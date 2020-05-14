West Virginia State Delegate Eric Porterfield is blind and generally votes at a polling place using an accessible voting machine. You would need assistance completing a regular paper ballot by mail, reducing your ability to keep your votes private. But thanks to a state law passed in January to address accessible remote voting, Porterfield has a new alternative for his state primaries on June 9. For the first time, you plan to submit your absentee ballot online.

"The gold standard for you or me or anyone else is to be able to fulfill our constitutional right to vote by private vote," says Porterfield.

The COVID-19 pandemic has made online voting options more tempting than ever for election officials across the United States. But electoral integrity advocates and security experts continue to warn that remote digital voting systems, be they mobile apps or cloud portals, do not have security guarantees strong enough for primetime. On Friday, a group of federal agencies, including the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency and the Electoral Assistance Commission, sent a risk assessment to states, warning that "electronic ballot return technologies they are high risk even with established controls. "

West Virginia has allowed eligible overseas and military voters to cast their votes through a mobile app since 2018 and is now using a cloud portal for those voters plus residents with disabilities covered by the new state law. Several other states have also begun allowing limited online voting, seemingly without incident, a track record advocates of remote voting point to as evidence that the practice should be much more common. But safety researchers find little comfort in the apparently successful trials, for the same reason that you shouldn't wait for an accident to install stop signs at a busy intersection.

In the coming months, Delaware and New Jersey will join West Virginia to test a remote digital voting system through a company called Democracy Live. Eligible overseas and disabled voters will receive an email containing instructions on how to log in to the company's cloud portal. From there, voters will complete a PDF ballot and can print and mail it or send it electronically. A central feature of the Democracy Live setup is that once election officials receive the digital ballots, they will print them, which the company says creates a paper trail that can be used later in election audits.

"We are focused on populations deprived of their rights," says Bryan Finney, founder and CEO of Democracy Live. "I don't think there is a perfect voting system, I don't think there is a perfect website. It's a question of how we calibrate risk and reward. This is the best solution we can find. With. If anyone has a better approach to award rights to 30 million disabled voters, we are open to it. "

Democracy Live's portal is hosted on Amazon Web Services through the cloud provider's FedRamp-certified offerings to the US federal government. USA It also uses the AWS "Object Lock,quot; feature on voter PDF files to prevent submissions from being modified or deleted. The system has been audited by external security reviewers Shift State and RSM Labs, although those reviews are not published. When Democracy Live is used to vote, the elections are also subject to retrospective audits to confirm the results.

"This does not bode well,quot;

Numerous security researchers told WIRED that they share a desire to expand voting accessibility and appreciate efforts to make remote digital voting systems secure, but that they are ultimately not satisfied with the fair surface precautions implemented so far. They point out that while the use of federally approved equipment and systems would seem understandably adequate, the government's own record in digital security is painfully weak. Even the National Security Agency has had its systems hacked. The same is true even for the most careful financial institutions, technology companies, and healthcare providers.

"If the software and hardware industry is so bad across the board, this does not bode well for new offerings to be magically very secure and robust," says security researcher Peiter Zatko, better known as Mudge, who He has worked for the US government and the private sector. "Think of the small organizations that are trying to trivially solve these basic concepts that the whole field still cannot do well. And also the complexities of regional and national voting while preserving the aspects of secret and non-discriminatory voting. Yikes."

"The United States would move to an online platform to vote. It would be hard work, one of the biggest we have ever done."

For example, as helpful as Democracy Live's AWS secure cloud and PDF tamper protections are, they are not a security panacea. If voters send their ballot through the cloud, they have no way of confirming that the subsequent impression made by an election official accurately reflects their vote. And if post-election audits rely on that paper trail, they won't be able to detect the tampering that happened before the prints were made.

"It's no different than printing a ballot image from a paperless direct-recording electronic voting machine," says Lawrence Norden, deputy director of the Brennan Center Democracy Program at New York University School of Law. "It doesn't make sense if the electronic record has already been hacked."

Democracy Live launched in 2008 and has been testing its ballot-return cloud portal since 2010. The company says its secure portal has been used in more than 1,000 elections in 96 countries. But security experts emphasize that an organization's history of participating in elections without incident is not in itself evidence that a given system is secure.

