Security 101 10-07-2020

Why Elections are Not 100% Online — Yet

Dr. Avesta Hojjati

Every democratic nation faces the challenge of determining the best way to administer a vote, and the U.S. elections are often considered the most complicated in the world. As the U.S. prepares for the 2020 presidential election, voters rightfully have a range of questions on their minds, including, how will the pandemic affect the safety of voting and voter turnout? Should elections be postponed? How secure is voting by mail? What is the likelihood of malicious election interference? Why can’t we move to online voting?

While no one has all of the answers, I’d like to offer a few observations into securing elections and the pros and cons of voting methods, especially why many democracies are hesitant to move to online elections.

Why can’t we all vote remotely from a computer?

Given that the current COVID pandemic makes gathering in large groups unsafe, a seemingly logical solution would be to hold the presidential election online, from the safety of individuals’ homes. After all, why aren’t more elections online yet if we bank, shop, take classes, and now many of us work online?

Brian Honan, CEO of BH Consulting and former Europol Special Advisor on Cybersecurity, explains one reason governments are hesitant to move to online elections is that hacked elections can have more damaging consequences than hacked online transactions. “If something was to go awry with an online payment or a banking transaction, then this only affects the parties in that transaction and can be relatively easily revered,” says Honan. “In contrast, should issues arise during an election, these are not as easy to reverse and could have huge impacts on the future of the country and indeed globally.”

Nevertheless, some governments have tested the potential of online voting. In 2018 West Virginia allowed over a hundred overseas military members to vote on an app called Voatz. This year during their primary, West Virginia allowed voters with disabilities to vote using software called OmniBallot, although they have not shared what methods they will use in this November’s election. However, MIT researchers discovered alarming flaws in Voatz software. The researchers shared, “We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote.” They concluded, “Our findings serve as a concrete illustration of the common wisdom against Internet voting, and the importance of transparency to the legitimacy of elections.”

Similarly, Norway, one of the most technologically advanced countries in the world, offered online voting from 2011 to 2013 but discontinued it due to a lack of confidence in the vote and fear of device vulnerabilities or tampering. They noted that the online system did not increase voter turnout or make the process more efficient, and that the country most likely will not return to online voting. Additionally, this was before the fear of foreign powers interfering in elections, which could cause significant damage to an online voting system.

It is worth noting that one country has successfully run online voting for almost 15 years. Estonians can cast their ballot from any computer, anywhere in the world. The country estimates that 1.3 million people use the online system, saving 11,000 working days every election year. Voters prove their ability to vote through citizen ID numbers, which are not connected to identifying factors to ensure privacy. Even more impressively, there are no reports of interference with the vote — meaning voters can continue to be confident in the process and outcome. However, don’t expect a similar solution in the U.S. anytime soon. When a team of analysts from the University of Michigan visited Estonia to test their security, they found several problems that could leave the software vulnerable to foreign powers. The country, however, plans to continue offering the online system.

Importance of voter confidence

Additionally, voters and politicians are skeptical of online voting. What if the internet crashed on election day? How do we know our online votes are not interfered with? The current uprising in Belarus is a pressing example of what can happen when citizens do not trust the vote. Citizens of Belarus lost faith in their elections and have been protesting for 50 days after their presidential election had dubious results, awarding the incumbent president 80 percent of the vote.

“One of the biggest reasons I believe that elections in many countries (not just the United States) have not moved online is that many people do not fully trust that their vote will be counted properly,” explains Honan. “There are fears the online election systems could be hacked to rig an election in favor of a particular candidate, that votes could be lost, miscounted or brought offline during an election, resulting in people not being able to vote.”

A method of voting needs to prove to the ordinary voter that it is secure enough to garner their confidence in the outcome. This means it needs to verify voter identity in some way. Each state governs how voters verify their eligibility to vote, and currently voters can use a variety of options, from drivers’ licenses to signature verification. In the future, we may see registering to vote and verifying identity with a fingerprint scan or an encrypted code unique to you.

Honan is optimistic about online voting becoming a reality within the next ten years. “I firmly believe that elections will move online,” he says. “The pandemic is a good example of how individuals, companies, societies, countries and indeed the world have used technology to overcome the challenges the pandemic raised.”

But for the upcoming election, the U.S. is not prepared for a widespread mobile vote. Given that online elections are not widely available in 2020, what current method of voting is more secure? We will discuss this further in an upcoming post.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories


Pioneering the next wave of secure digital solutions 


Unlocking Device Trust Manager

A Q&A with DigiCert Director of Product Management Kevin Hilscher

6 reasons signed SBOMs are essential to software security