NIST: Internet voting not yet feasible


Internet voting is not yet feasible, researchers from the National Institute of Standards and Technology have concluded.

"Malware on voters' personal computers poses a serious threat that could compromise the secrecy or integrity of voters' ballots," said Belinda Collins, senior advisor for voting standards within NIST's information technology laboratory, in an May 18 statement.

"And, the United States currently lacks an infrastructure for secure electronic voter authentication," she added.

Collins released the statement in response to an inquiry from Common Cause, a Washington, D.C. nonprofit active in campaign finance and election reform. (Common Cause provided it to us and we verified its authenticity with NIST.)

"This statement should serve as a blunt warning that we just aren't ready yet and proves that we can't trust the empty promises of 'secure Internet voting' from the for-profit vendors," said Susannah Goodman, head of Common Cause's Voting Integrity Project.

"We urge election officials and state and federal lawmakers to heed NIST's warning and step back, support further research and STOP online voting programs until they can be made secure," Goodman added.

Collins said NIST came to the conclusion that "additional research and development is needed…before secure Internet voting will be feasible" as a result of preparing a February 2011 interagency report on security considerations for electronic voting for uniformed and overseas citizens absentee voting.

The report, NISTIR 7770 (.pdf) concluded that Internet voting systems "cannot currently be audited with a comparable level of confidence in the audit results as for those for polling place systems," Collins said.

In coming out against Internet voting with current technology, NIST becomes part of an established consensus among most cybersecurity experts who have examined the issue.

Bruce McConnell, a Homeland Security Department senior cybersecurity counselor, told a March 29 gathering of election officials and watchdogs that it would be "definitely premature to deploy Internet voting in real elections."

Researchers from the University of Michigan who took control over a planned city of Washington, D.C. Internet voting system pilot for overseas voters in 2010 similarly concluded in a February 2012 paper (.pdf) that Internet voting "will require significant fundamental advances in computer security" before it should be deployed.

For more:
- read the full statement from Belinda Collins regarding Internet voting

Related Articles:
Small coding mistake led to big Internet voting system failure 
Internet voting not ready for elections, says DHS official 
British Columbia may launch Internet voting pilots