With over 450,000 COVID-19 cases in the US at the time of writing, thoughts are turning to the election in November. If the health crisis hasn’t abated by then, how will the US vote?
The US electoral system is fragmented, with states and counties handling the voting process according to their own rules. Wisconsin went ahead with its primary voting in spite of a stay-at-home order, and things didn’t go well. In many cases, absentee ballots didn’t show up, forcing people to visit a reduced number of voting centers leading to long queues and confusion. Other states, like Virginia, have responded by postponing elections.
Mail-based voting is one potential answer to the health crisis but it’s problematic because many states impose restrictions on it. That’s becoming a partisan issue as democrats push to loosen the rules.
As America grapples with the health crisis, thoughts will naturally turn to internet voting. If people can work from home and exchange sensitive documents, can’t they vote from home too?
Not according to the American Association for the Advancement of Science (AAAS). It’s a multidisciplinary scientific society that advocates for scientific voices in society and the responsible use of science in public policy. It also publishes several journals, including Science.
In early April it published something else: an open letter to governors and secretaries of state on internet voting and why they shouldn’t use it. Its message was loud and clear: “At this time, internet voting is not a secure solution for voting in the United States, nor will it be in the foreseeable future.”
The problem with internet voting is that there’s no way to provide a valid audit of the results, the letter says. If you use optical machines to scan manually marked ballots, then you can go back and recount the paper ballots if you distrust the counting machines. In online voting, there are no paper ballots to recount. You have to rely on a complex array of opaque digital moving parts.
Online voting advocates hope that blockchain technology could come to the rescue. The original blockchain that records the flow and ownership of bitcoins uses a technique called proof of work to digitally hash each block of transactions (think of it like signing a page in a ledger). The blockchain folds each block’s hash into the next, meaning that an attacker wanting to change a transaction would have to rehash all the blocks that came after it. Since bitcoin, alternatives have emerged that use slightly different approaches, but they all preach the same benefits: transparency and immutability. You can see exactly what was recorded, and you can’t change it.
Does the blockchain provide a digital equivalent of a countable ballot? Andrew Yang, an early democratic candidate, certainly thought so. “Americans should be able to vote via their mobile device, with verification done via blockchain,” his campaign site said, calling it “100% technically possible” to have fraud-proof voting on mobile phones.
Such solutions have already emerged. Boston-based Voatz offers smartphone voting based on blockchain technology and remote identity verification. Several states have already trialed it. However, researchers at MIT warned in February that they had identified security flaws in the app that could allow hackers to alter individual votes. Voatz has hired cybersecurity auditors and worked with county clerks which it says have given it “various useful suggestions for improvement”.
Even with a supposedly immutable digital ledger, you still have to be confident that the code putting data into the blockchain is fraudproof. Malware and application logic errors, not to mention flaws in the device’s underlying operating system, could all subvert those data flows.
Security research company Trail of Bits, which Voatz hired to check over its software, made this point: “Several high-risk findings were the result of data validation issues and confused deputies in the Core Server that could allow one voter to masquerade as another before even touching the blockchain,” it warned. A third of its findings were high severity, it added.
Other scientists share the AAAS’s concerns. The National Academies of Sciences Engineering and Medicine published a report in September 2018 warning that neither the internet nor any system connected to it should be involved in returning marked ballots. “Further, Internet voting should not be used in the future until and unless very robust guarantees of security and verifiability are developed and in place,” it said, “as no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.”
This isn’t just a Voatz issue – it’s an issue with any online voting system. In fact, it’s a problem with many on-premises voting machines too. Any system that uses computer programs to register votes instead of a paper ballot puts a layer of opacity between itself and the voter. It prevents officials from verifying the vote independently of the device. The recently-released documentary Kill Chain, which features SecTor 2016 keynote speaker Mikko Hypponen, highlights the danger of machines that substitute code for a paper ballot.
It’s tempting to use software – especially software connected by the internet – for the convenience it offers, but nothing is ever 100% secure. Until their security is mathematically verifiable, software-based voting systems simply aren’t ready to support fragile political concepts like democracy. And they may never be ready, once you connect them to a chaotic system like the internet.