This column by Courtney Such was published July 27, 2015 by Real Clear Policy.
The age of technology may be upon us, but not all are convinced we should cast our votes online. The Heritage Foundation has released a paper, “The Dangers of Internet Voting,” chronicling other countries’ experiences with online voting and arguing that America is not ready for it.
We talked with Hans von Spakovsky, the paper’s author, to learn more. The interview has been edited for length and clarity.
Who is proposing online voting, and how likely it is to become reality?
There was a big push in the country in the late 1990s early 2000s over this, and then that kind of subsided when a series of reports came out from the National Science Foundation and other task forces that said this is dangerous, we shouldn’t do this. But in recent years many states have allowed, not Internet voting, but the return of voted ballots by e-mail, and other states are considering joining them. Other folks are talking about using Internet voting for primaries.
There’s also a real push with regard to overseas voters. I’ll be the first to say we have a real problem with military voters, but proposals to allow them to vote over the Internet or to allow e-mail return of ballots is not a good idea, because it would make our systems very vulnerable.
What would the process for online voting would be like?
The District of Colombia several years ago was going to provide an online voting capability that would allow people to go to a website, set up new registration, check in, and then cast a ballot, and they’d be able to cast it from their home computers or their work computers. They were very confident that they had a very secure system and opened it up in a mock election, and they challenged hackers to try to get into it. It was almost immediately breached, and the election officials didn’t even realize that folks had been able to get into the system.
Can you elaborate on the various cybersecurity issues here? Is there an argument that the increase in turnout would be worth the risk?
The problem with Internet voting is kind of inherent in the technology itself. Hardware, software, and computer scientists almost overwhelmingly say there’s almost nothing that can be done giving the current state of the technology — the way the Internet is designed — to actually make a safe system. Those risks way outweigh any possibility that it might increase turnout, and actually, there’s evidence from some other countries that have actually tried Internet voting that it doesn’t really increase voter turnout. It just makes it easier for people who would vote anyway to cast their ballot, but it does it at a much greater risk.
Can you summarize some of the other countries’ experiences?
Estonia is a country that in 2005 because the first country to offer Internet voting in a national election. They’ve used it a number of times since then. And they’ve done that despite the fact that a team of computer scientists at the University of Michigan — who, by the way, were the same people who easily breached the proposed District of Columbia system — went in and identified numerous major security risks and vulnerabilities in the Estonian system and recommended its immediate termination. The biggest problem they saw was that hackers, particularly dedicated, well-organized hackers, such as a foreign agency, perhaps in Russia or China, could not only get into the system and manipulate election results, but likely would be able to do it without detection, and that makes that kind of system even more dangerous.
The same kind of system was proposed in the neighboring country of Latvia, and there, they said we are not doing this, because with the current technology, it’s not possible to ensure the security of the Internet voting process.
Some of the problems you highlight happened more than a decade ago. Do you know if these countries have improved their systems since then?
There’s no indication that they have. Other countries that have tried it have stopped doing it after having problems. France tried to do this just two years ago in a mayoral election in Paris. This was for a primary election. Again, the backers of the system said it was fraud-proof, that it was ultra-secure; however, reporters were able to breach the security of the system and vote several times using different names, and in fact, one of the reporters was able to vote five times in that primary under the name of the former French president, Nicolas Sarkozy.
Why has there not been another test program since D.C.’s got hacked in 2010?
That one was particularly interesting, because when the Michigan team got into the D.C. system, they found hackers from other parts of the world trying to get into the system, and that exposes one of the great dangers of an Internet voting system.
Everyone knows very well the huge breaches of security we just had with not only the Office of Personal Management, but now the IRS. It was suspected in the OPM breach that this was part of a special team that the Chinese government set up some years ago. There have been a number of newspaper articles that have talked about this — how professional hackers are being used by the Chinese government. This kind of system in a U.S. election would be a prime target, not just for individual hackers, but for a government trying to get into the system to manipulate elections.
What is your recommendation for those who want to switch to online voting? How can online voting be safe?
Given current technology, online voting cannot be safe. All they have to do is read the various reports that have been done by people who are experts in the field — computer scientists, software engineers, who almost overwhelmingly say that the current system is not able to be secure.
And to those who say we do a lot of e-commerce now over the Internet — that system itself is not very secure. There are billions of dollars of fraud committed with e-commerce, and the requirements for that are quite different. If someone has breached your bank account through the Internet, when you go and check your bank statement, you’ll be able to figure that out. If someone intercepts the vote over the Internet that you’re trying to cast at a website, there’s no way for you to check whether that’s happened, or whether your vote has been changed or not. There is just no way to combine security and the anonymity that is required for the secret ballot.
Is there anything I didn’t ask but should have?
This is not really a partisan issue. A lot of election issues, particularly regarding the rules, seem to unfortunately devolve down into different party issues. This is not one of those. This is something that people of all political parties ought to realize would be a very dangerous development in America, and it is not one that we should encourage.