Letters to the editor

Online Voting Still Security Pipedream

  1. Introduction
  2. Author's response
Letters to the Editor, illustration

The viewpoint in the September 2019 issue "Online Voting: We Can Do It! (We Have To)," while interesting, was flawed and failed to justify the claims made.

First and foremost, adoption targets are sensible only for mature, reliable technologies that solve clear public problems and where the harms, such as they are, can be mitigated. This is not true for online voting. As Hilarie Orman concedes, we don’t know how to build secure online voting systems. And as the critical iOS flaw and state-level attacks recently discovered by Google illustrate, critical security holes can linger unknown for years even on well-tested platforms.

Second, the technical measures proposed do not present a solution to the unique needs of elections. Voting is a two-party semi-anonymous transaction. Voters must be able to vote without revealing how they voted (known as the Australian Ballot) lest they be subject to intimidation or vote selling (such as beatings or bribes). Elections must be secure en masse lest honest votes be drowned by dishonest ones. Any system that allows outsiders to connect a voter to a vote, or to intercept and alter votes, gives that up. This is what allowed the man in the middle attack that took place in North Carolina.

This is fundamentally different from online shopping where the shopper, the vendor, and the financial service are each known, and transactions are independent. While the technologies involved are opaque, users can almost always follow the money. Despite this, online fraud still costs companies and individuals millions each year. Ultimately, online transactions are not so much secure as they are insured by parties who make enough to cover their losses. That is not possible with voting.

Third, it makes sense to adopt a fundamentally conservative view of election technology. The decisions of elections officials, decisions the author unfairly dismisses as "draconian, discriminatory, and unsafe" are often driven by legal mandates and hard-won experience that have been crafted over decades. Relevant laws in most jurisdictions mandate public access. If anything, it is the rise of e-voting that has hidden the process from the general public. This is why many good government groups back paper ballots with electronic tabulation. Paper, when properly secured with a clear chain of custody, provides a public, machine-independent check on otherwise opaque systems.

Fourth, the column argues for Internet voting based upon the assumption that it would increase turnout. However, there is little guarantee of that. Indeed, one recent study of Internet voting by Micha Germann and Uwe Serdült entitled "Internet Voting and Turnout: Evidence from Switzerland" concluded that Internet voting did not increase turnout over traditional methods.

Elections are an essential public process. As David Eckhardt of Carnegie Mellon University has noted, voters must have a clear method to publicly verify that things are working as they should. Absent that, the system is both illegitimate and insecure. Any model that cannot provide that is unacceptable, and the premise that we will figure it out over time is never good enough.

Collin F. Lynch, Raleigh, NC, USA

Back to Top

Author’s response

Access to voting is a fundamental democratic principle. The use of mail-in ballots sent to all voters increases turnout, showing that in-person voting inhibits participation. Moreover, mail-in ballots reduce the cost of holding an election. These factors are even more favorable for Internet voting. Any technology that increases convenience and cost savings consistently upsets established norms, and that will be the case with voting.

Hilarie Orman, Woodland Hills, UT, USA

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More