We do just about everything online today.
You can shop, connect, entertain and even pay our taxes with a simple
click of a button. So why are U.S.
elections arguably the most important political event in the country,
still held offline?
Online would allow people to vote from anywhere, from home, from work on
the road, etc.
And if we could do online voting in a secure way, it would be far more
convenient. And we wouldn't have to worry about whether the Postal Service
is going to be able to reliably deliver.
Especially right now when we're dealing with the covid pandemic,
it might be appealing to a lot of people because they don't want to have to
enter a crowded polling place.
They may not even want to have to walk out to their mailbox.
It would make, theoretically make it simpler for people.
The concept of voting online isn't anything new.
A dozen countries, including Australia, Canada and France, have
experimented with the format.
And Estonia, has held elections online since as early as 2005.
So why doesn't the United States hold federal elections online and will we
be able to see it in the near future?
While the idea of an online election seems appealing, some experts remain
skeptical as to whether the U.S.
is truly ready for one.
Ideally, you click buttons on your screen and you're done.
It sounds so seductive.
The problem is we just don't know how to do it in a secure way.
Cybersecurity still remains a big issue.
Voting online could mean that hackers, including foreign adversaries,
could interfere or manipulate the election to their advantage.
The problem is that we know that foreign nation state adversaries,
countries like Russia or China or others are trying to tamper with our
elections. And those countries have significant skills at cybersecurity,
at breaking into your phone or breaking into your computer and tampering
with it. Online elections pose a challenging security concern for several
reasons. There are many ways that an attacker could try to tamper with an
online election. They could try to delete votes.
They could try to change votes, they could try to delete voters.
So you try to vote and it says, "I've never heard of you".
They could tamper with voter devices, they could tamper with the servers,
they could tamper with the tabulation and reporting.
All of its online and all of it is potentially subject to tampering by
attackers. Even if the voting infrastructure is secured,
with almost 10 billion malware attacks reported in just twenty nineteen
alone, there's no guarantee that voters are voting on devices that haven't
already been compromised.
It's one thing to say that we need to secure our online cloud
infrastructure. It's a completely other game to say that we have to also
secure every single voter's home computer or home phone.
Experts also warn about the potential socioeconomic divide that online
elections can instigate among its voters.
There's first of all, people who might not have access to the Internet at
all or might not have laptops or iPhones to vote on.
They might be at a disadvantage.
But then older technology in general tends to be less secure.
It's using software that may no longer be updated.
And in those cases.
You are behind on security features, behind on security updates, and it's
not an exaggeration to say people with more money tend to have newer
phones and newer computers.
So which means that there is a socioeconomic dimension to this as well.
People with more money are going to have better security practices.
People with less money are forced to compromise.
It's also important to note that the U.S.
has already voted online in the past.
32 states and the District of Columbia offer some sort of Internet voting,
whether it be through the fax, email or an online portal.
In many cases, state departments collaborate with private election
technology companies to run a more advanced online election.
However, several audits of these elections have revealed many security
vulnerabilities. In February, MIT reported finding severe security flaws
in the online election system from Voatz, the company that ran West
Virginia's first mobile election, that allows the hacker to alter, stop or
expose a user's vote.
Another study from MIT and the University of Michigan also revealed
security concerns in Omniballot, a different system used by Delaware for
their online voting options.
To these allegations, Voatz responded that "100 percent of the known
attempts to tamper with the live election system have been thwarted
successfully" and Omniballot commented that "sending a ballot host in
secured in a federally approved cloud environment is more secure than
using fax machines for email attachments".
The cybersecurity concerns have led the Election Assistance Commission,
the National Institute of Standards and Technology, the FBI and
Cybersecurity and Infrastructure Security Agency to issue guidance in May
2010, warning of the serious security risks that could be involved with
conducting an election over the Internet.
We collectively, the computer security community have been looking at
online voting systems for decades and it's considered an open problem.
Even though there are companies that sell products in this space,
absolutely no computer security expert will tell you that they are secure
because we simply don't know how to build secure online voting yet.
Besides the cybersecurity concerns, the anonymous nature of the election
also pose a unique challenge.
The thing that makes voting different from online banking or almost any
other online activity is the requirement for anonymity in every modern
election. It's a requirement that the voter cannot prove to anybody else
who they voted for. And that anonymity, which we must have for every
election, is exactly the thing that makes it harder to protect the
election against attacks, because once it's out of the voters hands, the
voter can not retain evidence that would allow them to reconstruct who
they voted for. Even if a problem were to be detected, the lack of a hard
paper copy would make it nearly impossible to audit a mistake.
