Unsafe at any cost – Internet voting

Update: Rescorla adds a post explaining why pilots are of questionable value <read>

As I mentioned earlier, the DC BOEE Internet ballot return project is just the latest in a series of pilots and attempted Internet voting pilots. Superficially, this sounds like a good idea: there’s debate about whether Internet voting is a good idea, so let’s only natural that we’d try it out and see how it works. Unfortunately, this isn’t likely to tell us anything very useful; while we have extremely strong theoretical reasons for believing that Internet voting is insecure, those reasons don’t indicate that every single election is going to fail.


Based on the MOVE Act, many states and jurisdictions are experimenting with various forms of email, fax, and Internet voting. Washington, D.C. for example is setting up a pilot program.  Eric Rescorla comments on the D.C. pilot at Educated Guesswork <read>

UOCAVA voters are often in remote locations with poor mail access, so traditional Vote By Mail doesn’t work very well, making it an apparently attractive use case for technological fixes. That’s why there have been (at least) two previous efforts to apply Internet voting technology to UOCAVA voters…

Rescorla covers various attacks: Attacks on the Server, Software Attacks on the End-User Client, and Attacks on the End-User. He concludes:

As far as I can tell, a system of this type offers significantly worse security properties than in-person voting (whether opscan or DRE), since it has all the security flaws of both plus a much larger attack surface area. [Note that the intermediate opscan step offers only marginal security benefit because it’s based on electronic records which are untrustworthy.] It also offers inferior security properties to traditional vote by mail. The primary benefit is reducing voter latency, but clearly that comes at substantial risk.

We would add than most technical solutions assume that service members who have poor mail service would have internet service along with access to equipment like printers, scanners and faxes.

Some “solutions” provide a higher level of security using kiosks, eliminating the risks of end-user equipment – imagine the cost and challenges in purchasing, installing, maintaining and securing kiosks around the world in ways that would make them more convenient than express mail.  To paraphrase a statement that has been in the news lately: High tech solutions to  military and overseas voting seem like the equivalent of a star wars sledgehammer to hit a small nail.


Leave a Reply

You must be logged in to post a comment.