Open in app

Sign in

Write

Sign in

Reckless Internet Voting (2021)

Jim Soper
8 min readMay 17, 2021

--

(Confidential)

Introduction

With the US Senate considering S1, the “For The People Act” (1), some people are promoting the use of Internet voting — aka “IV”. I have written about IV before (2). This is an update for 2021. It's getting worse.

About Me

I have been writing and speaking about election seurity issues since 2005. I am the author of www.CountedAsCast.org, co-chair of the National Voting Rights Task Force (www.nvrtf.org), and legislative director for www.SmartElections.us. I have been a senior software consultant and programmer, including for mobile devices, for 4o years. I am also “disabled”, and have lived overseas for 17 years. Voting matters to me. Secure elections matter.

Paperless Voting

It’s dangerous to rely on voting machines with no paper backup. There are millions of lines of computer code in the programs, in the operating systems, and even on the chips. That code is “secret”. We do not know what is going on inside, but we depend on these computers to tell us who won. If there is no paper, we can’t check. I don’t believe in faith-based elections.

Trust Me

The Internet

The Internet makes everything convenient, including hacking elections from anywhere in the world.

Below is an old image of a tiny part of the Internet. Each line leads from and to at least 2, 12 digit IP (Internet Protocol) addresses — ie: computers. The major point here being that messages (packets) can get from any computer in the network to any other one, anywhere, by crossing the network links (lines) from one computer to the next, and on to the next, worldwide …

Now imagine the current Internet stretching out for at least a mile in every direction. There are now a gazillion computers out there, all connected to each other, worldwide.

The clusters in red circles below are probably totalitarian states. Some of them are what the NSA calls Advanced Persistent Threats — APTs.

By The Opte Project — https://commons.wikimedia.org/w/index.php?curid=25698718

Put a paperless elections system on the Internet, and you get this:

Trust Me

An election system must be able to convince the losers that they lost. We are clearly very far from being able to do that, even with paper-based, much less faith-based systems.

Voters’ Computers

Voters’ computers are not professionally protected.

“… serious new exploitable vulnerabilities are continually discovered: about 25 per year in iOS (2018–2020) and 103 per year in Android.” (3)

They have your phone number. They already know who you are and how you will vote. They can, and will, plant fake apps on your phone.

This is a Bank of America website. It’s fake. But how would anyone know? We call this a “Trojan horse”.

Again, a seemingly authentic “voting app” can in reality come from anybody in the world. Plus, you cannot know if your actual vote arrived correctly at the real county tabulator, or at all. You only “know” what your phone tells you. The computer code is a secret. Your vote is a secret.

County Computers

The most professionally secured, “hardened’ systems at Google, Adobe, Symantec, Yahoo, Juniper Networks, Charles Schwab, Visa, MasterCard Wells Fargo, the Federal Reserve have all been penetrated, as well as Nasdaq, the CIA, the FBI, Interpol, the Pentagon, NATO, Bitcoin itself, and, ahem, Colonial Pipeline. These are almost daily occurrences.(4)

3,143 Counties

3,143 county election offices are understaffed, overworked and underfinanced. They do not have anywhere near sufficient expertise and resources to protect county election computers from the Internet. When banks and the CIA cannot keep bad guys out, how can we expect thousands of counties to each protect our votes from multi-million dollar efforts to change the course of history? It doesn’t compute.

Former Chairman, Joint Chiefs of Staff, Gen. Peter Pace: “I know we cannot defend against what we can do offensively.” (3/16)

But I Can Bank Online?

Yes you can. But what the banks don’t tell you is that they lose billions of dollars every year. Cost of doing business … :(

Important to understand is that bank and shopping transactions come with a receipt, complete with the amount and a transaction number. Votes are secret, and should remain so. No transaction number. No way to keep track of who sent what to whom. Big difference. How do you refund a vote?

Denial of Service Attack

A DoS attack overwhelms the central computers with a tidal wave of messages, rendering them so busy they become inoperable. NATO’s website, NATO.int was shut down in March, 2014, for three days. What do we do when large city election systems, open to the Internet, are flooded and shut down on election day? Ooops?

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRyMeYRxOFdcyNbM1nctQW0fWynI4ZV2CMPTW9ryCFLJMcD4oqVkUz2RI_rD5PelwzvDLw&usqp=CAU

Blockchain (Bitcoin) Technology

I’m not going to say much about this. It’s a paperless, receiptless system that can be hacked. We are being asked to trust the computers, again. If there is a serious system crash during an election, it could be a disaster. There would be lots of secret ballots floating around in the ether, and, unlike paper, we would not know where they belong. This is not a resilient idea.

There have been two recent papers about using blockchain in voting “Going from bad to worse” (5)

Testing

Minor pilot projects of Internet voting are no proof of their security. That no hacks were discovered only means that none were discovered. It does not mean they did not happen. Also, it would not be worthwhile for a major adversary to illegally attack a small pilot project; too few votes are involved. Better to encourage the spread of IV to the day when you can flip control of the White House and Congress.

