07/20/2010 12:41 pm ET Updated May 25, 2011

Online Voting: All That Glitters Is Not Gold (Unless You're a Vendor)

Voting over the internet seems like a cool idea whose time has come. But, it depends on who's doing the talking.

A computer scientist friend calls it whack-a-mole, the way online voting pitchmen keep popping up to announce they've fixed security problems and voting over the internet is now secure. You look at their plans and find they're as full of holes as ever.

You knock down one story and another pops up. Whack - it's back. Whack. It's back again. The latest was here on Huffington Post last week, in Sheila Shayon's seemingly-harmless puff piece for the online voting vendor, Scytl, "Digital Democracy: Scytl, MySociety Secure Funding."

Ms. Shayon blithely pitched Scytl's "secure solutions for electoral modernization" and the news that Scytl had closed on a $9.2m investment, "led by Balderton Capital, one of Europe's largest venture capital investors." They estimate the online voting market at $1.5 billion. Rival vendor, Everyone Counts, estimates the market at $16 billion over the next five years.

But of course vendors say it is secure - and going to be very profitable. Scientists, on the other hand, say it's not secure - and the very architecture of the internet makes secure online voting almost impossible today.

Another computer scientist friend describes email voting, the most common way to vote on the internet, this way: You're in a stadium with eighty thousand random people. It's time to vote. You write your selections on a post card in pencil, don't use an envelope, and pass your card down your row to be collected.

It might work. You could have a great election. Your vote might count just as you marked your card. But confidence pretty much sucks - for a pile of obvious reasons, from innocent mishap to conspiratorial fraud to foreign-based cyber war.

Playing on public emotion, vendors have picked two special needs groups to "help" by designing online voting schemes for them. The first group is military and overseas voters, referred to as UOCAVA voters because they fall under special provisions of the federal Uniformed and Overseas Citizens Absentee Voting Act. The second group is voters with disabilities.

Both groups encounter obstacles to traditional in-person voting at the polls -military and overseas voters by sheer distance and disabled voters because of inaccessible polling places and lagging development of suitable voting equipment.

Enter online voting vendors looking to break into the market on the backs of these two groups. They ride in to save the day with big promises and high-tech solutions. Security becomes little more than sale pitch, like shiny chrome or electronic gadgetry in a new car. "You want security - we got security."

By changing the subject to glitzy (and lucrative) promises of help for groups of voters with real special needs, vendors deflect the hard questions about security. In a disgraceful irony, they put the votes of those they claim to be helping in the greatest jeopardy. They dishonor the troops fighting to secure our freedom by failing to adequately secure a precious part of that freedom - their votes - in order to turn a profit.

Who agrees online voting is not secure? Pretty much everyone who isn't trying to make money on it:


The Military and Overseas Voter Empowerment Act (MOVE Act), passed in 2009, effective in the upcoming general elections. The act made sweeping changes in support of military and overseas voters and did not include online voting. (The MOVE Act is now routinely misquoted as requiring online voting. It doesn't do that. It does require outbound electronic transmission of blank ballots and voting information - but conspicuously stops short of adopting the return of voted ballots.)

The National Institute of Standards and Technology (NIST), A Threat Analysis on UOCAVA Voting Systems:

"Technology that is widely deployed today is not able to mitigate many of the threats to casting ballots via the web."

Computer Technologists' Statement on Internet Voting:

"Several serious, potentially insurmountable, technical challenges must be met if elections conducted by transmitting votes over the internet are to be verifiable."

The Government Accountability Office (GAO), Action Plans Needed to Fully Address Challenges in Electronic Absentee Voting Initiatives for Military and Overseas Citizens:

"...[electronic and internet voting are] more vulnerable to privacy and security compromises than the conventional methods now in use. Electronic and Internet voting require safeguards to limit such vulnerabilities and prevent compromises to votes from intentional actions or inadvertent errors."

A comment on the May 2007 DoD report on Voting Technologies for UOCAVA Citizens, by several renowned computer scientists:

"The current Internet and PC architectures are both such highly insecure platforms that it is essentially impossible to develop a secure system for voting in federal elections on them."

One day online voting might be secure. For now we must proceed with an abundance of caution because the architecture of the internet makes it highly unlikely to be secure. Those who say otherwise invariably prove to be compromised.

Do you believe a banker who says, "Your security is our first concern"?

Do you believe an oil company who says, "Trust us, nothing can go wrong"?

Cyber security is no joke. We can't allow our elections to be exposed to viruses, scams, foreign attacks or simple error that may be undetectable. No U.S. election should include internet votes until the design and use of such a system has been thoroughly reviewed in a transparent public process. Independent technical experts must help establish the criteria and participate in the review. Public officials who approve such systems must be accountable for the outcomes. And vendors? Vendors need to stand in the corner with bankers and oil companies.

Just whose elections are these anyway?