The COVID-19 pandemic has upended all aspects of American life and poses an unprecedented challenge to a key pillar of our democracy: free and fair elections.
Voting often requires waiting in line at a polling place, interacting face to face with a poll worker, and handing over a paper ballot — activities that pose both health risks and logistical challenges while social distancing guidelines remain in place. Many states have already taken action to postpone primary voting and are considering ways to reduce crowding at polls, including voting by mail and expanding early voting.
Alarmingly, however, internet voting also is under consideration by some. It shouldn’t be.
The American Association for the Advancement of Science and the Association for Computing Machinery’s U.S. Technology Policy Committee — along with a politically diverse group of leading organizations and renowned experts in cybersecurity and computing — sent an open letter to all governors, secretaries of state and other state election directors urging them not to allow the use of internet or voting app systems.
We did so united in the common conviction that as election officials at the local, state and federal level seek alternate solutions, it is essential that, as with all aspects of pandemic response, they follow the scientific evidence. Regarding internet voting, that evidence is consistent and very clear:
Internet voting, including through mobile apps, is not a secure solution for voting in the United States, nor will it be in the foreseeable future. Period.
Indeed, two decades of rigorous, science-based analysis by, among many others, the National Academies of Science, Engineering, and Medicine; officials at the Department of Homeland Security; and the National Institute of Standards and Technology supports four key findings regarding internet voting.
1. All internet voting systems and technologies (including email, fax, web-based voting and voting via mobile apps) are currently inherently insecure.
The research shows that these platforms are inherently and without exception vulnerable to malware and denial-of-service attacks, and pose unacceptable risks to voter authentication, ballot protection and anonymization, and how disputed ballots are handled.
2. No technical evidence exists that any internet voting technology is safe or can be made so in the foreseeable future.
All research performed to date consistently demonstrates the opposite. Also, there is no way to conduct a valid audit of internet or app-based voting results due to the lack of a meaningful, voter-verified paper record when such systems are employed.
3. No blockchain technology can mitigate the profound dangers inherent in internet voting, and such technology introduces additional vulnerabilities.
A 2018 consensus study report on election security by the National Academies of Science, Engineering, and Medicine, the most definitive and comprehensive report on the scientific evidence regarding voting security in the U.S., bluntly described the blockchains in voting systems as “added points of attack for malicious actors.”
4. No mobile voting app is sufficiently secure to permit its use in an American election.
As an example, the Voatz app has been evaluated in-depth by MIT researchers and a private security group contracted by the company. Both found a variety of vulnerabilities, including the potential for ballot manipulation and serious risk of voter identity theft.
While internet voting is not a viable solution, there are several well-understood and readily available measures election officials can take to maintain the security, accuracy and secrecy essential to American elections.
Specifically, thoughtful implementation of such alternative methods as voting by mail and early voting can help meet the diverse needs of the electorate, addressing both new concerns relating to COVID-19 and existing disparities in ballot access. Moreover, $400 million in emergency funds just provided under the CARES Act should help election officials implement alternative systems and offer increased flexibility to confront our ongoing challenges. Hopefully, that assistance is merely a down payment on the millions more in state aid likely needed to make the November elections fair and safe.
There is no doubt that the COVID-19 pandemic exacerbates the technical challenges election officials across the country face in preparing for and assuring secure, accurate and trustworthy elections this fall. Countless scientists, engineers, statistician, and security experts stand ready to help election officials successfully meet this unprecedented challenge. We must follow the scientific evidence to identify and implement secure solutions.
Those solutions do not, and must not, include internet voting.
Dr. Michael D. Fernandez is the founding director of Center for Scientific Evidence in Public Issues at the American Association for the Advancement of Science, the world’s largest multidisciplinary scientific society.
James Hendler of the Rensselaer Polytechnic Institute chairs the U.S. Technology Policy Committee of the Association for Computing Machinery, the world’s largest and oldest society of individuals involved in all aspects of computing. His views are those of the USTPC.