This year more people will likely vote than at any time in history. It's being called the "ultimate election year," when countries with half the world's population can vote for their leaders. This is a big test of democracy that requires millions of polling places and billions of ballots but voting is not always easy.
In some places people need to travel long distances or wait in long lines. In the United States we vote on a Tuesday so sometimes people need to take off from work. I'm very excited to go vote and I'm wondering.
. . wouldn't it be easier if I could just.
. . [TADA!
]. Why can't I vote online? Over the past few months, I've been talking to voting and security experts to try to answer that question.
And it turns out that the answer is more controversial, complicated and high stakes than I could have ever imagined. . .
"Online voting. . .
" "Online ballots. . .
" "Online voting system" "our adversaries are extremely talented" "vulnerable to cyber attacks" "it's simply not secure enough" "they have unbounded amounts of hackers, computers, and cash" "faster and easier! " "more convenient and boost voter turnout" "total security for your vote" "might be the future of elections. .
. " "3. .
. 2. .
. 1. .
. " One of the surprising origins of online voting is actually. .
. space! In 1997 the US state of Texas added an option for online voting to let this astronaut vote from the Mir Space Station.
"We fill out this application, the ballot is encrypted to us, we send it back down and they record the vote. " This tradition of allowing astronauts to vote from space is still happening. The two American astronauts that are trapped on the ISS right now are planning to vote this way.
And now all of these states allow options for online voting for military and overseas citizens. All in, about 300,000 Americans voted online in 2020. Around the world, this map isn't exhaustive, but all of these countries have options for people to vote online to varying degrees.
But again, it's mostly available to people with special circumstances. It's not available to everybody. In most of the world voting looks like this: In India for example the world's largest democracy people go to polling stations and then vote using electronic machines like this and then election officials paint their fingers with ink that lasts around 2 weeks.
This helps prevent fraud. Or in Gambia for example people place marbles into colored drums like this. Or in the United States here's me voting for the first time when I was 19.
I love that picture because I got all dressed up. When I go this year, I'll mark a paper ballot put it into the machine like this and my vote will likely be counted using an optical scan ballot counter which records the vote by reading the ballot like one of those scantron tests you might have taken at school. Importantly, the physical paper ballot is kept as a backup in case of an audit or a recount.
Many countries do something similar to this process. The totals then get sent to a central office which reports unofficial results. That's what we see on TV on election night.
"So this is the map right now," "too close to call," "we can now project the winner of the presidential race! " The official results can sometimes come weeks later after election officials have had a chance to count all the ballots and audit the results. But only about 2/3 of eligible US citizens usually vote compared to other countries that's not great.
The biggest dream North Star of online voting is to help increase the number of people who vote. We don't know that it'll do that, but it would be enough in my mind if it just made it easier for people to participate in their own democracies. .
. if and only if we can do it safely. The biggest thing to remember here about online voting is that the stakes couldn't be higher.
We're talking about the most important well-armed countries in the world choosing who runs them and trying to affect who runs their enemies. This is cyber security on a whole whole other level. If you're one of the select people voting online in the US now, you often have to email or fax your ballot and the cybersecurity experts that I spoke to were very clear: That is not a system that you want a whole country using.
But this is Huge If True! So let's imagine, what would good online voting actually take? This is DrJoe Kiniry and DrJosh Benaloh who are both cybersecurity experts with over 20 years experience working on online voting.
They're going to be our guides to understand why this problem is so hard and how we might be able to solve it. How hard is this problem really? "It is a difficult problem.
We don't have all the problems solved or well enough solved. I usually will list four basic challenges to voting online. " And the first is credentials.
"If you're voting online you have to have credentials of some sort, digital credentials. " There are places that have this. In Estonia every citizen gets an electronic ID card which they use for healthcare, taxes, and since the early 2000s, online voting.
When an Estonian goes to vote they use their ID card to validate their identity and then cast their vote. "In Europe national ID cards are a thing and they've been around forever" but in the US. .
. "in America there has always been an extreme resistance to the roll out of a national ID system. " Social Security numbers?
"You have a number, that is true, and that number sort of represents the foundation of what could be you know the the first step of 1000 to get to a national ID card uh from a technical standpoint but from a political standpoint it's a simply a no go. " This isn't just technical challenges it's political ones too. The second challenge is both technical and political: coercion.