Still, Finney argues that a specially designed cloud voting portal is more secure than the ad hoc digital voting that already exists in the US. USA And other proponents of online voting also emphasize this point. Nineteen states and the District of Columbia allow a relatively small number of overseas voters to return ballots by fax or email. Seven more states allow returns only by fax. The mosaic stems from efforts to comply with federal laws designed to give the military and citizens abroad adequate time and opportunity to vote.

"The ballots themselves are still paper ballots that must be printed, completed by hand, and scanned to be sent by email," says Debra O & # 39; Malley, spokeswoman for the Massachusetts Secretary of State's Office, which oversees the state election. . "In general, cities and towns receive only one or two ballots per district, if any. Of course, there are always more in presidential elections and in those communities with more military or foreign voters."

"Let's be honest,quot;

Verified Voting, an organization that promotes the integrity of the electoral system and best practices, discourages any method of return of ballots enabled by the Internet. But even more than in relatively specific cases, the group is concerned about the large-scale expansion of Internet voting to millions of people with disabilities or to all American voters.

Delegate Porterfield of West Virginia says he has faith that Democracy Live's remote digital voting system is secure, especially given the limited number of people who will use it.

Security professionals "have done an excellent job trying to keep us safe because of the limited number of votes that this should affect people with disabilities," he says. "Because let's be honest, a very small portion of our population has a disability significant enough to vote digitally."

However, the organization funding the Democracy Live pilot in West Virginia, Tusk Philanthropies, has much more ambitious long-term goals. Tusk Holdings' charitable group, venture capitalist Bradley Tusk, has a stated mission "to allow people to vote in elections on their phones." To do this, it works with state and local election officials across the country to fund mobile voting pilots using providers and platforms that officials examine and select. Tusk Philanthropies President Sheila Nix says she realistically knows that the entire country will not accept online voting this year. But he hopes to progress toward the goal of organizing a comprehensive mobile vote by 2024.

"We initially started with pilots for military and foreign voters," she says. "It seemed like a good place to start. And we had very good success in 2018 in West Virginia, and then we did a lot of pilots in 2019."

"Going to the moon,quot;

However, security researchers say that all systems involving the transmission of votes over the Internet carry a significant risk. And they emphasize that while it is true that sensitive industries like healthcare and the financial sector rely on Internet-enabled systems, those organizations can tolerate risk and face the consequences of rape better than elections. Voting systems must also preserve the privacy of voters, while banks and hospitals can continually access and review their data. That distinction makes it incredibly challenging to build a secure voting system.

"The United States would move to an online platform to vote. It would be a tough job, one of the biggest we've ever done," says David Kennedy, CEO of security consulting firm TrustedSec, who previously worked at the NSA and with the Marine. Body signals intelligence unit. "It is possible, but for me it would be just as elevating as we are going to the moon. It is that type of project, because you need a highly researched design, an architecture that has multiple layers to prevent abuse and attacks, and many audits, a lot of surveillance,quot; .

Supporters of Internet voting also frequently point out that mail voting systems could be targeted by large-scale ballot interception initiatives. Studies indicate that such an operation would be difficult to perform in practice, but there is always a small risk of manipulation. Meanwhile, the risk of widespread vote tampering would be significantly higher for digital systems than hackers could attack from the comfort of their own homes instead of going from mailbox to mailbox.

The Iowa Caucus mobile app collapse in February, while not a security issue, was a warning about the risks of rushing to vote online. But even successful trials do not prove that remote digital voting systems are secure. Like any system connected to the Internet, they could have failures that simply have not yet been exploited, or have suffered attacks that have not been detected. That is not a theoretical risk. Estonia used its I-vote internet voting system for the better part of a decade before researchers released a security review of the system in 2014 pointing out numerous major vulnerabilities. And researchers at the Massachusetts Institute of Technology discovered in February that the Voatz mobile voting app had several security flaws. West Virginia used the Voatz app for foreign voters in 2018 and had planned to use it in 2020 as well. The state switched to Democracy Live a few weeks after the MIT investigation came out.

"That comes down to everything," says Kennedy. "Just because it wasn't hacked today doesn't mean it won't be hacked tomorrow. Or later today."

This story originally appeared on wired.com.