Skip to Content

The Internet Is No Place for Elections

It’s not safe to connect our voting infrastructure to the Internet, but some election boards are doing it anyway.
September 26, 2016

Despite what your local election officials may tell you, you can’t trust the Internet with your vote.

This election year we’ve seen foreign hackers infiltrate the Democratic National Committee’s e-mail system as well as voter databases in Arizona and Illinois. These attacks have reinforced what political scientists and technical experts alike have been saying for more than a decade: public elections should stay offline. It’s not yet feasible to build a secure and truly democratic Internet-connected voting system.

Researchers from government agencies and leading academic institutions studied the issue extensively following the debacle of the 2000 presidential race, and the consensus emerged that it should not occur. That’s still the case, and today’s rampant cybercrime should be reason enough to keep voting systems disconnected. We have no good defense against malware on voters’ computers or denial of service attacks, and sophisticated adversaries like those behind the attacks on big corporations we’ve seen in recent years will find ways to get into connected voting systems, says Ron Rivest, a leading cryptographer and MIT professor. “It’s a war zone out there,” he says.

Nevertheless, 32 states and the District of Columbia allow at least some absentee voters (in most cases just voters who live overseas or serve in the military) to return their completed ballots using poorly secured e-mail, Internet-connected fax machines, or websites. In the most extreme example, all voters in Alaska are allowed to return their completed ballots over a supposedly secure website. And there is a danger that Internet voting could expand. Vendors like the Spanish company Scytl, which supplied Alaska’s system, and Southern California-based Everyone Counts keep marketing these systems to election boards against the advice of security experts. And they haven’t opened their systems to public security testing.

In some cases, election officials don’t have enough technical background to distrust claims from vendors, says Pamela Smith, president of Verified Voting, a nonprofit that advocates for greater integrity and verifiability in elections. Terms like “military-grade encryption” or “unhackable” should be red flags, she says.

Even if the risk of cybercrime could be mitigated, building an online voting system that preserves the core components we expect from democratic elections would be technically complex. Today’s commercial systems do not achieve this; most of the states that offer ballot return via the Internet ask that voters first waive their right to a secret ballot. The key challenge is building an online system that generates some sort of credible evidence that proves the outcome “is what you say it is” during an audit, while maintaining voter privacy and the secret ballot, says Rivest.

In principle, this can be done using cryptography. But while there are cryptographic protocols that can help solve the “integrity and privacy facets” of Internet voting, the technology would be difficult for many people to use, says Joseph Kiniry, a voting technology expert and the CEO and chief scientist for Free & Fair, a startup that develops open-source, verifiable election technologies and services. That’s a disqualifier for use in democratic elections.

Kiniry, who also advises the U.S. government on election technology via public working groups, was the technical lead on a recent project to examine the feasibility of “end-to-end verifiable Internet voting.” Such a system would rely on encryption to secure votes, keep them private, and make them verifiable after they are cast. The team of cryptographers (including Rivest), computer scientists, and other election experts, in collaboration with the U.S. Vote Foundation, published a comprehensive report last year, concluding that many challenges remain in creating an Internet voting system.

Compared with a traditional, supervised voting system in a polling station, an Internet voting system requires “several hundred” additional technical properties for it to be suitable for elections, says Kiniry. “If someone builds a system that fulfills those properties and can prove it, great, then let’s use it,” he says. “But until we can do that, we just don’t have democratic voting infrastructure when it comes to Internet voting.”

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.