Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/13/2020
10:00 AM
Brad Brooks
Brad Brooks
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Online Voting Is Coming, but How Secure Will It Be?

It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.

In November, the United States will hold a presidential election, and this one is without modern precedent.

Access to polling places has been a topic of debate since our first elections as a country. The current COVID crisis and the requirements for social distancing are bringing renewed attention to this issue of reduced polling locations, accessibility to the reduced number of locations, and the resulting increased restrictions on the ability to vote. Convenience, security, and verifiable identity are at the center of these conversations.

Related Content:

Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: CFAA 101: A Computer Fraud & Abuse Act Primer for InfoSec Pros

While the debate regarding in-person voting previously centered on the topics of number and location of polling places, the debate has widened this year as the physical health and safety of in-person voting takes on a new level of significance. There is a solution that addresses all of these issues: location, access, and health. It is online voting — an option that earns greater consideration every election cycle.

Experiments with online voting are still in their early days, and although the efforts are gaining ground, the hurdles are also significant. In pursuit of online voting's very real benefits of convenience, speed of results, and improving participation, organizations need to tackle concerns about security, lack of Internet access for voters, and privacy.

Our company, OneLogin, recently undertook an extensive study to understand the perception and challenges of online voting and find out just how much effort the electorate is willing to go through in order for the risks associated with online voting to be reasonably mitigated.

What Steps Will You Take to Vote Online?
The effort that would be required to vote securely online is one of the many issues. Many security experts believe that citizens are simply not willing to take the necessary steps to secure their votes online.

However, most respondents (61%) to our survey were willing to take one to three different security steps to log in and verify their identity when voting online. Much smaller groups didn’t mind taking four to five steps (14%) or more than five steps (12%), with a similar number (13%) of voters saying they wouldn't be willing to take any security steps at all.

The age of respondents also played a role, as, in general, baby boomers found online voting less appealing than younger groups. Nearly one-fifth (18%) of boomers said they wouldn't be willing to take any security steps if voting online, which was significantly higher than similar responses from either Generation Z (8%) or millennials (10%).

More than half of the study respondents were willing to spend more than five minutes logging in and verifying their identity to vote online. Around one-quarter (27%) would spend six to 10 minutes and one-fifth (21%) would dedicate 11 to 30 minutes. Just 5% of people would dedicate more than 30 minutes to verifying their identity if voting online — even though voting in-person generally takes at least that long. We can see from these results that there are citizens willing to take the steps and spend the time necessary to secure online voting.

Regarding the actual steps that verification might entail, around half (55%) would provide a driver's license number or use multifactor authentication (49%). After that, voters' willingness begins to drop off significantly:

  • Provide my mother's maiden name: 36%
  • Upload my signature: 35%
  • Provide my fingerprint: 35%
  • Provide my Social Security number: 34%
  • Upload a photo of myself: 29%
  • Provide a copy of my birth certificate: 20%
  • Provide a retina scan: 19%
  • None of the above: 12%

Understanding the Roles of Government and the Tech Industry
Despite the challenges, online voting is coming. The potential benefits are too significant for voting administrators to ignore because voters expect it in the near future. Most respondents (59%) expected online voting to become a reality within the next five years.

The right path forward will be permanent digital identification for each citizen issued and managed by the government on a state level, with a set of common standards for its use and management, similar to European Union's system of electronic identification. We have already accomplished a similar set of common standards for physical ID's post-9/11 with the Real ID Act and requirements for all states to adhere and implement common ID verification standards by the end of 2021.

With digital ID in place, the government and private sector companies can work together to create voting ID management systems, with enough organizations involved that there isn't the possibility of a monopoly on secure information. Identity and access management systems will enable people to securely sign in and cast their vote.

Closing the Digital Gap
The greatest challenge to widespread adoption of online voting — as well as the most important — will be closing the digital gap that separates underrepresented communities. A 2019 survey by Pew Research found that only 58% of Black households in the US and 57% of Hispanic households in the US owned a home computer, compared with 82% of white households in the US. Similarly, only 66% of Black households and 61% of Hispanic households had broadband Internet, compared with 79% of white households.

Without closing this divide and providing digital access to underrepresented communities, we only solve part of the challenge.

Online voting will never completely supplant voting in person or voting by mail, and the efforts required to vote online will keep many people voting as they always have. But the technology is to a level of capability that the benefits of online voting far exceed any potential risks. It's time for the bolder state governments to again act as leaders in the democracy experiment that is the United States, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.

Brad Brooks is the CEO and president of OneLogin. Brad brings more than 25 years of experience leading global technology companies on a path towards success. In his most recent role before joining OneLogin, Brad served as DocuSign's chief marketing officer, where he helped ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark Reading,  10/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27652
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27653
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27654
PUBLISHED: 2020-10-29
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
CVE-2020-27655
PUBLISHED: 2020-10-29
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
CVE-2020-27656
PUBLISHED: 2020-10-29
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.