Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:25 PM
Connect Directly

How To Make Internet Voting Secure

To be effective, an Internet voting system has to auditable every step of the way, a new study says.

Public elections conducted over the Internet need to be end-to-end verifiable in order to be truly effective, a team of election officials, systems engineers, cryptographers, and election watchdogs said in report outlining a set of recommendations for Internet voting.

The 65-page report, released today, highlights several fundamental challenges that need to be overcome before Internet voting can become a reality on a mass scale. Key among them is finding a way to guarantee the integrity of election data, protect voter information, secure systems against attacks, and make the systems user-friendly enough to be accepted broadly.

"As election technology evolves and more states evaluate Internet voting, caution on compromises to integrity and security is warranted," the U.S. Vote Foundation, which commissioned the report said in a statement Friday. "Existing proprietary systems that meet only a subset of the requirements cannot be considered secure enough for use in the U.S."

Remote voting, including voting over the Internet, is becoming increasingly common in the U.S., the reported noted. It is has typically been used to enable military personnel and American citizens based overseas to participate in the election process, but is beginning to be used more broadly. As a result, more attention needs to be placed on ensuring speed, security, and integrity of such voting systems.

One of the major problems currently is that no existing commercially available Internet voting system is truly open for public review. As a result, there is no way to verify if the systems are functioning in the intended manner, the report's authors said.

For Internet voting to be truly effective, the system needs to ensure that the ballot received by and displayed to the voter matches the ballot sent out originally by election officials. It also needs to make sure that the computer used by the voter accurately records the voter's intention and that the filled in ballot received by election officials is the same one that was submitted by the voter.

Because the voting takes place on the public Internet, the voting system also needs to have a way to ensure that intermediary systems and networks do not have an opportunity to intercept, modify, or peek at, the ballot.

Another concern that has to be addressed is malware. Voters often may not be aware of malware on their systems that could potentially change the way the ballot is displayed or the way the vote is recorded.

"Internet voting substantially exacerbates the risk of remote voting by making it possible for small problems to be magnified and replicated on a large scale," Josh Beneloh, senior cryptographer at Microsoft, wrote in the report. "Careless or malicious errors, intrusive malware, and unforeseen omissions – all of which can be caused by individuals or very small groups – can cause very large numbers of votes to be changed and the privacy of large numbers of voters to be compromised."

According to the report’s authors, who include technologists from Lawrence Livermore, IBM, and NIST as well, there are 10 technical requirements that need to be met for truly end-to-end verifiable Internet voting. Among them are:  functionality, usability, security, authentication, auditability, and interoperability.

Functionally for instance, an Internet voting system must ensure that recorded ballots and voters listed as having voted must correspond with each other. Similarly, the system must maintain voter anonymity and make it impossible for election officials or anyone to link an individual vote back to the source.

On the security and authentication front, a truly verifiable Internet voting system should ensure that no voting data is ever lost even in the event of a system failure. It should have a way to properly authenticate voters to ensure that individuals are properly identified and to protect against attackers impersonating voters even if the entire database used for authentication becomes compromised.

"There is tremendous pressure to build Internet voting systems and use them in public elections," the report said. But the use of such systems "without end-to-end verifiability—including all Internet voting systems that jurisdictions are experimenting with and using at the time of this writing—is irresponsible."


Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
7/14/2015 | 11:25:06 AM
Re: Excited, but problematic

While you might be correct about getting those people (who absolutely live in Cyberspace) to do that very arduous task of "voting", which is a plus, it absolutely frightens the hell out of me that we as a society want to move in this direction. Why you ask... well I can go on for a while with multiple reasons but since this is a blog on information security I say this. We haven't proven that we can secure the simplest of data stored, connected to or traversing the Internet so why would we want to trust something as precious as our rights to determine our own future to these very technologies that have proven unequal to the task or more often, why should we trust people to maintain, manage and care for those systems in a responsible way? If the plan is to get more people to vote, then make the current system we have easier, but not by saying "since you don't want to leave the house you can vote on-line".

Personally, I think on-line voting is a major hack or even an inside job of biblical proportions just waiting to happen. But that's just me, I tend not to trust.
User Rank: Ninja
7/13/2015 | 7:54:44 AM
Excited, but problematic
I'm really excited by the prospect of internet based voting, as I think it will not only make a lot more people vote, but specifically young people who have grown up with an interenet based culture - the ease of it will bring about a lot more involvement and interest in voting in general.

However we're unlikely to see that here in the UK. The prevailing right-wing government knows that its supporters are mainly older and unlikely to use a digital voting system, so I don't expect to see it come in to play until well into the 2020s, which is embarassingly slow. 
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-04-03
A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUS...
PUBLISHED: 2020-04-03
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux E...
PUBLISHED: 2020-04-03
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
PUBLISHED: 2020-04-03
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_l...
PUBLISHED: 2020-04-02
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persistenc...