Online Voting System Used in Florida and Elsewhere Has Severe Security Flaws, Researchers Find
Significant problems with Democracy Live’s OmniBallot internet voting program could result in doctored ballots as voters gear up for election season in the era of Covid-19
New research shows that an internet voting system being used in multiple states this year is vulnerable to hacking, and could allow attackers to alter votes without detection.
On Sunday, researchers published a report that details how votes in OmniBallot, a system made by Seattle-based Democracy Live, could be manipulated by malware on the voter’s computer, insiders working for Democracy Live, or external hackers. OmniBallot is currently used in Colorado, Delaware, Florida, Ohio, Oregon, Washington, and West Virginia. Though online voting has typically been used by overseas military and civilian voters, it could expand to more voters in the future due to the pandemic.
The researchers found that bad actors could gain access to ballots by compromising Democracy Live’s network or any of the third-party services and infrastructure that the system relies on, including Amazon, Google, and Cloudflare.
“At worst, attackers could change election outcomes without detection, and even if there was no attack, officials would have no way to prove that the results were accurate,” the researchers, Michael Specter at the Massachusetts Institute of Technology and J. Alex Halderman of the University of Michigan, write. “No available technology can adequately mitigate these risks, so we urge jurisdictions not to deploy OmniBallot’s online voting features.”
The report, which was first covered by the New York Times, comes at an especially precarious time for election security. The ongoing coronavirus pandemic has highlighted the need for remote voting, as people risk exposure by gathering at polling sites. And while most states are looking to expand vote-by-mail for this purpose, some are looking at internet voting as an option. Computer security experts have long insisted that internet voting is not a safe voting method.