Smartphone voting is the security 'equivalent of curing cancer,' expert says

Kevin Collier
Updated ·8 min read

Andrew Yang asked a question in July, months after he ended his presidential bid, that has dogged election officials: “Why is it again that I can pay a parking ticket online, apply for a passport and conduct personal financial transactions but I can’t vote the same way?”

It's an understandable wish. With technology now powering just about every daily activity — even more so during the pandemic — looming concerns about the election next month make technology a tempting place to look for answers.

Technologists and voting experts understand the frustration. But they are also clear about their findings, and generally always have been: Voting is a uniquely difficult problem for software to solve because you only get one chance to do it right. And that makes it fundamentally different from other sensitive functions like banking, said Matt Blaze, a law professor and computer scientist at Georgetown University who’s led some of the research teams that have found the most glaring vulnerabilities in voting machines.

“The entire banking industry is based on the premise that if fraud occurs, it can be reversed,” Blaze said. “That’s not true with an election. If the wrong person wins an election and takes office, there is essentially nothing you can do about it if you discover six months down the line the wrong person was sworn in.”

In a press call Tuesday, the election directors of several states said they have no plans to adopt widespread online voting anytime soon.

Maggie Toulouse Oliver, New Mexico’s secretary of state and president of the National Association of Secretaries of State, said that her peers generally agreed they weren’t ready to consider online voting.

“The concept of voting over the internet is generally frowned upon in our community,” she said. “My sense of us as a collective is that the technology still has a long way to go to be both secure and to also give us the ability to audit and ensure that votes are counted as cast.”

Louisiana Secretary of State Kyle Ardoin said that while things like voter registration can be done online, actually casting a vote — which needs to be both anonymous and verifiable — was another matter.

“Registration I can confirm. The vote I can't,” Ardoin said. “Until there's greater security available, we're not even entertaining that.”

Plenty of election work is computerized. Many voting machines are now electronic, and some can connect to the internet — though this feature has been enough to cause concern among election security experts. Some entrepreneurs are also trying to figure out a secure way for people to vote by smartphone, with one app, Voatz, having been used in some states for small numbers of people to vote.

But voting remains a challenge that many technologists want to avoid. Internet voting provides potential disaster scenarios of widespread vote rigging that simply aren’t possible under the country’s current system.

“The worst-case scenario with voting online is also one of the more likely troubles it would have,” Blaze said.

Why 'clunky' works

One of the U.S. election system’s greatest security strengths, as then-FBI director James Comey said in 2016, is that it’s so “clunky."

While the federal government provides guidance, assistance, funding and some laws, elections are run by states and often administered at the local or county level. That means election equipment is stratified across many systems, making it extremely difficult to tinker with enough devices to meaningfully change a vote outcome.

Vote fraud does occasionally happen in the U.S., but at such a small scale, in terms of a presidential election, that experts generally disregard it as a threat. An online voting system, however, could create a centralized hub that would make widespread fraud possible.

“An attacker wouldn’t just attack one individual vote and compromise it, but rather would compromise the entire system and would have control over essentially all votes that were cast in that way," Blaze said. "And that may be they tamper with the version of the app that people have distributed to them through the app store, or exploit some flaw in the online protocol or in the servers that were seized.”

Concerns about being able to hack into parts of the election system that have already been modernized have spurred action, including efforts to make sure any new technology comes with analog backups.

Researchers like Blaze have long demonstrated potential vulnerabilities in individual electronic voting machines, drumming up enough attention that Congress has allocated millions of dollars in funds for election equipment, and driving an expert consensus that voting machines should produce an auditable paper record whenever possible.

But individual voting machines are generally not connected to the internet, and the damage a hacker could do to any single one of them is still limited. It would require them to commit a felony in public, after signing in to vote, and it would most likely affect only a single device.

Insecure

Problems with online voting aren't just about the unique challenges of securing elections.

Smartphones and apps have been shown through the years to be susceptible to well-resourced efforts to hack into them — and also to some amateur efforts.

Governments with enough incentive have been able to hack phones en masse. In 2019, China hacked several websites frequented by ethnic Uighurs so that those sites would install malware on visitors’ phones, including using several never-before-seen exploits to break into iPhones. The incident shocked cybersecurity researchers, who found that China was using several valuable iPhone “zero-days” — significant vulnerabilities that hackers can exploit, and that the software manufacturer doesn’t know about — for this single operation.

In theory, if Americans were voting on their phones, elite foreign government hackers tasked with swinging an election could try to get a particular type of voter to visit such a site, infecting them en masse.

“It’s not just the security of the individual apps, it’s the security of the entire platform that’s running on them,” Blaze said. “While we’ve made progress on iOS and Android, we still don’t know how to fully secure them. I can’t think of an application that’s more worth burning a zero-day on than U.S. elections.”

And while individual voting machines usually run on basic operating systems — sometimes extremely old operating systems, like Windows 7, which has discontinued security updates for all other users — they are still generally safer than voting from an internet-connected device like a person’s home computer or phone.

Estonia's risks

Online voting is already the reality for some people, though in every case it draws heavy criticism from security experts.

Utah County, Utah, is the only county in the country that still uses Voatz, a mobile phone application that gained steam in several counties across the country before researchers at the cybersecurity firm Trail of Bits and the Massachusetts Institute of Technology dropped successive damning reports about its security.

This spring, several states, including Maryland, New Jersey and West Virginia, for the first time let some voters cast their primary pick through an online portal. That effort so worried federal officials that they distributed an eight-page pamphlet against it, endorsed by the FBI, the Election Assistance Commission, the Cybersecurity and Infrastructure Security Agency, and the National Infrastructure of Standards and Technology. The risk is high, the alert says, that voting online can reveal voters’ identities, invite tampering or not be counted as the voter intended.

Several countries, like Switzerland, have tried online voting systems but abandoned them before they were rolled out because hackers kept finding their way in. Estonia votes online, with citizens registering through their national identity card, a uniform national verification system that doesn’t exist across the United States.

But while Estonia doesn’t have any known major incidents of hackers changing votes, that might just be a matter of luck: Some of the same cybersecurity researchers who warn of potential flaws of voting online in the U.S. have found significant vulnerabilities in Estonia, too.

Matt Bernhard, a security researcher at VotingWorks, a nonpartisan nonprofit that seeks to improve election equipment, said Estonia’s system doesn’t address those fundamental problems with voting online.

“Even if the Estonian system is perfectly secure and implemented, there are lots of ways a well-resourced adversary could interfere,” he said.

“I wouldn't be surprised if a nation state, like, say Russia, decided to tip over their online voting system,” he said. “It wouldn't be that hard.”

For some visionaries, like Yang or entrepreneur Bradley Tusk, who has financed state trials with Voatz and Democracy Live, voting online seems a natural evolution of the civic process and a way to increase voter participation. But the technology to do so safely is nowhere near ready, Blaze said.

“It would be the computer science equivalent of curing cancer,” he said. “Will we cure cancer? I hope so. I’d very much like it if we did. But we probably shouldn’t base our national health policy on a cure for cancer happening next year.”