Internet voting is insecure and should not be used in public elections

Summary

Signed by a group of 21 computer scientists expert in election security Executive summary Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology that can make it secure. Still, vendors of internet voting keep claiming that, somehow, their new system is different, or the insecurity doesn’t matter. Bradley Tusk and his Mobile Voting Foundation keep touting internet voting to journalists and election administrators; this whole effort is misleading and dangerous. Part I. All internet voting systems are insecure. The insecurity is worse than a well-run conventional paper ballot system, because a very small number of people may have the power to change any (or all) votes that go through the system, without detection. This insecurity has been known for years; every internet voting system yet proposed suffers from it, for basic reasons that cannot be fixed with existing technology. Part II. Internet voting systems known as “End-to-End Verifiable Internet Voting” are also insecure, in their own special ways. Part III. Recently, Tusk announced an E2E-VIV system called “VoteSecure.” It suffers from all the same insecurities. Even its developers admit that in their development documents. Furthermore, VoteSecure isn’t a complete, usable product, it’s just a “cryptographic core” that someone might someday incorporate into a usable product. Conclusion. Recent announcements by Bradley Tusks’s Mobile Voting Foundation suggest that the development of VoteSecure somehow makes internet voting safe and appropriate for use in public elections. This is untrue and dangerous. All deployed Internet voting systems are unsafe, VoteSecure is unsafe and isn’t even a deployed voting system, and there is no known (or foreseeable) technology that can make Internet voting safe. Part I. All internet voting systems are insecure Internet voting systems (including vote-by-smartphone) have three very serious weaknesses: Malware on t...