If, like a growing number of people, you’re willing to trust the Internet to safeguard your finances, shepherd your love life, and maybe even steer your car, being able to cast your vote online might seem like a logical, perhaps overdue, step. No more taking time out of your workday to travel to a polling place only to stand in a long line. Instead, as easily as hailing a ride, you could pull out your phone, cast your vote, and go along with your day. Sounds great, right?
Absolutely not, says Stanford computer science professor . In fact, online voting is such a dangerous idea that computer scientists and security experts are nearly unanimous in opposition to it.
Why should we be so wary about introducing computers, and in particular the Internet, into the voting process?
Computers are very complicated things and there’s no way with any reasonable amount of resources that you can guarantee that the software and hardware are bug-free and that they haven’t been maliciously attacked. The problems are growing in complexity faster than the methods to keep up with them. From that perspective, looking at a system that relies on the perfectibility of computers is a really bad idea. Compared with touchscreen voting machines, the opportunity for attacks on the Internet is much broader. Suppose masses of emails get sent out to naive users saying the voting website has been changed and, after you submit your ballot and your credentials to the fake website, it helpfully votes for you, but changes some of the votes. You also have bots where millions of individual machines are controlled by a single person who uses them to send out spam. There is a program just sleeping on there waiting for somebody to come in and use it. Think about the consequences of that when it’s time for an election. People would vote on their personal computers, not knowing that they were handing the ballot to a potential hostile middleman who could change the vote. And neither the voters nor election officials would see anything suspicious. Because of the secret ballot, there is no way for the voter to check that the ballot transmitted to the elections office is the one they filled out on their computer.
How easy would it be to hack a computerized system? Not very hard, as we can see from the frequent news stories about massive thefts of data from government and corporate web servers. And there are many other threats, including voters who are not experts in computer security and may be easily fooled, and potential for corrupt insiders at companies that produce the Internet voting software.
The way I look at things is: How many people have to conspire to steal an election now? With paper ballots at polling places, to steal a significant number of votes, you’d have to have lots of poll workers or a lot of voters voting fraudulently, which would be very difficult and expensive. And with paperless touchscreen voting you maybe need a few programmers. If you had widespread Internet voting, on the other hand, the vulnerabilities are even more worrying.
Just how disruptive could these risks become?
Without being paranoid, there are reasons to believe that people would want to affect the outcome of elections. Right now, they spend billions of dollars trying to do it through campaign contributions and advertising and political consultants and all of that. It’s like having a jewelry store. How good of an alarm system do you need for your jewelry store? Well, it depends how expensive your jewelry is. What is the value of controlling the SRC presidency? There are people who would be very motivated to get something so valuable. Those people could include political zealots or campaigns, but they might also include organized crime or even other countries with huge resources.
Online voting could threaten the fundamental legitimacy of elections?
From the perspective of election trustworthiness, Internet voting is a complete disaster. While you can’t stop all election fraud, elections must have a higher standard of credibility.
They need to have the perception of being low fraud. If you have an election system where fraud can be committed and – this is very important – that fraud is undetectable, then you don’t really have a reason to trust the outcome of the election.
And that’s very bad in a democracy, because the whole goal of an election is to satisfy the people who lost the election that they lost fair and square and that the candidate who is elected is legitimate.
The dangerous thing about Internet voting is it appeals to a lot of people on the grounds that they use the Internet for other stuff and it seems like voting should be easy. They don’t stop to ask the computer scientists and don’t even think it’s controversial. Legislators say this sounds like a great idea and writUKe a bill, and such bills have gotten passed without significant debate because it just seems like an obvious thing. There’s no technical input. The challenge is: How do we raise people’s awareness to the point where they can make an educated judgment about the risks of Internet voting? You’re talking about millions of California voters who look at something on the ballot and say, “Oh, this sounds like a good idea.” It could be a nightmare. I’m confident that if people actually do learn about it and take an objective look at the technology, they will conclude that it’s not time yet.
It is better to exercise the Spirit of patient than to zoom into voting.
“No mission is too difficult,No sacrifice is too great “