So when you have an election that has a paper ballot, you can still compare
the paper ballots to the electronic copies and make sure that they match
up. There are auditing techniques that can do this very efficiently to
make sure you have the correct outcome of the election.
When we're talking about a completely online system, there is no paper
ballot and that means that if something went wrong with your electronic
ballots, there's no ground truth.
There are no paper ballots to compare them to.
And because of that, even if you could detect a problem, you'd have no way
to recover from it. However, there are several unique benefits that come
with holding an election online, the most obvious benefit is convenience.
The big challenge that I really see in the US is that we still require
fundamentally the voter to go to a particular location.
And I think that's very much at odds with how citizens today lead their
lives today. Online elections, such as the one used in Estonia, are as
easy as opening a computer or a phone and marking your decisions.
They can do this on either their mobile phone or their tablet or their
laptop. They're presented with an electronic ballot that shows the
candidates that are eligible to vote for in the particular jurisdiction
that they're in. The voter is able to navigate through the ballot.
Look at the look at the candidates, mark their selections.
Convenience is an undeniably important factor in voting.
The United States suffers from one of the lowest voter turnouts among
developed countries, with just slightly more than half of the voting age
population casting their ballots in 2016.
Nearly 40 percent of the registered voters at the time blamed
inaccessibility and inconvenience as the main reason for not casting a
ballot. So I think this is why there was a discussion about remote voting,
in particular, online voting as a mechanism to potentially bring the
ballot to the voter and make things easier and more convenient for the
voter. If done correctly, online elections can also reduce the number of
spoiled ballots and errors that threaten our election, like the hanging
chad debacle during the 2000 presidential election.
If you have an electronic interface that helps people avoid the mistakes
you can make in marking a ballot, it can actually help reduce the number
of votes or errors. And it also eliminates the need for recounts.
Experts who support online elections also suggest that it could make
elections more secure compared to in-person voting.
If you compare, for example, online voting with the existing form of remote
voting that occurs in the US, which is mail-in voting.
Using techniques such as strong encryption of the ballot, digital signing
of the ballot, end-to-end verifiable processes, that allows us to actually
increase security compared to, for example, mail in voting.
So can it be more secure?
Yes. Can it be more transparent?
Yes. Can it be more accessible?
Yes. It is an overwhelming yes, there's no question.
Despite the arguments surrounding its validity and accuracy, online voting
can bring a much needed innovation to our election system today.
Should we be innovating in election technology and perhaps even moving one
day to a system where we have online voting?
Yeah, we should be looking to that, but we should only be doing it with
our eyes wide open and with very clear security targets for doing so.
We just have we don't have those standards at all
right now in the United States, private companies like Smartmatic have
worked to improve its online voting hardware and software.
Its election technology has been used in countries like Belgium, Argentina
and the Philippines. And Utah also used its software during the
presidential caucus in 2016.
People conflate the fear of state sponsored intervention in US elections
with online voting.
And the reality is that a well-designed online voting system is built in
such a way to protect against intrusion by external, malicious actors and
also internal malicious actors.
While cybersecurity concerns are entirely valid,
those in favor of online elections believe it's an ongoing battle that can
be won. There are new threat vectors that come into play each day so we
don't rest on our laurels.
We know that even if we built a solution that's capable of defending
against those vulnerabilities today, then tomorrow the situation might be
different. So we are continually innovating.
We're continually developing, we're continually researching.
New innovations and technology have also figured out ways that can allow
voters to safely vote on devices that have already been compromised.
What we designed actually in our system is one that assumes that maybe your
device has been compromised.
So you have to be able to verify that your vote was cast correctly using
this second-channel verification, which proves that your vote was not
compromised. And in the unlikely situation that your vote was compromised
by malware, and it's worth mentioning that in all the elections we've run,
that never happened, right?
You have the ability to take remedial action with the concerns surrounding
audits. Online election could not only reduce error to prevent recounts,
but also provide its own unique method of auditing to look for errors in
the system rather than the votes themselves when you're.
Running the compile code on servers, you can have technology and services
that are running that actually prove that there's no malicious versions of
the code are running and no malware is injected.
And you can provide all of the logs as part of an audit process there.
However, regarding whether the U.S.
is ready to vote online in the near future, even the most optimistic
remains skeptical.
Unfortunately, I don't believe it is because I think there's a massive
educational process that needs to take place to get people to understand
what an online voting system should have, what it should do.
Right now, online elections are an academic research project.
It's really, you know, maybe in a decade we'll know how to do it.
The policymakers and the legislators need to, if you like, lean in and work
with providers such as Smartmatic and understand how you can build a
system successfully and also talk to other governments around the world
that have done this successfully.
