Internet Voting, Security, and Privacy

Article excerpt

ABSTRACT

Internet voting is an appealing concept to most voters, primarily for reasons of convenience ("why can't I vote in my pajamas at a convenient time"), while appealing because of the attractiveness of technology. However, Internet voting is fundamentally different from other types of online transactions such as banking or shopping. In this Article, I describe different types of Internet voting, the advantages and disadvantages from a security and privacy perspective, and provide perspective on the history and evolution of the field.

Pajama voting may be convenient. It just can't ensure your vote will count.

- Mitch Trachtenberg1

We don't have the technology yet to do [Internet voting] in a secure way, and we may not for a decade or more.

- Ron Rivest2

A government election is something that you don't want to do over the Internet.

- Ben Adida3

[T]he impetus to remove voting roadblocks is, we fear, causing some states to rush recklessly toward Internet voting despite the limits of today's security technology.4

INTRODUCTION

Internet voting is so "obviously" good that the move in that direction frequently happens without consideration of the security and privacy issues. The presumption is that increased convenience of voting will increase turnout, especially among younger voters who are more comfortable with technology.5 Additionally, Internet voting is claimed to offer opportunities for improved voter turnout for overseas and military voters6 whose rights are protected under the Uniformed and Overseas Citizen Absentee Voting Act (UOCAVA).7 Towards this end, the Military and Overseas Voter Empowerment Act (MOVE) requires that localities make blank ballots available via the Internet and requires forty-five days between when blank ballots become available and the deadline for receipt of marked ballots.8 Some localities have interpreted these two requirements as requiring localities to offer return of marked ballots over the Internet, although the law does not appear to have that requirement.9

In the November 2010 Congressional Election, thirty-three states allowed return of marked ballots over the Internet.10 Lost in this wholesale move is informed consideration of whether such returns are secure or private. In this Article, I explore the different types of Internet voting, and security and privacy issues associated with different approaches.

Part I reviews the types of activities under the rubric of Internet voting, and the types of voting systems that follow. Part ? reviews the advantages and disadvantages of Internet voting, identifying which of the types of voting systems they apply to. Part III discusses some mitigating and aggravating factors. Part TV covers some differences between private and public elections. Part V concludes the paper.

I. WHAT IS INTERNET VOTING?

The term "Internet voting" is used to cover a wide range of technologies. For purposes of this Article, I exclude such activities as voter registration, checking on the status of submitted ballots, and obtaining information about races from official or campaign websites. Rather, I consider "Internet voting" to refer to actions that are used by voters to obtain and potentially return marked ballots using the Internet.

In this Part, I outline three major independent factors within Internet voting technologies:11 whether the system is used for blank ballots or ballot return, whether the system is dedicated or non-dedicated for voting, and whether the system is supervised by an election officer. There are many other factors which affect the security of Internet voting, including:

* The types of security analysis performed of the system, including software and hardware, who performs the analysis, and whether the analysis is public.

* Whether the system uses proprietary or open source software.

* The protections in the system against insider threat. …