Fundamental security problems aren’t solved, computing experts warn.
By David Talbot
A decade and a half into the Web revolution, we do much of our banking and shopping online. So why can’t we vote over the Internet? The answer is that voting presents specific kinds of very hard problems.
Even though some countries do it and there have been trial runs in some precincts in the United States, computer security experts at a Princeton symposium last week made clear that online voting cannot be verifiably secure, and invites disaster in a close, contentious race.
“Vendors may come and they may say they’ve solved the Internet voting problem for you, but I think that, by and large, they are misleading you, and misleading themselves as well,” Ron Rivest, the MIT computer scientist and cryptography pioneer, said at the symposium. “If they’ve really solved the Internet security and cybersecurity problem, what are they doing implementing voting systems? They should be working with the Department of Defense or financial industry. These are not solved problems there.”
The unsolved problems include the ability of malicious actors to intercept Internet communications, log in as someone else, and hack into servers to rewrite or corrupt code. While these are also big problems in e-commerce, if a hacker steals money, the theft can soon be discovered. A bank or store can decide whether any losses are an acceptable cost of doing business.
Voting is a different and harder problem. Lost votes aren’t acceptable. And a voting system is supposed to protect the anonymity of a person’s vote—quite unlike a banking or e-commerce transaction—while at the same time validating that it was cast accurately, in a manner that maintains records that a losing candidate will accept as valid and verified.
Given the well-understood vulnerabilities of networked computer systems, the problem is far from solved, says David Dill, a Stanford computer scientist. “Basically, it relies on the user’s computer being trustworthy. If a virus can intercept a vote at keyboard or screen, there is basically no defense,” Dill says. “There are really fundamental problems. Perhaps a system could be tightened so some particular hack won’t work. But overall, systems tend to be vulnerable.”
This year, the U.S. Department of Defense canceled plans to allow Internet voting by military personnel overseas after a security team audited a $22 million system developed by Accenture and found it vulnerable to cyberattacks.