Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //


05:30 PM
Connect Directly

2 Tech Challenges Preventing Online Voting In US

A new report explains that online voting in the US is a matter of "if, not when," but problems of anonymity and verifiability must be solved first.

Online elections could be a reality in the United States if the security world can figure out how to ensure both voter anonymity and vote verifiability -- two essential but "largely incompatible" goals, according to a new report from the Atlantic Council and Intel Security. The report, "Online Voting: Rewards and Risks," discusses what challenges must be solved if online voting is ever to take off in the US.

"It's not a matter of if, but of when," says Gary Davis, Chief Consumer Security Evangelist for Intel Security. "I'll go out on a limb and say within 10 years" the US will allow online voting for national elections.

Why so confident? Davis points at the progress made in banking. Trust between customer and bank is essential to financial transactions, just like trust between citizen and government when casting ballots. Breaches notwithstanding, cryptography, identity management, and other security measures have made secure online banking a reality. Couldn't the same technology be applied to online voting?

Yes, but there is a key difference between banking and voting: anonymity.

As the report explains, banks must tie a customer's identity to the details of the transaction. Conversely, the government must not tie a citizen's identity to the details of their vote. Officials do check IDs at polling places -- to make sure that the person is a registered voter at the appropriate polling location, and that nobody gets to vote more than once -- but an individual's identity is never linked to their vote. The ballots cast are only viewed in aggregate.

The need for voter anonymity gets particularly tricky when coupled with the need for vote verifiability -- making sure that votes can be accurately tabulated again during a recount or a routine audit. For years, the question of "meaningful audits" has been at the root of the e-voting security debate, even when the conversation is only about electronic voting machines at polling places, not online voting from mobile devices all over the place.

Most of the dispute is over direct-recording electronic voting machines (DREs) without voter-verified paper trails, because they introduce software to the election process, and as all security people know, new software means new vulnerabilities means new ways for nefarious individuals to exploit the system -- like for example changing a person's vote before it's officially recorded.

Critics say that there must be a way to audit DREs' results. Manufacturers say that their equipment can conduct audits of election results, but critics say that all the machines can do is recount the same corrupted records. The solution, they say, is to add a voter-verified paper trail -- after a person casts their votes, the DRE prints out their selections on paper, asks the voter to review it and confirm that it has recorded their selections correctly, and drops the paper into a secure box once approved. That way, if there is any suspicion that the software was infected with vote-changing malware, the figures can be compared against a hand count of the paper records.

Anyone who was present for the 2000 US presidential election knows that paper is not without its own set of problems. (Remember a time before you knew what a "hanging chad" was?) Yet many districts still use paper votes exclusively, or as a back-up to the DREs and optical scan electronic voting machines.

Online voting would remove paper from the equation entirely. And, according to the report, current online security technology might not be able to provide the same kind of verifiability that paper can. From the report:

Banks, online retailers, and other companies offering services over the Internet factor in some degree of loss as a cost of doing business online, and generally indemnify their customers against bad actors. Online voting poses a much tougher problem: lost votes are unacceptable.

Online voting systems are complex, and any updates often must be separately recertified by election authorities. And unlike paper ballots, electronic votes cannot be “rolled back” or easily recounted. The twin goals of anonymity and verifiability within an online voting system are largely incompatible with current technologies.

That has not stopped Americans from trying, but online voting systems in the States have been fraught with software woes. From the report:

Alex Halderman, an assistant professor and security expert at the University of Michigan, has found holes in many existing online voting systems. In 2010, Dr. Halderman volunteered to test the integrity of an Internet voting system intended for use in Washington, DC. Within hours, his team accessed secret data on the system’s server, including the key used to encrypt ballots; replaced votes that had been cast; linked voters’ names to their votes; and forced the system’s vote-confirmation screen to play his university’s fight song. The team also found evidence that other hackers were trying to compromise the as-yet unused system. It was scrapped.

