Some Americans who lined up at the ballot boxes on Tuesday may have wished for the convenience of online voting. But cybersecurity experts continue to argue that such systems would be vulnerable to vote tampering — warnings that did not stop Alaska from allowing voters to cast electronic ballots in a major election that had both a Senate seat and the governorship up for grabs.
There was no evidence of tampering during the first use of Alaska’s online voting system in 2012. But cybersecurity experts have gone on the record as saying that hackers could easily compromise or alter online voting results without being detected. Alaska’s own election site includes a disclaimer about votes cast through online voting or by fax.
“When returning the ballot through the secure online voting solution, your are voluntarily waiving your right to a secret ballot and are assuming the risk that a faulty transmission may occur,” according to Alaska’s Division of Elections website.
Alaskans can vote online by filling out an electronic ballot through a web-based interface, saving the file as a PDF and then transmitting the ballot to their county elections department. But cybersecurity experts told The Intercept that Alaska’s online voting system — developed by Scytl, a Spanish-based company — could be compromised by hackers from anywhere in the world. One expert’s team spent just a day to figure out how to remotely change the results on supposedly locked PDFs without being detected.
More than 30 U.S. states already allow members of the U.S. military deployed overseas to cast electronic ballots. But such voters must also accept a waiver saying they understand their vote may not be secret, according to Pamela Smith, president of Verified Voting, a nonprofit organization, in a USA Today interview.
The U.S. Department of Defense conducted a study of Internet voting security in 2011, but has refused to release the results despite multiple requests from state officials and activists. Such reluctance seems unlikely to encourage confidence in online voting security.
Online voting does take place in a few countries. Estonia’s citizens have voted online since 2005 by using what many experts consider to be the most secure online voting system currently in existence. The system has added security from the fact that Estonia issues every citizen a national ID with a unique online identity, according to Vox.
But even that system appears to be open to cyber attacks. Computer scientists at the University of Michigan found a number of methods that could potentially steal votes or tamper with results on the Estonia voting system’s servers, Vox explains. The researchers went so far as to suggest Estonia discontinue its online voting system because of the risks. (The same team hacked a pilot online voting system set up by Washington, D.C. in 2010.)
Online voting could have some benefits for the election process if experts could figure out how to build a more secure system. For instance, one study found that a voting through a smartphone app could helped reduce the number of voter errors compared to using traditional voting methods. Still, the cybersecurity risks for even the best online voting systems appear incredibly daunting at the moment.
U.S. states may also want to ensure that enough of their households have broadband connections to make online voting practical. Alaska may have pioneered online voting in the U.S., but the state ranks near the bottom in the U.S. for both top-end broadband speeds and even slower Internet connections of just 200 kilobits per second among households, according to a 2013 report issued by the Alaska Broadband Task Force.
The Vox explainer also points out that the mere availability of online voting does not seem to boost voter participation, at least according to a 2005 paper by Adam Berensky, a political scientist at MIT. Instead, any “get out the vote” effort may have much greater impact through social media platforms such as Facebook’s clickable “I Voted” button.
Jeremy Hsu has been working as a science and technology journalist in New York City since 2008. He has written on subjects as diverse as supercomputing and wearable electronics for IEEE Spectrum. When he’s not trying to wrap his head around the latest quantum computing news for Spectrum, he also contributes to a variety of publications such as Scientific American, Discover, Popular Science, and others. He is a graduate of New York University’s Science, Health & Environmental Reporting Program.