Cybersecurity Experts Warn: Internet Voting Remains Fundamentally Insecure for Elections

Security Community Reaffirms: Internet Voting is Inherent Risk to Democratic Processes

Leading cybersecurity experts, including Bruce Schneier, have once again sounded the alarm over the persistent push for internet-based voting systems in public elections. In a joint letter published this week, researchers reiterated that internet voting remains fundamentally insecure despite repeated vendor claims to the contrary.

Core Technical Concerns

The security community's opposition stems from several intractable technical challenges:

• Lack of verifiable audit trails: Unlike paper ballots, digital votes cannot be meaningfully recounted or verified by independent observers
• Exposure to large-scale attacks: Internet-connected systems present attractive targets for nation-state actors and criminal organizations
• No cryptographic solution: While end-to-end verifiable (E2E-V) systems exist for limited scenarios, they cannot address core vulnerabilities in mass public elections
• Client-side risks: Voters' devices may be compromised through malware, phishing, or supply chain attacks
• Denial-of-service potential: Internet-based systems create new vectors for election disruption

"Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology that can make it secure," the letter states. The signatories emphasize that these risks are not theoretical but represent fundamental limitations of current technology.

Industry Dynamics and Misleading Claims

The letter specifically calls out Bradley Tusk and the Mobile Voting Foundation for their ongoing promotion of internet voting solutions to election administrators and journalists. Security professionals warn that:

• Vendor claims of "military-grade encryption" and "blockchain security" do not address core vulnerabilities
• Pilot programs often occur in low-stakes elections with limited public scrutiny
• The lack of standardized security requirements enables vendors to make unverifiable claims

"This whole effort is misleading and dangerous," the researchers assert, noting that no amount of technological innovation has succeeded in mitigating the fundamental risks.

Impact Analysis

The adoption of internet voting systems could have severe consequences for democratic processes:

1. Election Integrity: Successful attacks could alter election outcomes without detection
2. Public Trust: Even unsuccessful attacks could erode confidence in electoral systems
3. Legal Challenges: Internet voting may violate constitutional requirements for secret ballots in many jurisdictions
4. Long-term Costs: Remediation of compromised systems could require complete election reruns

The letter's signatories include prominent security researchers, cryptographers, and election security specialists from leading academic institutions and industry organizations.

Current Recommendations

The security community continues to recommend:

• Paper-based systems as the gold standard for verifiable elections
• Risk-limiting audits to detect and correct tabulation errors
• Air-gapped systems for vote counting and tabulation
• Public testing of all election equipment before deployment
• Mandatory disclosure of all source code used in election systems

While acknowledging the convenience benefits of internet voting, the experts maintain that security must take precedence in democratic processes. The letter concludes that no technological advancement on the horizon can address the fundamental security limitations of internet-based voting systems.