Skip to main content

Internet or Online Voting Remains Insecure

Experts agree that ballots should not be transmitted over the internet

There is currently “no known technology that can guarantee the secrecy, security, and verifiability of a marked ballot transmitted over the Internet,” according to the National Academies of Sciences, Engineering, and Medicine 2018 report, Securing the Vote: Protecting American Democracy1

Scientists and security experts have documented a number of potential vulnerabilities facing any internet voting platform, including malware and denial of service attacks; voter authentication; ballot protection and anonymization; and how disputed ballots are handled. An additional concern with online or internet voting is the lack of a meaningful voter-verified paper record to conduct a valid audit of the results. Voting apps and online voting also threaten the secrecy of ballots and the anonymity of voters, bedrock principles of our democracy. Online voting is simply not secure, nor will it be in the foreseeable future. 1, 2, 3, 4, 5, 6, 7, 8, 9, 10

Counties in several states, including West Virginia, Utah and Colorado conducted pilots of the online voting app Voatz as a means for overseas voters, including military personnel, to vote in their home state. Some states announced they intend to use a tool from Democracy Live in 2020. But the risks of online voting are well documented by computer scientists. Over two decades of research have detailed the challenges inherent in creating a secure, secret and verifiable system for voting.3, 7

In May 2020, the FBI, Election Assistance Commission, National Institute of Standards and Technology, and Department of Homeland Security's Cybersecurity and Infrastructure Security Agency warned states that the return of marked ballots online was "high risk." The threat assessment of electronic ballot delivery, marking and return addresses online voting technologies such as Voatz and Democracy Live.

A 2015 report by the U.S. Vote Foundation warned that no current Internet voting system is sufficiently secure and reliable for use in public elections.4 In 2018, a joint report from the National Election Defense Coalition, R Street Institute, Association for Computing Machinery US Technology Policy Committee, and Common Cause provided additional cautionary warnings against the validity and security of online voting, citing many of the concerns as the earlier reports. 2

Federal evaluations of internet voting echo concerns voiced by the National Academies and other experts. The U.S. Senate Select Committee on Intelligence, chaired by Sen. Richard Burr (R-NC) stated, “States should resist pushes for online voting.”11 The United States Cyberspace Solarium Commission, established by law in 2019 to "develop a consensus on a strategic approach to defending the United States in cyberspace against cyberattacks of significant consequences,” recommended that federal agencies responsible for election security should ensure “that our electoral systems retain a verifiable, auditable paper trail and paper-based balloting backbone.” Currently, no internet voting systems would meet these criteria.


“States should resist pushes for online voting.”

Report of the Select Committee on Intelligence, United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election, Volume 1: Russian Efforts Against Election Infrastructure with Additional Views


Federal researchers agree that secure internet voting is not yet feasible.12 The Department of Defense suspended an Internet voting trial after concluding it could not ensure the legitimacy of votes cast over the Internet 13 and the Pentagon has stated it does not endorse the electronic return of voted ballots.14 Although the Department of Homeland Security has not published formal guidance on Internet voting, the Homeland Security cyber-division does not recommend the adoption of online voting for any level of government.14, 15

Blockchain-based voting systems introduce additional security vulnerabilities and fail to address the fundamental security concerns scientists, election security experts, and government officials have expressed since the advent of internet voting.16, 17

Earlier this year, MIT researchers reported a variety of potential vulnerabilities after examining a portion of Voatz code, an app that was piloted in several states in 2019.18 An in-depth technical study from a private security group contracted by Voatz confirmed the vulnerabilities reported by MIT researchers. 19

Information captured from voters exposes them to serious risk of identity theft, and information from overseas military voters risks potentially providing adversaries with intelligence regarding military deployments, endangering the lives of service members and national security. 16

Any system that transmits marked ballots electronically, including Democracy Live’s OmniBallot, a remote voting system currently used in some states, is inherently vulnerable.

In June of 2020 researchers reverse engineered the client-side portion of OmniBallot and reported that in addition to being vulnerable to vote manipulation, it receives personal information — including the voter’s identity, ballot selections, and browser fingerprint. Even when used to mark ballots to be printed and returned by mail, the software sends the voter’s identity and ballot choices to Democracy Live, an unnecessary security risk that jeopardizes the secret ballot.20

All internet voting systems and technologies — including email and mobile voting apps — are currently inherently insecure. There is no technical evidence that any internet voting technology is safe or can be made so in the foreseeable future; all research to date demonstrates the opposite.

On April 9, 2020, more than 60 scientists and election experts signed a letter to governors, secretaries of state and state election directors urging them to refrain from allowing the use of any internet voting system.

