Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Brad Brooks
Brad Brooks
Connect Directly
E-Mail vvv

Online Voting Is Coming, but How Secure Will It Be?

It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.

In November, the United States will hold a presidential election, and this one is without modern precedent.

Access to polling places has been a topic of debate since our first elections as a country. The current COVID crisis and the requirements for social distancing are bringing renewed attention to this issue of reduced polling locations, accessibility to the reduced number of locations, and the resulting increased restrictions on the ability to vote. Convenience, security, and verifiable identity are at the center of these conversations.

Related Content:

Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: CFAA 101: A Computer Fraud & Abuse Act Primer for InfoSec Pros

While the debate regarding in-person voting previously centered on the topics of number and location of polling places, the debate has widened this year as the physical health and safety of in-person voting takes on a new level of significance. There is a solution that addresses all of these issues: location, access, and health. It is online voting — an option that earns greater consideration every election cycle.

Experiments with online voting are still in their early days, and although the efforts are gaining ground, the hurdles are also significant. In pursuit of online voting's very real benefits of convenience, speed of results, and improving participation, organizations need to tackle concerns about security, lack of Internet access for voters, and privacy.

Our company, OneLogin, recently undertook an extensive study to understand the perception and challenges of online voting and find out just how much effort the electorate is willing to go through in order for the risks associated with online voting to be reasonably mitigated.

What Steps Will You Take to Vote Online?
The effort that would be required to vote securely online is one of the many issues. Many security experts believe that citizens are simply not willing to take the necessary steps to secure their votes online.

However, most respondents (61%) to our survey were willing to take one to three different security steps to log in and verify their identity when voting online. Much smaller groups didn’t mind taking four to five steps (14%) or more than five steps (12%), with a similar number (13%) of voters saying they wouldn't be willing to take any security steps at all.

The age of respondents also played a role, as, in general, baby boomers found online voting less appealing than younger groups. Nearly one-fifth (18%) of boomers said they wouldn't be willing to take any security steps if voting online, which was significantly higher than similar responses from either Generation Z (8%) or millennials (10%).

More than half of the study respondents were willing to spend more than five minutes logging in and verifying their identity to vote online. Around one-quarter (27%) would spend six to 10 minutes and one-fifth (21%) would dedicate 11 to 30 minutes. Just 5% of people would dedicate more than 30 minutes to verifying their identity if voting online — even though voting in-person generally takes at least that long. We can see from these results that there are citizens willing to take the steps and spend the time necessary to secure online voting.

Regarding the actual steps that verification might entail, around half (55%) would provide a driver's license number or use multifactor authentication (49%). After that, voters' willingness begins to drop off significantly:

  • Provide my mother's maiden name: 36%
  • Upload my signature: 35%
  • Provide my fingerprint: 35%
  • Provide my Social Security number: 34%
  • Upload a photo of myself: 29%
  • Provide a copy of my birth certificate: 20%
  • Provide a retina scan: 19%
  • None of the above: 12%

Understanding the Roles of Government and the Tech Industry
Despite the challenges, online voting is coming. The potential benefits are too significant for voting administrators to ignore because voters expect it in the near future. Most respondents (59%) expected online voting to become a reality within the next five years.

The right path forward will be permanent digital identification for each citizen issued and managed by the government on a state level, with a set of common standards for its use and management, similar to European Union's system of electronic identification. We have already accomplished a similar set of common standards for physical ID's post-9/11 with the Real ID Act and requirements for all states to adhere and implement common ID verification standards by the end of 2021.

With digital ID in place, the government and private sector companies can work together to create voting ID management systems, with enough organizations involved that there isn't the possibility of a monopoly on secure information. Identity and access management systems will enable people to securely sign in and cast their vote.

Closing the Digital Gap
The greatest challenge to widespread adoption of online voting — as well as the most important — will be closing the digital gap that separates underrepresented communities. A 2019 survey by Pew Research found that only 58% of Black households in the US and 57% of Hispanic households in the US owned a home computer, compared with 82% of white households in the US. Similarly, only 66% of Black households and 61% of Hispanic households had broadband Internet, compared with 79% of white households.

Without closing this divide and providing digital access to underrepresented communities, we only solve part of the challenge.

Online voting will never completely supplant voting in person or voting by mail, and the efforts required to vote online will keep many people voting as they always have. But the technology is to a level of capability that the benefits of online voting far exceed any potential risks. It's time for the bolder state governments to again act as leaders in the democracy experiment that is the United States, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.

Brad Brooks is the CEO and president of OneLogin. Brad brings more than 25 years of experience leading global technology companies on a path towards success. In his most recent role before joining OneLogin, Brad served as DocuSign's chief marketing officer, where he helped ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, R390 driver branch, contains a vulnerability in its installer where an attacker with local system access may replace an application resource with malicious files. Such an attack may lead to code execution, escalation of privileges, denial of service, or...
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of se...
PUBLISHED: 2021-04-21
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.
PUBLISHED: 2021-04-21
NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.