The dumpster fire that is the 2016 presidential election is thankfully almost behind us. But in its final throes, it is currently belching a peculiar pollution. The claims of election rigging coming directly from Donald Trump have raised a serious question about the legitimacy of our elections – the foundation of the legitimacy of our government, as governing in a democracy requires the consent of the governed.
While Mr. Trump may be more concerned with the role of non-citizens, election officials and the media in the manipulation of the outcome, he’s missing the greater threat to the future of democracy – Internet voting. Or rather, the likelihood of Internet voting fraud.
The temptation of Internet voting
The appeal is obvious – so much of our everyday activity is an interaction with an Internet-connected app that voting would seem to be woefully behind in this regard. If we can securely conduct banking, interact with electronic healthcare records, or apply for travel visas online, why not cast a vote?
There are also cost savings and efficiencies to be gained for state officials with the use of Internet voting, as its use could reduce demand for physical polling places and voting by mail. But perhaps the best argument in favor of Internet voting is the potential to increase participation or turnout by voters due to its convenience, although there would be concerns that it only makes voting easier for the digital “haves” - a declining issue in a nation where 89% of adults use the Internet.
Don’t we already use electronic voting?
Today’s voting technology is largely a decentralized paper-based process. After the Bush v. Gore “hanging chad” issues in 2000, Congress passed the Help America Vote Act in 2002, supplying almost 4 billion federal dollars to help states upgrade their voting machines. All 50 states took the money, most of which was used to purchase electronic voting machines.
But by 2007, problems with the machines, including security concerns, led to decline in use of electronic systems. Only five states today use paperless touch screens exclusively – South Carolina, Georgia, Louisiana, New Jersey and Delaware. Many states, such as Maryland, Florida and Virginia, have banned their use in future elections.
How do Internet and electronic voting differ?
The key difference between electronic and Internet voting, from a security perspective, is decentralization and the lack of connection to the Internet. While electronic voting machines can be hacked, it requires physical access to the machines in most cases, which is made more difficult by the fact that all 50 states have their own means of securing the devices.
Michigan offered Internet voting in 2004 in its Democratic primary, and West Virginia piloted Internet voting for military voters in 2009. Utah also used Internet voting for its 2016 primary.
A more troubling example is a 2010 Washington, D.C. pilot project for overseas voters that was hacked within 36 hours. Hackers from the University of Michigan weren’t detected for two business days, and might have gone unnoticed were it not for the fact that they programmed the system to play the Michigan fight song at the end of the voting process. The University of Michigan team “uncovered severe vulnerabilities that could be leveraged to manipulate votes, violate ballot privacy and subvert the verification mechanism.” And, these white hat attackers (they had been invited to attempt a breach) noticed attempted intrusions by others that included IP addresses in Iran, India and China.
But these are examples without significant risk of changing the outcome of a national election.
So what’s the risk behind Internet voting?
While it’s logical to ask why we can conduct banking safely online and not voting, the two aren’t as similar as one might believe. Yes, they both must authenticate the user and maintain a record of a transaction, but the voting system must do so anonymously. With banking, the victim at some point will recognize a theft – with voting, that’s unlikely.
The most serious study that attempts to capture “the most complete set of requirements to date that must be satisfied by any Internet voting system used in public elections” is the US Vote Foundation’s specification and feasibility assessment study for “End-to-End Verifiable Internet Voting” (E2E-VIV). Yet, the expert statements of this same report lists voter authentication, client-side malware and distributed denial of service (DDoS) attacks as risks to be addressed before Internet voting can proceed.
The DDoS problem is particularly worrisome given last month’s attack on Dyn that demonstrated the weaponization of IoT devices. Although not an election, the first ever digital Australian census was subjected to a DDoS attack on August 9, 2016 that caused a premature shutdown of the website. When the stakes are higher in a national election, the motivation of attackers to disrupt it for personal fame or gain, coupled with the Internet of Things, could be a toxic combination for Internet voting.
A reliance on Internet voting with current technology will lead to the disenfranchisement of voters, manipulation by foreign or domestic attackers and ultimately to the delegitimization of the vote that will destabilize the elected government. Though Donald Trump may be concerned about vote rigging today, he hasn’t seen anything yet.