This column was originally posted ar USA Today on November 4, 2014.
Today Americans are voting in an election that could shift control of the U.S. Senate and significantly impact the direction our nation will take in the next few years. Yet, 31 states will allow over 3 million voters to cast ballots over the Internet in this election, a practice that computer security experts in both the federal government and the private sector have warned is neither secure nor trustworthy. Most states’ online voting is limited to military and overseas voters, but Alaska now permits all voters to vote over the Internet. With a hotly contested Senate seat in Alaska, the use of an online voting system raises serious concerns about the integrity of Alaska’s election results. Alaska’s State Election Division has even acknowledged that its “secure online voting solution” may not be all that secure by posting this disclaimer on its website: “When returning the ballot through the secure online voting solution, your are [sic] voluntarily waving [sic] your right to a secret ballot and are assuming the risk that a faulty transmission may occur.”
Unfortunately, faulty transmission is only one of the risks of Internet voting. There are countless ways ballots cast over the Internet can be hacked and modified by cyber criminals. The National Institute of Standards and Technology, at the direction of Congress, has conducted extensive research into Internet voting in the last decade and published several reports that outline all the ways votes sent over the Internet can be manipulated without detection. After warning that there are many possible attacks that could have an undiscovered large-scale impact, the institute concluded that secure Internet voting is not yet achievable.
Securing transactions online is a major national challenge, as demonstrated by nearly daily reports of new cyber intrusions into networks of some of our largest financial institutions, corporations and government agencies. Election are even more difficult to protect, because unlike other online transactions, elections are especially vulnerable to undetectable hacking.
Since we vote by secret ballot, there is no way to reconcile electronic images of ballots received with the version the voter intended to send. In other words, it is impossible to know if voter choices have been tampered with somewhere between the voter’s computer and election official’s machine, thereby making it virtually impossible to confirm an attack on an online election system.
Nonetheless online voting is expanding around the country. Vendors of commercial online voting systems are exploiting the understandable desire to help remote voters by exhorting well-meaning state legislators and election officials to forge ahead with online voting. Aggressive marketing practices in an unregulated market have created a perfect storm.
We cannot afford to continue putting our elections at risk by allowing the use of insecure Internet voting systems. Alaska’s online voting system is vulnerable to hackers from anywhere in the world. If this election is attacked, the outcome may be determined by the attackers and Alaskans (and the rest of us) may never even know. It’s time for state leaders to reject online voting unless and until it is secure.