If, like a growing number of people, you’re willing to trust the Internet to safeguard your finances, shepherd your love life, and maybe even steer your car, being able to cast your vote online might seem like a logical, perhaps overdue, step. No more taking time out of your workday to travel to a polling place only to stand in a long line. Instead, as easily as hailing a ride, you could pull out your phone, cast your vote, and go along with your day. Sounds great, right? Absolutely not, says Stanford computer science professor David Dill. In fact, online voting is such a dangerous idea that computer scientists and security experts are nearly unanimous in opposition to it. Dill first got involved in the debate around electronic voting in 2003, when he organized a group of computer scientists to voice concerns over the risks associated with the touchscreen voting machines that many districts considered implementing after the 2000 election. Since then, paperless touchscreen voting machines have all but died out, partly as a result of public awareness campaigns by the Verified Voting Foundation, which Dill founded to help safeguard local, state, and federal elections. But a new front has opened around the prospect of Internet voting, as evidenced by recent ballot initiatives proposed in California and other efforts to push toward online voting. Here, Dill discusses the risks of Internet voting, the challenge of educating an increasingly tech-comfortable public, and why paper is still the best way to cast a vote.
Computers are very complicated things and there’s no way with any reasonable amount of resources that you can guarantee that the software and hardware are bug-free and that they haven’t been maliciously attacked. The problems are growing in complexity faster than the methods to keep up with them. From that perspective, looking at a system that relies on the perfectibility of computers is a really bad idea.
Compared with touchscreen voting machines, the opportunity for attacks on the Internet is much broader. Suppose masses of emails get sent out to naive users saying the voting website has been changed and, after you submit your ballot and your credentials to the fake website, it helpfully votes for you, but changes some of the votes. You also have bots where millions of individual machines are controlled by a single person who uses them to send out spam. There is a program just sleeping on there waiting for somebody to come in and use it. Think about the consequences of that when it’s time for an election. People would vote on their personal computers, not knowing that they were handing the ballot to a potential hostile middleman who could change the vote. And neither the voters nor election officials would see anything suspicious. Because of the secret ballot, there is no way for the voter to check that the ballot transmitted to the elections office is the one they filled out on their computer.