Internet voting is insane

I have a bad feeling about this:

West Virginia is about to take a leap of faith in voting technology — but it could put people’s ballots at risk.

Next month, it will become the first state to deploy a smartphone app in a general election, allowing hundreds of overseas residents and members of the military stationed abroad to cast their ballots remotely. And the app will rely on blockchain, the same buzzy technology that underpins bitcoin, in yet another Election Day first.

“Especially for people who are serving the country, I think we should find ways to make it easier for them to vote without compromising on the security,” said Nimit Sawhney, co-founder of Voatz, the company that created the app of the same name that West Virginia is using. “Right now, they send their ballots by email and fax, and — whatever you may think of our security — that’s totally not a secure way to send back a ballot.”

But cybersecurity and election integrity advocates say West Virginia is setting an example of all the things states shouldn’t do when it comes to securing their elections, an already fraught topic given fears that Russian operatives are trying again to tamper with U.S. democracy.

“This is a crazy time to be pulling a stunt like this. I don’t know what they’re thinking,” said David Jefferson, a computer scientist at Lawrence Livermore National Laboratories who is on the board of Verified Voting, an election security advocacy group. “All internet voting systems, including this one, have a host of cyber vulnerabilities which make it extremely dangerous.”

I demand paper ballots! What is so hard about this? A security expert weighs in:

This is crazy (and dangerous). West Virginia is allowing people to vote via a smart-phone app. Even crazier, the app uses blockchain — presumably because they have no idea what the security issues with voting actually are.

As for what those security issues are:

Today, we conduct our elections on computers. Our registration lists are in computer databases. We vote on computerized voting machines. And our tabulation and reporting is done on computers. We do this for a lot of good reasons, but a side effect is that elections now have all the insecurities inherent in computers. The only way to reliably protect elections from both malice and accident is to use something that is not hackable or unreliable at scale; the best way to do that is to back up as much of the system as possible with paper. […]

Last year, the Defcon hackers’ conference sponsored a Voting Village. Organizers collected 25 pieces of voting equipment, including voting machines and electronic poll books. By the end of the weekend, conference attendees had found ways to compromise every piece of test equipment: to load malicious software, compromise vote tallies and audit logs, or cause equipment to fail.

It’s important to understand that these were not well-funded nation-state attackers. These were not even academics who had been studying the problem for weeks. These were bored hackers, with no experience with voting machines, playing around between parties one weekend.

Leave a Reply

Your email address will not be published. Required fields are marked *