Being able to cast a ballot from your home computer, like being able to order and buy products and services through online Internet transactions could possibly make voting more convenient but the complexity of the security problems a remote Internet voting system presents an unacceptable risk to election integrity.
The cyber-security vulnerabilities are just part and parcel of the architecture and organization of the Internet and the software and hardware in common use. Major technological changes would need to be implemented. There is practically no possibility that a secure Internet voting system can be designed in the near future. Other less technical, societal issues like equal access by voters to the Internet, Internet voting is definitely a technology whose time has not come and more likely than not, may never come.
Electronic ballots allowing voters to transmit their voted ballot to election officials over the Internet poses a clear and demonstrated threat of criminal electronic attacks on computer software, such as destructive viruses, Trojan Horses and/or Ransomware on both ends of the connection.
Even Internet-based voter registration sites (which already exist) pose significant risks to the integrity of the voting process. Voter registration remains one of the weakest links in the electoral process and is more likely than not to greatly exacerbate the risks we are already exposed to.
To reiterate, Internet voting is vulnerable to cyber-attack and fraud—vulnerabilities inherent in current hardware and software, as well as the basic manner in which the Internet is organized. It is unlikely that these vulnerabilities will be eliminated at any time in the near future.
Even the delivery by e-mail of voted ballots from registered voters are likely to be the most compromised. A plethora of well disguised “phishing” and “smishing” would undoubtedly result in large-scale, selective voter disenfranchisement, privacy violations, vote buying and selling, and vote switching. The likelihood of reversing the outcome of many elections at once could succeed go completely undetected.
One possibility would be to establish the identity of the registrant by transmission of unique biometric (fingerprint or retinal scan) data and an existing voter registration database (which is likely full of errors in the first place) with which to verify the data. The undetected registration of large numbers of fraudulent voters is sure to come into play. Since not every device is equipped with these sensors, that’s a non starter.
Congress directed the Federal Voting Assistance Program (FVAP) office at the U.S. Department of Defense which ended in a devastating report. An Internet and PC-based system would be vulnerable to cyber-attacks including insider attacks, denial of service attacks, spoofing, automated vote buying, viral attacks on voter PCs and so on and so forth.
Cyber-attacks are easily perpetrated. Anyone can easily get access to malicious software kits on the Internet that could be quickly modified and/or used directly to compromise an election. A U.S. general election offers one of the most tempting targets for cyber-attacks in the history of the Internet, whether the attacker’s motive is overtly political or simply a badge of honor amongst other hackers.
The biggest problems facing on-line voting just can’t be fixed. The vulnerabilities literally built into the architecture of the Internet and of the PC hardware and software that currently exists. There needs to be a revolutionary breakthrough with a total redesign and replacement of much of the hardware and software security systems connected to, or residing inside the Internet’s infrastructure. So far, secure Internet voting is just not feasible. Remote electronic absentee voting from personally-owned devices face a deluge of potential attacks on voters’ personal computers, tablets, phones and other internet connected devices. As a result, Congress repealed the directive for an Internet voting demonstration project in the 2015 National Defense Authorization Act. This type of project has never been revived because of the reasons given above.
Online voting would necessarily be much more stringent than those for ecommerce transactions. People have the illusion that ecommerce transactions are safe because merchants and banks don’t hold consumers financially responsible for fraudulent transactions and that they are merely innocent victims of cybercrimes. Businesses generally eat the losses silently, give victims a free credit report and absorb the losses in the not so invisible forms of higher prices, fees, and interest rates.
Businesses know that if consumers had to accept those losses on a personal level most online commerce would collapse. Instead, they routinely hide the losses, keeping the magnitude secret so the public is generally unaware, except in their pocketbooks. It’s a good business strategy but does not affect the direction of government policy like our fundamental right to vote and the future governance of the nation, provided the winners keep their hands out of our pocketbooks.
This article may reflect the commentary of the author.