A push to allow Internet voting in elections is growing stronger along with advances in the underlying technology, but systems are not yet secure enough to use with relative certainty that the vote counts will be accurate, according to a new report. Still, while “no existing system guarantees voter privacy or the correct election outcomes,” election officials could take several steps to significantly improve the security and transparency of Internet voting systems, said the report, commissioned by the U.S. Vote Foundation, an organization that helps U.S. residents vote. Election officials considering Internet voting must embrace an end-to-end verifiable Internet voting system, or E2E-VIV, said the report, released Friday. An E2E-VIV would be difficult to build, but it would allow voters to check that the system recorded their votes correctly, to check that it included their votes in the final tally and to double-check the announced outcome of the election, the report said. An Internet voting system must be transparent, useable and secure, said the report, echoing some recommendations security groups have made about other electronic voting systems. “An Internet voting system must guarantee the integrity of election data and keep voters’ personal information safe,” the report said. “The system must resist large-scale coordinated attacks, both on its own infrastructure and on individual voters’ computers. It must also guarantee vote privacy and allow only eligible voters to vote.”
While Internet voting is not yet ready to be deployed widely, recent advances in technologies such as high-end encryption are making it more feasible in coming years, said Joseph Kiniry, a co-author of the report and research lead for verifiable elections at Galois, an IT security R&D firm.
There’s been a change in attitude from many security researchers in recent years from opposition to any kind of Internet voting to offering suggestions on how to fix what’s wrong with it, Kiniry said. The idea of Internet voting “is becoming more of a reality,” he added. “The real concern of the security community is that this is going to happen whether we like it or not, and therefore we need to be constructive moving forward.”
Just five years ago, the debate about Internet voting was “dominated by classically, appropriately paranoid security professionals saying we shouldn’t go down this path,” Kiniry said.