This election year we’ve seen foreign hackers infiltrate the Democratic National Committee’s e-mail system as well as voter databases in Arizona and Illinois. These attacks have reinforced what political scientists and technical experts alike have been saying for more than a decade: public elections should stay offline. It’s not yet feasible to build a secure and truly democratic Internet-connected voting system.Researchers from government agencies and leading academic institutions studied the issue extensively following the debacle of the 2000 Presidential race, and the consensus emerged that it should not occur. That’s still the case, and today’s rampant cybercrime should be reason enough to keep voting systems disconnected. We have no good defense against malware on voters’ computers or denial of service attacks, and sophisticated adversaries like those behind the attacks on big corporations we’ve seen in recent years will find ways to get into connected voting systems, says Ron Rivest, a leading cryptographer and MIT professor. “It’s a war zone out there,” he says.
Nevertheless, 32 states and the District of Columbia allow at least some absentee voters (in most cases just voters who live overseas or serve in the military) to return their completed ballots using poorly secured e-mail, Internet-connected fax machines, or websites. In the most extreme example, all voters in Alaska are allowed to return their completed ballots over a supposedly secure website. And there is a danger that Internet voting could expand. Vendors like the Spanish company Scytl, which supplied Alaska’s system, and Southern California-based Everyone Counts keep marketing these systems to election boards against the advice of security experts. And they haven’t opened their systems to public security testing.
In some cases, election officials don’t have enough technical background to distrust claims from vendors, says Pamela Smith, president of Verified Voting, a nonprofit that advocates for greater integrity and verifiability in elections. Terms like “military-grade encryption” or “unhackable” should be red flags, she says.
Full Article: The Internet Is No Place for Public Elections.