While the appeal of Internet voting is obvious, the risks, unfortunately, are not. Voted ballots sent via the Internet simply cannot be made secure and make easy and inviting targets for attackers ranging from lone hackers to foreign governments seeking to undermine US elections.
Despite that, as states provide electronic delivery of blank ballots, some are using the Internet for return of voted ballots via email attachments, by digital fax or through a web portal. Vendors of online election software downplay the inherent risks and promise
“Internet security.” But experts in computer security maintain that nothing sent over the Internet is secure. Voters’ personal computers, from which emails are sent, are easily and constantly attacked by viruses, worms, Trojan Horses and spyware; and the election official on the receiving end has no way to know if the voted ballot she/he received matches the one the voter originally sent.
There is no way to guarantee that the security, privacy, and transparency requirements for elections can all be met with any practical technology in the foreseeable future. Anyone, from a disaffected misfit individual to a national intelligence agency, can remotely attack an online election, modifying or filtering ballots in ways that are undetectable and uncorrectable, or just disrupting the election and creating havoc. There are a host of such attacks that can be used singly or in combination. In the cyber security world today almost all of the advantages are with attackers, and any of these attacks can result in the wrong persons being elected, or initiatives wrongly passed or rejected.
