Markos Moulitsas of the Daily Kos recently published a commentary in the Hill claiming that “voting online is the future.” He also accused me of being against Internet voting because I want to “suppress” votes. That kind of ad hominem attack seems to always be the first refuge of those who are unable to argue substantively about a particular issue. I am against it because of the fundamental security problems presented by online voting and the fact that it could result in large-scale voter disenfranchisement.
Moulitsas claims that creating a secure online voting system is “possible given current technology.” That is 100 percent wrong and shows how little he understands about the Internet or the voting process. You don’t have to take my word for it — that is the opinion of most computer scientists.
In January 2004, a group of well-known computer experts issued a devastating report on the security of an Internet voting system proposed by the Pentagon for overseas military voters. As a result of that report, the project was cancelled. The vulnerabilities the experts discovered “are fundamental in the architecture of the Internet and of the PC hardware and software that is ubiquitous today. They cannot all be eliminated for the foreseeable future without some unforeseen radical breakthrough. It is quite possible that they will not be eliminated without a wholesale redesign and replacement of much of the hardware and software security systems that are part of, or connected to, today’s Internet.”
As these experts outlined, any online voting system would be vulnerable to a variety of well-known cyber attacks including “insider attacks, denial of service attacks, spoofing, automated vote buying, viral attacks on voter PCs, etc.,” any of which could be “catastrophic.” Such attacks “could occur on a large scale” and could be “launched by anyone from a disaffected lone individual to a well-financed enemy agency outside the reach of U.S. law.” These “attacks could result in large-scale, selective voter disenfranchisement,” privacy violations, vote buying and selling, and vote switching “even to the extent of reversing the outcome of many elections at once.” The biggest danger is that such attacks “could succeed and yet go completely undetected.”
The National Science Foundation came to the same conclusion. It issued a report in 2001 that said that “remote voting from home or the workplace is not viable in the near future.” Such voting would “pose significant risk and should not be used in public elections until substantial technical” issues have been resolved. In fact, the NSF concluded that “the security problems cannot be resolved using even the most sophisticated technology today.”
Anyone who doubts the existence of these vulnerabilities or thinks it is far-fetched to imagine a foreign power targeting an online American election should look at the just-announced indictment of five officials of the People’s Liberation Army for hacking into the computer networks of American companies and stealing trade secrets and intellectual property. The Chinese government has a special group, Unit 61398, that according to the Washington Post is “one of the most prolific hacking crews targeting Western companies.”
Moulitsas points to the use of the Internet in the financial industry as proving Internet voting would be secure. But he overlooks the substantial amount of fraud that is reported every year involving financial transactions over the Internet and the almost constant security breaches experienced by everyone from the Pentagon to Target. He also seems to not understand the basic difference between casting a vote and a financial transaction. I can easily check my bank account electronically to see if anyone has illegally accessed it — I can’t do the same with a vote cast remotely. There is no way to design a secure system that protects the anonymity of the voting process yet at the same time confirms that my vote was received by election officials and not changed or intercepted along the path it took on the Internet.
The District of Columbia also toyed with the idea of Internet voting in 2010, only to drop it after University of Michigan professor Alex Halderman and his graduate students managed to hack the system within 48 hours. They issued a report Moulitsas should read that also pointed out the fundamental problems with Internet voting, concluding that “securing Internet voting in practice will require significant fundamental advances in computer security.” They urged Internet-voting proponents like Moulitsas “to reconsider deployment until and unless major breakthroughs [in security] are achieved.”
Those “breakthroughs” have not been achieved, however much Moulitsas may want to pretend otherwise or attack those who simply disagree with him based on a realistic assessment of the issue.