The government’s all-hands effort to secure election systems after a Russian assault on the 2016 contest missed one glaring vulnerability: online ballots, according to a Wednesday report by voting security experts. Online voting is not common in the U.S., but Americans cast at least 100,000 online ballots in the 2016 election, according to the authors’ tally. Many of those ballots were cast by military members overseas taking advantage of state laws that allow them to return ballots by email or digital fax. In total, 32 states allow some subset of residents to return ballots by email, fax or through an internet portal, and Alaska and Hawaii offer electronic ballot return for all voters, according to the report from security experts at the Association for Computing Machinery US Technology Policy Committee, Common Cause Education Fund, the National Election Defense Coalition and the R Street Institute.
States began offering online voting options to overseas service members in the early 2000s when the Pentagon was working on developing an online portal for overseas voting, the report states. That plan was scrapped in 2015 after researchers concluded the portal could not be developed securely, according to the report.
Online voting creates multiple cybersecurity challenges, the report states. To begin with, emailed or faxed ballots could be hacked and altered at multiple points on their journey between the voter and the election office.
“It would not be difficult to create an automated process for discarding ballots with undesired votes and replacing them with forgeries,” the report states. “In this process, the sender’s original message and any other attachments, such as a voter’s declaration and signature, could be maintained, producing a forged ballot that would appear perfectly authentic to any unsuspecting election official.”