Internet Voting Is 'Not Secure' and Blockchain Won't Help, Warns Scientific Body

Internet voting tools – including blockchain apps – have fundamental issues, and are not safe for real elections, a multidisciplinary science group told U.S. policy makers.

AccessTimeIconApr 9, 2020 at 2:00 p.m. UTC
Updated Aug 19, 2021 at 1:42 a.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

As the coronavirus pandemic continues to roil elections and voting officials look for solutions, scientific experts are warning against the dangers of voting online.

The American Association for the Advancement of Science’s Center for Scientific Evidence in Public Issues has written an open letter to U.S. governors, secretaries of state and state election directors to express concern about the security of voting via the internet or mobile apps. The AAAS letter has been signed by renowned cybersecurity and computing experts and organizations. It reflects research from the National Academies of Science, Engineering and Medicine, the National Institute of Standards and Technology and other organizations.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • “At this time, internet voting is not a secure solution for voting in the United States, nor will it be in the foreseeable future,” the letter reads, pointing to undetected manipulation of votes, privacy violations, malware intrusions, and the potential for denial-of-service attacks and other vulnerabilities.

    Internet voting, which includes voting via email, fax, web and mobile app, has no meaningful voter-verified paper record, the letter states, which makes it impossible to conduct a valid audit of the results. 

    Fundamental issues

    The idea of internet voting isn’t new. 

    Steve M. Newell, project director at AAAS’s Center for Scientific Evidence in Public Issues points to a report facilitated by the National Science Foundation around two decades ago. 

    “Their conclusion was that it's not a viable product now, and it won't be for the foreseeable future. And then two years ago, the National Academies [of Science, Engineering and Medicine] put out their big comprehensive report on election security and their conclusion was basically the same thing,” he said.

    New tools, such as blockchain-based voting apps, don’t appear to be a solution either.

    According to the letter, the use of blockchain architecture doesn’t address the fundamental issues with internet voting, and if anything creates a larger attack surface. It also raises questions about how the information is stored, decrypted and transferred to a durable paper record.

    “There are people who are saying that blockchain voting will deal with the security issues of Internet voting or online voting, and it just doesn't. Blockchains are a data structure, they’re a way of storing data, but they don't deal with it with the main security issues of internet voting,” said Barbara Simons, a fellow with the Association for Computing Machinery and the American Association for the Advancement of Science.

    Bringing a blockchain system to an internet voting platform is like “bringing a combination lock to a kitchen fire,” Newell said, quoting an analogy made by MIT cryptographic expert Ron Rivest.

    “It's not a tool built to address the problem that you have,” Newell said, adding the evidence indicates that not only is blockchain technology not mitigating the dangers, it’s adding more. 

    The letter mentions mobile voting app Voatz by name, referencing a Trail of Bits audit confirming vulnerabilities previously reported by MIT researchers “despite the app developer arguing these vulnerabilities did not exist following the MIT report.” 

    In particular, the letter pointed to the number of findings highlighted, the possibility of still undiscovered vulnerabilities and “a lack of transparency essential for faith in the electoral system.”

    It references the potential for ballot manipulation and for exposing voters’ private information, which could put them at risk of identity theft or, in the case of overseas military voters whose information is compromised, “risks potentially providing adversaries with intelligence regarding military deployments, endangering the lives of service members and national security.”

    Alternative solutions

    The letter advocated for “thoughtful implementation of alternative voting methods,” such as voting by mail and early voting,

    “We must not trade convenience for security, because there are many organizations and people who would like to attack our elections. Our job is to make it as difficult for them as possible, not easy. Moving to internet voting would allow anyone from anywhere to try to attack our elections, and somebody who's very good at this and very well funded might very well succeed. We just can't allow that in a democracy,” Simons said.

    Internet voting should not be used until verifiability, security and secrecy can be guaranteed with ballots transmitted online, the letter said. At present, “no known technology” can do so.

    Newell said it’s important for people who see the theoretical benefits of internet voting to know it’s not backed by evidence or science and that the insecurity of internet voting is an unambiguous, widely held opinion. For example, he said, groups ranging from the American Civil Liberties Union to the Heritage Foundation are strongly opposed to internet voting.

    “I think a lot of people are looking for answers and wondering if internet voting is one of them,” he said. “And I think it makes sense for us to say here, this evidence says it's really not and so, if you want to follow the evidence and heed the science, it's really warning you to avoid internet voting. It's just not a secure solution."

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.



    Read more about