Unresolved technological problems means Internet voting should not yet be deployed to U.S. elections, a Homeland Security Department cybersecurity official told a conference of election officials and watchdogs. “It’s definitely premature to deploy Internet voting in real elections,” said Bruce McConnell, a senior cybersecurity counselor, speaking before the Election Verification Network conference in Santa Fe, N.M. on March 29. “The security infrastructure around Internet voting is both immature and under-resourced,” McConnell told the audience, citing National Institute of Standards and Technology internal reports that summarize technical research on particular subjects. NISTIR 7770 (.pdf), which addresses security considerations of remote electronic voting, states that “achieving a very strict notion of ballot secrecy remains a challenging issue in remote electronic voting systems,’” McConnell noted.
“In Washington, one learns to read sentences like this,” he added, stating that in the nuance-heavy speak of the nation’s capital, “this is actually a strong statement.” The same document also states that “unlike some of the other topic areas described in this document, many of the security challenges associated with identification and authentication of users and voters have commercially-available technical solutions.”
The phrase “unlike some of the other topic areas” implies that challenges in Internet voting other than identification and authentication lack commercially-available solutions, McConnell said. When it comes to end-to-end cryptographic voting techniques, the NISTIR states that they are “are largely still an academic effort.” Again, in a typical Washington fashion, “they’re not drawing the conclusion, but they’re laying the predicate,” McConnell said.
– listen to McConnell’s conference speech (posted online at Common Cause)