Connecticut lawmakers are considering legislation to allow military voters to cast ballots over the Internet. The intention of this legislation is well-meaning — Connecticut does need to improve the voting process for military voters — but Internet voting is not the answer. Every day, headlines reveal just how vulnerable and insecure any online network really is, and how sophisticated, tenacious and skilled today’s attackers are. Just last week, we learned that the U.S. has already experienced our first-ever documented attack on an election system, when a grand jury report revealed that someone hacked into the Miami-Dade primary elections system in August 2012. A chilling account in The Washington Post recently reported that most government entities in Washington, including congressional offices, federal agencies, government contractors, embassies, news organizations, think tanks and law firms, have been penetrated by Chinese hackers. They join a long list that includes the CIA, FBI, Department of Defense, Bank of America, and on and on. These organizations have huge cybersecurity budgets and the most robust security tools available, and they have been unable to prevent hacking. Contrary to popular belief, online voting systems would not be any more secure.
Not surprisingly, a senior cybersecurity official with the Department of Homeland Security warned election officials last year that online voting is premature and not advisable at this time. The National Institute of Standards and Technology (the federal body tasked with researching Internet voting) issued a statement shortly after, warning that secure Internet voting is not feasible with the tools currently available. Because the agency determined that Internet voting cannot be done securely, it has not developed testing or certification standards for systems.
So why are state lawmakers considering online voting for the military?
First, there is a mistaken perception that because we can shop and bank online, we should be able to vote online securely. But shopping or banking online are far from secure. Banks and online merchants lose billions every year to online fraud. They factor this into the cost of doing business.
There is, however, no acceptable level of vote fraud or manipulation. Moreover, elections have unique properties that are unlike banking or e-commerce. In a financial transaction, both parties can check each online transaction by reviewing a statement or receipt. But we vote by a secret ballot. Neither the voter nor the election official can verify that a ballot has been received the same way it was sent. This makes online voting especially susceptible to undetected hacking.