The only valid test of IV security that I am aware of occurred in September, 2010, when officials in Washington DC opened up to legal attacks on a voting system that was scheduled to go live. Within 36 hrs, University of Michigan “Wolverines” had burrowed into the system and taken complete control of everything, ballots, encryption codes, passwords, databases, votes, the network, video cameras — everything. (6)

Ooops!

This was a “hardened”, encrypted system put together by very competent, professional staff. It was not a fluke. It failed at multiple points, miserably. They cancelled the project. Any future claims of security must be subject to the same kind of legal, public, “red team” attacks. These tests don’t happen because IV developers already know how disastrous the results will be.

Iowa

Then there was the democratic caucus in Iowa, February, 2020. This was probably the result of at least sloppy management, sloppy design, and sloppy programming. They were just trying to collect vote totals from some caucus mangers, using mobile devices. What could possibly go wrong?

Everything. (7)

They were trying to rush through a hard-to-install app that had not been field tested, with little to no training, etc. resulting in a train wreck. Fortunately, they had paper records.

Iowa 2020

When dealing with new technology in elections, we need to be very, very careful. Scaling up a computer system to millions of users can be very problematic. Experienced professionals know this. Hot shot engineers sometimes don’t. Iowa underscores this problem.

E2E-VIV Report

In July, 2015 a group of highly respected election technology experts published a 126 page, thoroughly researched, definitive assessment of the feasibility of Internet voting (IV).

https://countedascast.org/internet-voting-risks/end-to-end-verifiable-internet-voting/

To summarize, multiple points, such as usability, dispute resolution, error recovery, public verification and coercion resistance are not even close to being solved. Not even close. See the report for details.

Summary

What experts are telling me is that the situation has gotten worse since 2015. You can now rent malware services for a few hundred dollars. As far as I’m concerned, it’s case-closed for the foreseeable future of Internet voting. My programming experience tells me it’s just not going be ready in my lifetime, if ever. There are too many hurdles to overcome, well beyond counting votes. (3)

If we could limit the use of IV to the few citizens that would really benefit from them, that would merit consideration. These could include the blind, and people with no hands. But we already know that when we try these untested pilot projects, IV promoters immediately declare them a smashing success, and then ask why can’t everybody use it?

The convenience factor for election officials and for the public is so great, that IV constitutes a genuine threat to our democracy. Because of the convenience, IV would spread like an uncontrollable virus, and by the time decision makers understand what is happening, it’s too late. We won’t be able to undo the carnage. The history-changing stakes are too high.

— — — — — — — — — — — — — — —

Endnotes:

  1. S1, the For The People Act: https://www.congress.gov/bill/117th-congress/senate-bill/1/text
  2. Internet Voting Risks” https://countedascast.org/internet-voting-risks/, “Internet Voting Resources” https://countedascast.org/internet-voting-risks/internet-voting-reading-list/, “End-To-End Verifiable Internet Voting” https://countedascast.org/internet-voting-risks/end-to-end-verifiable-internet-voting/, “Resolution on IV (SF, 2017)” https://countedascast.org/internet-voting-risks/resolution-on-internet-voting-sf-ec/ . See also https://verifiedvoting.org/internet-voting-resources/
  3. Internet Voting is Still Inherently Insecure” “https://freedom-to-tinker.com/2021/04/27/internet-voting-is-still-inherently-insecure/
  4. For recent attacks, see http://arstechnica.com/security/, http://www.wired.com/category/security/, and www.DARKReading.com.
  5. Blockchain voting: “Going from bad to worse: from Internet voting to blockchain voting” (Feb, 2021) https://academic.oup.com/cybersecurity/article/7/1/tyaa025/6137886, “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections” (Aug, 2020) https://www.usenix.org/conference/usenixsecurity20/presentation/specter, https://www.usenix.org/system/files/sec20-specter.pdf. See also https://en.wikipedia.org/wiki/History_of_bitcoin#Theft_and_exchange_shutdowns
  6. Hacking the D.C. Internet Voting Pilot”, “https://freedom-to-tinker.com/blog/jhalderm/hacking-dc-internet-voting-pilot/
  7. “How the Iowa Caucuses Became an Epic Fiasco for Democrats” https://www.nytimes.com/2020/02/09/us/politics/iowa-democratic-caucuses.html, https://en.wikipedia.org/wiki/2020_Iowa_Democratic_presidential_caucuses

--

--

Jim Soper
Jim Soper

Written by Jim Soper

8 Followers
4 Following

Programmer. Election wonk. Co-Chair: http://NVRTF.org. Author: http://CountedAsCast.org. Speak Francais, Deutsch & a little English.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams