This opinion originally ran on Slate and can be found here.
Russian hackers will try to disrupt American voting systems during the 2020 election cycle, as they did in 2016. This time, they’ll be joined by hackers from all over the world, including some within the United States. What unites them all is an eagerness to undermine free and fair elections, the most basic mechanism of American democracy.
There are some hard questions about what to do about all this, but one piece is surprisingly straightforward: We need to keep voting systems as far away from the internet as possible. There’s a growing and clear consensus on this point. Federal guidelines for new voting machines might soon prohibit voting systems from connecting to the internet or even using Bluetooth.
At the same time, though, voter turnout in this country remains abysmal. Allowing people to vote on their phones seems intuitively like it could help, especially for young people who vote at especially low rates. It could also be helpful for some military and overseas voters, as well as some voters with disabilities, who may face challenges getting a physical ballot cast, returned, and for being counted.
So why not try it? Well, put mildly, security vulnerabilities introduced by internet voting could destroy elections. The National Academies of Science, Engineering, and Medicine has concluded that “no known technology can guarantee the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” That means allowing voting on a phone could also allow vote deletion, fake votes at scale, and the publication of an individual voter’s choices. Accordingly, the Senate Select Committee on Intelligence said clearly that “[s]tates should resist pushes for online voting,” basing its conclusion in part on testimony given by one of us.
In spite of the compelling evidence that we are not prepared for internet voting, it’s happening in some localities in West Virginia, Utah, Oregon, and Colorado. Election administrators in these places have invited some voters to download an app, called Voatz, to their phones and use it to vote over the internet. The privately funded pilots cost hundreds of thousands of dollars. These pilots make internet voting available only to groups of voters who are more likely to face barriers to casting ballots—overseas and military voters, as well as disabled voters in some places. But Voatz does not hide the fact that it sees the pilots as the precursor to elections where all voters can use the app.
One of us is a computer scientist who studies election cybersecurity; the other is a lawyer at a pro-democracy nonprofit that has sued counties with insecure voting systems. We want voting to be both easy and secure, and internet-based voting is not the right path. Mounting evidence from other countries shows that online voting doesn’t actually boost participation, particularly when compared to voting by mail. And we know that postal voting, in combination with other policies that expand access to the vote, like same-day voter registration and automatic voter registration, can significantly increase turnout without creating the risk of a large-scale election hack.
Given all the danger inherent in using the internet to transmit ballots, the burden should be on app developers to prove that their voting technology is secure. Just like we don’t want pharmaceuticals in our bodies until manufacturers have proved them safe and effective, makers of internet voting software need to demonstrate the security of their products before we can trust they belong in our elections. No internet-voting tech provider has met that burden.
Voatz, for example, argues that its use of blockchain technology to store ballots is a major breakthrough in security, but there is a real lack of technical specificity in what the company has made public about software—a red flag for security experts. Just as Bitcoin doesn’t stop financial crime, blockchain technology can’t solve the hard parts of voting securely online—like verifying that the voter is who she claims to be, keeping malware out of voters’ phones, and guarding servers against hostile foreign governments. Voatz also doesn’t create a paper record of a voter’s choices, so in the event that the system is hacked, it would be impossible to determine whether those choices had been altered by software. These security concerns should be paramount to election administrators.
Election administrators shouldn’t even consider internet-based voting software that they don’t understand. Yet Voatz has not disclosed its source code or allowed third party experts to publicly examine it. Recognizing the problem, Sen. Ron Wyden recently asked the Department of Defense and the National Security Agency to conduct a true cybersecurity audit of the software. The CEO of Voatz has responded by noting that Voatz, as a private company, needs to protect its intellectual property. While the company is certainly entitled to take that approach, election administrators have a responsibility to protect each and every vote. And they shouldn’t place the security and reliability of their elections in the hands of internet voting software that has not been subjected to a public and independent security workup.
There’s no question that election administrators are right to try to make voting easier for voters who face hurdles getting to the ballot. But we owe it to those voters to find solutions that don’t jeopardize the integrity of their votes—or of the election as a whole.
Rachel Goodman is counsel for Protect Democracy.
J. Alex Halderman is professor of computer science and engineering as well as director of the Center for Computer Security and Society at the University of Michigan.