If online voting is good enough for the Oscars, why isn’t it good enough for public elections?
A panel of experts assembled on Feb. 14 to consider whether the Academy of Motion Picture Arts and Sciences’ decision to capture votes online for this year’s Oscars means that technology has matured to the point where public elections can be held online.
According to an article in The Hollywood Reporter, voting to determine who would receive a nomination for an Academy Award began Dec. 17 and ended Jan. 3. While a majority of Academy members registered to take advantage of the online voting option, the process was not without its snags. Many confessed to password trouble, while others worried about hackers jeopardizing voter intent.
Limited Email Voting Post-Sandy
Because Hurricane Sandy hit on the eve of the 2012 presidential election, New Jersey election officials were motivated to allow voting by email from those whose ability to vote was affected by the storm. Officials in two New Jersey counties told Government Technology that they were inundated by requests to vote online even from residents outside of the storm’s path. Election officials in New York, however, decided not to allow email voting. Citing oft-repeated concerns about the reliability and security of voting without a paper ballot as backup, New York instead relocated 60 polling places impacted by flooding and other storm-related damage.
In a November 2012 press briefing, New York State Board of Elections Co-Chair Doug Kellner explained the decision. ”There is a consensus among the senior election officials in New York that procedures that allow delivery of voted ballots by fax or email are completely insecure -- that they're hackable and that they're not verifiable,” Kellner said.
The fact that casting votes online has made its way into the process for this year’s Academy Awards has again raised the issue of the viability of conducting U.S. elections online. Voting rights advocates and computer security experts are highlighting some reasons why they believe that what works for Oscar won’t necessarily work for elections.
Susannah Goodman, director of the Voting Integrity Program at Common Cause, explained that when things go wrong at a polling place, e.g., a malfunctioning voting machine, supervisors rely on a paper trail to verify election results.
But with online voting, there are no auditing options. “That is why we are so concerned about Internet voting,” Goodman said. “There is no non-digital record of the votes that can be used to reconstruct the vote count in the event of a failure or a cyberattack, and there is no way to properly audit the vote count to ensure that votes weren’t lost or corrupted online.”
David Jefferson, a computer scientist at Lawrence Livermore National Laboratory and chairman of the board for the nonprofit Verified Voting, outlined several major differences between private elections, like those conducted for the Academy Awards, and public elections.
Public elections, Jefferson said, inherently have much higher standards for security, privacy and transparency. “Just because this works for private elections or is useful for private elections, we don’t want people thinking … it is appropriate for public elections.”
Three Types of Attacks Threaten Elections
Experts warned of three distinct types of attacks that threaten the integrity of public elections:
- Client side attacks – malicious software on the voter’s computer or smartphone
- Server side attacks – cyberattacks waged on the servers that collect and count votes
- Denial of service attacks – disruption attacks that keep people from voting in the first place
“These problems are fundamental.” Jefferson added. “They have been inherent in Internet services since the beginning of the Internet, and we aren’t expecting any fundamental solution to these problems in the foreseeable future.”
According to panelists, many vendors claim to have created secure voting systems that have successfully tabulated private elections. But for a public election, they argue, the threshold is much higher. Major global companies, news outlets and government agencies, all with significant resources invested in cybersecurity, have had their networks compromised by attacks waged via the Internet.
“Until we resolve these unsolved problems in the technology," said Pamela Smith, president of Verified Voting, "attempting to use the Internet for transmitting a vote is a little bit like putting your valuables into an armored truck and sending it on a road made of quicksand."