Designing and implementing a reliable and accountable online voting system is extremely complicated because of a wide range of security flaws, inaccurate authentication measures, and a lack of publicly reviewed standards, experts have concluded.
In a report commissioned by the U.S. Vote Foundation, an organization that provides absentee ballot and voter-registration services, researchers noted that “every publicly audited, commercial Internet voting system to date is fundamentally insecure.”
“Until researchers adequately address these challenges, Internet voting systems should not be used in public elections.”
The research team, comprised of computer-science experts from more than half a dozen American universities, concluded that for any online election system to be viable, it must be “end-to-end verifiable.” The end-to-end verification system, or E2E, would enable users to ensure that their votes have been correctly recorded and included in the final tally. For the sake of transparency, the researchers said, the process must also let voters “check for themselves that the election result is correct and the election was conducted properly.”
It remains unclear, however, whether it is currently possible to meet the rigorous standards set forth in the report.
For instance, there are additional problems that cannot be solved by simply implementing a reliable end-to-end verification system. Experts note that an online voting system may still be vulnerable to denial-of-service attacks that aim to disrupt large numbers of voters.
A system that is correct, secure, and usable is still not useful to voters if it is unavailable during an election. Many government websites are unreliable, especially during a distributed denial-of-service (DDoS) attack or just after a security breach.
Many companies whose businesses depend on having highly available and secure websites have effectively solved this problem. Companies like Amazon, Google, and Facebook have uptimes comparable to those necessary to run a public election, even if threatened by DDoS attacks.
The necessary network, server, and security infrastructure—and the consequent cost—to fulfill the availability demands of these companies and their customers is significant. The cost is so significant that every government that has attempted to build a facility dedicated to running Internet elections has spent many millions of dollars per election.
The widespread use of malware is also a major concern. “A compromised computer may corrupt the voting phase: even if the voter receives an unaltered ballot, malware may change the way the ballot is displayed or the way the vote is recorded before casting the ballot,” the report said.
Another hurdle to implementing an online election system is authenticating voters. As the researchers observed, the system must be able to positively identify the voter in a way that is impossible to counterfeit.
“Unfortunately, [authentication] is a very difficult and complex problem that remains unresolved (in the U.S. at least) for the foreseeable future,” the report said.
As the integrity of the vote is a matter of national security, common authentication methods such as passwords or email confirmations would not suffice.
“Almost every month we hear of huge data breaches at commercial or government institutions that have already allowed vast amounts of personal information on tens of millions of people to fall into the hands of criminals or foreign powers,” the report noted. “Thus, any authentication mechanisms based on merely presenting personal information (name, address, account number, driver’s license or social security number, mother’s maiden name, etc.) [are] hopelessly compromised already, and way too weak for use in an election.”
Moreover, the report’s authors said, the research community must figure out how to setup an online voting system that average voters can understand. “Most voters are not system administration experts,” the report said. Experts must also determine how to avoid new forms of voter fraud that may arise in the context of online elections.
“While some of these issues can be addressed by current technologies, further research is necessary to determine if all of these concerns can be adequately addressed, ” the report concluded. “Until researchers adequately address these challenges, Internet voting systems should not be used in public elections.”
Illustration by Max Fleishman