Skip to main content

Letter to Governors and Secretaries of State on the insecurity of online voting

Letter from AAAS EPI Center and leading experts in cybersecurity and computing

Download the letters (pdf)

April 9, 2020

Dear Governors, Secretaries of State and State Election Directors,

We are writing to share information on the scientific evidence regarding the security of internet voting. Based on scientific evidence, we have serious concerns about the security of voting via the internet or mobile apps.

The COVID-19 pandemic presents an unprecedented challenge to American elections. At this time, internet voting is not a secure solution for voting in the United States, nor will it be in the foreseeable future. Vote manipulation that could be undetected and numerous security vulnerabilities including potential denial of service attacks, malware intrusions, and mass privacy violations, remain possible in internet voting.

We urge you to refrain from allowing the use of any internet voting system and consider expanding access to voting by mail and early voting to better maintain the security, accuracy, and voter protections essential for American elections in the face of an unprecedented public health crisis.

Internet voting is insecure.

Internet voting, which includes email, fax, and web-based voting as well as voting via mobile apps such as Voatz, remains fundamentally insecure. 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 Scientists and security experts express concern regarding a number of potential vulnerabilities facing any internet voting platform, including malware and denial of service attacks; voter authentication; ballot protection and anonymization; and how disputed ballots are handled. Importantly, there is no way to conduct a valid audit of the results due to the lack of a meaningful voter-verified paper record. If a blockchain architecture is used, serious questions arise regarding what content is stored in it, how the blockchain is decrypted for public access, and how votes are ultimately transferred to some type of durable paper record.11  No scientific or technical evidence suggests that any internet voting system could or does address these concerns.

A 2018 consensus study report on election security by the National Academies of Science, Engineering, and Medicine (NASEM), the most definitive and comprehensive report on the scientific evidence behind voting security in the U.S., stated:

“At the present time, the Internet (or any network connected to the Internet) should not be used for the return of marked ballots. Further, Internet voting should not be used in the future until and unless very robust guarantees of security and verifiability are developed and in place, as no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” 5

Federal researchers have also agreed that secure internet voting is not yet feasible.12 The Department of Defense suspended an Internet voting trial after concluding it could not ensure the legitimacy of votes cast over the Internet 13 and the Pentagon has stated it does not endorse the electronic return of voted ballots.14  Although the Department of Homeland Security has not published formal guidance on Internet voting, the Homeland Security cyber-division does not recommend the adoption of online voting for any level of government 14, 15 Unlike most voting systems currently used in the United States, there are no standards for internet voting and no internet voting systems have been certified by the U.S. Election Assistance Commission.

Blockchain systems do not address the fundamental issues with internet voting.

Blockchain-based voting systems introduce additional security vulnerabilities and do not address the fundamental security concerns scientists, election security experts, and government officials have expressed since the advent of internet voting.16  Rather than enhancing security, the 2018 NASEM report described the addition of blockchains to voting systems as “added points of attack for malicious actors.” 5 Experts and researchers have expressed significant concern over the perceived security of blockchain technology,17 more generally, but particularly regarding voting security.18, 19

MIT researchers reported a variety of potential vulnerabilities after examining a portion of Voatz code.20 Researchers easily circumvented Voatz’s malware detection software, demonstrating a potential avenue to exposing the voter’s private information or manipulating their ballot. Voatz’s servers are vulnerable to manipulation “surreptitiously violating user privacy, altering the user’s vote, and controlling the outcome of the election.” Additionally, attackers could intercept a voter’s transmitted ballot prior to receipt by Voatz’s servers and determine how the voter voted because the information transmitted “clearly leaks which candidate was selected.”

Beyond potential ballot manipulation, Voatz potentially exposes a voter’s email, physical address, exact birth date, IP address, driver’s license or passport number, mobile phone number, a current photo of themselves, a short video of themselves, a copy of their written signature, their device’s model and OS version, and preferred language to third parties. As a result, information captured from voters exposes them to serious risk of identity theft, and information from overseas military voters risks potentially providing adversaries with intelligence regarding military deployments, endangering the lives of service members and national security.

