Cybersecurity experts and leading computer organizations reached out to the nation’s governors and secretaries of state on Thursday urging them to exclude use of internet voting platforms and mobile app systems that scientific evidence has verified carry vulnerabilities, security dangers and threaten voting integrity in the United States.
The evidence outlined in a letter sent to the leaders in all 50 states and Puerto Rico was signed by leading computer and security scientists and institutions. It urged leaders to exclude use of such technologies until internet voting systems and apps are proven secure and able to ensure the validity of votes cast over the internet or by mobile phones.
“We urge you to refrain from allowing the use of any internet voting system and consider expanding access to voting by mail and early voting to better maintain the security, accuracy, and voter protections essential for American elections in the face of an unprecedented public health crisis,” stated the letter prepared by the American Association for the Advancement of Science’s Center for Scientific Evidence in Public Issues, also known as the EPI Center. “Internet voting is insecure.”
In outlining the technology’s deficiencies, the letter underscored the challenges that the COVID-19 pandemic already is creating to ensure upcoming local, state and federal elections will be fair and timely.
“At this difficult time, election officials seek to protect citizens’ health and access to the ballot. COVID-19 presents significant barriers to voting,” said the letter. “However, internet voting is not a viable solution given the longstanding and critical security issues it presents.”
The letter highlighted alternative systems such as voting by mail and early voting programs as able to support the diverse needs of the electorate by helping to address concerns relating to COVID-19 and existing disparities in ballot access.
In walking through problems associated with internet voting systems and mobile voting apps such as Voatz, scientists and security experts cited “malware and denial of service attacks; voter authentication; ballot protection and anonymization; and how disputed ballots are handled,” adding that “Importantly, there is no way to conduct a valid audit of the results due to the lack of a meaningful voter-verified paper record.”
The letter also pointed to blockchain, the technology behind Bitcoin, as equally problematic, saying it raises “serious questions regarding what content is stored in it, how the blockchain is decrypted for public access, and how votes are ultimately transferred to some type of durable paper record.”
Beyond recent research findings, the letter draws from two decades of research and science-based analysis done by scientists, the U.S. Election Assistance Commission; U.S. Department of Defense; National Institute of Standards and Technology; U.S. Cyberspace Solarium Commission; and the National Academies of Science, Engineering, and Medicine, NASEM.
In 2018, NASEM conducted a comprehensive report on the scientific evidence behind internet voting security and found it wanting, the letter said.
“At the present time, the internet (or any network connected to the internet) should not be used for the return of marked ballots,” stated the letter in quoting from the NASEM report’s reference to ballots cast by overseas members of the military that could reveal sensitive information about troop placements. “Further, internet voting should not be used in the future until and unless very robust guarantees of security and verifiability are developed and in place, as no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the internet.”
The EPI Center’s launch of the security and technology initiative in May 2019 grew out of policy debates about election security and was accompanied by the scientific evidence and recommendations NASEM’s research study outlined in calling for efforts to secure American elections before the 2020 election season.
Over six months the EPI Center provided more than 825 election officials in 772 counties in 10 states locally relevant election security evidence, mindful that decisions about election equipment are largely made at the county level, said Kathryn McGrath, communications director of the EPI Center.
“Most local election officials want to do the best job possible for their constituents, but they don’t always have the time to read a National Academies report,” said Steve M. Newell, project director of the EPI Center’s voting security initiative.
“Part of our work has been to fill this gap, ensure local officials are aware of the evidence behind the voting systems they’re using or considering, expand increasing awareness of more statistically-sound auditing methods, and provide access to unbiased scientific experts who can provide technical guidance,” he added.
Newell pointed to unity among scientists and election security experts that “internet voting is not a secure or viable voting method,” adding that such levels of agreement on a normally divisive topic are not only unusual but also “are shared by an incredibly large group.”
Beyond such consensus, the letter notes that federal researchers also agree that “secure internet voting is not yet feasible,” adding that “No scientific or technical evidence suggests that any internet voting system could or does address these concerns.”
[Associated image: GPA Photo Archive/Flickr CC BY-NC 2.0]