Dear Governors, Secretaries of State and State Election Directors,

We are writing to share information on the scientific evidence regarding the security of internet voting. Based on scientific evidence, we have serious concerns about the security of voting via the internet or mobile apps.

The COVID-19 pandemic presents an unprecedented challenge to American elections. At this time, internet voting is not a secure solution for voting in the United States, nor will it be in the foreseeable future. Vote manipulation that could be undetected and numerous security vulnerabilities including potential denial of service attacks, malware intrusions, and mass privacy violations, remain possible in internet voting.

We urge you to refrain from allowing the use of any internet voting system and consider expanding access to voting by mail and early voting to better maintain the security, accuracy, and voter protections essential for American elections in the face of an unprecedented public health crisis.

Internet voting is insecure.

Internet voting, which includes email, fax, and web-based voting as well as voting via mobile apps such as Voatz, remains fundamentally insecure. 12345678910 Scientists and security experts express concern regarding a number of potential vulnerabilities facing any internet voting platform, including malware and denial of service attacks; voter authentication; ballot protection and anonymization; and how disputed ballots are handled. Importantly, there is no way to conduct a valid audit of the results due to the lack of a meaningful voter-verified paper record. If a blockchain architecture is used, serious questions arise regarding what content is stored in it, how the blockchain is decrypted for public access, and how votes are ultimately transferred to some type of durable paper record.11  No scientific or technical evidence suggests that any internet voting system could or does address these concerns.

A 2018 consensus study report on election security by the National Academies of Science, Engineering, and Medicine (NASEM), the most definitive and comprehensive report on the scientific evidence behind voting security in the U.S., stated:

“At the present time, the Internet (or any network connected to the Internet) should not be used for the return of marked ballots. Further, Internet voting should not be used in the future until and unless very robust guarantees of security and verifiability are developed and in place, as no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” 5

Federal researchers have also agreed that secure internet voting is not yet feasible.12 The Department of Defense suspended an Internet voting trial after concluding it could not ensure the legitimacy of votes cast over the Internet 13 and the Pentagon has stated it does not endorse the electronic return of voted ballots.14  Although the Department of Homeland Security has not published formal guidance on Internet voting, the Homeland Security cyber-division does not recommend the adoption of online voting for any level of government 1415 Unlike most voting systems currently used in the United States, there are no standards for internet voting and no internet voting systems have been certified by the U.S. Election Assistance Commission.

Blockchain systems do not address the fundamental issues with internet voting.

Blockchain-based voting systems introduce additional security vulnerabilities and do not address the fundamental security concerns scientists, election security experts, and government officials have expressed since the advent of internet voting.16  Rather than enhancing security, the 2018 NASEM report described the addition of blockchains to voting systems as “added points of attack for malicious actors.” 5 Experts and researchers have expressed significant concern over the perceived security of blockchain technology,17 more generally, but particularly regarding voting security.1819

MIT researchers reported a variety of potential vulnerabilities after examining a portion of Voatz code.20 Researchers easily circumvented Voatz’s malware detection software, demonstrating a potential avenue to exposing the voter’s private information or manipulating their ballot. Voatz’s servers are vulnerable to manipulation “surreptitiously violating user privacy, altering the user’s vote, and controlling the outcome of the election.” Additionally, attackers could intercept a voter’s transmitted ballot prior to receipt by Voatz’s servers and determine how the voter voted because the information transmitted “clearly leaks which candidate was selected.”

Beyond potential ballot manipulation, Voatz potentially exposes a voter’s email, physical address, exact birth date, IP address, driver’s license or passport number, mobile phone number, a current photo of themselves, a short video of themselves, a copy of their written signature, their device’s model and OS version, and preferred language to third parties. As a result, information captured from voters exposes them to serious risk of identity theft, and information from overseas military voters risks potentially providing adversaries with intelligence regarding military deployments, endangering the lives of service members and national security.

An in-depth technical study from a private security group contracted by Voatz confirmed vulnerabilities previously reported by MIT researchers, despite the app developer arguing these vulnerabilities did not exist following the MIT report. 21 In total, the security group’s review highlighted seventy-nine findings with a third of the findings labeled as “high severity.” 22 Importantly, the review “did not even constitute the entire Voatz system, as the code for certain components such as the audit portal were never furnished,” indicating still undiscovered vulnerabilities and a lack of transparency essential for faith in the electoral system. 23

Access to the ballot for all is an essential tenet of American democracy.

