Security implications of online voting
With essentially everything moving online, it would seem to be the natural progression that voting online or on your mobile device would be the next thing to happen. Not only would it be more convenient for the voter, but it would greatly reduce the travel costs. The question is, are we technologically mature enough and can we count on today’s security infrastructure to protect our vote?
Security is not a guarantee
In our industry, security professionals will often ask people what computers are the most secure. The joking answer is “computers that are not connected to a network, not powered on, and, ideally, not working at all.”
To put it simply, allowing people to vote on a mobile platform or online is very dangerous. Current technology, although it can make our computers quite secure, cannot guarantee perfect security. We have to think about the scenario where a segment of the computers used for voting will have already been compromised by hackers previously. A dormant software virus left on these computers could compromise voter selections and potentially change election results.
For example, in 2012, in Ohio, one of the battle states, President Obama won by a narrow margin, defeating Mitt Romney by only 100,000 votes. If attackers could have controlled the machines of 50,000 democratic party members (assuming that they all voted for Obama), they could have changed the votes to Romney, which would have completely changed the voting results for Ohio. Gaining control of 50,000 machine is not impossible.
Many of the current botnets are bigger than that (bots in botnets are mostly compromised computers). Even if attackers couldn’t control that many computers entirely, they could launch denial-of-service (DoS) attack on targeted machines, preventing people from casting or submitting their votes before the deadline.
Online voting vs. online banking
People often compare online voting with online banking. The argument, is that if we can trust our computers with our own, hard-earned money, we should be able to trust computers with our votes. The difference here is that when banks provide online services to their customers, they are fully aware of the risk, and they accept the risk as a nature of the business. Banks will of course devote resources to minimize that risk, but again, there are no guarantees (e.g. Ecuador and Bangladesh attacks). If they can save 100 million dollars by going online, even if they lose 50 million, it is still a good investment. Therefore, when something goes wrong, they can write it off as a loss.
With voting, the loss is democracy, not money—and you can’t write off democracy.
Candidates who lose the election will always be able to challenge the voting results, if they have evidence that some of the votes have been tampered with. What do we do then? Would we do a re-vote using the traditional method?
Hacking for power
As we’ve seen in recent years, hackers have evolved from hacking for fun, to hacking for financial gain. If we put voting online, hackers will go after a new target, far more rewarding than money: hacking for power. By attacking computer systems, cybercriminals can change votes, and thus change the power structure in this country.
It sounds frightening, but I envision that in the near future powerful underground botnets will emerge. During the down, non-voting time, hackers will build up their botnets, which will consist of compromised computers all over the world. Of course, they will be particularly interested in the computers belonging to registered voters. Then, during voting time, they can use these botnet machines to manipulate votes, interrupt or stall votes from being sent out, collect or leak personal data information, or stage a combination of all three simultaneously.
Buying and selling votes
I also foresee a new business emerging: the buying and selling of online votes.
Obviously, voting online would make things way more convenient. That convenience will lend itself to a marketplace of voting purchases and trades. For example, a candidate could pay $100.00 for a group of people to sell their votes. All they would need to do is install the right software and exchange their vote—and many people would do that. The voter turnout rate for the 2012 presidential election was only about 55% nationwide, so 45% of people didn’t vote (about 93 million eligible citizens). If votes all of sudden had a dollar amount tied to it, we would see greater voter turnout online, but it would be a corrupted election.
Voting online will hurt your pockets
Another argument for online voting is cost-savings. Let’s look at whether it actually saves people money. Without a doubt, voters’ computers will need to be enhanced to protect the integrity of their votes, so voters will have to install anti-virus software, intrusion detection systems, auditing tools in case of a re-count, etc. More importantly, voters will need to be trained, so they can use the software correctly.
Security tools used improperly only provides a false sense of security.
Between the security products and the training, the costs could be astronomical and even negatively impact voter registration and turnout. And in the instance where there is a breach, we will need to do a re-vote, which is much more expensive than a re-count. Basically we would have to throw out all the votes, if a significant percentage of the votes were tampered with. Obviously, we couldn’t use their compromised computers to do the voting again; that means we would need to have a back-up voting system (the traditional one) in place.
Unless one party wins by a large margin, re-voting will probably always be needed.
Voting improvements
All of this is not to say that improvements and advancements cannot be made. In fact, some places have already been using e-voting machines. These are dedicated machines, well protected (physically and system-wide) and certified. Voters still have to go to these machines physically, but the voting process is much faster, and the counting time is significantly reduced, on account of it being electronic.
In conclusion, as long as we keep hearing hacking stories about Myspace, Sony, Target, Home Depot etc., we should realize that we have a long way to go before we can vote for the future leader of the United States online or with a mobile device.
Kevin Du is a member of the Institute of Electrical and Electronics Engineers (IEEE).