Risks of—and Solutions for -- Remote Voting
· If you are unable to mark your ballot by hand, OmniBallot can let you mark it on-screen. However, this option (as used in Delaware and West Virginia) will send your identity and secret ballot selections over the Internet to Democracy Live’s servers even if you return your ballot through the mail. This increases the risk that your choices may be exposed or manipulated, so the researchers recommend that voters only use online marking as a last resort. If you do mark your ballot online, be sure to print it, carefully check that the printout is marked the way you intended, and physically return it.
· If at all possible, do not return your ballot through OmniBallot’s website or by email or fax. These return modes cause your vote to be transmitted over the internet, or via networks attached to the internet, exposing the election to a critical risk that votes will be changed, at wide scale, without detection. Recent recommendations from the Department of Homeland Security, the bipartisan findings of the Senate Intelligence Committee, and the consensus of the National Academies of Science, Engineering, and Medicine accord with the researchers’ assessment that returning ballots online constitutes a severe security risk.
For election officials, they recommend these steps, as tweeted by Halderman:
· Discontinue online voting. No readily available defense can adequately mitigate the risks of OmniBallot’s electronic return mechanism.
· Reserve online marking for voters who need it. Although online marking is critical for some disabled voters, it carries higher risks and becomes an attractive target when widely used. Marked ballots should always be printed and physically returned. To reduce security and privacy risks for voters who do need online marking, ballots should be generated locally in the browser, using client-side code. Democracy Live already offers this option in California and some other localities.
· However ballots are returned, states should require that Democracy Live adopt an enforceable privacy policy that prohibits using voters’ information for any purpose unrelated to servicing their ballots.
· States should also require public, independent security analysis before considering online voting systems. Without such analysis, voters and officials will be unable to accurately weigh the tradeoffs between risk and access.
“States are adopting OmniBallot for laudable reasons: to help overseas voters, voters with disabilities, and those who can’t safely go to the polls due to COVID-19,” Halderman says. “But, as we learned in 2016, elections face serious security threats. That’s especially true for online voting.”
OmniBallot’s ballot delivery and marking modes have the potential to be valuable tools for helping voters participate, if used with specific security precautions and changes recommended in the study, the researchers say. Some of those recommendations can be followed directly by individual voters but many will also require action by election officials.
“On the other hand,” the researchers added, “as online ballot return represents a severe danger to election integrity and voter privacy that no available technology can adequately mitigate, we recommend that Democracy Live and jurisdictions discontinue this feature.”
