Skip to Content
Uncategorized

Why You Can’t Vote Online

Fundamental security problems aren’t solved, computing experts warn.
November 5, 2012

A decade and a half into the Web revolution, we do much of our banking and shopping online.   So why can’t we vote over the Internet? The answer is that voting presents specific kinds of very hard problems.

Even though some countries do it and there have been trial runs in some precincts in the United States, computer security experts at a Princeton symposium last week made clear that online voting cannot be verifiably secure, and invites disaster in a close, contentious race.

“Vendors may come and they may say they’ve solved the Internet voting problem for you, but I think that, by and large, they are misleading you, and misleading themselves as well,” Ron Rivest, the MIT computer scientist and cryptography pioneer, said at the symposium. “If they’ve really solved the Internet security and cybersecurity problem, what are they doing implementing voting systems? They should be working with the Department of Defense or financial industry. These are not solved problems there.”

The unsolved problems include the ability of malicious actors to intercept Internet communications, log in as someone else, and hack into servers to rewrite or corrupt code. While these are also big problems in e-commerce, if a hacker steals money, the theft can soon be discovered. A bank or store can decide whether any losses are an acceptable cost of doing business.

Voting is a different and harder problem. Lost votes aren’t acceptable. And a voting system is supposed to protect the anonymity of a person’s vote—quite unlike a banking or e-commerce transaction—while at the same time validating that it was cast accurately, in a manner that maintains records that a losing candidate will accept as valid and verified.

Given the well-understood vulnerabilities of networked computer systems, the problem is far from solved, says David Dill, a Stanford computer scientist. “Basically, it relies on the user’s computer being trustworthy. If a virus can intercept a vote at keyboard or screen, there is basically no defense,” Dill says. “There are really fundamental problems. Perhaps a system could be tightened so some particular hack won’t work. But overall, systems tend to be vulnerable.” 

This year, the U.S. Department of Defense canceled plans to allow Internet voting by military personnel overseas after a security team audited a $22 million system developed by Accenture and found it vulnerable to cyberattacks.

While some nations, including Estonia, allow Internet voting—and other European nations and cities are pursuing projects (Italy is conducting a large test this year), Dill says these adoptions do not prove that they are secure. “I contend that nobody knows whether there is fraud in those nations, because there is no way to detect it,” Dill said.

Some of the theoretical hacking problems could already plague electronic voting systems that are widely used in the United States and other countries (see “The States with the Riskiest Voting Technology”), especially if the machines do not produce paper records. But these machines, because they are disconnected from the Internet, are vulnerable to a much narrower range of attacks.

The problems of Internet voting were made clear in a trial two years ago, when the District of Columbia set up a system that let voters go online, enter an ID code they’d received in the mail, cast a vote, and get a record of the result. Election officials invited computer scientists to try to hack the system in a mock election.

Alex Halderman, a computer scientist at the University of Michigan, and two grad students accepted that offer—and soon found an error in the source code that “allowed us to completely steal the election,” Halderman said at the Princeton symposium. They were even able to change the choice of candidates that appeared on people’s screens.

Rivest put the matter in plain terms. “I think when we talk about voting over the Internet, my gut reaction says: Why vote over the Internet? Why? Why are you doing this? Why? Really, why? Why? I think you need to ask that question a lot, just like a two-year-old,” he said. “There are other approaches to getting information back and forth that are better, and have better security properties. Voting over the Internet is rarely going to be the best choice. It’s very complicated, and you are asking for trouble. Would you connect your toaster to a high-tension power line? Putting a voting system online is very much like that. Would you invest your pension in credit default swaps? You want to stay away [from] complexity. You want something simple. You are entering a world of attacks and risk that you don’t want to be in.”

Deep Dive

Uncategorized

Investing in people is key to successful transformation

People-related factors like talent attraction and retention and clear top-down communication will determine whether your transformation progresses or stalls.

Work reinvented: Tech will drive the office evolution

As organizations navigate a new world of hybrid work, tech innovation will be crucial for employee connection and collaboration.

The way forward: Merging IT and operations

Digital transformation in any industry begins with bridging the gap between two traditionally separate teams.

be a good example concept
be a good example concept

Be a good example

"It was in the newspaper, but the towers fell the next day, and what I’d done was quickly lost."

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.