Why You Cannot Vote Online Today
Security concerns present the major concern around online voting.
Nov. 6, 2012 -- Today U.S. citizens across the country will wake up, drive or walk to their assigned polling locations, likely wait in line, and then vote for president. Some will vote using voting machines, pulling the lever and all, some will use some new electronic voting systems, and some use paper ballots.
Yes, some in New Jersey will vote via email because of Hurricane Sandy, but for most of the country the Internet won't have a role in the process.
That stands in stark contrast to countries like the U.K., Estonia, Switzerland and Canada, all of which have begun to use Internet voting systems. So, why can't you vote today using your own computer or iPad?
Client and Server Security Risks
Spend a few minutes researching online voting and you'll find out that the answer to that question is fairly complicated. But for the most part the biggest hurdle standing in the way of casting our votes on the Internet has to do with security concerns.
"The biggest obstacle to voting on the Internet is the security problem," Avi Rubin, a professor of computer science at John Hopkins and an expert in network security, told ABC News. "The fact is that right now the security threats on the Internet are getting worse, not better. Before we can allow people to vote on computers we have to make sure people are in control of their own computers."
There are two major concerns when it comes to security: the vulnerabilities of voters' personal computers, and the vulnerabilities of the servers and backend systems that would power the online voting infrastructure and host the websites for particular jurisdictions.
The fears on the server side concern hackers. The biggest fears there revolve around servers and sites being redirected to fake sites, thus causing a vote to go to the wrong place and thus leading to inaccurate tallying. But the security of those systems are easier to control than citizens' computers.
"The hardest problem to solve is what happens at a person's computer. The dream is to be able to vote at work or at home or wherever the computer is, but the vote can be intercepted at the keyboard," David Dill, Professor of Computer Science at Stanford and founder of VerifiedVoting.org, told ABC News. "Suppose you have a virus at your computer and it sends a different vote. There is no link between the recorded vote and the ballot. We don't know how to secure every PC in the country. Antivirus software does a good job but not good enough."
The fear is that software could capture the vote and direct people to false websites that might look like real voting sites, but are instead false sites. There is also the issue of keeping votes anonymous.
The 2010 Experiment
In 2010, the District of Columbia invited hackers to try to take down a pilot online voting system. Students led by a professor at the University of Michigan were able to hack into the system in 36 hours, revealing the names and passwords of over 900 voters.
The incident, which received a lot of attention, has illustrated the fears with online voting systems, but if you ask some experts they say the problem there was with the system itself. "The system there was set up by two amateur guys," William Kelleher, author of "Internet Voting Now," said.
"That was an example of how who builds the systems you are going to use for elections is more important than the format it was built on," Lori Steele, CEO of Everyone Counts, told ABC News. "The hack University of Michigan deployed illustrated Security 101 mistakes. Any state-of-the-art systems would not have been hacked in that way. People are holding that up as the reason Internet voting shouldn't be happen, but that was a mediocre deployment."
New Systems
Steele runs Everyone Counts a company that is working on next-generation online voting systems based on software that runs on computers, iPads, and other devices.
When Steele explains how the system works it sounds very simple. "A voter receives the ballot and marks it and sends it back via the Internet." But, of course, there is a lot of security in there that helps get that vote back securely.
"Our ballots are each encrypted with military-grade encryption, we audit data every step of the way, there is not another system out there that has that level of security," Steele says. "You put together the administrative processes and the state-of-the-art technology and you have a system that is far more secure than going down the street, putting a ballot in a box, and then having it driven cross-town."
Everyone Counts' systems have been used in national and state elections in the U.K., but also in some elections in the U.S., in West Virginia and Honolulu. In West Virginia, it was used in 2010 as an absentee ballot option for overseas citizens. In Honolulu in 2009, it was used for a neighborhood board election.
But some of the experts don't necessarily agree with Steele. "Right now there are companies trying to sell Internet voting systems and secure voting systems, and we have to have pretty good evidence that the voting isn't as secure. If a company wants to sell it, they should persuade the experts," Dill said.
Steele argues, however, that online voting has not been adopted this election season by and large because of money spent on the new voting machines.
"What we will find in the next 2 to 4 years is that those machines have reached their life expectancies. They are constantly talking about what we can do now, they look to us," she said.
Email is Not The Answer
But the online voting skeptics and Steele agree on one thing: email voting is not the answer.
"Email voting is a terrible idea. I could send you an email from Donald Duck and it would look like it was from him," Rubin said.
"Emailing ballots in the case of New Jersey is the best they can do in a hard situation, but in general it is a very bad idea. It isn't secure, it's not auditable," Steele said.
Still, whatever its shortcomings, it is a step to getting people more familiar with the idea of voting via the Internet.
"For the future of Internet voting, then, as FDR has said, the only thing we have to fear is fear itself," Kelleher said.
Whether that fear of the security issues is justified or not depends on who you talk to, but in short it's why we are not casting ballots today on our computers, phones, or iPads.