Voters cast a minimum of 100,000 ballots using insecure internet methods in the 2016 election, highlighting an overlooked threat to election integrity, according to a report released Wednesday. Thirty-two states permit some voters—primarily overseas military personnel—to return ballots by email, fax or internet, according to “Email and Internet Voting: The Overlooked Threat to Election Security,” a report produced by the Association for Computing Machinery, Common Cause, the National Election Defense Coalition and R Street. “There are two concerns with email voting,” in which ballots and voter identification information are typically attached as a PDF or JPEG. “One—the ballots can be intercepted and undetectably altered or deleted. This hack was performed at DEF CON in August. And it’s something academics have long known,” Susannah Goodman, one of the authors of the report, told Newsweek. “Second—emailed ballots can be easily spoofed in a spear phishing attack designed to put malware on a county election official’s computer.”
Research has detailed the myriad vulnerabilities posed by online voting. Vote counts and election systems can be manipulated through denial-of-service attacks, server penetration and malware, among other methods.
Government officials have noted that online voting poses threats to “voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” and the Pentagon said in 2015 it “does not advocate for the electronic transmission of any voted ballot, whether it be by fax, email or via the Internet.”
States, however, have not generally altered their practices to address cyber security concerns.