“The cyber,” as Donald J. Trump calls it, has been an unrelenting issue in a presidential election marked by politically motivated hacks, massive DDoS attacks, and email kerfuffles. With technology as a focal point, virtually every part of the political process has been brought into the scrum, including voting.
As we move forward, online voting seems shimmeringly imminent, particularly because virtually everything we do, we already do online. But voting is far different than banking, shopping, and communicating. It’s trickier and more complex. However precariously, voting in the United States is hoisted up as an essential part of the political system.
In theory, casting ballots gives ordinary citizens a means of control—change is always just one election away. It’s crucial for voters to believe that the mechanisms through which their views are delivered are legitimate, and if those mechanisms are tinkered with or updated, that trust should be preserved.
As it stands, there are legitimate concerns involved with current and near-future voting technology. There’s still a long way to go, and with something as vital as voting, there is an infinitely small margin for error.
For decades, Americans voted the old school way: with paper ballots, mechanical lever voting machines, and punch card systems, to name a few. After the 2000 Florida recount fiasco, public faith in these methods waned, and Congress passed the Help America Vote Act in 2002 in part to patch the holes. The policy provided financial incentives to states to replace punch card or lever voting machines with newer technology. As a result, touchscreen machines, particularly the Direct Recording Electronic kind, became popular.
While many elections directors saw the computers as the “perfect antidote” to the older machines, that wasn’t entirely the case, as the New York Times magazine detailed in 2008. As much as we like to see technology as the ultimate savior, it’s exactly as fallible as we make it.
“None of [these systems] were built to last 30 years,” Lawrence Norden, the deputy director of the Democracy Program at the Brennan Center, a law and policy organization based out of New York University’s law school, tells me.
In 2015, Norden co-authored a report on the state of the country’s voting machines. The findings painted an abysmal picture of the country’s immediate voting future.
“Election officials tell us they have to go to eBay for replacement parts—these systems are no longer being manufactured,” Norden says. While he believes reliability is our biggest worry, others have emphasized security concerns, and though these concerns aren’t new, they’ve taken on a particular kind of urgency during this election.
The systems we have in place are flawed, and while no voting system is perfect, the stakes are too high to let things reach the point of no return. But what if we turned to a different method altogether—one that didn’t rely on potentially janky machines, but on the devices in our homes?
We’ve already gotten there, sort of. Thirty-one states and the District of Columbia currently offer some form of internet voting, according to Verified Voting, an election watchdog organization.
It’s primarily in place for military and overseas voters: Missouri, for example, allows members of the military in “combat zone, hostile fire or imminent danger areas” to receive, fill out, and send back ballots using its online portal, and Alabama piloted a program this year to allow overseas military members to vote in the primaries online. Alaska has perhaps the most lenient policy of any state, and allows any voter to return his or her absentee ballot using an online portal, partly in an effort to shore up voter participation.
As utopian as these options sound, however, they come with treacherous complications. The website for Alaska’s Divisions of Elections carries the following warning, squirreled away toward the bottom of the page:
When returning the ballot through the secure online delivery system, your [sic] are voluntarily waving [sic] your right to a secret ballot and are assuming the risk that a faulty transmission may occur.
“They admit that they are not taking responsibility for the validity of the system,” Bruce McConnell, a former cybersecurity official for the Department of Homeland Security, told the Intercept in 2014. “That kind of disclaimer would be unacceptable if you saw it on the wall of a polling place.” (Alaska’s Divisions of Elections didn’t respond to multiple interview requests.)
Indeed, Alaska is a fascinating case study for what large-scale online voting might—or perhaps shouldn’t—look like.
“Definitely, I think it’s not ready,” Avi Rubin, a professor of computer science at Johns Hopkins University and the technical director of the school’s Information Security Institute, tells me. “I don’t think it can ever be ready.”
Rubin has a problem with the approach of internet voting as a whole, not just the ways in which it might be carried out. “Computerized voting is not a good idea. It’s a nontransparent medium,” he says. “If voting was online on the internet, there’s going to be no way to prove it wasn’t [manipulated]. It’s not verifiable and auditable.”
In the event that something goes wrong—or, say, a candidate floats the idea that the whole election was rigged—it’s necessary to have a method (such as a paper trail) to prove the outcome to both voters and the losing candidate. An online voting trail is a tricky proposition, and in 2011, the National Institute of Standards and Technology concluded that online voting systems “cannot currently be audited with a comparable level of confidence in the audit results as those for polling place systems.” (Vendors of online voting systems disagree.) The government hasn’t changed its tune much in five years, either. In March, Neil Jenkins, an official with the Department of Homeland Security, told the Election Verification Network conference that online voting simply wasn’t secure enough.
“You need physical security for your ballots,” Pamela Smith, Verified Voting’s president, says. “Let’s say you return a ballot by email. You’ll have a printed record, but it might not match, if something happened with it in transit.”
Of course, our current voting machines could also be targets for fraud, as those currently used in five states also lack a paper trail. Smith agrees, but points out that, unlike online voting portals, electronic voting machines usually aren’t connected to a “worldwide attack system.” Online voters, she says, might be using computers or cell phones infected with malware, and any kind of sophisticated interference that happens in transit may be impossible to detect. The current election season is a cogent reminder that security is never guaranteed: Thus far, hackers have successfully targeted the Democratic National Convention, Hillary Clinton’s campaign chairman, and other party officials, and tried the same trick with voter registration websites across the country. And if last week’s DDoS attack—which targeted an advanced and well protected network, unlike, say, your state’s online voting portal—is any indication, large-scale attacks are possible. (When Washington, D.C. tested an online voting system in 2010, it was quickly hacked by a college professor and his graduate students.)
“There’s no such thing as a perfect voting system,” Smith says. “But it doesn’t mean we have a race to the bottom.”
Security isn’t the only worry. Online voting is often viewed in the same way as online banking and shopping, but there’s a vital distinction: voting is based on anonymity. Banking and shopping are solidly linked to a person’s identity, and that identification is a key weapon for preventing fraud. Online voting, however, requires both anonymity and proof of identity. It’s the height of irony, really: the internet, a bastion for the faceless and the nameless, gets in the way of total obscurity.
Pamela Smith, Lawrence Norden, and Avi Rubin all agreed that widespread online voting isn’t likely to happen anytime soon, which appears to be the consensus among government officials and security experts alike. Indeed, some organizations that reportedly once pushed for online voting—like the Federal Voting Assistance Program (FVAP), which primarily helps military and overseas voters—have since taken a more neutral stance.
“FVAP recognizes the act of voting is between the voter and the State, and we do not advocate for or against State adoption of online voting or other electronic return methods such as email or fax,” a spokesperson for the organization said in an email.
That doesn’t mean there aren’t any benefits to voting online. It would all but certainly make the process more convenient. It might also increase voter turnout, particularly among younger voters. It would cut out polling stations, which have a myriad of documented problems.
But the obstacles to voting online are staggering. Besides the aforementioned issues of security and voter trust, voting rules differ from state to state—and even from county to county. In some ways, this is a good thing—heterogeneity is a generally a safeguard against a widespread attack—but it also inevitably complicates things. Moreover, there’s little guarantee the people in charge of the decision-making process are experts in security or technology, and there’s a good chance they won’t have the funds anyway.
“I think as long as we’re using the kind of computers and devices and internet we have today, we should never have internet voting,” Avi Rubin says. As it stands now, we’re just not there yet.