As election officials throughout the country prepare to hold elections in the midst of a pandemic, dozens of cybersecurity and computer science experts from various universities and institutes are warning about the insecurities of online and blockchain voting.
In a letter sent on Thursday to governors and state elections directors, including Gov. Gary Herbert and Utah Elections Director Justin Lee, experts said that “all internet voting systems and technologies are currently inherently insecure” and that “no mobile voting app is sufficiently secure to permit its use.”
“Internet voting is not a secure solution for voting in the United States, nor will it be in the foreseeable future,” the letter reads. “We urge you to refrain from allowing the use of any internet or voting app system and consider expanding access to voting by mail and early voting to maintain the security, accuracy, and voter protection essential for American elections in the face of this public health crisis.”
Those who signed the letter include Michael Fernandez, founding director of the American Association for the Advancement of Science’s (AAAS) Center for Scientific Evidence in Public Issues, Verified Voting President Marian Schneider and Massachusetts Institute of Technology (MIT) Institute Professor Ronald Rivest.
In an interview on Tuesday, Kathryn McGrath, communications director of AAAS’s Center for Scientific Evidence in Public Issues, said “there’s been a longstanding understanding amongst computer scientists and elections experts that it’s just not yet possible to have secure online voting.”
Barbara Simons, an AAAS fellow and board chair of Verified Voting, said internet voting, which includes mobile and blockchain voting, “can be attacked by anyone from anywhere” and that it can take months to determine whether a system has been hacked.
“So with an election, even if there was some way to determine that the election official’s machine had been hacked, by the time that determination is done, the elections could be over, the person could be declared the winner and in office,” said Simons, a computer scientist. “And then what do you do?”
Simons said an election being hacked in the United States “would cause pandemonium, especially to our high office.”
“And we just can’t afford to take that kind of risk,” Simons said. “I mean, that’s a real threat to our democracy.”
According to Lee, the Lieutenant Governor’s Office, which oversees elections in the state, is not currently considering implementing online voting during the pandemic.
“It’s not really anything that we have specifically looked at,” the state elections director said, “particularly because we’re already a vote by mail state. And in the recent elections, over 90% of voters are voting by mail. So we seem to be covering most voters through the mail.”
Lee added that Utah has provisions that allow counties to offer online voting to military and overseas voters, as well as to those with disabilities.
Utah County is one of a handful of jurisdictions in the U.S. that piloted the use of Voatz, a mobile voting application that utilizes blockchain and facial recognition technology, last year as an option for overseas voters and residents with physical disabilities.
In February, MIT researchers published a paper stating that Voatz “is vulnerable to a number of attacks that could violate election integrity” and recommended that elections officials abandon “any near-future plans to use this app for high-stakes elections.”
Utah County Clerk/Auditor Amelia Powers Gardner said in February that Voatz doesn’t “pose any greater of a risk than email would” and that only “people that are eligible to vote via email” would be able to use the app, adding that the county plans to use Voatz in this year’s elections.
Simons said she agreed that voting by email was an insecure method, “but it doesn’t mean you need to do blockchain voting or some other kind of internet voting.”
A better option for overseas or disabled voters, said Simons, would be filling out and mailing in blank ballots, which election officials are required to provide as part of the 2009 Military and Overseas Voter Empowerment Act.
Both major political parties in Utah are planning on using online voting during their state conventions. According to its website, the Utah Republican Party will use Voatz while Utah Democratic Party Chair Jeff Merchant said Democrats will use ElectionBuddy, another mobile app.
Simons said use of online voting during conventions doesn’t necessarily pose the same security risks as use of online voting in primary and general elections.
“In the case of convention voting, if it’s all public, and if the results are all posted publicly so people can check that their results were properly recorded, then a lot of the security risks go away,” said Simons. “Not all, but a lot.”