Internet voting: A really bad idea whose time has come

The area on the Jersey shore where I grew up was hit very hard by Hurricane Sandy in 2012. It was many weeks before some of the people could even go home. Life was a mess. And then, a little over a week later, was the 2012 election day.

The state made it clear that they would make whatever accommodations it could to help people vote if they were displaced by the storm. So far, so good, but my ears perked up when I heard about "email voting."

Yes, the state announced that voters could email in a vote. This was part of an effort to make all non-traditional forms of voting, including mail-in and fax, easier. In fact, voters were instructed to ignore the part of the relevant web page where it says "The County Clerk cannot accept faxed or emailed copies of a Application for Vote by Mail Ballot, unless you are a Military or Overseas Voter, since an original signature is required."

But certainly such circumstances were sui generis, and no sane state authority would contemplate Internet voting in the normal course of things, right? Wrong.

As Bruce McConnell and Pamela Smith wrote in a recent Wall Street Journal (paywall): "[O]ver 30 states and territories allow some form of internet voting (such as by email or through a direct portal) for some classes of voters, including members of the military or absentees."

In Alaska, anyone can vote by internet if they ask. The quote from the New Jersey page above indicates that they will accept emailed images of mail-in ballots for military or overseas voters. Utah's Salt Lake County Clerk will be using a new law in that state to allow the disabled to vote by email. Iowa Democratic officials have raised internet voting as a way of boosting turnout of those too lazy to show up, but for now the experiments seem mostly limited to the disabled, military, and others with a good excuse. Many of these allowances for military and overseas voters are pursuant to the Federal Uniformed and Overseas Citizens Absentee Voting Act.

The whole issue of security in voting is highly controversial even without bringing computers and the internet into it. Merely asking for identification is considered racist by many. But voting over the internet increases the possibility for fraud by many orders of magnitude, and those committing the fraud could be halfway around the world.

Speaking of around the world, Estonia is the current poster child for electronic voting. Estonians at home and around the world can vote online using a national ID card, a smart card. Clearly a system of digital national IDs has no chance of being adopted in the US, but for all its sophistication, the Estonian system is still vulnerable to tampering according to recent research.

In one sense, voting does seem like the sort of thing that should be ideal for the internet. I'm reminded of Ross Perot's ridiculous notion of an "electronic town hall" that could actually replace representative government with direct democracy. I hope that the last 22 years of internet insecurity have shown us what a bad idea that would be.

The best thing you can say about most current online voting provisions is that the numbers of voters are probably small enough that any significant fraud would stand out. Maybe.

But if the goal is to increase participation by making voting easier and easier, then moving it online is just asking for trouble. I doubt there's a way to do it that would provide sufficient confidence. A 2011 study by NIST pretty much said the same.

In fact, it's easy to find research by people who understand computer security pointing out the considerable risks from internet voting. There are other people who would like to increase turnout no matter what and who are happy to declare that all technical problems can be worked out by the experts. Well, the experts have spoken: Internet voting is not and cannot be made secure with current technology.