Why Can't I Vote Online?

This year more people will likely vote than  at any time in history. It's being called the "ultimate election year," when countries with half  the world's population can vote for their leaders. This is a big test of democracy that requires  millions of polling places and billions of ballots but voting is not always easy.

In some  places people need to travel long distances or wait in long lines. In the United States we vote  on a Tuesday so sometimes people need to take off from work. I'm very excited to go vote and  I'm wondering.

. . wouldn't it be easier if I could just.

. . [TADA!

]. Why can't I vote online? Over the past few  months, I've been talking to voting and security experts to try to answer that question.

And it  turns out that the answer is more controversial, complicated and high stakes than I could have ever imagined. . .

"Online voting. . .

" "Online ballots. . .

" "Online voting system" "our adversaries are extremely talented" "vulnerable to cyber attacks" "it's simply not secure enough" "they have unbounded amounts of hackers, computers, and cash" "faster and easier! " "more convenient and boost voter turnout" "total security for your vote" "might be the future of elections. .

. " "3. .

. 2. .

. 1. .

. " One of the surprising origins of online voting is actually. .

. space! In 1997 the US state of Texas added an option for  online voting to let this astronaut vote from the Mir Space Station.

"We fill out this application,  the ballot is encrypted to us, we send it back down and they record the vote. " This tradition of  allowing astronauts to vote from space is still happening. The two American astronauts that are  trapped on the ISS right now are planning to vote this way.

And now all of these states allow  options for online voting for military and overseas citizens. All in, about 300,000 Americans  voted online in 2020. Around the world, this map isn't exhaustive, but all of these countries have  options for people to vote online to varying degrees.

But again, it's mostly available to people  with special circumstances. It's not available to everybody. In most of the world voting looks like  this: In India for example the world's largest democracy people go to polling stations and then  vote using electronic machines like this and then election officials paint their fingers with ink  that lasts around 2 weeks.

This helps prevent fraud. Or in Gambia for example people place marbles into  colored drums like this. Or in the United States here's me voting for the first time when I was 19. 

I love that picture because I got all dressed up. When I go this year, I'll mark a paper ballot put  it into the machine like this and my vote will likely be counted using an optical scan ballot  counter which records the vote by reading the ballot like one of those scantron tests you might  have taken at school. Importantly, the physical paper ballot is kept as a backup in case of an audit  or a recount.

Many countries do something similar to this process. The totals then get sent to a  central office which reports unofficial results. That's what we see on TV on election night.

"So this  is the map right now," "too close to call," "we can now project the winner of the presidential race! " The  official results can sometimes come weeks later after election officials have had a chance to  count all the ballots and audit the results. But only about 2/3 of eligible US citizens usually  vote compared to other countries that's not great.

The biggest dream North Star of online voting  is to help increase the number of people who vote. We don't know that it'll do that, but it would be  enough in my mind if it just made it easier for people to participate in their own democracies. .

. if  and only if we can do it safely. The biggest thing to remember here about online voting is that the  stakes couldn't be higher.

We're talking about the most important well-armed countries in the world  choosing who runs them and trying to affect who runs their enemies. This is cyber security on  a whole whole other level. If you're one of the select people voting online in the US now, you  often have to email or fax your ballot and the cybersecurity experts that I spoke to were very  clear: That is not a system that you want a whole country using.

But this is Huge If True! So let's  imagine, what would good online voting actually take? This is DrJoe Kiniry and DrJosh Benaloh who are both cybersecurity experts with over 20 years experience working on online voting.

They're going  to be our guides to understand why this problem is so hard and how we might be able to solve it. How  hard is this problem really? "It is a difficult problem.

We don't have all the problems solved  or well enough solved. I usually will list four basic challenges to voting online. " And the first  is credentials.

"If you're voting online you have to have credentials of some sort, digital credentials. "  There are places that have this. In Estonia every citizen gets an electronic ID card which they use  for healthcare, taxes, and since the early 2000s, online voting.

When an Estonian goes to vote they  use their ID card to validate their identity and then cast their vote. "In Europe national ID cards  are a thing and they've been around forever" but in the US. .

. "in America there has always been an extreme  resistance to the roll out of a national ID system. " Social Security numbers?

"You have a number, that is  true, and that number sort of represents the foundation of what could be you know the the first  step of 1000 to get to a national ID card uh from a technical standpoint but from a political  standpoint it's a simply a no go. " This isn't just technical challenges it's political ones  too. The second challenge is both technical and political: coercion.

"If I'm using a phone to vote  and I log into the phone like with my facial ID I can just then hand that to someone else and  they can vote. You can't do that in a polling place. " Imagine your boss says that they'll give  you $500 to vote for a particular candidate.

It's crucial that your vote is a secret and not  just that you vote in secret but also that you don't have a receipt that you could then take  back to your boss and say [CA-CHING]. "When we didn't have secret ballot we had lots of vote selling  and vote buying and you know manipulation of voters. " Estonia deals with this by allowing voters  to recast their vote as many times as they want online with the last recorded vote being counted  so if someone forced you to vote a certain way you could revote later.

We think of other things  like online banking as being secret but by this standard they're not at all. "In banking, you must  not be secret. You're logging into a website and every transaction you make has to be part of  your public ledger shared with the bank.

