US States Expand Internet Voting Experiments Amid Pandemic, Raising Security Fears

By   ISBuzz Team
Writer , Information Security Buzz | Apr 30, 2020 07:20 am PST

It has been reported that, in the United States, election officials are preparing for what may the highest election turnout in modern history in the middle of a pandemic. In response, several states will be turning to a relatively new and untested form of Internet-based voting to aid the voters who may have the most trouble getting to the polls. In the latest demonstration of the technology, Delaware will allow voters with disabilities to return their ballots electronically in its primary election next month, becoming the second U.S. state to do so. The decision comes despite grave warnings from the cybersecurity community that the technology doesn’t offer sufficient safeguards to protect the integrity of an election.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Tim Mackey
Tim Mackey , Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
April 30, 2020 3:22 pm

When election officials find ways to increase opportunities for voters to cast their ballots, that is a good thing. With the ramifications from COVID-19 social distancing a likely reality for the 2020 election, now is a perfect time to start investing in solutions allowing for greater voter turnout without forcing vulnerable populations to stand in long lines to cast their vote. That being said, any solution must allow for the voter to securely select their candidates without being forced to divulge to anyone their selection. When looking at any voting app, key considerations must be made for election security. Only registered voters should have the ability to cast a vote, they must only vote once, and they absolutely must have confidence their vote will be properly counted. These requirements will then dictate key functionality which then must be verifiable in the event of a recount.

To satisfy these security centric requirements, any proposed voting application should be made available for independent security review by recognised researchers. Unfortunately, the history of “secured” technologies is overflowing with examples of incomplete security measures or attempts at security by obscuring key details. If we accept that malicious groups will always attempt to subvert our elections, then it behooves us to use all of the tools and services available to us in an effort to ensure there are no hidden weaknesses or backdoors within these applications. While such scrutiny might not please those creating voting apps, its far better to find issues before an election than to explain to the public why their votes weren’t valid or couldn’t be counted. After all, free elections are a hallmark of our society and increasing turnout requires us to convince everyone their vote counts – something that matters when margins of victory are slim.

Last edited 3 years ago by Tim Mackey

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x