Alaska is permitting Internet voting for all its voters, and waving away security concerns:
When Alaska voters go to the polls tomorrow to help decide whether the U.S. Senate will remain in Democratic control, thousands will do so electronically, using Alaska’s first-in-the-nation internet voting system. And according to internet security experts, including the former top cybersecurity official for the Department of Homeland Security, that system is a security nightmare that threatens to put control of the U.S. Congress in the hands of foreign or domestic hackers.
Any registered Alaska voter can obtain an electronic ballot, mark it on their computers using a web-based interface, save the ballot as a PDF, and return it to their county elections department through what the state calls “a dedicated secure data center behind a layer of redundant firewalls under constant physical and application monitoring to ensure the security of the system, voter privacy, and election integrity.”
Sounds good! But there is a disclaimer:
“when returning the ballot through the secure online voting solution, your are voluntarily waving [sic] your right to a secret ballot and are assuming the risk that a faulty transmission may occur.”
Bruce McConnell, a former top cybersecurity officer for DHS, calls it "a pre-emptive admission of failure."
“They admit that they are not taking responsibility for the validity of the system,” McConnell told The Intercept. “They’re saying, ‘Your vote may be counted correctly, incorrectly, or may not be counted at all, and we are not taking any responsibility for that.’ That kind of disclaimer would be unacceptable if you saw it on the wall of a polling place.”
Alaska first tried out online voting in 2012, with no reported problems. Many other states currently let active duty military and overseas voters return ballots via regular unencrypted e-mail.
But in 2012 Alaska wasn't particularly important in deciding the presidential race; this year, with a close Senate race between Democrat Mark Begich and Republican Dan Sullivan, it could end up deciding control of the Senate. And there's little reliable polling in Alaska to act as a check on the outcome.
Add to that the fact that cybercrime experts from across the nation say the system, created by a Spanish-based company called Scytl, can potentially be duped from anywhere in the world. Malware that already resides on many personal computers could be activated to alter votes, PDFs could be altered as they travel from the voter’s computer to that of the elections department, servers could be hacked, and insiders could change vote tallies — all without anyone ever knowing.
Computer scientists have already done some of these things in controlled laboratory experiments, in some cases attacking the same systems that Scytl has deployed in other jurisdictions around the world. In fact just this week Joseph Kiniry, a principal investigator at Galois, an international cybersecurity firm, asked his team to figure out ways to alter locked, supposedly un-editable PDFs remotely without detection. It took them, he said, a day.
“It’s a scary threat because the way we’ve done it, no one will ever know the ballot got changed,” Kiniry said. “The ballot isn’t changed on the voter’s computer. We haven’t done anything to attack the election department’s computers. We just changed the ballot while it goes over the internet.”
Maybe the online voting should be left until we have an "unhackable" communication network available. If the US isn't interested in building one, maybe someone else could step in.....
China to launch hack-proof quantum communication network in 2016