At this difficult time, election officials seek to protect citizens’ health and access to the ballot. COVID-19 presents significant barriers to voting. However, internet voting is not a viable solution given the longstanding and critical security issues it presents. Thoughtful implementation of alternative voting methods such as voting by mail and early voting can help support the diverse needs of the electorate, addressing both new concerns relating to COVID-19 and existing disparities in ballot access. 2425262728 Incoming federal funding should help election officials implement alternative systems and offer increased flexibility to confront our ongoing challenges. 29

Two decades of scientific and technical analysis demonstrate that secure internet voting systems are not possible now or in the immediate future. In response to this evidence, we respectfully request that in your roles leading election security in your state, you refrain from allowing the use of any internet or voting app system.

If we can provide additional scientific evidence regarding internet voting or do anything else to be a resource, please let us know. Our organizations and the scientists, engineers, and statisticians we represent stand ready to assist you.

Signed,

Michael D. Fernandez, Director, Center for Scientific Evidence in Public Issues, AAAS

Deborah Frincke, Fellow, Association for Computing Machinery

Vinton Cerf, Internet Pioneer

Barbara B. Simons, Board of Advisors, U.S. Election Assistance Commission

Bruce W. McConnell, Executive Vice President, EastWest Institute, Former Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security

Andrew W. Appel, Professor of Computer Science, Princeton University

J. Alex Halderman, Director, Center for Computer Security and Society, University of Michigan

James Koppel, Ph.D. Candidate in Programming Languages, Massachusetts Institute of Technology

Bruce Schneier, Lecturer and Fellow, Harvard Kennedy School

Kevin Skoglund, President and Chief Technologist, Citizens for Better Elections*

William Ramirez, Executive Director, ACLU PR/ACLU of Puerto Rico National Chapter*

Michael A. Specter, Ph.D. Candidate in Electrical Engineering and Computer Science, Massachusetts Institute of Technology

Dan S. Wallach, Professor of Computer Science, Rice University

Ellen Zegura, Chair, Computing Research Association*

John C. Bonifaz, President, Free Speech For People*

Edward W. Felten, Director, Center for Information Technology Policy, Princeton University

Mark Ritchie, Former Minnesota Secretary of State

Candice Hoke, Founding Co-Director, Center for Cybersecurity & Privacy Protection, Cleveland State University

John E. Savage, An Wang Professor Emeritus of Computer Science, Brown University

Eugene H. Spafford, Professor and Executive Director, Center for Education and Research in Information Assurance and Security, Purdue University

Douglas W. Jones, Associate Professor of Computer Science, University of Iowa

David L. Dill, Donald E. Knuth Professor Emeritus, School of Engineering, Stanford University

John L. McCarthy, Lawrence Berkeley National Laboratory (retired); Board of Advisors, Verified Voting

David Jefferson, Lawrence Livermore National Laboratory (retired); Board of Directors, Verified, Voting

Larry Diamond, Senior Fellow, Hoover Institution and Freeman Spogli Institute, Stanford University

Daniel J. Weitzner, Founding Director, Internet Policy Research Initiative, Massachusetts Institute of Technology

Ronald L. Rivest, Institute Professor, Massachusetts Institute of Technology

James Hendler, Director of the Institute for Data Exploration and Applications, Rensselaer Polytechnic Institute

Harry Hochheiser, Associate Professor, Department of Biomedical Informatics, University of Pittsburgh

Jeanna Neefe Matthews, Associate Professor, Department of Computer Science, Clarkson University

Matthew Blaze, McDevitt Chair of Computer Science and Law, Georgetown University

Steven M. Bellovin, Percy K. and Vida L. W. Hudson Professor of Computer Science, Columbia University

Brian Dean, Privacy Subcommittee Chair, Association for Computing Machinery, U.S. Technology Policy Committee

Andrew Grosso, J.D., M.S. Comp. Sci., M.S. Physics, Andrew Grosso Associates

Steve M. Newell, Policy Director, Center for Scientific Evidence in Public Issues, AAAS

Marian K. Schneider, President, Verified Voting

Ben Ptashnik, President, National Election Defense Coalition*

Karen Hobert Flynn, President, Common Cause*

Duncan Buell, NCR Professor of Computer Science and Engineering, University of South Carolina

David Mussington, Professor of the Practice and Director, Center for Public Policy and Private Enterprise, School of Public Policy, University of Maryland

Daniel M. Zimmerman, Principal Researcher, Galois

Paul Rosenzweig, Senior Fellow, R St. Institute

Richard Forno, Senior Lecturer and Director, UMBC Graduate Cybersecurity Program, UMBC

Kelley Misata, CEO and Founder, Sightline Security

O. Sami Saydjari, CEO, Cyber Defense Agency, Inc.

Matt Bishop, Professor of Computer Science, University of California at Davis

Patricia Youngblood Reyhan, Distinguished Professor of Law, Albany Law School

*Signing on behalf of org

Featured Publications