An in-depth technical study from a private security group contracted by Voatz confirmed vulnerabilities previously reported by MIT researchers, despite the app developer arguing these vulnerabilities did not exist following the MIT report. 21 In total, the security group’s review highlighted seventy-nine findings with a third of the findings labeled as “high severity.” 22 Importantly, the review “did not even constitute the entire Voatz system, as the code for certain components such as the audit portal were never furnished,” indicating still undiscovered vulnerabilities and a lack of transparency essential for faith in the electoral system. 23

Access to the ballot for all is an essential tenet of American democracy.

At this difficult time, election officials seek to protect citizens’ health and access to the ballot. COVID-19 presents significant barriers to voting. However, internet voting is not a viable solution given the longstanding and critical security issues it presents. Thoughtful implementation of alternative voting methods such as voting by mail and early voting can help support the diverse needs of the electorate, addressing both new concerns relating to COVID-19 and existing disparities in ballot access. 24, 25, 26, 27, 28 Incoming federal funding should help election officials implement alternative systems and offer increased flexibility to confront our ongoing challenges. 29

Two decades of scientific and technical analysis demonstrate that secure internet voting systems are not possible now or in the immediate future. In response to this evidence, we respectfully request that in your roles leading election security in your state, you refrain from allowing the use of any internet or voting app system.

If we can provide additional scientific evidence regarding internet voting or do anything else to be a resource, please let us know. Our organizations and the scientists, engineers, and statisticians we represent stand ready to assist you.

Signed,

Michael D. Fernandez, Founding Director, Center for Scientific Evidence in Public Issues, AAAS

Steve M. Newell, Policy Director, Center for Scientific Evidence in Public Issues, AAAS

James Hendler, Chair, U.S. Technology Policy Committee, Association for Computing Machinery*; Director of the Institute for Data Exploration and Applications, Rensselaer Polytechnic Institute

John Bonifaz, President & Co-Founder, Free Speech for People*

Karen Hobart Flynn, President, Common Cause*

Lawrence Norden, Director, Election Reform Program, Brennan Center for Justice at NYU School of Law

Paul Rosenzweig, Senior Fellow, R St. Institute

Marian K. Schneider, President, Verified Voting

Ellen Zegura, Chair, Computing Research Association*

Steven M. Bellovin, Percy K. and Vida L. W. Hudson Professor of Computer Science, Columbia University

Matthew Blaze, McDevitt Chair of Computer Science and Law, Georgetown University

Vinton Cerf, Internet Pioneer

Deborah Frincke, Fellow, Association for Computing Machinery

Susan Greenhalgh, Senior Advisor on Election Security, Free Speech for People

Bruce W. McConnell, Executive Vice President, EastWest Institute; Former Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security

Ronald L. Rivest, Institute Professor, Massachusetts Institute of Technology

Barbara B. Simons, Board of Advisors, U.S. Election Assistance Commission

Eugene H. Spafford, Professor and Executive Director, Center for Education and Research in Information Assurance and Security, Purdue University

Daniel J. Weitzner, Founding Director, Internet Policy Research Initiative, Massachusetts Institute of Technology

Andrew W. Appel, Professor of Computer Science, Princeton University

Nicole L. Beebe, Director, The Cyber Center for Security & Analytics; Chair, Information Systems & Cyber Security Department, The University of Texas at San Antonio

Matt Bishop, Professor of Computer Science, University of California at Davis

Duncan Buell, NCR Professor of Computer Science and Engineering, University of South Carolina

L. Jean Camp, Director, Center for Security and Privacy in Informatics, Computing, and Engineering; Professor of Informatics & Computer Science, Indiana University

Wm. Arthur Conklin, Professor, Department of Information & Logistics Technology; Director, Center for Information Security Research and Education, University of Houston, College of Technology

Earl Crane, Former White House National Security Council, Director for Federal Cybersecurity Policy; Adjunct Faculty, Carnegie Mellon University

Thomas E. Daniels, Associate Professor of Teaching, Department of Electrical and Computer Engineering, Iowa State University

Brian Dean, Privacy Subcommittee Chair, U.S. Technology Policy Committee, Association for Computing Machinery

Michelle Finneran Dennedy, CEO, DrumWave Inc.

