Greenhalgh is an advisor on election security to Free Speech For People, which advocates for a constitutional amendment to permit more campaign finance regulation. Fernandez is director of the Center for Scientific Evidence in Public Issues at the American Association for the Advancement of Science.
The coronavirus pandemic has upended everyone and everything, creating a new normal: living over the internet. Members of the House who fear the health risks of coming to the Capitol have even been permitted to transmit electronically their votes for legislation. But this shouldn't be seen as any green light for states to consider online voting in our elections.
Unlike Congress, which has insisted that transparency be central to its first-ever foray into proxy voting, the American electoral system relies on the citizens' choices remaining secret. A ballot cast over the internet could be undetectably manipulated by hackers. House members' remote votes are public record, delivered in writing and then announced verbally during each roll call, so any attempted hacking would be easily exposed.
To keep voters safe during the Covid-19 outbreak, many states are making it easier to vote by mail and thereby avoid close contact at polling places. Their plans must also include adequate accommodations for disabled voters,
But any proposal that we move to online voting is contrary to the evidence. Architects of the internet and cybersecurity warn that online voting is still inherently insecure.
Computer scientists and national security experts have long warned that online voting cannot be made secure and that ballots cast online will be highly susceptible to manipulation on a large scale, from hackers anywhere in the world. This spring the Department of Homeland Security, the FBI and the Election Assistance Commission voiced that same position, publishing a blunt warning to state election officials that online voting is at high risk of hacking.
The loudest advocate for online or mobile voting has been billionaire Bradley Tusk, who has founded a project aimed solely at promoting online voting. Tusk has personally paid for several online voting pilot programs and has worked with the system vendors and local governments to advance a public campaign to promote this alternative.
Initially, Tusk was aggressively promoting the mobile voting system developed by Voatz, which claimed its use of blockchain was the way to solve the security vulnerabilities of online ballot transmission.
After researchers at the Massachusetts Institute of Technology reverse-engineered Voatz's app and published a devastating paper on the many ways it could be hacked to change votes undetectably — and then this conclusion was backed by a security review by Trail of Bits — Tusk switched and began promoting a system from DemocracyLive instead. That digital system has now been used in New Jersey, Delaware, West Virginia and Washington state.
Three disingenuous and inaccurate claims about these systems bear examination.
First, printing a copy of the vote after it is transmitted online is not a "paper ballot."
The systems transmit a completed ballot over the internet that, by definition, is internet voting and includes all the security and privacy risks. Even if a paper ballot is printed at the election office, no voter can confirm the vote choices are correct. While DemocracyLive describes its system as generating a "voter verified" ballot, voters are not able to verify their votes were recorded correctly on the printout.
In other words, votes could be hacked and changed and neither the voter nor election officials would know. Printing a paper ballot at the election office doesn't remove the threat of hacking or lessen the security risks and doesn't provide a "voter verified" paper ballot.
Second, DemocracyLive's system has not been rigorously tested.
Both Tusk and DemocracyLive have publicly touted the importance of rigorous security testing and claimed that system has been tested by third parties. The problem is that the results aren't made public. We don't know if the tests were appropriate and robust, and if the system did well or failed miserably.
Tusk made similar claims about Voatz for years. But when a competent security review was finally conducted and made public, the results were disastrous.
DemocracyLive's system is not certified by the federal government.
Any such claim is not true. The federal government doesn't certify online voting systems because it found it couldn't write standards that would ensure security. DemocracyLive uses the Amazon cloud, which has been qualified for government use, but that is just one part of a system with many components that are neither tested nor certified in any way by the federal government. The use of a government-approved element of the system doesn't confer any sort of federal government approval or certification. As we know, the federal government says online voting is insecure.
American democracy depends on our elections. Voting systems must be accessible to all while preserving the security and secrecy of every vote. We must ensure all voters can vote, but online voting is not the solution.
