for online voting.”¹¹ The United States Cyberspace Solarium Commission, established by law in 2019 to "develop a consensus on a strategic approach to defending the United States in cyberspace against cyberattacks of significant consequences,” recommended that federal agencies responsible for election security should ensure “that our electoral systems retain a verifiable, auditable paper trail and paper-based balloting backbone.” Currently, no internet voting systems would meet these criteria.

“States should resist pushes for online voting.”

Report of the Select Committee on Intelligence, United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election, Volume 1: Russian Efforts Against Election Infrastructure with Additional Views

Federal researchers agree that secure internet voting is not yet feasible.¹² The Department of Defense suspended an Internet voting trial after concluding it could not ensure the legitimacy of votes cast over the Internet ¹³ and the Pentagon has stated it does not endorse the electronic return of voted ballots.¹⁴ Although the Department of Homeland Security has not published formal guidance on Internet voting, the Homeland Security cyber-division does not recommend the adoption of online voting for any level of government.^{14, 15}

Blockchain-based voting systems introduce additional security vulnerabilities and fail to address the fundamental security concerns scientists, election security experts, and government officials have expressed since the advent of internet voting.^{16, 17} Internet and blockchain-based voting increase the risk of undetectable, national-scale election failures.¹⁶

In 2020, MIT researchers reported a variety of potential vulnerabilities after examining a portion of Voatz code, an app that was piloted in several states in 2019.¹⁸ An in-depth technical study from a private security group contracted by Voatz confirmed the vulnerabilities reported by MIT researchers. ¹⁹

Information captured from voters exposes them to serious risk of identity theft, and information from overseas military voters risks potentially providing adversaries with intelligence regarding military deployments, endangering the lives of service members and national security. ¹⁶

Any system that transmits marked ballots electronically, including Voatz and Democracy Live’s OmniBallot, is inherently vulnerable.

In June of 2020 researchers reverse engineered the client-side portion of OmniBallot and reported that in addition to being vulnerable to vote manipulation, it receives personal information — including the voter’s identity, ballot selections, and browser fingerprint. Even when used to mark ballots to be printed and returned by mail, the software sends the voter’s identity and ballot choices to Democracy Live, an unnecessary security risk that jeopardizes the secret ballot.²⁰

All internet voting systems and technologies — including email and mobile voting apps — are currently inherently insecure. There is no technical evidence that any internet voting technology is safe or can be made so in the foreseeable future; all research to date demonstrates the opposite.

On April 9, 2020, more than 60 scientists and election experts signed a letter to governors, secretaries of state and state election directors urging them to refrain from allowing the use of any internet voting system.

Last updated March 10, 2021

References

1. National Academies of Sciences, Engineering, and Medicine, Securing the Vote: Protecting American Democracy, September 2018, The National Academies Press, https://doi.org/10.17226/25120

2. Greenhalgh, S.; Goodman, S.; Rosenzweig, P.; Epstein, J. with support from ACM Technology Policy Committee, National Election Defense Coalition, Common Cause and R Street Institute, Joint Report on Email and Internet Voting: the Overlooked Threat to Election Security(October 10, 2018). Available at https://www.acm.org/binaries/content/assets/public-policy/jtreportemailinternetvoting.pdf

3. Brandt, L. & Cheney, D., Internet Voting is no "Magic Ballot," Distinguished Committee Reports, Available at https://www.nsf.gov/od/lpa/news/press/01/pr0118.htm (2001)

4. U. S. Vote Foundation, The Future of Voting: End-to-End Verifiable Internet Voting, Available at https://www.usvotefoundation.org/e2e-viv/ (2015)

5. Verified Voting, Computer Technologists’ Statement on Internet Voting, Available at https://www.verifiedvoting.org/wp-content/uploads/2012/09/InternetVotingStatement.pdf (2008)

6. California Secretary of State Bill Jones, Internet Voting Task Force, A Report on the Feasibility of Internet Voting, 2000. https://elections.cdn.sos.ca.gov/ivote/final_report.pdf

7. Internet Policy Institute, Report of the National Workshop on Internet Voting Security, 2001. https://dl.acm.org/doi/pdf/10.5555/1123075.1123096

8. Jefferson, D.; Rubin, A.; Simons, B.; Wagner, D., Analyzing Internet Voting Security. Communications of the ACM 47 (10) (2004). https://dl.acm.org/doi/10.1145/1022594.1022624

9. Commission on Federal Election Reform, Building Confidence in U. S. Elections, 2005. https://www.legislationline.org/download/id/1472/file/3b50795b2d0374cbef5c29766256.pdf

10. Simons, B.; Jones, D. W., Internet Voting in the U.S. Communications of the ACM 55 (10) (2012). https://cacm.acm.org/magazines/2012/10/155536-internet-voting-in-the-u-s/fulltext

11. Report of the Select Committee on Intelligence, United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election, Volume 1: Russian Efforts Against Election Infrastructure with Additional Views, 2019, Available at https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf

12. NIST Activities on UOCAVA Voting, Available at https://www.nist.gov/itl/voting/nist-activities-uocava-voting

13. Garamone, J., Pentagon Decides Against Internet Voting this Year, Available at https://archive.defense.gov/news/newsarticle.aspx?id=27362 (2004)

14. Gordon, G., As States Warm to Online Voting, Experts Warn of Trouble Ahead, Available at http://www.mc-clatchydc.com/news/politics-government/election/article24783181.html (2015)

15. Horwitz, S., More than 30 states offer online voting, but experts warn it isn’t secure, Available at https://www.washingtonpost.com/news/post-nation/wp/2016/05/17/more-than-30-states-offer-online-voting-but-experts-warn-it-isnt-secure/ (2016)

16. Park, S.; Specter, M.; Narula, N.; Rivest, R. L., Going from Bad to Worse: From Internet Voting to Blockchain Voting, Available at https://academic.oup.com/cybersecurity/article/7/1/tyaa025/6137886 (2021)

17. Jefferson, D.; Buell, D.; Skoglund, K.; Kiniry, J.; Greenbaum, J., What We Don’t Know About the Voatz “Blockchain” Internet Voting System, Available at https://cse.sc.edu/~buell/blockchain-papers/documents/WhatWeDontKnowAbouttheVoatz_Blockchain_.pdf (2019)

18. Specter, M. A.; Koppel, J.; Weitnzer, D., The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections, Available at https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf (2020)

19. Trail of Bits, Available at https://www.trailofbits.com/about/ (2020)

20. Halderman, J. Alex; Specter, M. A., Security Analysis of the Democracy Live Online Voting System available at https://internetpolicy.mit.edu/wp-content/uploads/2020/06/OmniBallot-1.pdf (2020)