Why can't I vote on my phone?
▶ Watch Video: Facebook and Twitter face challenges with election misinformation
My phone is the digital master key that unlocks my life. Like millions of people, I use it to buy groceries, send cash to family and friends, read sensitive work documents, save passwords, and update social media. So why can’t I use it to vote?
To participate in this fall’s election, a record number of voters confronted a gauntlet of challenges, including long lines at polling locations and overwhelmed postal service. Many obstacles would seem surmountable with a smartphone. After all, even the oldest iPhone and Android devices are, by orders of magnitude, more powerful than the computers that sent humans to the moon, and more capable than most election machines, some of which still run archaic operating systems.
A handful of countries have used electronic voting for years. Estonia has been voting online, with mixed results, since 2005. In Canada, national elections still use optical scan ballots, but in 2018 over 150 cities in Ontario voted online. Switzerland recently demonstrated an online voting system and invited hackers to stress-test the software.
Yet most cybersecurity experts are skeptical about online and smartphone voting. CBS News interviewed over two dozen cybersecurity experts, including tech leaders, policymakers, engineers, and hackers about the potential risks of smartphone voting.
Most agreed that to vote from our smartphones, the United States would have to make a significant investment in digital infrastructure, distribute the technology equitability, make sure the digital voting process can be audited for accuracy, and prioritize voter security and privacy.
Not everyone has a smartphone or equal access to the internet
Although millions of U.S. consumers own smartphones, said Jason Ortiz, senior product engineer at the cyberdefense firm Pondurance, rural and low-income consumers often have the least access to high-speed mobile internet. “The lack of [universal] mobile internet access disenfranchises voters, so [smartphone] voting would surely discourage rural and poor voters,” said Ortiz.
Nearly 96% of Americans own a cellphone and 81% own a smartphone, according to the Pew Research Center. LTE, the network technology use by most modern smartphones, has been available for a decade and is still not evenly distributed. Next-generation 5G networks will not be widely available for years.
Nick Merrill, a cryptographer and digital democracy expert, agrees that smartphone voting would disenfranchise voters because the U.S. has not invested in a robust mobile digital infrastructure.
“The reason you can’t vote on your phone is that the U.S. can’t even run a traditional election in a way that assures the vote gets to everyone,” said Merrill, who is the director of the Daylight Security Research Lab at UC Berkeley. “Why should we trust that a more complex, more difficult-to-audit system is going to be better?”
Security and privacy concerns
“I know what you’re going to say. ‘But I bank on my phone every day!’ You do, and you should. Our banking systems are secure and we have insurance to cover fraud and cybercrime,” said a Citibank executive who requested her name be withheld.
The bank executive explained that “not all smartphones are secure, and not all smartphones are secured in the same way. Financial institutions spend a lot of time and money protecting the accounts of their users. We work with phone vendors like Apple and Samsung on security. Are states or the federal government going to spend the same money we spend on security? Not likely.”
Even the most secure smartphones are vulnerable to hacks by everyone from small hacktivist groups to large nation-state adversaries, said Suzanne Spaulding, advisor to Nozomi Networks and a former Department of Homeland Security cybersecurity undersecretary.
“Voting by mobile phone presents many opportunities for bad actors. We know that adversary nations and criminals have the capability to intercept communications as they travel from your phone to cell towers and through the network,” said Spaulding. “This would allow them to alter the communication, and change your vote. And without any paper record, it’s hard to go back and check to ensure your vote was received as cast.”
Having an auditable paper trail is just as important as your ballot, said Charity Wright, a former NSA analyst and cyber threat intelligence analyst at Recorded Future. That way, even if a cyberattack disrupted an election, the results would be secured with paper backups.
Sophisticated nation-state hackers would exploit the lack of auditability on mobile phones to confuse the results, Wright said. “Foreign nations are actively working to disrupt the election and our democracy right now. Electronic voting from mobile devices would offer them an unprecedented avenue to target voters, the electoral system, and vulnerable mobile phones. There are hundreds of ways for a threat actor to change someone’s vote in transit between a mobile phone and the election officials.”
Authenticating a voter’s identity is tricky
When you step into a ballot box, your identity is known to trained poll workers, but your vote is private. In order to authenticate a voter’s identity, poll workers check your signature, address, and sometimes other forms of identification.
Voting from a phone sounds even easier. In theory, voting from your phone means that you log in to your phone, maybe scan your face or thumb, open an app, make your selection, tap enter, and you’re done, right?
But how do we know it’s really you? asks United Nations cybercrime chief Neil Walsh. Did you tap and vote for the next president, or did your dog when your phone fell on the floor? Maybe your friend was pranking you by voting for someone you don’t like.
According to Walsh, authenticating and securing a smartphone vote presents a Murphy’s Law of technical challenges: Anything that can go wrong will go wrong.
“Have you ever lost your phone? What about trying to recover a password? What about if you don’t use a password and don’t look after your phone? What if you screw up and hit the wrong button? What about trusting the counting process?
“How do you know that you actually voted? Do you trust the ‘You Voted!’ screen? What if your device is hacked? How would you know? And if you did, what would you do about it? How do you make sure that all who want to vote by internet can do so, safely and reliably?
“These are just a fraction of the questions that come up with voting by phone. Will it happen one day? Probably. But it’s a way off.