Despite Security Concerns, Online Voting Advances
erra Muncy has been voting for nearly four decades, but never like she did in last year’s presidential primary: sitting on her front porch, tablet in hand, tapping through the candidates on her screen.
Muncy, 57, who uses a wheelchair, was the first West Virginian with a disability to cast a ballot electronically. State residents who serve in the military or live overseas have been able to use this voting method since 2018.
At traditional polling places, Muncy said, the lines can be confusing, the building crowded and the machines set up above her reach—forcing her to strain her arms and making it difficult for her to shield her screen from onlookers.
“It was super simple,” she said of using her tablet instead. “This gave me an option to have my vote be private.”
West Virginia Secretary of State Mac Warner, a Republican, is excited that his state now offers internet-based voting as an option for people such as Muncy. In November’s election, nearly 1,600 residents cast their ballot electronically—roughly 270 voters with disabilities and 1,300 military and overseas voters.
“For those people who have been disenfranchised through no fault of their own, if we can extend electronic voting capabilities to them, I think we owe it to them to do so,” Warner told Stateline. Warner, who struggled to vote while serving in Afghanistan, knows this firsthand.
West Virginia is one of nine states where at least some jurisdictions have allowed certain voters to cast their ballots electronically, either through their home computers or through a mobile app. Mostly, election officials have opened this method of voting to residents living abroad, serving in the military or who have a disability.
The premise of online voting—receiving and returning a ballot using a device connected to the internet—is simple, and it is likely to become more popular as technology improves and some election officials seek innovative ways to expand access to the ballot. But an almost unified chorus of election security experts say the setup is ripe for ruin because of threats from malicious hackers.
“There is no level at which internet voting is entirely safe,” said Mark Lindeman, interim co-director of Verified Voting, an election security organization that advocates for voting systems that have a paper trail. “It’s just not ready yet and we don’t know how to get there.”
Facing Security Threats
This past year showed that unexpected events can upend traditional, in-person voting. The rush to mail-in voting during the pandemic also exposed the challenges that voting by mail poses for certain residents, including those with disabilities who may not be able to independently fill out and mail a paper ballot.
But election security experts say electronic voting poses significant risks. Personal devices such as smartphones and laptops are often littered with malware. A ballot could be tampered with on the voter’s device, on its way to a server or on the server of the election authority. Hostile foreign countries or other organized groups could surreptitiously change votes before they’re counted.
The threat from malicious foreign actors was recently highlighted in the Russian hack of U.S. government and corporate systems in the widespread SolarWinds attack.
Most election security experts prefer paper ballots or ballot-marking devices that have a paper trail, which allow state and local election officials to back up their results. Some online voting methods allow both the voter and the election official to print out a receipt that shows the vote was transferred. But that’s not good enough for security experts, who point out that the vote could have been corrupted in transfer.
“There’s not much that we can do to be able to detect that a problem has occurred,” said J. Alex Halderman, director of the Center for Computer Security and Society at the University of Michigan. He co-authored an analysis last year that found there is a “severe risk” to using Seattle-based voting technology company Democracy Live’s online voting platform.
Bryan Finney, founder and president of Democracy Live, was disappointed with the study because the authors of the analysis did not engage with his company before publishing the paper, he said.
Nothing can top the security of a paper ballot locked on a shelf in a warehouse, said Dan Wallach, a computer science professor at Rice University in Houston. Although programmers are getting better at building software, he said, “It’s really, really hard to build software of moderate complexity.”
Plus, Halderman said, if the 2020 elections showed anything, it’s that voters want proof that the results are right, especially if they don’t trust the officials running the election. A paper trail in Georgia helped election officials audit the results of the presidential election after former President Donald Trump and his allies tried to sow doubt in Joe Biden’s victory.
Modern, scalable web services depend on storing information in the cloud, run by major tech companies. Democracy Live uses Amazon Web Services—a cloud also used by the U.S. Department of Defense. But having election results stored by a major corporation such as Amazon “would be such fodder for conspiracy theories,” Halderman said.
Some security experts understand the desire of entrepreneurs and election officials to use new voting methods to reach voters who may be disenfranchised by in-person or mail-in voting. But the security risk might be too great, they say.
“I think that because people want so badly to do right by their voters, it’s creditable to believe the vendors when they say this time they’ve solved the problems,” Verified Voting’s Lindeman said. “With internet voting, it may not be apparent how terrible it works until it’s too late.”
Computer scientists laid out many of these criticisms last year, expressing fears that amid the pandemic, election officials would rush to a more accessible but potentially more dangerous method of voting.
A report from Massachusetts Institute of Technology in February claimed Voatz, a Boston-based mobile voting application used in elections in four states, had security vulnerabilities. In April, a group made up mostly of academics signed a letter from the American Association for the Advancement of Science urging state leaders not to use internet voting.
In May, four federal agencies sent a report to state officials recommending paper ballots. In June, another MIT report, the one co-authored by Halderman, criticized the security of OmniBallot, an electronic voting system produced by Democracy Live.