Susan Dzieduszycka-Suinat, President and CEO, U.S. Vote Foundation*

Richard DeMillo, Professor of Computer Science and Executive Director, Center for 21st Century Universities, Georgia Tech

Larry Diamond, Senior Fellow, Hoover Institution and Freeman Spogli Institute, Stanford University

David L. Dill, Donald E. Knuth Professor, Emeritus, School of Engineering, Stanford University

Jeremy Epstein, Vice Chair, U.S. Technology Policy Committee, Association for Computing Machinery

Edward W. Felten, Director, Center for Information Technology Policy, Princeton University

Richard Forno, Senior Lecturer and Director, UMBC Graduate Cybersecurity Program, UMBC

Andrew Grosso, J.D., M.S. Comp. Sci., M.S. Physics, Andrew Grosso Associates

J. Alex Halderman, Director, Center for Computer Security and Society, University of Michigan

Harry Hochheiser, Associate Professor, Department of Biomedical Informatics, University of Pittsburgh

Candice Hoke, Founding Co-Director, Center for Cybersecurity & Privacy Protection, Cleveland State University

David Jefferson, Lawrence Livermore National Laboratory (retired); Board of Directors, Verified Voting

Somesh Jha, Lubar Professor of Computer Sciences, University of Wisconsin, Madison

Douglas W. Jones, Associate Professor of Computer Science, University of Iowa

Joe Kiniry, Principal Scientist, Galois; CEO & Chief Scientist, Free & Fair

James Koppel, Ph.D. Candidate in Programming Languages, Massachusetts Institute of Technology

Susan Landau, Bridge Professor in Cyber Security and Policy, Fletcher School of Law & Diplomacy and School of Engineering, Department of Computer Science, Tufts University

Jeanna Neefe Matthews, Associate Professor, Department of Computer Science, Clarkson University

John L. McCarthy, Lawrence Berkeley National Laboratory (retired); Board of Advisors, Verified Voting

Kelley Misata, CEO and Founder, Sightline Security

David Mussington, Professor of the Practice and Director, Center for Public Policy and Private Enterprise, School of Public Policy, University of Maryland

Ben Ptashnik, President, National Election Defense Coalition*

William Ramirez, Executive Director, ACLU PR/ACLU of Puerto Rico National Chapter*

Patricia Youngblood Reyhan, Distinguished Professor of Law, Albany Law School

Jill D. Rhodes, Former Senior Executive, Office of the Director of National Intelligence (IC CIO); 2019 Chicago Chief Information Security Officer of the Year (AITP); Member, American Bar Association Cybersecurity Task Force

Mark Ritchie, Former Minnesota Secretary of State

John E. Savage, An Wang Professor Emeritus of Computer Science, Brown University

O. Sami Saydjari, CEO, Cyber Defense Agency, Inc.

Bruce Schneier, Lecturer and Fellow, Harvard Kennedy School

John Sebes, Co-Director and Chief Technology Officer, OSET Institute

Kevin Skoglund, President and Chief Technologist, Citizens for Better Elections*

Michael A. Specter, Ph.D. Candidate in Electrical Engineering and Computer Science, Massachusetts Institute of Technology

Dan S. Wallach, Professor of Computer Science, Rice University

Mark Weatherford, Managing Partner, Aspen Chartered; Former Deputy Under Secretary for Cybersecurity, Department of Homeland Security; Former Chief Information Security Officer, The State of California

Daniel M. Zimmerman, Principal Researcher, Galois

 

The following individuals were added after April 9, 2020:

Hon. Jeff Bleich, United States Ambassador (retired)

Leslie J. Calman

Joseph Lorenzo Hall, Senior Vice President, Strong Internet at Internet Society

Juan E. Gilbert, Andrew Banks Family Preeminence Endowed Professor & Chair, Computer & Information Science & Engineering Department, Herbert Wertheim College of Engineering, University of Florida

Rachel Goodman, Counsel, Protect Democracy*

Martin E. Hellman, Professor Emeritus of Electrical Engineering, Stanford University; Member, US National Academy of Engineering; Board of Advisors, Verified Voting

