Feds Warn States That Online Voting Experiments Are 'High-Risk'
Updated at 6:40 p.m.
The federal government is letting states know it considers online voting to be a "high-risk" way of running elections even if all recommended security protocols are followed.
It's the latest development in the debate over Internet voting as a few states have announced they plan to offer it to voters with disabilities this year, while security experts have voiced grave warnings against doing so.
An eight-page report distributed to states last week recommends mail-in ballots as a more secure method of voting. It was co-authored by four federal agencies, including the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
"We recommend paper ballot return as electronic ballot return technologies are high-risk even with controls in place," says the document, according to a copy obtained by The Wall Street Journal. A source with knowledge of the document confirmed its authenticity to NPR.
West Virginia, Delaware and New Jersey all have confirmed plans to pilot a system provided by the Seattle-based company Democracy Live in upcoming elections to allow military and overseas voters as well as some voters with disabilities the option to vote online.
When reached for comment on the new federal guidance, a spokesperson for West Virginia Secretary of State Mac Warner noted that the state limits the use of the Internet ballot return option to people who would otherwise have no other means to return their ballot secretly. The service isn't offered to all voters with disabilities, just those who would not be able to vote a mail-in ballot without another person helping them.
Voters who use the system still have the option to print out the ballot and mail it in if they choose to do so, although similar pilots have found that the overwhelming majority of voters choose to return their ballots electronically when given the option.
Delaware's state election director declined to comment on the new federal document when reached by NPR, and New Jersey's state election office did not respond to an interview request.
In addition to these new pilots, tens of thousands of ballots are also submitted by overseas and military voters each presidential election year via fax and email, which the document notes are insecure methods as well. The report says that web applications, like the Democracy Live system, may "support stronger security mechanisms than email," but any web-based system can still be vulnerable to a cyber attack, it says.
The new guidance makes clear that federal cybersecurity officials see any form of Internet voting as a risky endeavor, but the document stops short of saying states should not implement it. In fact, many states are required by law to offer some sort of internet voting option to its overseas voters, as the report notes.
Elections are run at the local level, and the federal government has traditionally shied away from any forceful guidance on exactly how they should be run for fear of creating an unproductive friction with states.
An earlier version of the document, for instance, "discouraged" electronic ballot return technologies because they "have not been demonstrated as capable of being secure from interference at this time," according to a copy obtained by journalist Kim Zetter. But the document distributed to the states did not include that language.
Election security advocates have been raising many of the concerns that the document touches on for years if not decades, including that electronically transmitted ballots could potentially be manipulated on a large scale, whereas fraud in mail balloting allows just for the potential of "localized exploitation."
"In case there was any doubt, [Internet] voting as a solution for the challenges to our election posed by [COVID-19] is a really bad idea," tweeted Larry Norden, director of the Brennan Center for Justice's Election Reform Program, after The Guardian published news of the new federal guidance Friday.
A 2018 report from the National Academies of Sciences put it similarly: "At the present time, the Internet (or any network connected to the Internet) should not be used for the return of marked ballots."