COVID-19 social distancing measures will likely continue through 2020 — or should — significantly impacting the November election. One proposed solution has been a shift to online voting — an approach that is the dream of many voting reform advocates and the nightmare of cyber and national security experts.
Online voting has an allure, given our pervasive use of the internet: We file taxes online, conduct banking transactions, meet future spouses, buy, and sell houses, and purchase a dizzying array of goods and services. We have shifted so much of our lives and responsibilities online that at times it seems backwards to not digitize every action. So why not voting?
There is no room for error with foundational democratic exercises like voting. In this case, the process is more important than the outcome. Trust is a critical element of the system for the winner, but more importantly, for the loser, whose acceptance of defeat based on the will of the people allows for a peaceful transition of power.
Many uncertainties surround the technical security needed to ensure confidence in the results of online elections. More troubling still is how foreign governments might seek to deconstruct or disrupt any online voting technology we deploy. Similar efforts are already being reported targeting healthcare and research institutions in the U.S. working on a COVID-19 vaccine.
Several threats must be addressed before we ever vote online.
Malicious actors — state-sponsored or otherwise — could alter ballot forms or votes. Fake websites could collect and potentially alter a person’s vote, threatening both ballot secrecy and integrity.
Votes would likely be stored in a database once collected, which poses potential insider threat risks by a political extremist or someone planted by a foreign government. Electronic databases can be tampered with on a scale far beyond any threat to a single physical ballot box or polling place.
Election Day distributed denial of service (DDoS) attacks are another threat. DDoS attacks can shut down a voting web application or degrade our confidence in the voting system. An early example is the devastating 2007 DDoS attack on Estonia that hindered government, financial and media systems. While there are more recent and sophisticated DDoS attacks, the attack on Estonia is a case study in how the combined devastating impact of information warfare and a DDoS attack can damage government institutions and public confidence in those institutions.
We are ill-prepared for the new and imaginative phishing schemes that would surface if email was our online voting system. Well-seasoned phishing schemes are often tied to current events. This adds credibility to the phishing scam and plays on anticipation or concerns tied to the current event. One annually reoccurring example is the IRS phishing scam that appears prior to the annual tax filing deadline. This scam works because people are afraid of being penalized by the IRS and do not adequately understand the IRS processes; the same could easily be said about Americans’ understanding of electoral processes and procedures.
Americans could also be tricked into providing credit card or Social Security numbers if they mistake a phishing scheme for an official voting source. This could disrupt the voting process and embed damaging malware on a voter’s laptop, tablet, or smartphone, creating further harm.
To be completely confident in online voting we need a system with sufficient redundancies and assurances to block or fix — in near real-time — all efforts to meddle or disrupt.
Appropriate security controls, mechanisms, and auditing features are necessary to maintain confidence in the system. We would need to validate and test the system to ensure that it could manage, audit, and facilitate the scale enabled by online voting.
Blockchain technology or homomorphic encryption could help ensure the veracity of a voter’s ballot selection and mitigate tampering concerns. A hybrid cloud provider under intense guard would be needed to manage the load of data. Securing online voting would need to be organized as a central effort with federal regulations from the National Institute of Standards and Technology (NIST). It could not just be left piecemeal to the states and the District of Columbia, which would create 51 opportunities for exploitation.
For now, the most secure, public-health friendly option for November is to massively increase the availability of the vote-by-mail model, an approach already mandated in numerous states, widely used to enable absentee voting, and a key element of the voting process for members of the U.S. military and diplomatic corps. While it may seem old-fashioned, it is vastly more secure and difficult to disrupt at scale, and is facilitated by the U.S. Postal Service, which has centuries of experience protecting mail from tampering.
While we must hold an election in November, we do not have to resort to untested, high-risk processes and systems to protect the health of American voters.
Lee Black is Vice President, Cyber and Intelligence Solutions at Peraton, a next generation national security company. Black previously worked in cybersecurity leadership roles for Amazon Web Services and Northrop Grumman. He is a veteran of the U.S. Navy and the Central Intelligence Agency.