A group of concerned cyber security experts and voting rights advocates released a statement today warning that Internet voting for this year's Academy Awards must not become a model for public elections. The group includes advocacy organizations Common Cause and Verified Voting and some of the most renowned figures in computer science including Ron Rivest, co-founder of RSA and Verisign and recipient of the Turing Award; and Dr. Barbara Simons, former President of ACM and author of Broken Ballots: Will Your Vote Count?
“When the Academy of Motion Picture Arts and Sciences announced that it would be using an online voting system to help its members choose this year’s Oscar nominees and finalists, thereby adding to the “credibility” of online voting, we found ourselves compelled to remind the general public that it is dangerous to deploy voting by email, efax, or through internet portals in public governmental elections at this time,” the experts said. “Public elections run by municipal, local and state governments should not be compared to elections like the one run by the Academy.”
The goal behind the statement was to ensure that lawmakers and election officials do not lose sight of the real risks to election integrity that Internet voting creates for public elections, despite the fact that an entity as glamorous as the Academy is using it for a private election. Private elections may be subject to rules and procedures which may make it possible to mitigate or detect cyber attacks; these conditions do not exist in public elections which require state and local officials to abide by a complex set of state and federal laws such as requiring that the ballot be secret.
“Cyber security experts at the National Institute of Standards and Technology and the Department of Homeland Security have warned that current Internet voting technologies should not be deployed in public elections,” the statement said. “Internet voting systems, including email, fax and web based voting systems in which marked ballots are cast online, cannot be properly protected and may be subject to undetectable alteration.”
Internet voting has been shown time and again to be vulnerable to potentially devastating -- and undetectable -- cyber attacks. In 2004, the Department of Defense canceled a pilot Internet voting program for military personnel stationed overseas because of concerns about security. In 2010, a "red team" led by J. Alex Halderman of the University of Michigan not only penetrated a pilot election in Washington, D.C., changing votes at will, and even managed to thwart attempted hacks from as far away as Iran and China. Election officials in Washington were unaware of any of it until Professor Halderman's team disclosed its exploits. Because of the demonstrated vulnerabilities and the public’s increased interest in online voting, a senior cyber security official at the Department of Homeland Security warned a group of election officials in March 2012 that Internet voting is “premature” and not advisable at this time. In May 2012, the National Institute of Standards and Technology - the agency tasked with studying and developing federal voting system standards – issued a similar statement saying that secure Internet voting is not yet technologically feasible for public elections,
Six states are currently considering legislation to introduce or broaden the use of Internet voting. It is imperative, the group of experts said, to make them aware of the scientific arguments against such a step.
"Financial institutions, the FBI, the White House, and the Department of Defense have all been breached," the experts said. "It is unreasonable to assume that any Internet voting system vendor today can repel a well-funded partisan operative or nation state determined to manipulate, disrupt, or violate voter privacy in an online public election."