You can vote online, but it’s not secure. Here’s who might want to it anyway

Laveta Brigham

Returning a physical copy of your ballot is the safe option, cybersecurity experts say. The fewer people who return their ballots online, the less tempting of a target it becomes for hackers. Getty Images This story is part of Elections 2020, CNET’s coverage of the run-up to voting in November. […]

A ballot drop box with a sign that says "Official Ballot Dropbox"

Returning a physical copy of your ballot is the safe option, cybersecurity experts say. The fewer people who return their ballots online, the less tempting of a target it becomes for hackers.

Getty Images

This story is part of Elections 2020, CNET’s coverage of the run-up to voting in November.

Brooke Burns went online and cast her ballot in the US presidential election. She’s US citizen in France, and her election agency gave her access to her ballot from a web portal, where she downloaded it and marked it electronically. Then she sent back an image of her marked, signed ballot in an email.

“My ballot was received on the same day that I sent it via email,” Burns said.

Burns is registered to vote in King County, Washington, which uses a ballot portal made by election technology company Democracy Live. She’s one of thousands of overseas, military, sick and disabled voters who have access to internet-enabled voting. Some will mail back printouts of their marked, signed ballots, but others will return the ballots via email, fax or web portal.

There’s a great big caveat for voters in the second group. They must generally waive their right to a secret ballot. That’s because your name is attached to your ballot as it travels to your election agency. Additionally, cybersecurity experts say there’s no technology today that can secure online voting. While fraud is part of the cost of doing business with industries like banking, which millions of people access over the internet, fraud isn’t an acceptable risk for elections agencies and can’t be easily fixed after the fact. To secure online elections, we’d need technology that can stop ballot tampering from happening and detect compromised ballots before they’re counted. We’re not there yet.

Waiving your right to a secret ballot is a big decision. Ever since the US embraced the secret ballot in the late 1800s, voters have viewed it as essential to protecting their choices from external pressure. And running the risk that hackers will tamper with your ballot is a scary prospect that has an impact beyond just your vote. 

Still, some uses of the internet are riskier than others when it comes to ballots. Here’s everything you need to know about using the internet to vote, and what makes sense for you.

Why you might want to get your ballot online

There are two reasons it might make sense for you to ask your local election agency, typically a county clerk, to send you a blank ballot over the internet. If you’re out of the country, getting a PDF of a blank ballot cuts out one end of the mail system. That’s why federal law requires states to provide ballots electronically to military and overseas voters.

Or, you might have a disability that makes it hard for you to fill out a paper absentee ballot. This includes people with low vision or limited mobility. In that case, getting a PDF lets you mark your ballot on your computer without needing help from a friend or family member. Many states offer this option, including Pennsylvania, Louisiana, Utah, Delaware and West Virginia. You can contact your county clerk or secretary of state to learn what’s available to you.

This is where security experts will step in and say, it’s fine to receive your ballot online. The election agency will either email or fax you a PDF of the ballot, or it might give you a link to a web portal where you can download it. As with paper absentee ballots, these electronic versions come with bar codes and other fraud detection measures. As with any form of voting, you can access a sample ballot from your county and compare it to your blank ballot to reassure yourself everything is correct.

Deciding whether to mark your ballot online

If your election agency lets you mark your ballot on the web portal, that’s probably safe too, although it can come with risks. Security researchers from MIT and the University of Michigan found that the Democracy Live web portal, called OmniBallot, sometimes sends data about voters’ ballot choices back to the company’s servers. 

Democracy Live says it doesn’t store or access this data, but the researchers say it’s an unnecessary risk. If hackers compromised the company’s systems, ballots would be vulnerable. States can choose a version of OmniBallot that keeps data about ballot choices on your computer, a more secure option. However, not every state does this. If you’re concerned about this risk, you can ask your local election agency how its system for marking ballots electronically works.

Another ballot portal, from Voting Works, also lets voters mark their ballots in a web browser. It always keeps ballot choices on voters’ machines, the company says. 

The big risks of returning ballots electronically

Many states allow some combination of military, overseas and disabled voters to return a ballot electronically. Depending on the state or county, voters might be able to return the ballot over a web portal, or they might be asked to email or fax an image of the ballot. Voters who use fax or email typically print and sign their marked ballots before scanning or photographing it to send it back. 

Voters who go this route must generally waive their right to a secure ballot, and cybersecurity experts say these options aren’t secure, period. 

Hackers could infiltrate your computer using malware or compromised websites and change your votes. There’s no documented cases of this happening, but there’s also no good fraud prevention to detect it. They also have a variety of tools to access faxes and email systems. Finally, hackers could try to compromise the systems of companies such as Democracy Live and steal or alter ballots there.

We’re at least 10 years away from having technology that could let voters cast ballots online securely, said Dan Wallach, a computer science professor at Rice University who consults for Voting Works. That includes technology that would keep hackers off your computer, where they could tamper with your vote, as well as systems for stopping voting fraud before it happens.

For now, Wallach said, “We still like the idea of a piece of dead tree going through the mail.” 

Cybersecurity experts strongly recommend mailing in your ballot

Mailing a physical copy of your ballot back to your election agency is the safest choice for absentee voting. You can typically do this after getting your blank ballot electronically. Usually, voters must sign the printout before putting it in the mail, and it’s important to make sure you have enough postage.

Still, some people will be tempted to use an electronic method to avoid mailing their ballot internationally. If the country you live in has unreliable mail, that might be a major concern. And this year, slowdowns in the US mail system may compound the problem.

It’s best if only a small percentage of US voters take this route, cybersecurity experts say. The more voters who use it, the more motivated hackers will become to find ways to compromise ballots sent online.

Source Article

Next Post

Another View: Justice Department taking off the gloves against Big Tech

The internet has been a powerful source of innovation and opportunity in the half-century since the first electronic message was sent between experimental nodes at UCLA and Stanford. And in some industries, it remains a great equalizer – giving upstart creators and service providers the sort of access that used […]