" You can see all of your transactions afterward and your  bank can see them too. Online voting is not like online banking. That brings us to the third problem  with online voting: client malware.

"Hackers! Data breach! Major data breach!

Stole private information,  paralyzed by ransomware attacks. . .

" But first I got to tell you about another piece of technology:  this. I love the backstory of this company they were originally an aerospace company and they  made parts for a Mars Rover and the International Space Station and then in 2020 they took all of  that engineering expertise and they brought it to this razor. This is the Hensen AL13.

It also feels  like a piece of engineering like this does make me feel cool. One of the problems with razors is that  they're typically not supported well enough so the blade actually moves a little bit along your  skin and that's one of the reasons that people get razor burn. The blade only extends past the shave  plane a tiny little bit it's 0.

0013 in which is actually less than the thickness of a human hair  that also helps the razor hold the blade at the ideal 30° angle. It's also completely plastic free  and not just the razor but the packaging too and I found it cool that this company is doing a bunch  of research to help understand what makes people get the best shave so like here for example  the camera detects blood flow in the skin so red means more irritation and green means less. If  you're looking for a new razor and you love good engineering you might enjoy it.

Click the link in  my description. Now back to client malware. .

. "As soon as you go to internet voting that means every vote  voter's device in the entire election is part of the election's infrastructure. " For a hacker that's  a lot of doors to get through.

"And so your attack surface is what we call it in cybersecurity has  grown many orders of magnitude larger and suddenly you have to worry about the bad guys getting in to  any of those doors. " Yikes. The thing most people are worried about here is vote flipping.

"I try to vote  for A, there's malware on my phone, it casts a vote for B without my knowing it and you know there's a  vote B! " But I use my phone to do all kinds of secure things, right? Like why can't we just build an  unhackable system?

I bank online, I send encrypted messages I don't understand yet how voting is  different from what I already do. "The principal difference is the ability to confirm that things  have been done properly. " And that confirmation is hard because of the secret ballot right so the  thing that protects us from one problem verion causes another problem which is confirming your  vote is correct.

But some cybersecurity experts are excited about a way to solve that. "It's called  the Benaloh challenge, named after my friend Josh Benaloh who invented it. " Yeah this Josh Benaloh!

"Yeah I can  do a demonstration for you of how that works. . .

" I would love that, yes please. "I have my  trusty deck of cards here. " First I get to choose to vote red or black.

So I vote red. "So I am going  to show you this and I claim for you that this is an encryption of a red vote. " Now I can submit  my vote "or you can say you want to check.

" I want to check. "Okay there it is. " And I can repeat this  process as much as I want.

"Black. " "Would you like to keep it or would you like to check it? " I'd like to  check it.

"Okay. . .

" Red! "Okay" Challenge! Thank you.

Black! "Okay" Challenge it. "Okay" Thank you.

Black! Red! Black!

I could do this all day. "I promise you will get bored soon. What we're doing is testing the system  making sure that if there was a bug or a hack that was flipping boats I'd notice and when I've done  it enough times.

. . "Keep it or challenge it?

" You know I trust you now. I can submit my final encrypted vote.  This doesn't just make people feel like the system is working it mathematically proves that it is. 

"Statistics are very very much on our side. You can imagine a large election, 100 million voters, if  1% of voters actually do a check, as much as a 100 votes being flipped across the entire election  would likely be caught somewhere. " In practice, my encrypted vote is a sequence of numbers and  at the end of an election all of those numbers would be recorded so I can see my number not how I  voted but the fact that the vote I submitted went through.

Great so we solved it, right? Absolutely  not. Because if you do find a problem what then?

If finding a problem on your phone calls an  election into question unfortunately a lot of people would do that deliberately. "If the fact that  I have malware on my phone causes an election to be overturned or upset then there are going to be  a lot of people who intentionally put malware on their phones. " But here's the craziest part to me  about all of this: Actually flipping a vote isn't even necessarily the biggest cyber security risk. 

Imagine an enemy just makes it a little bit more annoying for certain groups to vote. That brings us  to the fourth and maybe highest stakes challenge with online voting, which is called a denial of  service attack. The goal of this type of attack is to overload a system with fake traffic causing  a website to crash or not load properly or causing an internet outage in certain areas.

Even if it  just causes a slowdown for a few hours that could be catastrophic. We know that rain influences  voter turnout. This would be basically people creating online weather in only specific places  to affect how people vote just enough.

"Slowing down voting, that can change the outcome of an election.  What's the acceptable level? Where do we say well not too many voters were inconvenience so we're  going to accept this election.

" "Our adversaries are extremely talented. They have unbounded  amounts of hackers computers networks and cash. " This story is not about your mom's email scammer. 

This is about nations trying to influence each other's elections. It also touches on the obvious  problem of public trust in voting. .

. which is not a technological problem. "There's a lot that goes well  beyond technology here yes.

" I came into this story thinking, online voting! This should obviously be a  thing! But like many of the stories that we cover this is a way harder problem to solve than I  thought.

"We are making progress but there are unsolved problems. " "Lots of constructive folks have  done the what if about how might this work but it's hard. " There is a future where this could work  and that is huge if true, but in the meantime it's worth remembering how awesome it is to vote  in the first place.

A lot of people fought for my right to be able to do that and I feel incredibly  grateful so if you feel that way too if you can go vote. No matter what the technology it's time  to make your very human voice heard.