Internet voting has the potential to ease voter participation, reduce fraud, and provide a high-tech upgrade to traditional polling methods.
Unfortunately, it also raises some of the most difficult challenges in computer security, due to the need to safeguard election servers and voters' computers against a variety of powerful attackers while simultaneously protecting the secret ballot. How well can election technology defend against modern cyber threats?
To find out, colleagues and I performed in-depth security evaluations of Internet voting systems used in the U.S. and other countries. In Estonia--the world's most significant user of online voting--we found staggering gaps in the system design and procedures that leave elections vulnerable to attackers such as foreign powers and dishonest election officials. Such attackers could change votes, compromise privacy, disrupt returns, or cast doubt on the integrity of results.
In a separate study, we took part in a public trial of an Internet voting system introduced by Washington, D.C. Within 48 hours of the system going live, we had complete control of the server and changed all the votes. These findings illustrate the practical obstacles to securing Internet voting and carry lessons for all countries considering adopting such systems.
J. Alex Halderman is the Morris Wellman Faculty Development Assistant Professor of Computer Science and Engineering at the University of Michigan, and Director of Michigan's Center for Computer Security and Society.
His research spans software security, Internet security, and digital privacy. He is widely known for developing the "cold boot" attack against disk encryption, which altered widespread security assumptions about the behavior of RAM, influenced computer forensics practice, and inspired the creation of a new subfield of theoretical cryptography.
A noted expert on electronic voting technology, Prof. Halderman helped lead the first independent review of the election technology used by half-a-billion voters in India, which prompted the national government to undertake major technical reforms.
He is the author of more than 50 publications, and his work has won numerous distinctions. His Coursera course about electronic voting, Securing Digital Democracy, has reached tens of thousands of students worldwide.