On June 19, computer scientists and election experts met with Delaware’s State Election Commissioner Anthony Albence to discuss concerns related to the insecurity of the electronic systems being used for absentee voting. The meeting came a week after the state abruptly halted use of Democracy Live Omniballot, which permitted voters to choose to return their ballots online, among other options.
Originally intended for disabled or overseas voters, under the state emergency order use of the system was expanded to any voter practicing social distancing.
The state ceased using Democracy Live Omniballot shortly after two computer scientists raised the alarm that the system was not only vulnerable to vote manipulation but also receives sensitive personally identifiable information about voters. But Delaware still permitted voters to return absentee ballots electronically, using email or an encryption platform, Egress Switch, from a software company in the United Kingdom.
All internet voting systems and technologies — including email and mobile voting apps — are currently inherently insecure. There is no technical evidence that any internet voting technology is safe or can be made so in the foreseeable future.
Delaware voters who received absentee ballots electronically using the new system printed their ballot and physically marked it, and then could choose to return it by mail (the more secure option), by email or using the encryption platform. The need to physically mark ballots may challenge voters who rely on assistive technology and the return of marked ballots online still poses significant security risks.
At the AAAS EPI Center’s request, the researchers who analyzed the system, Dr. Alex Halderman, a professor of Computer Science and Engineering and director of the Center for Computer Security and Society at the University of Michigan, and Mike Alan Specter, a computer science PhD student in MIT’s Computer Science and Artificial Intelligence Laboratory, spoke with State Election Commissioner Albence. They were joined by Dr. Duncan Buell, a professor in the Department of Computer Science and Engineering at the University of South Carolina and participant in the Election Verification Network, Susan Greenhalgh, Senior Advisor for Election Security with Free Speech For People, and Steve Newell and Michael Fernandez from the AAAS EPI Center. Commissioner Albence’s willingness to change Delaware’s voting systems based on new evidence and meet with experts to discuss more secure solutions is welcome. During the meeting, they urged Commissioner Albence to encourage voters to use the most secure options for returning ballots, postal mail, and adopt more secure, accessible electronic systems for voters with disabilities.
The most secure option for absentee voting is to mail voters pre-printed paper ballots. Only voters who are unable to mark a ballot by hand should use remote electronic ballot marking systems.
For voters with a disability, there are more secure offline remote systems that keep data on the voter’s computer and allow voters to use assistive technology. There are several commercially available systems in which the ballot and vote selection data reside on the voter's computer during the entire marking, ballot rendering and printing process, reducing privacy and security risks. Find more detail on these systems and additional recommendations to limit the risks of electronic blank ballot delivery.
NPR reports that Delaware voters returned more than 2,700 ballots electronically for the rescheduled presidential primary using Democracy Live’s OmniBallot before the system was abandoned. According to the state, those votes will be counted.
Computer scientists Halderman and Specter reverse engineered the client-side portion of Democracy Live’s OmniBallot and found that in addition to being vulnerable to malware and vote manipulation, Democracy Live receives sensitive personally identifiable information— including the voter’s identity, ballot selections, and browser fingerprint. Even when OmniBallot is used to mark ballots that will be printed and returned in the mail, it sends the voter’s identity and ballot choices to Democracy Live, an unnecessary security risk that jeopardizes the secret ballot. They warned, “using OmniBallot for electronic ballot return represents a severe risk to election security and could allow attackers to alter election results without detection.”
As absentee/remote voting expands during the COVID-19 pandemic, election officials and voters should be aware of the best practices to protect the integrity of every vote. At this time, the most secure option for absentee voting is for voters to mark pre-printed paper ballots by hand, if they are able to do so, and return them by postal mail. Only voters who are unable to mark a ballot by hand should use remote electronic ballot marking systems. Election officials should implement more secure accessible voting systems that don’t threaten the privacy and security of disabled voters. Find more information and recommendations to limit the risks of electronic blank ballot delivery.
Election officials are struggling to adapt measures that protect voters’ health as well as the integrity of the election, often without adequate funding. The Stanford-MIT Healthy Elections Project provides a number of tools and best practices to help election administrators amid the COVID-19 pandemic.
Resources
Halderman, J. Alex; Specter, M. A.,Security Analysis of the Democracy Live Online Voting System available at https://internetpolicy.mit.edu/wp-content/uploads/2020/06/OmniBallot-1.pd(2020)
