by David Jefferson, Computer Scientist, Lawrence Livermore National Laboratory 1 ], member, Verified Voting Foundation Board, Board of Directors, California Voter Foundation
There is widespread pressure around the country today for the introduction of some form of Internet voting in public elections that would allow people to vote online, all electronically, from their own personal computers or mobile devices. Proponents argue that Internet voting would offer greater speed and convenience, particularly for overseas and military voters and, in fact, any voters allowed to vote that way. However, computer and network security experts are virtually unanimous in pointing out that online voting is an exceedingly dangerous threat to the integrity of U.S. elections.
There is no way to guarantee that the security, privacy, and transparency requirements for elections can all be met with any practical technology in the foreseeable future. Anyone from a disaffected misfit individual to a national intelligence agency can remotely attack an online election, modifying or filtering ballots in ways that are undetectable and uncorrectable, or just disrupting the election and creating havoc. There are a host of such attacks that can be used singly or in combination. In the cyber security world today almost all of the advantages are with attackers, and any of these attacks can result in the wrong persons being elected, or initiatives wrongly passed or rejected.
There is no way to guarantee that the security, privacy, and transparency requirements for elections can all be met with any practical technology in the foreseeable future
Nonetheless, the proponents point to the fact that millions of people regularly bank and shop online every day without apparent problems. They note that an online voting transaction resembles an ecommerce transaction, at least superficially. You connect your browser to the appropriate site, authenticate yourself, make your choices with the mouse, click on a final confirmation button, and you are done! All of the potential attacks alluded to above apply equally to shopping and banking services, so what is the difference? People ask, quite naturally, “If it is safe to do my banking and shopping online, why can’t I vote online?” This is a very fair question, and it deserves a careful, thorough answer because the reasons are not obvious. The answer requires substantial development to explain fully, but in brief, in can be summarized:
1. It is not actually “safe” to conduct ecommerce transactions online. It is in fact very risky, and more so every day. Essentially all those risks apply equally to online voting transactions.
2. The technical security, privacy, and transparency requirements for voting are structurally different from, and actually much more stringent than, those for ecommerce transactions. Even if ecommerce transactions were safe, the security technology underpinning them would not suffice for voting. In particular, the voting security and privacy requirements are unique and in tension in a way that has no analog in the ecommerce world.
E-Commerce transactions are not, in fact, “safe”
Why do security experts say that ecommerce transactions are not safe when millions of people do them every day, mostly without problems? The question needs to be refined: “Safe for whom?” and “What degree of safety is required”? E-Commerce transactions may be relatively safe for consumers, but they certainly are not safe for financial institutions or merchants.2 Banks, credit card companies, and online merchants lose billions of dollars a year in online transaction fraud despite huge investments in fraud prevention and recovery. People have the illusion that ecommerce transactions are safe because merchants and banks don’t hold consumers financially responsible for fraudulent transactions that they are the innocent victims of. Instead the businesses absorb and redistribute the losses silently, passing them on in the invisible forms of higher prices, fees, and interest rates. Businesses know that if consumers had to accept those losses personally most online commerce would collapse. Instead, they routinely hide the losses, keeping the magnitude secret so the public is generally unaware. It’s a good business strategy.