Online voting isn’t ready
Concerns about the integrity and security of the United States’ upcoming elections continue apace, and a concerning new study from a pair of computer scientists should renew states’ resolve to find a reliable, accessible and secure system that will protect Americans’ most sacred civic right.
According to research from Michael Specter, of the Massachusetts Institute of Technology, and Alex Halderman, of the University of Michigan, the OmniBallot online voting system, which was expected to be used in West Virginia, Delaware, New Jersey and a number of jurisdictions in Oregon and Washington, has inadequate security protections that represent “a severe risk to election security.” (New Jersey has since backed away from its plan to use OmniBallot during the state’s July primary.)
OmniBallot, which has never been the subject of a public, independent security review, requires additional software, such as JavaScript, to perform its function. This would allow bad actors multiple venues through which to attack an election. OmniBallot also lacks end-to-end verifiability, meaning a ballot could be altered after a voter submits it but before it is received by election officials.
These are not small concerns; they represent fundamental threats to the integrity of an election. And, with concerns about the election ranging from foreign interference to the COVID-19 pandemic, Americans in all states and territories need assurances that their votes will be securely and accurately tallied.
It is unlikely that any internet voting system will be secure enough to handle a nationwide election by November. Mr. Specter and Mr. Halderman cited a 2018 report from the National Academies of Sciences, Engineering and Medicine that found that “no known technology guarantees the secrecy, security and verifiability of a marked ballot transmitted over the internet.”
Online systems like OmniBallot are useful for faster distribution of mail-in ballots, according to Mr. Specter and Mr. Halderman. But the pair recommend that state election officials focus their efforts on traditional mail-in systems. “Vote by mail is the most secure means we have of doing remote voting,” Mr. Halderman said in an interview with Ars Technica. “It’s well-understood and reasonably safe, but it requires precautions.”
Such systems will still require considerable change ahead of the presidential election. Counties will need ample time to distribute, collect and tally mail-in ballots.
Beefing up mail-in systems before November will be a challenge, but it is a manageable challenge. But, during a time of such tumult and uncertainty, states should not risk experimenting with unproven and insecure online voting systems. The integrity of American elections is paramount, and systems like OmniBallot are not yet up to the task.