Some states have embraced online voting. It’s a huge risk.

Due to the effects of COVID-19, a discussion around online voting has resurged. Advocates argue that the implementation of online voting systems would allow those who are unable to vote in person to participate in the democratic process, and would increase the convenience of voting. Despite these benefits, this article argues that the cyber security threat such a system would cause makes the idea not worth pursuing. Although online systems exist for many sensitive tasks like banking and communication, elections are different in that they are anonymous (no one should be able to tell how an individual votes), and irreversible (you can’t undo an individual’s vote). The way to solve this problem is with an advanced encryption scheme, but no one has been able to implement a sufficiently robust encrypted voting system yet. In fact, most audits of internet voting systems yield widespread vulnerabilities that hackers could potentially exploit.

The article lays out a few security concerns with online voting. The first issue it addresses is that an individual’s ballot would travel through many different servers before reaching its destination. Without strong end-to-end encryption, someone can read the ballots before delivering them to their destination. Right now there is no implemented end-to-end encryption scheme over the internet that is compatible with the limitations of internet voting. The second point the article brings up is that, even if a secure internet voting system is in place, an individual’s device may be compromised before they even vote. If an adversary has control of enough machines they could change votes before they are even sent. Finally moving to online voting gives hackers many points of attack. They can attack the ballots, election website, or temper with ballots en route to an election.