When the Democratic National Committee put the kibosh on plans for virtual caucuses in Iowa and Nevada, they may have pissed off the people who saw the event as a chance to give more people the opportunity to vote. But at least the DNC made the cybersecurity community happy.
“It was absolutely the right decision,” said Herb Lin, senior research scholar at Stanford’s Center for International Security and Cooperation.
Lin and other experts praised the DNC for deciding the risks of a virtual caucus outweighed the benefits of making the time-consuming and byzantine caucus system more accessible. Yes, that has thrown state parties into a bit of chaos as they scramble to come up with new plans by a Sept. 13 deadline. But, Lin and others told me, there’s no getting around the fact that a virtual caucus would be massively hackable — easy to steal, and even easier to simply disrupt. If anything, they said, they wished more political leaders would take the same stance against such schemes, both in the U.S. and abroad.
Participating in the Iowa caucus is an epic event. If you want to vote, you have to show up in person, on a frigid February weeknight, for meetings that can end up lasting hours. So the DNC set up rules for the 2020 primary that encourage states to shift away from caucuses and toward a more common ballot vote. Part of this move means states have to offer some form of absentee voting, too. In Iowa, polling had suggested an absentee option for the caucus could increase participation by nearly a third. In response, the Democratic party in Iowa proposed a plan that would allow people to register their preferences ahead of the actual caucus night. It’s not totally clear how this plan would have worked, but the Des Moines Register reported it would have involved a combination of an online registration system and a dial-in phone number for the actual vote.
But that would be a really, really, really, really bad idea, said Bruce Schneier, a security technologist and fellow at the Harvard Kennedy School of Government. “It would be insane to do it and expect it to be secure,” he told me. Schneier and other security experts said voting systems like the one Iowa proposed are significantly more risky than the electronic voting machines or ballot readers that are already commonly used — and commonly cited as security risks. It is basically impossible, they told me, to set up a voting system that involves phones and the internet without it becoming a threat to the integrity of the election.
There are a myriad number of ways a phone or online voting system could be compromised. Some are simple, relying on technology that is, itself, nearly old enough to run for president. “To do a phone option, you need a phone number to call into,” Lin said. “I can easily imagine, with the tech not of today, but 30 years ago, setting up a bunch of computers to call that number and jam it so they always get a busy signal.” That denial of service attack wouldn’t hack the vote, exactly, but it would affect the outcome by preventing people from actually participating.
To see how a more complex hack could unfold, you merely need to look to the results of 2010 security test of Washington, D.C.’s online voting pilot project, said Susan Greenhalgh, a vice president at the National Election Defense Coalition. Developed to allow overseas voters to cast their ballots remotely, the webapp-based voting system turned out to be wildly insecure. Exploiting what amounted to a trivial typo in the code, security experts were able to alter the outcomes of both past elections and any that might happen in the future. They were also able to reveal information about voters and hide evidence of the intrusion from the people running the system. It took 36 hours before anyone noticed something had gone wrong.
And while you might be able to fix a coding error here or spackle on a patch there, it’s hard to escape fundamental disconnects between the needs of an election and the needs of cybersecurity, Schneier said.
“People often ask me how come you can bank online, but not vote,” he said. The answer comes down to the concept of the secret ballot. Online banking works because, when security breaches happen, it’s possible to see what went wrong and fix it. Your debit card number gets stolen, but you quickly realize what happened and inform the bank, and they can figure out which transactions you are and aren’t your responsibility.
That’s not true for online voting, where it’s vitally important that the people in charge not know who cast a ballot for which candidate. That anonymity — and the lack of a paper proof to check the vote against — means votes can get changed and no one would know, or be able to switch them back if they did. Even blockchain — a cryptography technology that would make votes difficult to change on the sly and has been proposed as a solution for online voting security by presidential candidate Andrew Yang — still leaves plenty of room for failure. All someone would have to do is vote posing as you, using your login credentials. And if fraud were suspected, there’d be no way to recount.
And yet, many countries remain interested in dipping their toes in the online voting tide. Switzerland has tried a number of different pilot programs since 2004 — one of which was found to contain critical, potentially vote-altering flaws just this past March. Estonia introduced online voting in 2005 and it now accounts for as many as one quarter of all votes cast in that country. But while news headlines tout the country’s voting system as the future of elections, experts have found serious flaws in its security. And even after those vulnerabilities were fixed, Greenhalgh told me, new ones have emerged. All it takes is one thing to go wrong and the entire system collapses, she said.
Meanwhile, 32 states in the U.S. offer some kind of online voting, either through an internet portal or over email. While primarily aimed at active-duty service members or voters living overseas, online ballots accounted for about 100,000 votes cast in the 2016 presidential election. And only two states, Alaska and Washington, took steps to roll back online voting after it became clear how seriously foreign governments were targeting U.S. election technology, Greenhalgh said.
So seeing the DNC take the threat seriously was a relief to people like Greenhalgh because it looks like, for once, a national political entity really understands what’s at stake. “We aren’t seeing any leadership [on this] in the federal government,” she told me.
Maggie Koerth-Baker is a senior science writer for FiveThirtyEight. @maggiekb1