Utah: Online Caucus Gives Security Experts Heart Attacks | Wired
Security researchers pretty much uniformly agree that letting people vote online is a very bad idea, one that is fraught with risks and vulnerabilities that could have unknowable consequences for the future of democracy. This week, the Utah GOP is going to give it a whirl anyway. On Tuesday, registered Republicans in Utah who want to participate in their state’s caucus will have the option to either head to a polling station and cast a vote in person or log onto a new website and choose their candidate online. To make this happen, the Utah GOP paid more than $80,000 to the London-based company Smartmatic, which manages electronic voting systems and internet voting systems in 25 countries and will run the Utah GOP caucus system. Smartmatic’s system allows people to register to vote online. Then they receive a unique PIN code to their mobile phones or emails, which they use to vote on election day. Once the vote has been cast, the system generates a unique code, which voters can use to look themselves up on a public-facing bulletin board. Each code will match up to the name of a candidate, so people can check that their votes have been properly recorded. As of Monday morning, 59,000 Utah Republicans had registered to vote online. The new online process was spearheaded by Utah GOP chairman James Evans, who was looking for ways to make the caucus process more convenient and accessible for voters. That stands to reason, given the fact that voter participation in Utah has been in decline in recent years. Evans says he was aware of the potential security risks, but in a call with WIRED last week, he dismissed many of these oft-cited vulnerabilities as “far-fetched” and said that as a private political party, the Utah GOP isn’t held to the same security standards as the government. “We are a private political organization, so we can choose the acceptable level of risk that we choose,” he said, “and we will not be compared to a government-run election.” That idea alone should give anyone who cares about the integrity of this country’s elections pause. Just because a political party accepts a certain level of risk when it comes to online voting, should we?