CNET también está disponible en español.

Ir a español

Don't show this again

Security

Online voting’s real in the midterm elections

The state is the first in the country to offer voting by smartphone app. Experts say there are plenty of reasons to go slow.

gettyimages-809029676.jpg

West Virginia is experimenting with a voting app. 

Getty Images

When Mac Warner was in the Army, he couldn't vote in two US elections. Stationed overseas, he wasn't able to receive or submit a ballot.

When he became West Virginia's secretary of state in 2017, after retiring as a lieutenant colonel, Warner wanted to find a way to make it easier for folks in that situation to vote. So this year, West Virginia is offering an electronic balloting system called Voatz.

Yes, voting over the internet is actually happening -- kinda. West Virginia is limiting online voting to citizens living overseas and to people in the military, along with those in the Merchant Marine. The effort is made possible by the US government's Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA), which allows eligible voters to cast ballots via any form of electronic transmission, including fax or email.

That means West Virginia will be the first state to offer online voting by smartphone app.

"We want our voters to know that we're doing everything we can to give our uniformed services members and overseas citizens the same ease of access to a ballot that we get stateside," said Donald "Deak" Kersey, West Virginia's elections officer and Warner's deputy legal counsel.

Online pitfalls

Online voting seems appealing for lots of reasons. For one, voter turnout in the US is notoriously low (about 56 percent of the voting-age population cast a ballot in 2016), so making it more convenient to vote could boost those numbers. Online voting could also help enfranchise people who might be too sick to travel or who can't afford to take time off from work.  

But experts say performing your civic duty from your couch is potentially fraught with security concerns that could ultimately undermine our elections, like changing the outcome of a race. Not to mention the possibility that in a major hack, your private information could end up in the hands of people who shouldn't have it.

Now playing: Watch this: Go inside Facebook's election war room
2:56

Maintaining the integrity of our elections is already hard enough these days. The US is still grappling with the effects of Russia's election interference in 2016 as well as its continued efforts to interfere in the upcoming 2018 midterms.

"If we haven't assured the voter that their vote is going to be protected, that's as big a problem as actually being at risk," warned Eric Hodge, director of election security services at CyberScout, which works with state and county officials to secure electronic elections.

A click away from democracy

So why can't you and I vote in the 2018 US midterms using the same device we use to send GIFs to our friends?

While squeezing in a vote in between texts and Tinder swipes might be convenient, experts just don't think we're ready, tech-wise.

For one thing, an online voting system has to ensure your vote stays secret. In industries like health care and banking, we'd associate data with a key ID, or some type of record within a data set, and maybe even encrypt it. But that goes against the principle of voting in secret.

And who's to say what's encrypted now won't get cracked a decade or two later?

"There's a chance that in 20 years, your ballot is going to be completely known to the world, and many people may suffer consequences from having their ballot contents exposed," said Joseph Lorenzo Hall, chief technologist at the Center for Democracy & Technology.  

Experts also warn that an an online voting system will be vulnerable to tampering.

One technique hackers could use is DNS spoofing. That's a popular method hackers use today to steal our email passwords or infect our computers with malware, in which someone could essentially reroute you to a bogus website instead of the one you're trying to reach. Hackers could also rely on malicious computer programs that would lie in wait on your computer until you cast a ballot and then change your vote while you're none the wiser.

Industries like banking and e-commerce deal with billions of dollars of fraud each year -- generally, 1 in 1,000 transactions is fraudulent. And if someone steals your credit card, you're usually off the hook for those charges. But in races where the deciding margin is thinner than 1 in 1,000, it's too large a risk, Hall said.

The Mountain State

All those concerns may be why West Virginia officials are carefully wading into the waters of online voting.

In the past, the state tried e-balloting systems, but those required a printer and scanner in order to fill out the ballot and submit it.

"If you're on the side of a hill in Afghanistan or you're in a submarine under the polar ice cap -- or anywhere in between -- you might not have a fax, you might not have a scanner, you might not have a printer. So that prevents you from voting," Kersey said. Military satellites, however, can provide a secure connection for online voting systems, he said.

West Virginia's effort came about after the nonprofit Tusk Montgomery Philanthropies, which jointly focuses on promoting mobile voting and fighting hunger, approached the state and offered to pay for a pilot using smartphone technology from the startup Voatz. (Tusk said it doesn't have any financial ties to the company.) Voatz won first place at SXSW's Citrix Hackathon in 2014, the year it was founded.

The West Virginia system will be opt-in for UOCAVA voters registered in participating counties. Voters who sign up will get an email with instructions to download the app and verify their identity using a photo ID. They have to take a photo of the front and back of their ID, as well as submit a video selfie in order to make sure someone isn't just taking a photo of a photo. The app uses facial recognition to match the images

wv-flag.jpg

West Virginia's state flag.

Getty Images

If everything matches, voters can open the ballot, make their decisions, and submit their ballots using Apple's Face ID or a fingerprint, depending on how voters unlock their phones.

Ballots go into what Kersey described as a digital lockbox. That lockbox isn't touched until election night, when two people -- one from each party -- simultaneously enter security keys to retrieve the ballots.

If you're feeling iffy about all this, you're not alone.

Voatz has faced its share of controversy already. An August headline from Vanity Fair on the company read: "A Horrifically Bad Idea: Smartphone Voting is Coming, Just in Time for the Midterms."

Kersey said West Virginia authorities have put Voatz through a thorough vetting, including legal security requirements, onsite visits and audits of Voatz's cloud infrastructure and the mobile app. They even audited the audits.

After that, West Virginia tested Voatz in two counties for the May primary election. It then gave all 55 counties the option of using the system in the midterms; 24 signed up. (Kersey noted that some counties don't have UOCAVA voters, or just don't have the resources to tackle implementation.)

The state has no plans to go beyond UOCAVA voters, Kersey said. That's partly because they feel voting access for folks stateside is easy enough. It's also because the technology is just so new.

"We don't want to do anything that's irresponsible," Kersey said, "so we're testing this technology now in this very limited scope, just to make sure it's secure."

The beauty of a paper ballot

Audits or not, election security experts can imagine plenty going wrong if online voting becomes mainstream.

That's why paper is hard to beat. You can look at a printout and see that it reflects your choices. That paper can also be kept separate and secure from a machine's results, ready in case an audit is needed.

Even with its online ballots, West Virginia isn't totally walking away from a (digital) paper trail. The system takes a digital image of the ballot when it's cast.

"There is no solution that is usable by ordinary people, adequately protects privacy, and provides a standard of evidence anywhere near that of paper ballots," said Vanessa Teague, senior lecturer for the Melbourne School of Engineering at the University of Melbourne in Australia.

Another challenge is perception. Anyone who wants to roll out an online voting system will have to convince voters that our ballots will arrive unchanged and remain private and anonymous -- both now and in the future. After all, we're regularly confronted with headlines like one from August about an 11-year-old boy hacking a replica of Florida's election results website at the Defcon conference. It took him 10 minutes.

In the end, it's hard to say whether we'll ever be able to vote from our phones or computers. Or even if we should be able to.

Hall, with the Center of Democracy & Technology, thinks it's a problem we'll eventually have to solve -- with the substantial caveat that we're not even close to getting there.

"If we want to have democracies that span enormous distances, you're not waiting 12 months for ballots from Mars to show up so you can count the election," he said. Even so, he added, "there are certain things you're never going to do online -- voting for government office is probably one of them, and for very good reason."

5G is your next big upgrade: Everything you need to know about the 5G revolution.

NASA turns 60: The space agency has taken humanity farther than anyone else, and it has plans to go further.