John P. Linderman, AAAS Member

Peter Luykx, Professor Emeritus, University of Miami; AAAS Member

James Neal, AAAS Member

Sean Peisert, Staff Scientist, Lawrence Berkeley National Laboratory; Associate Adjunct Professor of Computer Science, University of California, Davis

Bruce Perens, Co-Founder of the Open Source movement in Software

Anthony A. Shaffer, President, London Center for Policy Research

Raymond R. White

John W. Whitehead, President, Rutherford Institute

Denton Wyse, Case Medical School

 

*Signing on behalf of organization

 

Sign the Letter

If you are interested in adding your signature to the above letter, please contact the AAAS EPI Center at epicenter@aaas.org

References

1. Greenhalgh, S.; Goodman, S.; Rosenzweig, P.; Epstein, J. with support from ACM Technology Policy Committee, National Election Defense Coalition, Common Cause and R Street Institute, Joint Report on Email and Internet Voting: the Overlooked Threat to Election Security (October 10, 2018). Available at https://www.acm.org/binaries/content/assets/public-policy/jtreportemailinternetvoting.pdf

2. Brandt, L. & Cheney, D., Internet Voting is no "Magic Ballot," Distinguished Committee Reports, Available at https://www.nsf.gov/od/lpa/news/press/01/pr0118.htm (2001).

3. U. S. Vote Foundation, The Future of Voting: End-to-End Verifiable Internet Voting, Available at https://www.usvotefoundation.org/e2e-viv/(2015).

4. Verified Voting, Computer Technologists’ Statement on Internet Voting, Available at https://www.verifiedvoting.org/wp-content/uploads/2012/09/InternetVotingStatement.pdf (2008).

5. National Academies of Sciences, Engineering, and Medicine, Securing the Vote: Protecting American Democracy, September 2018, The National Academies Press, https://doi.org/10.17226/25120.

6. California Secretary of State Bill Jones, Internet Voting Task Force, A Report on the Feasibility of Internet Voting, 2000.

7. Internet Policy Institute , Report of the National Workshop on Internet Voting Security, 2001.

8. Jefferson, D.; Rubin, A.; Simons, B.; Wagner, D., Analyzing Internet Voting Security. Communications of the ACM 47 (10) (2004).

9. Commission on Federal Election Reform, Building Confidence in U. S. Elections, 2005.

10. Simons, B.; Jones, D. W. , Internet Voting in the U.S. Communications of the ACM 55 (10) (2012). https://cacm.acm.org/magazines/2012/10/155536-internet-voting-in-the-u-s/fulltext

11. Jefferson, D.; Buell, D.; Skoglund, K.; Kiniry, J.; Greenbaum, J., What We Don’t Know About the Voatz “Blockchain” Internet Voting System, Available at https://cse.sc.edu/~buell/blockchain-papers/documents/WhatWeDontKnowAbouttheVoatz_Blockchain_.pdf (2019).

12. NIST Activities on UOCAVA Voting, Available at https://www.nist.gov/itl/voting/nist-activities-uocava-voting.

13. Garamone, J., Pentagon Decides Against Internet Voting this Year, Available at https://archive.defense.gov/news/newsarticle.aspx?id=27362 (2004).

14. Gordon, G., As States Warm to Online Voting, Experts Warn of Trouble Ahead, Available at http://www.mc-clatchydc.com/news/politics-government/election/article24783181.html. (2015).

15. Horwitz, S., More than 30 states offer online voting, but experts warn it isn’t secure, Available at https://www.washingtonpost.com/news/post-nation/wp/2016/05/17/more-than-30-states-offer-online-voting-but-experts-warn-it-isnt-secure/ (2016).

16. Park, S.; Specter, M.; Narula, N.; Rivest, R. L., Going from Bad to Worse: From Internet Voting to Blockchain Voting, Available at https://people.csail.mit.edu/rivest/pubs/PSNR20.pdf (2020).

17. Alexandre, A., MIT Professor Asserts Blockchain Technology is Not as Secure as Claimed, Available at https://cointelegraph.com/news/mit-professor-claims-blockchain-technology-is-not-as-secure-as-claimed (2019).

