A new analysis of actual, real-life, online voting systems is more bad news for online voting.
From the abstract of “Security Analysis of the Democracy Live Online Voting System“:
We find that OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare. In addition, Democracy Live, which appears to have no privacy policy, receives sensitive personally identifiable information— including the voter’s identity, ballot selections, and browser fingerprint— that could be used to target political ads or disinformation campaigns. Even when OmniBallot is used to mark ballots that will be printed and
Security Analysis of the Democracy Live Online Voting System by Michael A. Specter and J. Alex Halderman
returned in the mail, the software sends the voter’s identity and ballot choices to Democracy Live, an unnecessary security risk that jeopardizes the secret ballot. We recommend changes to make the platform safer for ballot delivery and marking. However, we conclude that using OmniBallot for electronic ballot return represents a severe risk to election security and could allow attackers to alter election results without detection.
Even in the post-Coronavirus world, online voting just isn’t safe enough to use in real life elections.
