It’s 2020. Why Can’t We Just Vote Online?
Sometimes, harder is better.
It’s election day. You sign into a secure system, click a few buttons, and you’re done. No need to wait in line at the polls. No need to worry that your ballot got lost in the mail. No need to wait days or longer to find out the results of the election, since votes could be counted immediately.
I mean, come on. It’s 2020. We’re doing everything online these days, and even more since the start of the pandemic. Wouldn’t it be easier if everyone could just vote online?
Unfortunately, the answer is no. Online voting systems do exist, but security experts almost universally agree they’re not safe or secure. At least, not yet.
See, there’s one critical aspect of fraud with physical ballots: The more ballots you manipulate, the more people need to be in on the conspiracy. It’s one of the few situations where the inefficiency and large number of people involved is actually a good thing.
Maybe one or two or five of the people dealing with the ballots could be coerced into adjusting the numbers a bit. But if you want to manipulate enough votes to actually influence a large, important election, hundreds or even thousands of people would need to be in on it. You’d run a huge risk of getting caught.
With an online voting system, on the other hand, manipulating a million votes isn’t much harder than manipulating one. And in theory, it only takes one person to do it.
There are a couple of major vulnerabilities in the chain of technologies your vote goes through from when you cast it to when it’s counted: The device you’re voting from, and the service logging your vote.
It’s possible that your phone or computer don’t have any viruses or malware on them. But how many other people, even within only a one-block radius of you, do you think could say the same thing?
Device manufacturers are always finding new vulnerabilities that hackers can exploit. That’s why you have to update them so often. Sometimes these security holes are around for months or years before someone realizes the problem.
A hacker could design a virus specifically meant to just lurk on your computer or phone until you voted. Even if only 2% of voters are using infected devices, that’s a huge number of votes vulnerable to manipulation.
Then there’s whatever service you’re using to actually cast your vote. Even with oversight and independent experts reviewing the software, one corrupt employee could compromise the whole system.
In one recent study, researchers looked at a system that was piloted as a way to vote online in certain cases. They found that an attacker could change votes in multiple ways that would be totally undetectable, and that things like audits and strict rules or procedures wouldn’t be enough to stop it.
And therein lies the problem: Sure, the company made a lot of choices that increased the voting system’s vulnerability, like relying on third-party services to store their data. But even if all those problems were fixed, you still can’t guarantee security. In an online system, it’s just too easy for one corrupt person to infiltrate the company and wreak havoc.
But there is technology in the works that could make online voting safe enough to use someday: end-to-end (aka E2E) verifiable voting systems.
The basic idea is that once you cast your ballot, you want to be able to check that it was counted. That way you’ll know if something or someone changed your vote along the way.
The major obstacle to E2E verifiability is the fact that your vote needs to be tied to you in some way if you want to check in on it after you cast it. But in many places, including the U.S., you have a legal right to a secret ballot. If you could show other people who or what you voted for, they could manipulate your vote with money or threats.
In the few situations where U.S. citizens can vote online — for example, deployed military personnel — you generally have to waive your right to a secret ballot to cast your vote. But we can’t have everyone waiving their right to a secret ballot or we end up back at square one, with people buying or intimidating voters.
This is where encryption can help. The basic idea is that when you cast your vote, you’re assigned some string of characters that means nothing to you, but that a computer can decode.
Of course, if the computer can decode it and show who you voted for, that’s not a secret ballot.
That’s why researchers use homomorphic encryption, a strategy that allows you to use the data while it’s still encrypted. Basically, you use math to put all the encrypted data together and generate a tally for each candidate.
If that tally matches the votes that were counted, great. If not … something went wrong along the way.
As a voter, you can also look at some public website or database and see that your name is associated with your vote — in the form of that encrypted string of characters. Who you voted for is still a secret, but you can confirm that your vote was part of the count.
E2E verification is an active area of research, with the latest systems in the testing phase. They don’t solve all the problems of online voting — if your device is compromised, you’re still in trouble — and for now, they’ll mostly be used at polling places that use electronic voting machines.
Still, it’s an important stepping stone to the ultimate goal: safe, secure elections that are as accessible as possible so that everyone’s voice is heard.