Published October 21, 2012
Imagine if casting a vote for the next president of the United States were as easy as waking up and turning on your PC. Cyber security experts say online voting may not be that far off in the U.S. and could breathe new life into the American electoral process.
Perhaps because Americans are already comfortable using the Internet to trade stocks, manage their finances and make online purchases, calls to modernize the voting system and potentially bring it online have started to grow louder.
Barriers exist today, but voting for the leader of the free world via smartphone, laptop or tablet could be a reality within the next few presidential election cycles.
“If five years down the line we see more acceptance, I don’t think it’s unthinkable in maybe 10 years we’ll be voting via mobile,” said Bruce Snell, director of technical marketing at McAfee. “But we need to make sure the methods we use are absolutely secure.”
The benefits of Internet voting range from increased convenience that might entice more people to vote, to providing elderly and disabled people, as well as military serving overseas who can’t reach physical polls, the ability to cast votes securely without fearing they’ll be lost in the mail.
“It could speed up the entire system,” Snell said.
Not surprisingly, however, there is still much resistance.
With cyber warfare an ever-rising threat, security experts are careful to note the many hurdles that still need to be overcome before an airtight system can be developed to handle something so vital as a presidential election.
“We think there are some new challenges that are difficult to address now with current technology, but there are some promising research avenues,” said Andy Regenscheid, a mathematician at the National Institute of Standards and Technology (NIST), a U.S. federal agency.
NIST, which has been conducting research for at least five years on the use of technology to support overseas and military absentee voting, has called for additional R&D, saying more time must be spent working out the kinks before secure voting will be feasible in the U.S.
The biggest threats are malware on personal devices that could, unbeknownst to the voter, alter their vote or track who they voted for, as well as hostile people or groups who could hack into the system for malicious purposes and disrupt the voting process. Another major challenge is ensuring that a vote is anonymous while at the same time re-countable for auditing purposes.
“My concern is the potential for some rogue nation to attack our voting if it moves online, and not being prepared,” Snell said.
The fear that a hacker could infiltrate and interrupt a U.S. election is very real, especially when major multinational corporations still have trouble fending off cyber attacks despite millions of dollars invested in security. This reality has been on full display in recent cyber attacks on companies like Google (GOOG) and ones in the past two weeks that impacted the websites of major banks like Bank of America (BAC) J.P. Morgan Chase (JPM) and HSBC (HBC).
“Our elections are run locally by county-level offices,” said Pamela Smith, President of Verified Voting. “The idea they could do this securely when a company the size of Google can’t -- with all the millions they have at their disposal -- it’s just not very securable.”
In 2010, the D.C. Board of Elections and Ethics invited so-called white hats, or hackers deployed with the intention of improving security, to try and hack its Internet-based voting system for a weeklong test period. The test was suspended after the system was infiltrated.
However, more advanced security technologies, such as the rapidly growing research area of cryptography, which has yet to fully catch on in the U.S. but is used for banking and voting in other nations, could help making online voting in the U.S. more secure.
The first country to successfully adopt online voting was Estonia in 2007, a tiny Baltic country of just 1.3 million, which in 2007 began using chipped identification cards to allow citizens to cryptographically cast votes in parliamentary elections. The Northern European country also uses physical polling stations, though online voting is growing.
Similar chips are used in smart credit cards in Europe, however U.S. banks have yet to adopt smart cards, which are harder to duplicate and offer better protection from fraud, despite the fact that they’ve been around since the 1990s.
Getting the U.S. online for voting might mean assigning digital identities through smart identification cards, similar to what’s used in Estonia, so that a voter can securely log into the system and cast their vote. With the correct security technologies in place, like those being developed through cryptography, the personally-assigned chip could help secure anonymity while at the same time making voting auditable and ensuring everyone only votes once.
However, it won’t be easy finding the political will and getting Americans comfortable with the idea of enrolling in a “non-refutable digital identity,” said Richard Stiennon, a security expert and chief research analyst at IT-Harvest.
“The technological feasibility is there, but there’s still resistance,” he said.
Minor efforts to use technology to improve the voting system have ramped up in recent years, including sending blank absentee ballots to citizens overseas via email and allowing residents in some areas to register or view their registration status online.
But getting the U.S. – a country of more than 300 million people – to adopt online and mobile voting will mean taking years of development, testing and retesting to prove the system is safe and as close as possible to uncrackable.
From there, it likely will have to be gradually rolled out, starting first with military and other citizens living overseas, who would be among the biggest beneficiaries of online voting, before stretching to the general population.
“I expect to see online voting in our lifetime,” said University of California Berkeley’s David Wagner, a computer science professor who has studied software and smartphone security as well as electronic voting. “I would be disappointed if we didn’t.”