On Tuesday, for the first time, voters in 33 states will be able to vote using some aspect of the Internet. But no matter the outcome, experts say no one will be certain those votes haven’t been tampered with.
“We are still a decade away from being sure that Internet voting is secure and not subject to manipulation,” said Susan Dzieduszycka-Suinat, president of the Overseas Vote Foundation, which helps servicemen and Americans living abroad to vote in elections using the Internet.
She said she supports delivering ballots via the Web to overseas voters, but she adds that no voting system has proven safe enough to collect ballots that way.
Her position got a major boost earlier this month when Washington, D.C., conducted a pilot project to test its new electronic voting system for the collection of overseas and military absentee ballots. The system was opened to the public to test how secure and usable it was.
Within 36 hours, a team of University of Michigan computer students and teachers had taken it over. They changed votes, "elected" a Star wars robot chairman of the City Council, and installed the school’s fight song, “Hail to the Victors,” which would play 15 seconds after someone voted.
“Without the hacking of the District of Columbia system we would never have known how vulnerable Internet voting systems are,” said John Bonifaz, legal director of Voter Action.
“It showed that it wasn’t just a domestic problem of vote security but a matter of national security,” he said, referring to a second problem the U. of Michigan hackers discovered as they took over the system.
According to J. Alex Halderman, the professor of electrical engineering and computer science who led the hacking effort, they weren’t alone inside the system. They tracked two other computers trying to hack in -- one that originated in China and another in Iran.
“Internet voting is a crazily insecure and unreliable system that most rational computer scientists think is an absurd way to vote,” Boniface said.
The sudden emphasis on Internet voting was a response to the failure of a number of states to send out absentee ballots on time to overseas voters, especially to military service members stationed abroad..
After Congress passed the Military and Overseas Voting Act (MOVE) earlier this year, requiring speedy delivery of absentee ballots to those abroad who requested them, companies quickly began selling systems to voting officials scrambling to comply with the act.
The problem is that no standards of usability or security were set, and -- with the exception of the District of Columbia -- few states conducted tests to determine how secure the systems are.
“Mostly they relied on the guarantees of the industry,” Bonifaz said of the vendors that provide the systems -- which vary from state to state. “Voting is very different from other forms of Internet use. Banking can be done securely because you can always track who is where, but voting requires that the ballot be kept secret, and there is no way to do that securely on the Internet.”
But Paul DeGregorio, chief of elections for Everyone Counts, a San Diego Internet voting firm and former chairman of the U.S. Election Assistance Commission, said the hacking of the D.C. system was the result of “a company new to the field installing an untested and unsophisticated code that caused all the trouble.”
He said his company and some others “have the technology and skill to protect votes, and as people look at the systems and the criticism dies down, the advantages will be recognized. There are ways to insure a secret ballot and still have a secure system.
“It is an outrage that in 2010 we haven’t used technology to vote and open access to the system to more people.”
But critics charge that with a potential 3 million overseas voter casting ballots this year in races that promise to be extremely close, it is too big a risk to take.
“It raises an important constitutional issue. Americans not only have a right to cast a ballot but a right to have that ballot counted accurately,” Bonifaz said.