While smartphone voting could increase turnout and make voting more accessible, it can also create an array of cybersecurity issues.
King County, the region of the US state of Washington where Seattle is situated, will offer all registered voters in the county the opportunity to cast their ballots on their phones for the first time.
From 22 January until 11 February, King County’s 1.2m residents will be able to vote in the county’s board of supervisors election using a smartphone or touchscreen device.
While this local election may not be a major political event, and has been described as a contest “so obscure that voters have typically had to specifically request to vote”, it’s the first election in the US that has allowed all registered voters to use their smartphones to cast their votes.
How it works
The initiative is a collaboration between King County, the county’s conservation district, non-profit Tusk Philanthropies, the US National Cyber Security Center, and electronic balloting company Democracy Live.
Bradley Tusk, founder of Tusk Philanthropies, which has been pushing to expand mobile voting across the US, said: “This is the biggest test of mobile voting ever and the biggest innovation in democracy in decades.”
The voting platform will be an online portal that allows registered voters to log in by using their name and date of birth. Once the voter has selected a candidate, they have to sign their name on the device’s touchscreen and submit their ballot.
Once the ballot has been submitted, King County’s elections department will download and print out a paper ballot, which will be matched against the citizen’s signature on file, before votes are counted.
After just 3,500 people voted in last year’s board of supervisors election, executive director of the conservation district, Bea Covington, said: “We have been looking for ways to increase awareness and increase voter participation for a number of years. We’re providing a really large beta test of this kind of ballot access.”
The potential benefits
King County does not appear to have any plans to expand the system to include national or state-wide elections, but it is hoped that the new system will help to boost voter turnout on this occasion.
King County director of elections Julie Wise said: “This election could be a key step in moving toward electronic access and return for voters across the region. My role here is to remove the barriers to voting.”
Speaking to the Seattle Times, Wise acknowledged that voting, like everything else we do online, could be vulnerable to hacking. “There’s a lot of things we do online, banking, health records, that are also of concern for people that are secure,” she said.
“I’ve vetted this, technology experts in the region have vetted this to ensure that this is a safe, secure voting opportunity.”
A security nightmare?
The same week that elections in King County began, the UN released a new report warning against the global threat to election integrity.
While the report mostly looked at the dangers posed by misinformation, online extremism and social media manipulation, Wired wrote about how we are living in a watershed moment for election security.
The publication pointed out that past attempts to digitise the voting process have been marred in controversy, with a 2010 trial of an online voting system in Washington DC hacked by researchers from the University of Michigan within 48 hours. These researchers were able to compromise the server and change all of the vote tallies.
The US has also considered rolling out online voting for overseas military members, despite many cybersecurity experts warning that the internet is not yet secure enough to facilitate elections.
Former Hewlett-Packard CTO Rich DeMillo, who is now a cybersecurity expert at the Georgia Institute of Technology, told NPR: “I come down with getting as many computers out of the process as you can. Every time you introduce a technology layer, you have these cascades of unintended consequences.”
Identifying a voter
The Verge pointed out some of the other issues with online voting, including the fact that links can be spoofed, devices can be compromised by malware, systems can be subject to a DDoS attack and, of course, users can be impersonated.
In the case of the King County election, all that is needed to log into the voting portal is a name and date of birth. The identity of the voter is confirmed through a handwritten signature, which could be easy to forge.
One way to more securely identify a voter might be to go against the advice of DeMillo and add another security layer such as blockchain.
In 2018, West Virginia experimented with allowing overseas voters to submit absentee ballots by using a blockchain-based voting app called Voatz during its midterm election.
But, as DeMillo said, the more technology you add to a process, the more complicated it becomes. For now, a pen and paper might have to do.