Is Internet Voting Trustworthy? The Science and the Policy Battles

According to clear scientific consensus, no known technology can make internet voting secure. In some applications—such as e-pollbooks (voter sign-in), voter registration, and absentee ballot request—it is appropriate to use the internet, as the inherent insecurity can be mitigated by other means. But the insecurity of paperless transmission of a voted ballot through the internet cannot be mitigated. The law recognizes this in several ways. Courts have enjoined the use of certain paperless or internet-connected voting systems. Federal law requires states to allow voters to use the internet to request absentee ballots but carefully stops short of internet ballot return (i.e., voting). But many U.S. states and a few countries go beyond what is safe: they have adopted internet voting for citizens living abroad and (in some cases) for voters with disabilities. Most internet voting systems have an essentially common architecture, and they are insecure at least at the same key point: after the voter has reviewed the ballot but before it is transmitted. I review six internet voting systems deployed between 2006 and 2021 that were insecure in practice, just as predicted by theory—of which some were also insecure in surprising new ways, “unforced errors”. We cannot get along without the assistance of computers. U.S. ballots are too long to count entirely by hand unless the special circumstances of a recount require it. So computer-counted paper ballots play a critical role in the security and auditability of our elections. But audits cannot be used to secure internet voting systems, which have no paper ballots that form an auditable paper trail. There are policy controversies: trustworthiness versus convenience, and security versus accessibility. From 2019 to 2022 there were lawsuits in Virginia, New Jersey, New York, New Hampshire, and North Carolina; legislation enacted in Rhode Island and withdrawn in California. There is a common pattern to these disputes, which have mostly resolved in a way that provides remote accessible vote by mail (RAVBM) but stops short of permitting electronic ballot return (internet voting). What would it take to thoroughly review a proposed internet voting system to be assured whether it delivers the security it promises? Switzerland provides a case study. In Switzerland, after a few years of internet voting pilot projects, the Federal Chancellery commissioned several extremely thorough expert studies of their deployed system. These reports teach us not only about their internet voting system itself but about how to study those systems before making policy decisions. Accessibility of election systems to voters with disabilities is a genuine problem. Disability-rights groups have been among those lobbying for internet voting (which is not securable) and other forms of remote accessible vote by mail (which can be adequately securable). I review statistics showing that internet voting is probably not the most effective way to serve voters with disabilities

Voting And Lottery Technologies: A Potential Jackpot? An Economic Analysis

Voting irregularities and recount mechanisms used in Florida during the 2000 U.S. Presidential election have brought calls for re-vamped voting technologies and procedures. Many in both the public and private sectors have focused on the Internet as a possible underlying technology that could provide the ease, accuracy, and reliability a twenty-first century voting system should possess. Apart from the difficulties inherent in building an Internet based system from scratch, this solution ignores existing, proven technology, already in use by a majority of states, which could be adapted to provide a cost effective voting system with many desirable characteristics. The technology: computerized, “on-line” lottery systems. Inherently, these lotteries are transaction processing systems, which is what a voting system, at its base, is. Lottery systems are state based, handle vast quantities of transactions reliably, operate under an extremely high level of scrutiny, and are familiar to millions of Americans. This paper examines a lottery technology based voting system from several perspectives and develops an economic welfare analysis of a lottery technology based voting system

Internet Voting is Being Pushed by False Claims and Deceptive Marketing

While the convenience of voting from a computer or smartphone over the Internet may seem to be desirable, there is overwhelming evidence that ballots cast electronically cannot be adequately secured to protect the legitimacy of the votes and integrity of our elections. Despite these conclusion, online voting has only increased in the U.S. This begs the question, why? From public statements, news reports, press releases and marketing materials it becomes evident that the vendors of these online voting systems have been selling their systems to state and local officials with potentially false, misleading and/or deceptive marketing claims. These spurious claims have served to counter the scientific conclusion that online voting is dangerously insecure and unsuitable for public elections. Moreover, these specious assertions promising security have led state and local government officials to believe, incorrectly, that online voting can be secured, and for these officials to support or press for legislation to adopt and/or expand online voting. This paper examines spurious or false claims made by the two most prominent Internet voting system vendors in the United States, and the impact these false claims have had on laws and policies to adopt online voting

Testing for Budget Constraint Effects in a National Advisory Referendum Survey on the Kyoto Protocol

In contrast to providing standard reminders about remembering household budgets, does asking survey respondents about their discretionary income and its use affect their voting responses in a national advisory referendum survey? We explore this question using U.S. household data from a unique set of multi-mode random samples (telephone and Internet surveys), and an advisory referendum concerning the Kyoto Protocol. The contingent valuation method is applied to estimate household willingness to pay (WTP) for a split-sample treatment: respondents who only received a standard reminder of household budgets (control group) versus respondents who received two mental accounting-type questions on discretionary income and its uses (treatment group). Results indicate that the treatment significantly influences voting responses and lowers estimated household WTP.budget constraint, contingent valuation, Kyoto Protocol, mental accounts, referendum, Environmental Economics and Policy,

No Internet Does Not Mean No Protection Under the CFAA: Why Voting Machines Should Be Covered Under 18 U.S.C. § 1030

