Security researchers pretty much uniformly agree that letting people vote online is a very bad idea, one that is fraught with risks and vulnerabilities that could have unknowable consequences for the future of democracy. This week, the Utah GOP is going to give it a whirl anyway. On Tuesday, registered Republicans in Utah who want to participate in their state’s caucus will have the option to either head to a polling station and cast a vote in person or log onto a new website and choose their candidate online. To make this happen, the Utah GOP paid more than $80,000 to the London-based company Smartmatic, which manages electronic voting systems and internet voting systems in 25 countries and will run the Utah GOP caucus system. Smartmatic’s system allows people to register to vote online. Then they receive a unique PIN code to their mobile phones or emails, which they use to vote on election day. Once the vote has been cast, the system generates a unique code, which voters can use to look themselves up on a public-facing bulletin board. Each code will match up to the name of a candidate, so people can check that their votes have been properly recorded. As of Monday morning, 59,000 Utah Republicans had registered to vote online. The new online process was spearheaded by Utah GOP chairman James Evans, who was looking for ways to make the caucus process more convenient and accessible for voters. That stands to reason, given the fact that voter participation in Utah has been in decline in recent years. Evans says he was aware of the potential security risks, but in a call with WIRED last week, he dismissed many of these oft-cited vulnerabilities as “far-fetched” and said that as a private political party, the Utah GOP isn’t held to the same security standards as the government. “We are a private political organization, so we can choose the acceptable level of risk that we choose,” he said, “and we will not be compared to a government-run election.” That idea alone should give anyone who cares about the integrity of this country’s elections pause. Just because a political party accepts a certain level of risk when it comes to online voting, should we?
While the Utah GOP may be the latest to experiment in Internet-based elections, it’s far from the first group to do so. These elections have been tried in Alaska and Washington DC, as well as in countries around the world, from Australia to Estonia to Canada. Every time, researchers have detected substantial vulnerabilities in the systems that ran them. Similar attempts by the Department of Defense to create a central portal for military members to vote online have been shot down for the same reasons. As Poorvi Vora, a computer science professor specializing in voting technology at George Washington University, put it: “It’s a particularly bad idea. It’s a near unanimous opinion.”
… It’s not just potential attacks that make this such a controversial idea. There’s also the fact that online voting opens people up to all sorts of privacy breaches. There’s a reason polling booths are built for one person at a time. If it’s possible to vote with someone else looking over your shoulder or if you can prove how you voted by showing someone your receipt, then what’s to stop people from bribing or coercing each other to vote a certain way? Online voting bursts that can of worms wide open. “For things like elections, there’s so much involved that on both sides, there could be people who want to rig an election,” says Vora.
When asked about this possibility, Evans said, “That doesn’t make any sense. You’re saying that in my house, I elect to vote online, and you came into my house and forced me?”
Of course, that answer ignores the fact that vote-buying is already a very real phenomenon, which takes place in one-to-one deals in elections across the country. Online, where everyone receives a receipt, these schemes could become much larger in scale and much easier to enforce, Vora says, adding that even the existence of these questions could lead to massive amounts of doubt and voter backlash in the event that an election doesn’t go the way it was expected to. “Then folks start questioning if something went wrong, then nobody knows what happened,” she says. “Everything just breaks down.” Rubin agrees: “It’s not healthy to have a system where the losers aren’t going to be willing to accept the results.”
But of all of the risks associated with online voting, however, perhaps the biggest one is simply the fact that it requires handing control over to a single, private corporation. It’s an issue that arises not just online, but with in-person electronic voting machines that are manufactured by a small number of vendors. “You’ve got a vendor who has all the keys to the kingdom,” Rubin says. “They shouldn’t have that power.” In a perfect world, in which armies of hackers around the world didn’t exist, online voting would seem to be the ideal way to expand the voting rights that are too often taken away from US citizens today. But this isn’t a perfect world. Not even close.
Full Article: Utah’s Online Caucus Gives Security Experts Heart Attacks | WIRED.