For the first time ever, this year’s Oscar winners were selected online. The Academy of Motion Picture Arts and Sciences decided to let its members vote online, but cybersecurity and elections experts say that casting Internet ballots in public elections is still a long way off. Even picking Best Picture winners led to serious snafus. The voting deadline for the Oscars was extended in early January after some members had issues with account registration (password requests were answered by snail mail rather than email). But in public elections, deadlines can’t be extended. A group of cybersecurity and elections experts last week reiterated the dangers of modeling public elections after private ones. Companies who design online voting systems for award shows or corporate shareholder meetings may suggest these systems can also be used in congressional or presidential races. Those claims should be met with skepticism, said computer scientist David Jefferson, chairman of the nonprofit Verified Voting Foundation. “There are major differences between private and public elections: the degree of security required, the degree of privacy required, the degree of transparency required,” Jefferson said in a telephone press conference Thursday. “In a public election we’re talking about a national security situation.”
The idea of an Internet voting system is floated in every election cycle, and for good reason. Online voting would boost voter turnout, and increased citizen engagement is probably a good thing. Plus, we do everything else online—why not vote there?
Three core challenges prevent online voting from becoming a reality, Jefferson said: client-side attacks, server-side attacks, and denial of service attacks. Malware, viruses, and hackers can make your personal life miserable, but they can also change the outcome of an election. If The New York Times, The Wall Street Journal, and The Washington Post are vulnerable to attack, county election departments without significant IT budgets don’t stand a chance.
But the idea has some appeal. Six states this year have proposed online voting legislation, said Pam Smith, president of the Verified Voting Foundation.
Smith understands why state legislators are stuck on Internet voting—for example, it would be easier for military service members to vote while overseas.
“It’s a little like putting your valuables into an armored truck and then sending it off on a road made of quicksand,” Smith said.
But there are other ways to rock the vote online. Many states allow online voter registration and offer candidate information and printable ballots.
But until new technology is developed, Jefferson said, Internet voting just isn’t safe enough.
“We believe that there is no system that you can build with current technology today that can be made secure against client-side malware attacks, DOS attacks, or server-side penetration attacks,” Jefferson said. “No Internet voting system out there today is secure enough for public election use.”