The U.S. Attorney General established a Cyber-Digital Task Force within the Department of Justice (DOJ) in February 2018. This newly created task force released its first public report on July 19, 2018. Then–Attorney General Jeff Sessions announced the release of the report, while promising that “[a]t the Department of Justice, we take these threats seriously.” The report was designed to answer the following question: “How is the Department [of Justice] responding to cyber threats?” The report begins by discussing the threat of foreign influence operations, described by the Task Force as “one of the most pressing cyber-enabled threats our Nation faces.” Specifically, the Task Force focuses on the dangerous threat of Russia to U.S. elections. After detailing the scope of this and other threats, the Task Force outlines the key prosecutorial tools available to the DOJ in combating cyberattacks. The first tool, which this Note will discuss at length, is the Computer Fraud and Abuse Act (CFAA), codified at 18 U.S.C. § 1030. The CFAA falls at the top of the Task Force’s list because, as it mentions, “[the CFAA] remains the . . . principal tool for prosecuting computer crimes.” Many other scholars have described the CFAA as the cornerstone of computer fraud litigation. The Task Force provides a simple definition of the CFAA, explaining how it “gives the owners of computers the right to control who may access their computers, take information from them, change how the computers work, or delete information on them.” Later in the report, after emphasizing Russian interference with elections as the principal cyberthreat and the CFAA as the principal prosecution tool, the Task Force asserts that “[the CFAA] currently does not prohibit the act of hacking a voting machine in many common situations.” The Task Force plainly states that “the CFAA only prohibits hacking computers that are connected to the Internet (or that meet other narrow criteria for protection).” However, the text of the CFAA does not explicitly require that hacked computers be connected to the internet, nor have the courts interpreted this as a requirement of the CFAA. Though most of Russia’s known cyberthreats have not been aimed directly at the voting machine devices themselves, the Task Force’s assertion still raises a big question: Does the CFAA only apply to internet-connected devices? This Note seeks to answer that question, ultimately concluding that internet connection is not required for a computer to reach protected status under the CFAA. Part I of this Note describes the background of the CFAA, specifically detailing the types of crime it was meant to punish, its definition of “computer,” and its definition of “protected computer” (which builds on the definition of “computer” by providing the jurisdictional hook). Part II moves away from the Act’s legislative history and discusses how courts have interpreted the CFAA over time. Part III applies the CFAA to the hacking of a voting machine (assumed to be without internet). Here, a voting machine is used as the vehicle for the analysis but much of the reasoning could apply to other non-internet-connected devices. Part III argues that the hacking of a voting machine is certainly within the current-day scope of crimes meant to be punished by the CFAA, that voting machines fall within the Act’s definition of “computer,” and that voting machines probably fall within the definition of “protected computer.” From there, the Conclusion explains why an amendment to expressly add voting machines to the definition of the CFAA would not be the best solution (especially since they are likely already protected). The Conclusion then analyzes the risks of the continuing expansion of the CFAA’s scope and addresses the relative potential of Russia’s cyberthreats to voting machines compared to their other election-related cyberthreats

Managing the Misinformation Marketplace: The First Amendment and the Fight Against Fake News

In recent years, fake news has overtaken the internet. Fake news publishers are able to disseminate false stories widely and cheaply on social media websites, amassing millions of likes, comments, and shares, with some fake news even “trending” on certain platforms. The ease with which a publisher can create and spread falsehoods has led to a marketplace of misinformation unprecedented in size and power. People’s vulnerability to fake news means that they are far less likely to receive accurate political information and are therefore unable to make informed decisions when voting. Because a democratic system relies on an informed populace to determine how it should act, fake news presents a unique threat to U.S. democracy. Although fake news threatens democratic institutions, First Amendment protections for false speech present a significant obstacle for regulatory remedies. This Note explores the ways these speech protections interfere with the government’s ability to protect political discourse—the process that enables it to function effectively—and proposes that the government regulate journalists to ensure that people can rely on legitimate news media to receive accurate information

Is I-Voting I-Llegal?

The Voting Rights Act was passed to prevent racial discrimination in all voting booths. Does the existence of a racial digital divide make Internet elections for public office merely a computer geek\u27s pipe dream? Or can i-voting withstand scrutiny under the current state of the law? This i-Brief will consider the current state of the law, and whether disproportionate benefits will be enough to stop this extension of technology dead in its tracks

Is I-Voting I-Llegal?

The Voting Rights Act was passed to prevent racial discrimination in all voting booths. Does the existence of a racial digital divide make Internet elections for public office merely a computer geek\u27s pipe dream? Or can i-voting withstand scrutiny under the current state of the law? This i-Brief will consider the current state of the law, and whether disproportionate benefits will be enough to stop this extension of technology dead in its tracks

The Constitutionality and Legality of Internet Voting Post-Shelby County

The technological and electoral landscapes have changed drastically since the turn of the century. While it once might have made sense to view voting online as unconstitutional, as opposed to merely impractical, the expanded range of Internet access for minority communities has made that argument tenuous at best. While there still may exist practical and political reasons to avoid Internet voting, the Constitution no longer stands as an effective wall against the practice. Furthermore, the primary statutory obstacle to the implementation of Internet voting on a local level, the Voting Rights Act, has been greatly weakened by the recent Supreme Court decision in Shelby County. As such, now is the perfect time for state-level experimentation in the field of Internet voting