It has been reported that a district encompassing Greater Seattle is set to become the first in which every voter can cast a ballot using a smartphone — a historic moment for American democracy. The King Conservation District, a state environmental agency that encompasses Seattle and more than 30 other cities, is scheduled to detail the plan at a news conference on Wednesday. About 1.2 million eligible voters could take part.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Mobile voting is an appealing option to engage more voters by removing the time and physical space requirements of going to a polling place to vote. However, mobile voting presents additional security concerns that should be taken into account before rolling out a program. Based on the article, the voting software will require only the name and date-of-birth of the voter to allow them to vote. These two pieces of information can easily be obtained through various methods, but the most appealing one is the voter registration database that the state of Washington publishes. With this information, a malicious actor could script an attack to log in as any voter and submit a vote. This would, in turn, create a massive integrity concern of the election results. Before rolling out this service, voters should have the option to pre-register with non-public information to validate who they are when it comes time to vote. This could be accomplished by requiring in-person registration at a government office or by mailing unique PINs to each voter for them to use to register.