The most prominent mobile-voting provider is a small Massachusetts company called Voatz. West Virginia used Voatz’s app in 2018 for its first-in-the-nation test run. On its website, Voatz says that security “has been our utmost priority since day one.” But audits by the Massachusetts Institute of Technology and the security firm Trail of Bits revealed multiple serious flaws and vulnerabilities, including some that left votes visible to interlopers and exposed them to tampering. Voatz largely dismissed the findings, but West Virginia ditched the company in favor of Democracy Live for its upcoming primary.
Experts see Voatz as a cautionary tale. “We simply don’t have the technology to vote online securely, as illustrated by the dramatic security problems recently discovered in Voatz and other Internet voting platforms,” said J. Alex Halderman, a computer science professor and leading voting security expert at the University of Michigan.
Democracy Live, the company providing Delaware’s new system, has tried to sidestep the controversy by contending it does not offer internet voting, even though its system allows voters to obtain, fill out and cast their ballots online using a computer, tablet or phone. Because election officials eventually print out the digitally transmitted ballots, the company says, the process involves a paper element and should not be described in terms that suggest an internet-only system.
“Really what this is, is a secure portal. If anything, it’s a document storage application,” Bryan Finney, the company’s chief executive, told NPR. “When people think of online voting, they’re thinking it’s all being tabulated online.”
On the product page for its OmniBallot Online system, the company reiterates that “the ballot that is counted and tabulated is on paper.”
Anthony Albence, Delaware’s election commissioner, made the same argument when defending his state’s use of the Democracy Live system.
“The system is not internet or online voting,” he told POLITICO. “When [the] Elections [Commission] downloads the voter’s marked ballot, a printed ballot is always generated for tabulation.”
But that assurance is meaningless, the security experts say. Because voters fill out the ballots electronically and submit them over the internet, there is no way to prevent third parties from tampering with them before they reach the election office for printing. In case of a recount, the only paper trail in existence would be of questionable value.
Hackers could install malware on a voter’s computer, tablet or smartphone that silently changes vote choices when the vote clicks the “Submit” button. “The best security people have no idea how to solve that problem,” said Wallach. “We just don’t know what to do.”
Even if the device used to fill out the ballot isn’t infected, the ballot is vulnerable as it travels across the internet on its way to the election office. “How do we know that the bits that went into the browser or the smartphone are the same as the bits that came out on the other end?” Wallach asked. “What if there’s malware somewhere in the middle doing tampering?”
While this outcome may seem unlikely, experts warn that nation-state hackers are motivated enough to devote immense personnel, resources and time to exploiting the vulnerability — and talented enough to often succeed.
Researchers are developing ways to technologically verify that a ballot hasn’t changed between submission and receipt, but that technology isn’t ready for internet voting, Wallach said.
Pressed on the fact that Delaware’s system receives votes over the internet, Albence said, “I don’t agree with that description.”
In New Jersey, which has switched to universal vote-by-mail for its May 12 municipal contests, voters with disabilities will be allowed to request internet ballots if they need them. New Jersey, like Delaware, is using Democracy Live’s platform.
New Jersey is not planning to allow internet voting in its July presidential primary, but D’Alessandro, the election office spokesperson, said the limited rollout in May “is essentially a pilot for if we need to use it more broadly in the future.”
Cybersecurity experts say they understand election officials’ desire to make voting safer and easier, especially for people with disabilities, many of whom cannot use pencils or read paper ballots. But they say that internet voting isn’t necessary to achieve those goals.
The AAAS letter urged states to expand vote by mail as the default option, and Wallach proposed a secure alternative for people with disabilities: filling out a ballot on a computer, printing it out, reviewing it to make sure that no computer malware changed their choices and then mailing it in. Democracy Live’s system already supports that arrangement.
“As long as we have a U.S. Postal Service, then we don’t need internet voting,” said Wallach. “And that includes accessibility features.”
Some election officials have watched with concern as their colleagues have explored internet voting. “When they look at technology solutions, they [see] a lot of solutions that look very enticing,” said Washington Secretary of State Kim Wyman. “From a pure technology standpoint, it becomes a very viable solution because you think, ‘Wow, this is going to be so much more efficient.’”
But Wyman learned otherwise when she oversaw an internet voting trial in 2000 as elections director in Thurston County, Wash., and since then, she said, federal experts have warned her and her colleagues against the technology. “They don’t believe that any of them are secure and that you can guarantee that you didn’t have a disruption,” she said.
Tim Starks contributed to this report.
Source: politico.com
See more here: news365.stream
