Online Voting is a Really, Really Bad Idea

The consensus is in, but companies and states are still rushing ahead.

Miguel Candela/SOPA Images via ZUMA Wire

Casting votes over the internet—at least for anything more important than a Twitter poll—is not secure.

This is not a controversial position. In September 2018, the National Academies of Science, Engineering, and Medicine, alongside some of the foremost election and information security experts in the country slammed the idea, noting that despite whatever illusions of convenience it may provide, it opens the door to a wide range of security vulnerabilities. Their conclusion was simple: “secure Internet voting will likely not be feasible in the near future.” And just this summer, after more than two years of investigation, the Senate Intelligence Committee issued a report on Russia’s 2016 election interference operations, which included a warning to states to “resist pushes for online voting,” noting that nobody has proven that it can be done safely.

You wouldn’t know that if you listened to representatives from Voatz, an app-based company that claims it can securely administer online elections. The company’s product requires users to upload a government photo ID, and then uses a video selfie along with fingerprint and face scans to verify voters’ identity. The company says it then records the user’s vote on an immutable blockchain, a technology that creates records on a distributed system, making manipulation of the data virtually impossible. Voatz boasts its system stores votes “on multiple, geographically diverse verifying servers,” and claims that their systems have been regularly tested by simulated hackings and audited by independent third parties.

On Thursday, Sen. Ron Wyden (D-Ore.) called the company’s bluff, asking the Department of Defense and the National Security Agency to conduct a cybersecurity audit of the company. In a letter calling for the audit, Wyden says the company won’t release the results of its own security audits and won’t even identify whoever it hired to conduct them. “This level of secrecy hardly inspires confidence,” he writes, noting the DoD recently joined other federal agencies in issuing a statement affirming that Russia, China, Iran, and other “malicious actors” are actively working to attack US elections.

An NSA spokesperson confirmed the agency had received the letter, but declined to comment further. The Department of Defense also confirmed receipt, saying it would respond to Wyden.

In a statement posted to the company’s blog after Mother Jones asked for a response to Wyden’s letter, the company said that it had not been contacted by the senator’s office but welcomed “any and all additional security audits by the Department of Defense and NSA regarding our platform.”

While it did not respond directly to Wyden’s charge that its audit results and auditors remain private, the statement said the company is “committed to providing as much transparency as possible about our system, while at the same time needing to protect our intellectual property as one of the youngest election companies in the country.”

The company says it has run “54 successful elections (public and private),” and pilot programs in West Virginia, Oregon, and elsewhere—including a student council race—primarily helping voters who are overseas and in the military cast ballots. It says “attempts to tamper with the system were actively thwarted” during the 2018 West Virginia pilot, a reference to what was likely a group of election security students looking at the app’s vulnerabilities. It also notes that it participates in the HackerOne bug bounty program, which facilitates the reporting of vulnerabilities that the company allows outsiders to test.

The West Virginia officials say they were happy with the program but acknowledge lingering doubts about its security. Last year after the state’s pilot, a state official told the Washington Post in response to questions about Voatz’s vulnerabilities that while the test had gone smoothly and was “very successful,” the secretary of state “has never and will never advocate that this is a solution for mainstream voting.”

If it’s not good enough to use at home, how could it be safe enough to use abroad?

FACT:

Mother Jones was founded as a nonprofit in 1976 because we knew corporations and the wealthy wouldn't fund the type of hard-hitting journalism we set out to do.

Today, reader support makes up about two-thirds of our budget, allows us to dig deep on stories that matter, and lets us keep our reporting free for everyone. If you value what you get from Mother Jones, please join us with a tax-deductible donation today so we can keep on doing the type of journalism 2019 demands.

We Recommend

Latest

Give a Year of the Truth

at our special holiday rate

just $12

Order Now

Sign up for our newsletters

Subscribe and we'll send Mother Jones straight to your inbox.

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate

We have a new comment system! We are now using Coral, from Vox Media, for comments on all new articles. We'd love your feedback.