Online Voting: Security Vs. Expediency

Convenience often trumps security when it comes to online transactions, but not for voting. Most citizens rightly don't trust the Internet as a voting booth. But the Atlantic Council's Jason Healey says that could change, not because of better security, but because of voter demand.

As today's millennials -- who spend much of their waking hours online with their smart phones and tablets -- age, they could demand the right to vote using their online tools, too, says Healey, director of the Cyber Statecraft Initiative at the Washington think tank. Millennials, as a group, seem less concerned with their personal privacy than do their parents and grandparents, so they might not worry about the secrecy of the ballot as do their elders.

But in an interview with Information Security Media Group, Healey says experts tell him it could take 30 to 40 years, if ever, for technology to be developed to truly secure online voting for a nation as large as the United States.

Still, he says, he isn't convinced that the American public will wait that long. "That means that people who grew up using Snapchat in their mid-teens would be 45 or 50 before they can shift to start voting [online]," Healey says.

Fewer Anxieties About Privacy

Voting historically hasn't always been secret, so sacrificing some privacy when casting a ballot wouldn't be unprecedented, Healey says. Voting by secret ballot didn't become universal in the United States until 1892, nearly a century after France, and decades after it became commonplace in Britain and Australia. Future voters may be less concerned about the sanctity of secret ballots. "It's very possible that as we go forward, the digital generation [will] say, 'You know, maybe I don't mind if people know how I vote,'" Healey says.

"So, maybe parts of the American electorate, the digital natives, will decide they don't need all of them," he says. "Maybe they're happy to vote in the clear, and then you start getting into the much more solvable [security] problem."

But even if citizens begin casting digital ballots, securing online voting will be a major challenge, barring the invention of "a great disruptive defense technology," Healey says, adding that he doesn't see that happening.

Technologies to secure online voting include strong authentication and encryption as well as more network bandwidth to assure online election systems can withstand distributed denial of service attacks.

Throwing an Election

In the interview, Healey:

• Addresses security challenges to secure online voting. "If someone really wanted to throw an election, influence an election, we know how much people are willing to spend on that," Healey says. "A million dollars to write an election bot would be more than enough money and would make things very difficult."
• Discusses Estonia's success of conducting online election and explains why such a system would be difficult to pull off in more populated nations.
• Explains how distributed denial of service attacks could disrupt online voting.

The Atlantic Council, along with Intel Security, earlier this month published a report titled Online Voting: Rewards and Risks, which weighs the advantages and risk as well as the solutions needed to implement online voting.

Besides his work at the Atlantic Council, Healey edited the book A Fierce Domain: Conflict in Cyberspace, 1986-2012), which he says is the first book on cyber-conflict history. He also coauthored Cybersecurity Policy Guidebook, which dissects organizational cybersecurity policies.