Online voting presents significant security risks, some of which we list here.
1. Online voting currently provides no way to independently audit or recount the votes, or to provide assurance that the vote has been received, stored and processed correctly, though research on “end-to-end-verifiability” (see below) may provide an adequate solution
2. Attacks on election servers may be undetectable because there is no externally independent record of the election data. Votes might be invisibly altered, by insider fraud or external attack. Again, “end-to-end-verifiability”, is a potential solution to these problems
3. Voters’ devices are vulnerable and almost impossible to secure. They can be subject to malware and virus attacks (e.g. the 2012 Zeus virus), which could provide the capability to invisibly steal or alter votes.
4. Online election servers may be vulnerable to cyber-attacks such as denial of service attacks, or penetration and vote-tampering. They are also vulnerable to insider attacks. Attacks on well-known highly secure sites of major organisations including banks and commercial sites are reported with alarming regularity. Election systems provide a very high-stakes target, and there is no reason to expect that election systems are any more secure than others that have suffered attack.
5. Software bugs could change the outcome of an election, with no way of proving that the declared candidates were wrongly elected.
6. Voting from a private device in an unsupervised environment potentially enables vote buying and selling and coercion of voters, and provides no guarantee that the vote is provided by the claimed voter. This would be the case even for a fully secure voting system.
7. Voters can be subject to social engineering or phishing attacks to reveal their credentials or to have their vote captured by a fake website.
8. Any special equipment (e.g. a dongle or cryptographic keypad) needed for online voting will be infrequently used by voters. Vulnerabilities may arise through lost and stolen items, as well as forgotten passwords and PINs.
The consensus among computer security experts and electronic voting researchers is that online voting is currently unsafe. For example, the `Dagstuhl Accord’ of 2007 signed by 21 researchers attending the Dagstuhl Conference on Frontiers of E-Voting, agreed that:
"Voting over electronic networks has various attractions, is starting to be deployed, and is regarded by some as inevitable. No solution, however, has yet been proposed that provides safeguards adequate against various known threats. Problems include attacks against the security of the computers used as well as attacks that impede communication over the network. Improper influence of remote voters is also a significant problem, although it is tolerated with vote by mail in numerous jurisdictions. Securing network voting is clearly an important research challenge. We cannot, however, prudently recommend any but unavoidable use of online voting systems in elections of significant consequence until effective means are developed to address these vulnerabilities."
The concerns raised then remain current today. More recently, in December 2012, an open letter to President Barack Obama had 51 signatories encompassing elections officials, experts in cyber security, election law, post-election audits, election integrity, and accessible technologies. The letter included the following paragraph expressing opposition to Internet voting:
"Internet voting (the return of voted ballots over the Internet including fax and e-mail) has been proposed as a solution to long lines at the polls. But since it is vulnerable to attacks from anyone/anywhere, Internet voting must not be allowed at this time. In addition to security and accuracy risks, Internet voting threatens the secret ballot, which is key to avoiding voter coercion and vote buying and selling. The secret ballot was originally instituted not as a right that an individual can waive, but rather as an obligation of the government to protect all citizens from coercion and intimidation as they cast their votes. Because of multiple intrinsic risks, Internet voting should be forbidden unless and until proposed systems have undergone extensive, independent public review and open testing to ensure that they have solved the fundamental problems of security, privacy, authentication, and verification."
All these arguments refer to the technologies that have been developed so far. But researchers around the world are working to develop new methods, and the topic of electronic voting is evolving fast in the academic literature. It is likely that research done over the next decade will produce systems which are able to satisfy the stringent security properties that electronic voting demands.