18. Alexandre, A., MIT Professor: Blockchain is Good on Its Own, but Not Good for Voting, Available at https://cointelegraph.com/news/mit-professor-blockchain-is-good-on-its-own-but-not-good-for-voting (2020).

19. Juels, A.; Eyal, I.; Naor, O., Blockchain Won't Fix Internet Voting Security – And Could Make It Worse, Available at https://www.govtech.com/security/Blockchain-Wont-Fix-Internet-Voting-Security--And-Could-Make-It-Worse.html (2018).

20. Specter, M. A.; Koppel, J.; Weitnzer, D. , The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections, Available at https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf (2020).

21. Trail of Bits, Available at https://www.trailofbits.com/about/ (2020).

22. Edwards, S.; Smith, J.P.; Guido, D.; Sultanik, E., Voatz, Security Assessment I of II: Technical Findings, Available at https://github.com/trailofbits/publications/blob/master/reviews/voatz-securityreview.pdf (2020).

23. Trail of Bits, Our Full Report on the Voatz Mobile Voting Platform, Available at https://blog.trailofbits.com/2020/03/13/our-full-report-on-the-voatz-mobile-voting-platform/(2020).

24. Misra, J., Voter Turnout Rates Among All Voting Age and Major Racial and Ethnic Groups Were Higher Than in 2014, Available at https://www.census.gov/library/stories/2019/04/behind-2018-united-states-midterm-election-turnout.html (2019).

25. Rutgers School of Management and Labor Relations, Report: Voter Turnout Surges Among People with Disabilities, Available at https://smlr.rutgers.edu/news/voter-turnout-surges-among-people-disabilities (2019).

26. Weiser, W. R.; Feldman, M., How to Protect the 2020 Vote from the Coronavirus, Available at https://www.brennancenter.org/our-work/policy-solutions/how-protect-2020-vote-coronavirus (2020).

27. National Task Force on Election Crises, COVID-19 Election Guide, Available at https://static1.squarespace.com/static/5e70e52c7c72720ed714313f/t/5e7ba6fc6ec60c0341aa7d2d/1585161982796/COVID-19+Election+Guide+-+FINAL+Draft+3_25_20+%281%29.pdf (2020).

28. Stewart, C., Will Expanded Early Voting Help with Social Distancing? Maybe Not, Available at https://electionupdates.caltech.edu/2020/03/25/will-expanded-early-voting-help-with-social-distancing-maybe-not/ (2020).

29. Miller, M., Senate includes $400M for mail-in voting in coronavirus spending deal, Available at https://thehill.com/policy/cybersecurity/489435-senate-includes-400-million-for-mail-in-voting-in-coronavirus-spending (2020).

 

Office of Communications | Center for Scientific Evidence in Public Issues
AAAS News

Riley Memorial Lecture: Managing Agricultural Landscapes for Pest Control and Biodiversity

Office of Communications | Center for Scientific Evidence in Public Issues
AAAS News

Webinar Series Examines Potential of Green Infrastructure

Center for Scientific Evidence in Public Issues
AAAS News

Mobile Voting is Not the Answer to Low Turnout and Disenfranchisement

Center for Scientific Evidence in Public Issues
AAAS News

AAAS EPI Center letter to IL committee regarding mobile voting

Center for Scientific Evidence in Public Issues
AAAS News

AAAS EPI Center letter to DC councilmembers regarding mobile voting

Office of Communications | Center for Scientific Evidence in Public Issues
AAAS News

Anticipating New Regulation, Oil and Gas Industry Revisits Methane Emissions

Center for Scientific Evidence in Public Issues
AAAS News

AAAS EPI Center letter to Colorado legislators regarding internet voting

Center for Scientific Evidence in Public Issues
AAAS News

AAAS EPI Center Hosts Briefing on Safely Managing Orphaned Oil and Gas Wells

Center for Scientific Evidence in Public Issues
AAAS News

AAAS EPI Center written testimony to Hawaii legislators regarding electronic ballot return

Center for Scientific Evidence in Public Issues | Office of Science, Policy and Society Programs
AAAS News

AAAS EPI Center letter to Utah legislators regarding mobile voting