The challenge of developing electronic voting systems is not only security but also protecting the secrecy of the ballot, a bedrock principle of free and fair elections. Currently there is “no known technology that can guarantee the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” 1
Online voting presents numerous vulnerabilities and is fundamentally insecure. There is potential for unobserved vote manipulation as well additional security vulnerabilities including potential denial of service attacks, malware intrusions, and privacy concerns. Online voting does not produce a paper trail for auditing.
Blockchain-based voting, which relies on a decentralized, distributed digital ledger, has not been proven to be secure and is vulnerable to many of the security flaws inherent in internet voting, such as the potential for malware to alter votes on a voter’s local device before the ballot is transmitted and the lack of secret ballots.
Multiple ongoing DARPA projects aim to develop secure hardware focused on developing hardware resistant to software- based attack through novel CPU designs 2, 3. Future systems based on secure hardware could provide additional security, but the technology is still in early development.
End-to-end verifiable election software relies on cryptography to encrypt and protect votes while allowing voters to see their vote was properly recorded, that the vote was correctly tabulated, and that the final vote count matches the cast votes. End-to-end verifiable software can be integrated into existing election systems to enhance the security of voting infrastructure 4. Recent open-source software packages including end-to-end verifiability systems, such as Microsoft’s software development kit ElectionGuard, could increase security if implemented in future elections.
1. National Academies of Science, Engineering, and Medicine, Securing the Vote: Protecting American Democracy (The National Academies Press, 2018)
2. "Hacker Community to Take on DARPA Hardware Defenses at DEF CON 2019," DARPA, 2019. Available online at: https://www.darpa.mil/news-events/2019-08-01
3. "System Security Integrated Through Hardware and Firmware (SSITH) Proposers Day," DARPA, 2017. Available online at: https://www.darpa.mil/news-events/ssith-proposers-day
4. Appel, Andrew, "End-to-End Verifiable Elections," Freedom to Tinker, 2018. Available online at: https://freedom-to-tinker.com/2018/11/05/end-to-end-verifiable-elections/