Internet voting not ready for prime time security risks – USA TODAY
SAN FRANCISCO â Three ballot initiatives have been proposed in California to require the state to allow online voting, but security experts and some voting officials say the technology is nowhere near secure enough for something soÂ crucial as the democratic process.
âWhen people stop me in the supermarket and ask, âWhen am I going to be able to vote on my cell phone?â I say âPretty soonâin about 20 years,ââ said Dana DeBeauvoir, the county clerk for Travis County, Texas.
She was one of three speakers Wednesday in a session on online voting and security issues at Enigma 2016, a computer security conference held in San Francisco.
So much of daily life now happens online, including shopping, banking, communication, that voters naturally wonder why voting canât too, saidÂ J. Alex Halderman, a professor of computer science at the University of Michigan in Ann Arbor, Mich. who researchers voting and security.
However theÂ ongoing litany of breaches, hacks and crashes in those realms are an object lesson in why voting shouldnât happen there.Â It’s just too important, he said.
âImagine the incentives of a rival country to come in and change the outcome of a vote for national leadership.Â Elections require correct outcomes and true ballot secrecy,â HaldermanÂ said.
Thus far, that doesn’t exist.Â The panelists said while there haveÂ been multiple attempts to build verifiable and secure online voting systems over the past 20 years, so far all have proved wanting.
Halderman and his students have hacked several.Â In 2010 the District of Columbia issuedÂ a challenge to see if anyone could hack into a system it was building to allow overseas military to vote via the Internet.
âMy students and I couldn’t resist taking them up on it,â he said.
His teamÂ managed to subvert the system, change votes and even leave a âcalling cardâ â after voters cast their ballots, their computers would play the University of Michigan fight song.
This past spring, the state of New South Wales inÂ Australia used a new online system calledÂ iVote in an election. However Halderman and computer security experts from Australia’s University of MelbourneÂ broke it within days.
âWe were able to insert vote-stealing malwareâ into the system,Â Halderman said.
The teamÂ immediately disclosed the breach to election officials, but by thenÂ more than 66,000 votes had already been cast.
“We donât have any evidence whether that vulnerability was exploited,â said Vanessa Teague, a professor of computer science and expert on electronic voting at the University of Melbourne in Australia who was part of the team.
Her experience makes herÂ unequivocal in her evaluation.
âVoting over the Internet is a really bad idea,â she said. âWe havenât yet solved important issues like authentication, dealing with malware, ensuring privacy and allowing voters to verify their votes.â
Internet voting is an area whereÂ people may be excited about a new idea but may not have the technological expertiseÂ to properly evaluate it, she said.
âThey think âHey, we can vote in our bunny slippers and itâs going to be great,ââ said Pamela SmithÂ with Verified Voting, a non-partisan non-profit organization that advocates for accuracy, transparency and verifiability of elections.
The impetus behind the California ballot initiatives appears to be the belief that online balloting will mean greater voter participation, Smith said.
Attempts in other countries seem to show that Internet voting only increases turn out negligibly if at all. Efforts in Canada and Switzerland found that it only caused people to vote earlier but didnât cause more people to actually vote, Smith said.
She noted the federal government spend a decade and a half and more than $100 million on a demonstration Internet voting project for military personnel over seas that included a program called SERVE, theÂ Secure Electronic Registration and Voting Experiment. It was shut down by the Pentagon over security concerns.
âThey just abandoned the effort,â she said.
So far, a risk versus benefit analysis doesn’t come down on the side of Internet voting, Halderman told the audience.
âItâs going to be decades, if ever, before the technology used for security is at the point where online voting can be done with confidence,â he said. âThereâs just so much that can go wrong, and the need for it is not nearly so pressing as the risk.â