INTERNET VOTING

The push to vote online is growing worldwide, but there is no such thing as a "secure" virtual voting system, despite what vendors claim.

Internet voting is an exciting idea whose time may never come, due to intractable security concerns, threats to voter privacy, and a fundamental lack of transparency.

But that has not hampered private online voting systems manufacturers from peddling their purportedly "secure" systems to elections officials, while appealing to the love of Internet technology among younger generations.

Susannah Goodman, director of a voting integrity project for Common Cause, believes state election officials, most of them lacking technical expertise, are easily manipulated by the Internet voting vendors.

“I’ve seen the vendors characterize their products as being secure when the most prominent cybersecurity experts in the country will tell you they’re not,” said Goodman. “The state legislators and the election officials are only hearing from one side. ... That’s putting our democracy at risk.”

Cyber security experts explain the preconditions for safe Internet voting, which have not been met:

• The entire system must be reliable and verifiable even though Internet-based attacks can be mounted by anyone, anywhere in the world.

• There must be reliable, unforgeable, unchangeable voter-verified records of votes that are at least as effective for auditing as paper ballots, without compromising ballot secrecy.

• There must be strong mechanisms to prevent undetected changes to votes, not only by outsiders but also by insiders.

• There must be a satisfactory way to prevent large-scale or selective disruption of vote transmission over the Internet.

• The voting system as a whole must be verifiably accurate in spite of the fact that client systems can never be guaranteed to be free of malicious logic.

The U.S. Department of Defense abandoned the idea of Internet voting entirely in 2004, citing security concerns, and in 2012 the Pentagon canceled plans to allow Internet voting by overseas military personnel after a security team audited a $22 million system developed by Accenture and found it vulnerable to cyberattacks.

Yet online voting is making inroads at the state level where election officials have leeway over what voting systems they choose. Washington is among 29 states that have embraced some form of Internet voting, mostly for military service members and other Americans living abroad.

In early 2011, the National Institute of Standards and Technology (NIST) released NISTIR 7770, which studied Internet voting in detail. It found that cyberattacks could flood election email servers to block incoming ballots, or infect computers with malicious code that changes ballots.

According to the NIST study:

• Internet voting systems cannot currently be audited with a comparable level of confidence in the audit results as those for polling place systems.

• Malware on voters' personal computers poses a serious threat that could compromise the secrecy or integrity of voters' ballots.

• The United States currently lacks a public infrastructure for secure electronic voter authentication.

Online voting pilot projects in the United States have failed entirely:

• New Jersey's Governor Chris Christie's ill-conceived Internet voting scheme during Hurricane Sandy was a disaster.

• In 2010, a trial system for remote voting over the Internet in Washington, D.C. was hacked by a research team from the University of Michigan.