Twenty-one leading security experts debunk claims that internet voting can be secured for public elections, citing irreparable vulnerabilities in all existing systems including VoteSecure.
A coalition of 21 computer scientists specializing in election security has published a comprehensive technical analysis concluding that internet voting cannot be secured for public elections using any current or foreseeable technology. The statement directly challenges efforts by Bradley Tusk's Mobile Voting Foundation and other vendors promoting internet voting systems.
The researchers identify three irreparable vulnerabilities inherent to all internet voting platforms:
- Endpoint compromise: Malware on voter devices (phones, computers) can silently alter votes before transmission. Given the diversity of consumer devices and constant malware threats, this risk is unavoidable.
- Server-side attacks: Centralized servers processing votes present high-value targets. A single successful breach could enable undetectable mass vote alteration.
- County infrastructure weaknesses: Systems relying on local printing of internet ballots remain vulnerable to manipulation at under-secured election offices.
These flaws create asymmetric risk compared to paper-based systems. While traditional absentee ballot fraud typically affects limited ballots and carries high detection risk, internet voting enables attackers to alter thousands of votes remotely without leaving forensic evidence.
The analysis specifically addresses End-to-End Verifiable Internet Voting (E2E-VIV) systems like VoteSecure, developed by Free and Fair under contract with Tusk's foundation. Despite cryptographic verification mechanisms, E2E-VIV systems suffer from:
- Verification bypass: Malware can falsify verification results shown to voters
- Coercion vulnerability: Lack of receipt-freeness enables automated vote buying/selling
- Dispute futility: No protocol exists to resolve verification failures, rendering detected anomalies inconsequential
Regarding VoteSecure, the scientists note its developers explicitly acknowledge critical limitations in their documentation. Free and Fair's technical leads confirmed in response to critiques that VoteSecure:
- Doesn't achieve receipt-freeness
- Lacks dispute resolution protocols
- Offers no protection against compromised endpoints
- Remains an incomplete "cryptographic core" rather than a deployable system
Dr. David Dill, emeritus professor at Stanford and signatory, emphasized: "For over two decades, peer-reviewed research has consistently shown internet voting introduces catastrophic failure modes absent in paper systems. Vendors claiming otherwise either misunderstand the threat model or prioritize convenience over security."
The coalition warns election officials against "science by press release," urging reliance on peer-reviewed research when evaluating voting technologies. While acknowledging academic research should continue, they stress no known cryptographic approach can mitigate the physical and human-factor vulnerabilities inherent in internet voting architectures.
This statement represents the largest consensus position from technical experts since internet voting emerged, directly countering lobbying efforts targeting state and local election authorities. With election security becoming increasingly politicized, the researchers aim to provide unambiguous technical grounding for policy decisions.
Comments
Please log in or register to join the discussion