In order to address threats from malware, spyware, ransomware, mirror sites, and DoS attacks, the ideal system’s design would be so complex that it would likely erase the benefits.
By Rick Paulas
During the 2012 American presidential election, 129 million people cast ballots, while 106 million eligible voters neglected to do so. That’s only a 54.9 percent conversion rate, not to mention the 51 million voters who weren’t registered. Meanwhile, in 2015, there were almost 172 million Americans making purchases online. Those are apples and oranges, admittedly, but the ease with which the shopping occurs only helps its proliferation.
If the ultimate goal is maximizing the country’s voting turnout, shouldn’t we develop an Internet voting system? Voting from a computer at home could be far easier than waiting in long lines at polling stations or filling out mail-in forms.
But can it ever happen?
“For as far into the future as I can see, the answer is no,” says David Jefferson, a computer scientist in the Center for Applied Scientific Computing at Lawrence Livermore National Laboratory. In May 2015, Jefferson examined the possibility of Internet voting in a paper called “Intractable Security Risks of Internet Voting.” For anyone who has ever owned a personal computer, the first problem is obvious: malware.
“Unless we were to re-design the Internet from the ground up, there’s not likely to be a solution to these problems.”
“We’re not even remotely close to guaranteeing that there’s no malware on your computer,” Jefferson says. The malware can do whatever task it’s programmed to accomplish, from erasing votes cast to changing them. And they can do these things without leaving any trace. “The malware might erase itself a half second later, and so there might be no evidence. And that’s one of half a dozen of problems.”
There are also the standard risks that come with any online activity. Denial-of-service attacks can shut down the voting system by overloading it. Mirror sites can trick voters into thinking their votes have been submitted, when really the information travels nowhere. Potential ransomware attacks can steal and encrypt votes, to be sold to the highest bidder. “Imagine the crisis if somebody encrypted the votes and said [to the government], ‘For one million, I’ll give you the key,’” Jefferson says. “Who would pay?”
Other scenarios are more insidious. A person using spyware can see who someone has voted for, allowing for scenarios that secret ballot attempts to solve: a person being outed for an unpopular vote, or punished for not voting a certain way. It might also increase the likelihood of selling votes: Spyware would allow an outside party to verify that a seller followed through, a prerequisite for any smart buyer.
“The only way to avoid bribery and/or coercion with remote voting is to have complicated voting and registration processes that allow voters to vote multiple times or use different passwords for true and bogus votes,” writes Poorvi Vora, a professor of computer science at George Washington University, in an email. That means developing a system so complex and secure it takes away a lot of what makes the prospect of online voting appealing.
“Unless we were to re-design the Internet from the ground up, there’s not likely to be a solution to these problems,” Jefferson says.
The United States has attempted online voting before. In 2000, Arizona used it in the Democratic primary through the private website election.com. And while the stakes were relatively low (the amount of people voting in the primary was far below that of the general election), the system was still under heavy coercion from outside forces. “There was definitely an external attack on that system,” Jefferson says. This year, Utah gave it a whirl during the Republican primary, and while the effectiveness of that trial is still being weighed, the system involved a 30-digit PIN number that many voters did not receive in time to vote.
Yet the country of Estonia has somehow, supposedly, already figured it out. The small country has been offering its 1.3 million citizens the ability to vote on the Internet since 2005; more than 30 percent of the country’s votes are cast online. How can a relatively small country with a gross domestic product one-fifth the size of the state of California do something America can’t? Because the Estonian system isn’t that great.
In 2014, an independent team from Michigan took a look at the Estonian voting procedures and found plenty of issues. The system uses home computers that are trusted not to be infected by malware. Vote counting is done on servers, hidden away from outside scrutiny, unlike the physical counting of ballots. “There are protections in place to make sure the servers aren’t compromised,” says J. Alex Halderman, an assistant professor of computer science and engineering at the University of Michigan who worked on the report. “But if they are, they can output any vote totals they want.”
“The only way to avoid bribery and/or coercion with remote voting is to have complicated voting and registration processes that allow voters to vote multiple times or use different passwords for true and bogus votes.”
In fact, the lessons from the Estonia system may simply be how good the old system is at preventing fraud. Sure, there are stories every election of votes being lost or miscast, and voter disenfranchisement and district re-jiggering are real problems that deserve scrutiny. But those problems are relatively out in the open, where they can be examined and corrected, and not hidden in the ones and zeroes of the digital world.
“There are advantages of old technology,” Halderman says. “If you make things less efficient to count, you are making fraud less efficient. Voting on paper has inconveniences and its share of flaws, but the problem with online voting is a single attacker who finds a single flaw.”
Halderman knows from experience. In the 2010 general election, Washington, D.C., piloted an Internet voting system. It was unique in that the officials urged the public to hack into the system as a way to test vulnerabilities and, perhaps, provide the public with proof of concept. Halderman and his team took them up on it. “Forty-eight hours after they started, we’d hacked in and changed all the votes from here in Michigan,” he says.
Right now, things aren’t looking good for Internet voting. But everything advances; technology adapts. At some point in the future, maybe even soon, the security flaws of online voting might be solved, right?
“I’m not sure we’re going to be able to get there, to be honest with you,” Halderman says. “In security, it comes down to the cat and mouse game. And the attackers are getting better as fast, if not faster, than the defenders.”