"Dr. Halderman ripped it apart," says Davis, "but a lot of [the system's problem] was Security 101."

Davis says that online voting systems could "make Dr. Halderman's life more difficult" if security professionals and e-voting machine manufacturers would really work together -- something that has been difficult to achieve in the past. Manufacturers keep their software close, but some proponents of open-source and open-government have argued for greater transparency about the code running e-voting systems.

With so many questions about security, why bother with online voting at all?

"The common belief," says Davis, "is that online voting will increase voter turnout," especially if it were possible to vote via a smartphone app. As he explains, elderly or infirm people wouldn't have to leave the house. Members of the military stationed overseas will not have to go through the absentee ballot process. Young people who love technology and hate waiting in lines might be more likely to participate in the election.

However, in the short-term, online voting could increase turnout from some populations and decrease it in others. Districts offering online voting might not offer anything else. Voters do not have the option to go to another district's polling place to use their machines. So, some voters who do not trust the technology or do not have access to the technology might decide not to vote at all.

Although the US is (at least) years away from online voting, Estonia has been doing it since 2005; roughly one-quarter of their citizens vote that way. As the report explains:

Because all Estonians have a government “chip and PIN” e-ID card, online voting is now available to the country’s electorate, and votes are encrypted for greater security.

Estonians can also vote more than once, from different devices and locations, over a thirty-day period -- though only the final vote counts -- giving voters the option to change their minds. They can also vote at a polling station on election day if they wish... The Estonian system also enables individuals to verify their vote using a form of two-factor verification: in this case, two devices, such as a smartphone and a personal computer. Voters are unlikely to “sell” their vote because their e-ID cards are also tied to government services such as healthcare.

Whether or not the Estonian system for a country with only a half-million citizens could scale up to the US's needs is one question.

The bigger snag, though, is that the Estonian system relies on the fact that all citizens have government-issued Chip-and-PIN ID cards that are essential to a wide variety of government services. The American public might resist such a thing.

However, Davis thinks that as Americans become more comfortable using mobile devices for biometric authentication and transaction verification, there will be less resistance to and/or less need for such a system.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Sara Peters
Sara Peters,
User Rank: Author
10/13/2014 | 1:35:12 PM
Re: Separation of vote and identity
@Dr. T  That may solve the security and anonymity problem, but does it allow for verifiability and audits? Cause it would be really cool if it did!
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
10/13/2014 | 8:37:17 AM
Re: IEEE 1622 as the Base
Thanks, Dr. T. Doesn't sound too comprehensive, does it? And only pertains to the military based overseas.
User Rank: Ninja
10/10/2014 | 11:54:50 AM
Re: IEEE 1622 as the Base
I found the following description:

"This standard specifies electronic data interchange formats for blank ballot distribution, primarily to assist in satisfying the needs of the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) and Military and Overseas Voter Empowerment (MOVE) Act. Subsequent standards will address other requirements for electronic data interchange formats used by components of voting systems for exchange of electronic data. This scope does not include return of cast ballots by electronic means."
User Rank: Ninja
10/10/2014 | 11:53:19 AM
Re: IEEE 1622 as the Base
It will be very good if we follow a standard for it, of course. 
User Rank: Ninja
10/10/2014 | 11:44:58 AM
Separation of vote and identity
I am for all electronic. This should be quite possible with the regular identification and separations measures. Person can login with an ID and vote and we do not have to strongly tie them in the database so there is now ay to query data with both attributes. Not a big deal.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
10/10/2014 | 9:32:40 AM
Re: IEEE 1622 as the Base
Thanks @HCHENG085. Can you elaborate a little more on what the IEEE 1622 eVoting Standards do and don't address with respect to security of online voting?
User Rank: Guru
10/9/2014 | 11:01:42 PM
IEEE 1622 as the Base
Perhaps, IEEE 1622 eVoting Standards can serve as the base for security on online voting. Of course, it still needs innovation on security features on IEEE 1622
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.