References

1. National Academies of Sciences, Engineering, and Medicine, Securing the Vote: Protecting American Democracy, September 2018, The National Academies Press, https://doi.org/10.17226/25120

2. Greenhalgh, S.; Goodman, S.; Rosenzweig, P.; Epstein, J. with support from ACM Technology Policy Committee, National Election Defense Coalition, Common Cause and R Street Institute, Joint Report on Email and Internet Voting: the Overlooked Threat to Election Security(October 10, 2018). Available at https://www.acm.org/binaries/content/assets/public-policy/jtreportemailinternetvoting.pdf

3. Brandt, L. & Cheney, D., Internet Voting is no "Magic Ballot," Distinguished Committee Reports, Available at https://www.nsf.gov/od/lpa/news/press/01/pr0118.htm (2001)

4. U. S. Vote Foundation, The Future of Voting: End-to-End Verifiable Internet Voting, Available at https://www.usvotefoundation.org/e2e-viv/ (2015)

5. Verified Voting, Computer Technologists’ Statement on Internet Voting, Available at https://www.verifiedvoting.org/wp-content/uploads/2012/09/InternetVotingStatement.pdf (2008)

6. California Secretary of State Bill Jones, Internet Voting Task Force, A Report on the Feasibility of Internet Voting, 2000. https://elections.cdn.sos.ca.gov/ivote/final_report.pdf

7. Internet Policy Institute, Report of the National Workshop on Internet Voting Security, 2001. https://dl.acm.org/doi/pdf/10.5555/1123075.1123096

8. Jefferson, D.; Rubin, A.; Simons, B.; Wagner, D., Analyzing Internet Voting Security. Communications of the ACM 47 (10) (2004). https://dl.acm.org/doi/10.1145/1022594.1022624

9. Commission on Federal Election Reform, Building Confidence in U. S. Elections, 2005. https://www.legislationline.org/download/id/1472/file/3b50795b2d0374cbef5c29766256.pdf

10. Simons, B.; Jones, D. W., Internet Voting in the U.S. Communications of the ACM 55 (10) (2012). https://cacm.acm.org/magazines/2012/10/155536-internet-voting-in-the-u-s/fulltext

11. Report of the Select Committee on Intelligence, United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election, Volume 1: Russian Efforts Against Election Infrastructure with Additional Views, 2019, Available at https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf

12. NIST Activities on UOCAVA Voting, Available at https://www.nist.gov/itl/voting/nist-activities-uocava-voting

13. Garamone, J., Pentagon Decides Against Internet Voting this Year, Available at https://archive.defense.gov/news/newsarticle.aspx?id=27362 (2004)

14. Gordon, G., As States Warm to Online Voting, Experts Warn of Trouble Ahead, Available at http://www.mc-clatchydc.com/news/politics-government/election/article24783181.html (2015)

15. Horwitz, S., More than 30 states offer online voting, but experts warn it isn’t secure, Available at https://www.washingtonpost.com/news/post-nation/wp/2016/05/17/more-than-30-states-offer-online-voting-but-experts-warn-it-isnt-secure/ (2016)

16. Park, S.; Specter, M.; Narula, N.; Rivest, R. L., Going from Bad to Worse: From Internet Voting to Blockchain Voting, Available at https://people.csail.mit.edu/rivest/pubs/PSNR20.pdf (2020)

17. Jefferson, D.; Buell, D.; Skoglund, K.; Kiniry, J.; Greenbaum, J., What We Don’t Know About the Voatz “Blockchain” Internet Voting System, Available at https://cse.sc.edu/~buell/blockchain-papers/documents/WhatWeDontKnowAbouttheVoatz_Blockchain_.pdf (2019)

18. Specter, M. A.; Koppel, J.; Weitnzer, D., The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections, Available at https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf (2020)

19. Trail of Bits, Available at https://www.trailofbits.com/about/ (2020)

20. Halderman, J. Alex; Specter, M. A., Security Analysis of the Democracy Live Online Voting System available at https://internetpolicy.mit.edu/wp-content/uploads/2020/06/OmniBallot-1.pdf (2020)

 

Office of Public Programs | Center for Scientific Evidence in Public Issues
AAAS News

Internet Voting Remains Insecure, Says AAAS EPI Center

Office of Public Programs | Center for Scientific Evidence in Public Issues
AAAS News

Green Stormwater Infrastructure Helps Curb Effects of Climate Change in Cities

Center for Scientific Evidence in Public Issues
AAAS News

Deploying Data-Driven Green Stormwater Infrastructure Programs

Center for Scientific Evidence in Public Issues
AAAS News

EPI Center letter to members of the Ohio House of Representatives regarding internet voting

Center for Scientific Evidence in Public Issues
AAAS News

Video: The Risks of Internet Voting in the Puerto Rico Electoral Code of 2020

Office of Public Programs | Center for Scientific Evidence in Public Issues
AAAS News

Summit Briefs Policy-makers on Drinking Water Safety

Office of Public Programs | Center for Scientific Evidence in Public Issues | COVID-19 Resources
AAAS News

Top State Officials Urged to Bar Security-Flawed Internet Voting Platforms

Center for Scientific Evidence in Public Issues | COVID-19 Resources
AAAS News

Scientific Experts Call on Elected Officials to Avoid Any Internet Voting

Center for Scientific Evidence in Public Issues
AAAS News

Bringing Scientific Evidence to Meet Local Policy Challenges, a Town Hall at the AAAS Annual Meeting