Can Elections Be Hacked? Online Voting Threatens 32 States, Report Says

Voters cast a minimum of 100,000 ballots using insecure internet methods in the 2016 election, highlighting an overlooked threat to election integrity, according to a report released Wednesday.

Thirty-two states permit some voters—primarily overseas military personnel—to return ballots by email, fax or internet, according to “Email and Internet Voting: The Overlooked Threat to Election Security,” a report produced by the Association for Computing Machinery, Common Cause, the National Election Defense Coalition and R Street.

“There are two concerns with email voting," in which ballots and voter identification information are typically attached as a PDF or JPEG. "One—the ballots can be intercepted and undetectably altered or deleted. This hack was performed at DEF CON in August. And it’s something academics have long known," Susannah Goodman, one of the authors of the report, told Newsweek. "Second—emailed ballots can be easily spoofed in a spear phishing attack designed to put malware on a county election official’s computer.”

Research has detailed the myriad vulnerabilities posed by online voting. Vote counts and election systems can be manipulated through denial-of-service attacks, server penetration and malware, among other methods.

Government officials have noted that online voting poses threats to “voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” and the Pentagon said in 2015 it “does not advocate for the electronic transmission of any voted ballot, whether it be by fax, email or via the Internet.”  

States, however, have not generally altered their practices to address cyber security concerns.

GettyImages-83560402 A vote tabulating machine and stickers are pictured at a Kansas City, Missouri, polling location on November 4, 2008. Jamie Squire/Getty Images

In 2002, Congress directed the Department of Defense (DoD) to develop a system to better enable military personnel and other overseas voters to cast ballots. 

The Pentagon canceled an online voting pilot program in 2004 after realizing that it would be impossible “to ensure that ballots sent over the internet would be legitimate.” But the DoD's Federal Voting Assistance Program continued to promote online voting until mid-2010.

Even as knowledge of the threats posed by internet voting has grown, the ability to track its prevalence remains dissatisfactory. Data from the 2016 Election Administration and Voting Survey reveal that at least 100,000 ballots were cast through the internet in that year's election. Figures on online ballot submissions are not otherwise collected in a uniform manner, and many states and counties did not provide responses to the survey question, meaning the number of online ballots cast is likely much higher.

GettyImages-1016766122 Voting booths are set up at a 2018 Minnesota primary election polling place inside the Westminster Presbyterian Church in Minneapolis, Minnesota. Stephen Maturen/Getty Images

The report warns of a dire attack on the election system. If election workers open an infected email attachment, malware could potentially be transmitted to voting machines or ballot scanners across the state. In addition, "it would not be difficult to create an automated process for discarding ballots with undesired votes and replacing them with forgeries,” the report states.

Start-ups have created blockchain-based voting systems, and others have promoted additional methods based on new technologies to address existing vulnerabilities. The study says these processes do not address the range of disruptions enabled by online voting.

Both blockchain systems and end-to-end verifiability fail to confront challenges posed by denial-of-service attacks or voter authentication.

Rather, paper ballots offer the most secure method of casting ballots. Paper ballots can be altered, but not on the same scale as electronic ones, a point reiterated by a September study published by the National Academies of Sciences, Engineering and Medicine.

Part of the problem of implementing this alteration, Goodman said, is an attraction to new technologies, even if they actually make voting systems less secure.

“The point is this stuff is like trying to get rid of germs in flu season. It’s not going to happen. You have to go low-tech. But we love our gadgets, and we love the internet.”

Join the Discussion

Editor's Pick