As the coronavirus pandemic continues to roil elections and voting officials look for solutions, scientific experts are warning against the dangers of voting online.
The American Association for the Advancement of Scienceâs Center for Scientific Evidence in Public Issues has written an open letter to U.S. governors, secretaries of state and state election directors to express concern about the security of voting via the internet or mobile apps. The AAAS letter has been signed by renowned cybersecurity and computing experts and organizations. It reflects research from the National Academies of Science, Engineering and Medicine, the National Institute of Standards and Technology and other organizations.
âAt this time, internet voting is not a secure solution for voting in the United States, nor will it be in the foreseeable future,â the letter reads, pointing to undetected manipulation of votes, privacy violations, malware intrusions, and the potential for denial-of-service attacks and other vulnerabilities.
Internet voting, which includes voting via email, fax, web and mobile app, has no meaningful voter-verified paper record, the letter states, which makes it impossible to conduct a valid audit of the results.Â
The idea of internet voting isnât new.Â
Steve M. Newell, project director at AAASâs Center for Scientific Evidence in Public Issues points to a report facilitated by the National Science Foundation around two decades ago.Â
âTheir conclusion was that itâs not a viable product now, and it wonât be for the foreseeable future. And then two years ago, the National Academies [of Science, Engineering and Medicine] put out their big comprehensive report on election security and their conclusion was basically the same thing,â he said.
Read more: Election App Voatz Just Got Kicked Out of a Major Bug Bounty Program
New tools, such as blockchain-based voting apps, donât appear to be a solution either.
According to the letter, the use of blockchain architecture doesnât address the fundamental issues with internet voting, and if anything creates a larger attack surface. It also raises questions about how the information is stored, decrypted and transferred to a durable paper record.
âThere are people who are saying that blockchain voting will deal with the security issues of Internet voting or online voting, and it just doesnât. Blockchains are a data structure, theyâre a way of storing data, but they donât deal with it with the main security issues of internet voting,â said Barbara Simons, a fellow with the Association for Computing Machinery and the American Association for the Advancement of Science.
Bringing a blockchain system to an internet voting platform is like âbringing a combination lock to a kitchen fire,â Newell said, quoting an analogy made by MIT cryptographic expert Ron Rivest.
âItâs not a tool built to address the problem that you have,â Newell said, adding the evidence indicates that not only is blockchain technology not mitigating the dangers, itâs adding more.Â
The letter mentions mobile voting app Voatz by name, referencing a Trail of Bits audit confirming vulnerabilities previously reported by MIT researchers âdespite the app developer arguing these vulnerabilities did not exist following the MIT report.âÂ
Read more: MIT Wasnât Only One Auditing Voatz â Homeland Security Did Too, With Fewer Concerns
In particular, the letter pointed to the number of findings highlighted, the possibility of still undiscovered vulnerabilities and âa lack of transparency essential for faith in the electoral system.â
It references the potential for ballot manipulation and for exposing votersâ private information, which could put them at risk of identity theft or, in the case of overseas military voters whose information is compromised, ârisks potentially providing adversaries with intelligence regarding military deployments, endangering the lives of service members and national security.â
The letter advocated for âthoughtful implementation of alternative voting methods,â such as voting by mail and early voting,
âWe must not trade convenience for security, because there are many organizations and people who would like to attack our elections. Our job is to make it as difficult for them as possible, not easy. Moving to internet voting would allow anyone from anywhere to try to attack our elections, and somebody whoâs very good at this and very well funded might very well succeed. We just canât allow that in a democracy,â Simons said.
Internet voting should not be used until verifiability, security and secrecy can be guaranteed with ballots transmitted online, the letter said. At present, âno known technologyâ can do so.
Newell said itâs important for people who see the theoretical benefits of internet voting to know itâs not backed by evidence or science and that the insecurity of internet voting is an unambiguous, widely held opinion. For example, he said, groups ranging from the American Civil Liberties Union to the Heritage Foundation are strongly opposed to internet voting.
âI think a lot of people are looking for answers and wondering if internet voting is one of them,â he said. âAnd I think it makes sense for us to say here, this evidence says itâs really not and so, if you want to follow the evidence and heed the science, itâs really warning you to avoid internet voting. Itâs just not a secure solution.â
Read the full letter below:
