Analysis: Online voting may be convenient but is probably a terrible idea

Election Day can sometimes feel like more of a headache than a patriotic celebration. Long lines and scheduling conflicts may leave voters wondering why there isn't an easier way to cast their ballots.

Some say there already is: online voting. Why head to the polls if you can vote from anywhere using your laptop or smart phone?

But even as online voting is on the rise in the United States and elsewhere, experts warn its convenience isn't worth its costs.

Casting your vote online could mean sacrificing the right to a secret ballot and leaving elections more vulnerable to fraud, according to a report released Thursday by the Electronic Privacy Information Center, the Verified Voting Foundation and the Common Cause Education Fund. Security researchers also warn that online voting could be vulnerable to hackers who could digitally hijack elections.

"The internet is already as messed up as we can imagine, and adding critical electoral systems is just a bad idea," said Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology.

Internet voting — either via email, electronic fax or online portals — is allowed in 32 states and the District of Columbia, according to Verified Voting. Most often, the option is limited to military and overseas voters.

The most expansive deployment of internet voting in the United States is in Alaska, where any voter can request a digital absentee ballot and submit it online. In Utah this year, the Republican caucus tried online voting but ran into technical difficulties involving error messages and pages that wouldn't load.

All 50 states have either constitutional or statutory provisions that guarantee voters the right to a secret ballot, according to the report. But "any method of internet voting given the current technology makes it basically impossible to separate the identity of the voter from their vote," said the report's co-author Caitriona Fitzgerald, the chief technology officer and state policy coordinator at EPIC.

Twenty-eight of the states that offer internet voting require citizens to waive their right to a secret ballot, but the other four "fail to acknowledge" that voting online compromises the secrecy of people's votes, according to the report.

Without the privacy of a voting booth, elections are left more vulnerable to fraud because voters can be more easily coerced or bribed into voting one way or another, Fitzgerald said, behavior that was common in the late 1800s before secret ballots became an election mainstay.

However, Hall said the same sort of arguments about fraud potential can be made about other forms of remote voting, such as mail-in ballots.

Antonio Mugica, chief executive of online and electronic voting vendor Smartmatic, argued that online voting is better for people who can't physically make it to the polls because vote-by-mail systems can result in "a significant amount of disenfranchisement" because of ballots that get lost or arrive too late to be counted.

But concerns about fraud in online voting are still very real. Since 2014, Smartmatic has worked with Estonia on the highest-profile example of online voting in the world. The small Eastern European nation started letting people vote online in 2005, and now about one-third of the country's voters cast their ballots that way.

Some experts have warned that Estonia's online voting system is vulnerable to hacking. Researchers from the University of Michigan and the Open Rights Group who evaluated Estonia's 2013 election found so many issues with the system that they recommended shutting it down. Estonia, however, pushed back against the report.

"In the past decade, our online balloting has stood up to numerous reviews and security tests," the country's National Electoral Committee said.

But the academics have stuck by their findings. And even if parts of the online voting system controlled by the government were safe, personal devices might be infected with malware that could hijack their votes, said J. Alex Halderman, a University of Michigan professor who worked on the study.

Mugica acknowledges that the security of user devices is a potential problem. He said that Estonian voters, for example, receive a QR code they can use to verify their vote was correctly counted. Estonians also have government IDs associated with a unique online identity that helps authenticate votes, according to Estonian Information System Authority Anto Veldre. But Veldre "would still warn against hastily implementing" online voting in places without that kind of technical infrastructure.

Mugica said his company hasn't uncovered any hacking incidents involving their systems. But Halderman argued that doesn't mean it hasn't happened. "A well-constructed attack is not going to leave evidence of fraud," he said.

Lori Steele, the founder of an online voting vendor called Everyone Counts, agreed that online elections come with technical challenges, but she played down security concerns. "When people say it's not ready, they're wrong," she said.

Steele and Mugica both said they got into the online voting market after the disputed 2000 election because they wanted to fix outdated polling technology. But their systems haven't won over researchers like Halderman yet.

"Frankly, I think it's ridiculously irresponsible for governments and voting system vendors to be pushing online voting with current technology," he said.