My phone is the digital master key that opens my life. Like millions of people, I use it to buy groceries, send money to family and friends, read confidential work documents, save passwords, and update social media. Why can’t I vote with it?
In order to participate in the fall elections, a record number of voters faced a number of challenges, including long lines at polling stations and an overwhelmed postal service. Many obstacles seem to be overcome with a smartphone. After all, even the oldest iPhone and Android devices are orders of magnitude more powerful than the computers that sent humans to the moon, and more powerful than mostSome of them are still running archaic operating systems.
A handful of countries have used electronic voting for years. Estonia has been voting online since 2005, with mixed results. In Canada, optical scanning ballots are still used in national elections, but over 150 cities in Ontario voted online in 2018. Switzerland recently demonstrated an online voting system and invited hackers to stress test the software.
Most cybersecurity experts, however, are skeptical of online and smartphone voting. CBS News surveyed over two dozen cybersecurity experts, including technology leaders, policy makers, engineers, and hackers, about the potential risks of smartphone voting.
Most agreed that the United States must make significant investments in digital infrastructure, distribute technology equality, ensure that the digital voting process can be verified for accuracy, and prioritize the security and privacy of voters to use our smartphones to be able to vote.
Not everyone has a smartphone or equal access to the Internet
Though millions of US consumers own smartphones, rural and low-income consumers often have the least access to high-speed mobile Internet, according to Jason Ortiz, chief product engineer at cyberdefense company Pondurance. “The lack of [universal] Mobile internet access disenfranchises voters [smartphone] Votes would certainly discourage rural and poor voters, “Ortiz said.
Almost 96% of Americans own a cell phone and 81% have a smartphone the Pew Research Center. LTE, the network technology used by most modern smartphones, has been around for a decade and is still not evenly distributed. Next generation 5G networks will not be widely available for years.
Nick Merrill, cryptographer and digital democracy expert, agrees that voting with smartphones disenfranchises voters because the US has not invested in robust mobile digital infrastructure.
“The reason you can’t vote on your phone is because the US can’t even hold traditional elections that make sure everyone votes,” said Merrill, director of the Daylight Security Research Lab at UC Berkeley. “Why should we trust that a more complex, more difficult-to-test system will get better?”
Security and privacy concerns
“I know what you’re going to say. ‘But I use my phone every day!’ You do it and you should do it. Our banking systems are safe and we are insured against fraud and cybercrime, “said a Citibank executive who petitioned for her name to be withheld.
The bank director said that “not all smartphones are secure, and not all smartphones are secured the same way. Financial institutions invest a lot of time and money into protecting their users’ accounts. We are working with phone providers like Apple and Samsung on security in Becoming States or the federal government spending the same money we spend on security? Not likely. “
Even the most secure smartphones are vulnerable to hacking, from small hacktivist groups to large nation-state opponents, said Suzanne Spaulding, an advisor to Nozomi Networks and former undersecretary of cybersecurity for the Department of Homeland Security.
“Voting by cell phone is a bad opportunity for bad actors. We know that opposing nations and criminals have the ability to intercept communications when they travel from your phone to cell towers and over the network,” said Spaulding. “This would allow them to change communications and change your vote. And without paper records, it is difficult to go back and verify that your vote was received.”
According to Charity Wright, former NSA analyst and cyber threat intelligence analyst at Recorded Future, having a verifiable paper path is as important as your choice. That way, even if a cyberattack interfered with an election, the results would be backed up by paper backups.
Sophisticated nation-state hackers would take advantage of the lack of verifiability of cell phones to confuse the results, Wright said. “Foreign nations are currently actively working to disrupt elections and our democracy. Electronic voting on mobile devices would offer them an unprecedented opportunity to engage voters, the electoral system and vulnerable cell phones. There are hundreds of ways for a threat actor to change voice a person walking between a cell phone and the polling officer. “
Authenticating the identity of a voter is difficult
When you step into a ballot box, your identity is known to trained pollers, but your vote is private. To authenticate the identity of a voter, electoral officers check your signature, address, and sometimes other forms of identification.
Voting from a phone sounds even easier. In theory, voting from your phone means logging into your phone, possibly scanning your face or thumb, opening an app, making your selections, tapping Enter, and you’re done, right?
But how do we know it’s really you? asks Neil Walsh, United Nations Chief Cybercrime Officer. Did you tip and vote for the next president, or did your dog when your phone fell on the floor? Maybe your friend played a prank on you by voting for someone you don’t like.
According to Walsh, authenticating and securing a smartphone vote is Murphy’s law of engineering challenges: anything that can go wrong will go wrong.
“Have you ever lost your phone? What about trying to recover a password? What if you don’t use a password and don’t care about your phone? What if you screw it up and press the wrong button? What if, when you trust the phone? ” Counting process?
“How do you know you actually voted? Do you trust the ‘You voted!’ What would you know if your device was hacked and if so, what would you do about it, how do you make sure that anyone who wants to vote on the internet can do so safely and reliably?
“This is only a fraction of the questions asked during the telephone vote. Will it happen one day? Probably. But it is a way out.