Tens of thousands of military and overseas Americans casting ballots online this fall face a high risk of being hacked, threatening to cause chaos around Election Day if their votes get manipulated or they transmit viruses to state and local election offices. More than 30 states — including battlegrounds such as Colorado, Florida, Iowa, Nevada and North Carolina — allow various methods of online voting for citizens living outside the U.S. While state officials insist their ballots will be counted without any serious problems, ample warnings are nonetheless being sounded from the left, right and even inside the federal government that internet votes can’t be securely transmitted in today’s everything-is-hackable environment. “It’s not something you would do with your Social Security number. You shouldn’t do it with your ballot,” warned Susannah Goodman, director of voting integrity at Common Cause. It’s a point of pride for many states that Americans abroad and overseas troops can even cast a ballot online using the latest in technology, giving these voters a say on their next commander in chief even if they’re stationed in a remote or even hostile location, like Afghanistan or Iraq.
“We’ll take military votes however they are able to get them to us,” Arizona Secretary of State Michele Reagan, a Republican, said in an interview. But that kind of patriotic goodwill masks a potent political problem: Even though these online voters represent a small slice of the overall electorate, any challenges to their ballots’ validity could spark an explosive controversy in an election darkened by accusations of meddling by Russian hackers and evidence-free claims of mass voter fraud.
… Among the warnings: Voters may be inadvertently returning a ballot laden with malware, such as spyware, that expose its privacy and make it susceptible to manipulation in transit. Internet voting also can leave the state and local government networks susceptible to hard-to-detect cyberattacks once election officials in the U.S. open up the ballot via email or click on what looks like a seemingly legitimate document.
“How much training have you gotten over the course of your career: Don’t click because of malware or a virus. Now you have someone sitting in the most sensitive office in the city or county government clicking on every friggin’ attachment,” said Jeremy Epstein, a senior computer scientist at the nonprofit research center SRI International and an expert on voting mechanics. “It’s just so tempting to send malware to one of these addresses,” Epstein added. “If someone is targeting the election office, this is the way to do it.”