There is currently “no known technology that can guarantee the secrecy, security, and verifiability of a marked ballot transmitted over the Internet,” according to the National Academies of Sciences, Engineering, and Medicine 2018 report, Securing the Vote: Protecting American Democracy. 1
Scientists and security experts have documented a number of potential vulnerabilities facing any internet voting platform, including malware and denial of service attacks; voter authentication; ballot protection and anonymization; and how disputed ballots are handled. An additional concern with online or internet voting is the lack of a meaningful voter-verified paper record to conduct a valid audit of the results. Voting apps and online voting also threaten the secrecy of ballots and the anonymity of voters, bedrock principles of our democracy. Online voting is simply not secure, nor will it be in the foreseeable future. 1, 2, 3, 4, 5, 6, 7, 8, 9, 10
Counties in several states, including West Virginia, Utah and Colorado conducted pilots of the online voting app Voatz as a means for overseas voters, including military personnel, to vote in their home state. Some states announced they intend to use a tool from Democracy Live in 2020. But the risks of online voting are well documented by computer scientists. Over two decades of research have detailed the challenges inherent in creating a secure, secret and verifiable system for voting.3, 7
In May 2020, the FBI, Election Assistance Commission, National Institute of Standards and Technology, and Department of Homeland Security's Cybersecurity and Infrastructure Security Agency warned states that the return of marked ballots online was "high risk." The threat assessment of electronic ballot delivery, marking and return addresses online voting technologies such as Voatz and Democracy Live.
A 2015 report by the U.S. Vote Foundation warned that no current Internet voting system is sufficiently secure and reliable for use in public elections.4 In 2018, a joint report from the National Election Defense Coalition, R Street Institute, Association for Computing Machinery US Technology Policy Committee, and Common Cause provided additional cautionary warnings against the validity and security of online voting, citing many of the concerns as the earlier reports. 2
Federal evaluations of internet voting echo concerns voiced by the National Academies and other experts. The U.S. Senate Select Committee on Intelligence, chaired by Sen. Richard Burr (R-NC) stated, “States should resist pushes for online voting.”11 The United States Cyberspace Solarium Commission, established by law in 2019 to "develop a consensus on a strategic approach to defending the United States in cyberspace against cyberattacks of significant consequences,” recommended that federal agencies responsible for election security should ensure “that our electoral systems retain a verifiable, auditable paper trail and paper-based balloting backbone.” Currently, no internet voting systems would meet these criteria.
“States should resist pushes for online voting.”
Report of the Select Committee on Intelligence, United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election, Volume 1: Russian Efforts Against Election Infrastructure with Additional Views
Federal researchers agree that secure internet voting is not yet feasible.12 The Department of Defense suspended an Internet voting trial after concluding it could not ensure the legitimacy of votes cast over the Internet 13 and the Pentagon has stated it does not endorse the electronic return of voted ballots.14 Although the Department of Homeland Security has not published formal guidance on Internet voting, the Homeland Security cyber-division does not recommend the adoption of online voting for any level of government.14, 15
Blockchain-based voting systems introduce additional security vulnerabilities and fail to address the fundamental security concerns scientists, election security experts, and government officials have expressed since the advent of internet voting.16, 17
Earlier this year, MIT researchers reported a variety of potential vulnerabilities after examining a portion of Voatz code, an app that was piloted in several states in 2019.18 An in-depth technical study from a private security group contracted by Voatz confirmed the vulnerabilities reported by MIT researchers. 19
Information captured from voters exposes them to serious risk of identity theft, and information from overseas military voters risks potentially providing adversaries with intelligence regarding military deployments, endangering the lives of service members and national security. 16
Any system that transmits marked ballots electronically, including Democracy Live’s OmniBallot, a remote voting system currently used in some states, is inherently vulnerable.
In June of 2020 researchers reverse engineered the client-side portion of OmniBallot and reported that in addition to being vulnerable to vote manipulation, it receives personal information — including the voter’s identity, ballot selections, and browser fingerprint. Even when used to mark ballots to be printed and returned by mail, the software sends the voter’s identity and ballot choices to Democracy Live, an unnecessary security risk that jeopardizes the secret ballot.20
All internet voting systems and technologies — including email and mobile voting apps — are currently inherently insecure. There is no technical evidence that any internet voting technology is safe or can be made so in the foreseeable future; all research to date demonstrates the opposite.
On April 9, 2020, more than 60 scientists and election experts signed a letter to governors, secretaries of state and state election directors urging them to refrain from allowing the use of any internet voting system.