"If I'm using a phone to vote and I log into the phone like with my facial ID I can just then hand that to someone else and they can vote. You can't do that in a polling place. " Imagine your boss says that they'll give you $500 to vote for a particular candidate.
It's crucial that your vote is a secret and not just that you vote in secret but also that you don't have a receipt that you could then take back to your boss and say [CA-CHING]. "When we didn't have secret ballot we had lots of vote selling and vote buying and you know manipulation of voters. " Estonia deals with this by allowing voters to recast their vote as many times as they want online with the last recorded vote being counted so if someone forced you to vote a certain way you could revote later.
We think of other things like online banking as being secret but by this standard they're not at all. "In banking, you must not be secret. You're logging into a website and every transaction you make has to be part of your public ledger shared with the bank.
" You can see all of your transactions afterward and your bank can see them too. Online voting is not like online banking. That brings us to the third problem with online voting: client malware.
"Hackers! Data breach! Major data breach!
Stole private information, paralyzed by ransomware attacks. . .
" But first I got to tell you about another piece of technology: this. I love the backstory of this company they were originally an aerospace company and they made parts for a Mars Rover and the International Space Station and then in 2020 they took all of that engineering expertise and they brought it to this razor. This is the Hensen AL13.
It also feels like a piece of engineering like this does make me feel cool. One of the problems with razors is that they're typically not supported well enough so the blade actually moves a little bit along your skin and that's one of the reasons that people get razor burn. The blade only extends past the shave plane a tiny little bit it's 0.
0013 in which is actually less than the thickness of a human hair that also helps the razor hold the blade at the ideal 30° angle. It's also completely plastic free and not just the razor but the packaging too and I found it cool that this company is doing a bunch of research to help understand what makes people get the best shave so like here for example the camera detects blood flow in the skin so red means more irritation and green means less. If you're looking for a new razor and you love good engineering you might enjoy it.
Click the link in my description. Now back to client malware. .
. "As soon as you go to internet voting that means every vote voter's device in the entire election is part of the election's infrastructure. " For a hacker that's a lot of doors to get through.
"And so your attack surface is what we call it in cybersecurity has grown many orders of magnitude larger and suddenly you have to worry about the bad guys getting in to any of those doors. " Yikes. The thing most people are worried about here is vote flipping.
"I try to vote for A, there's malware on my phone, it casts a vote for B without my knowing it and you know there's a vote B! " But I use my phone to do all kinds of secure things, right? Like why can't we just build an unhackable system?
I bank online, I send encrypted messages I don't understand yet how voting is different from what I already do. "The principal difference is the ability to confirm that things have been done properly. " And that confirmation is hard because of the secret ballot right so the thing that protects us from one problem verion causes another problem which is confirming your vote is correct.
But some cybersecurity experts are excited about a way to solve that. "It's called the Benaloh challenge, named after my friend Josh Benaloh who invented it. " Yeah this Josh Benaloh!
"Yeah I can do a demonstration for you of how that works. . .
" I would love that, yes please. "I have my trusty deck of cards here. " First I get to choose to vote red or black.
So I vote red. "So I am going to show you this and I claim for you that this is an encryption of a red vote. " Now I can submit my vote "or you can say you want to check.
" I want to check. "Okay there it is. " And I can repeat this process as much as I want.
"Black. " "Would you like to keep it or would you like to check it? " I'd like to check it.
"Okay. . .
" Red! "Okay" Challenge! Thank you.
Black! "Okay" Challenge it. "Okay" Thank you.
Black! Red! Black!
I could do this all day. "I promise you will get bored soon. What we're doing is testing the system making sure that if there was a bug or a hack that was flipping boats I'd notice and when I've done it enough times.
. . "Keep it or challenge it?
" You know I trust you now. I can submit my final encrypted vote. This doesn't just make people feel like the system is working it mathematically proves that it is.
"Statistics are very very much on our side. You can imagine a large election, 100 million voters, if 1% of voters actually do a check, as much as a 100 votes being flipped across the entire election would likely be caught somewhere. " In practice, my encrypted vote is a sequence of numbers and at the end of an election all of those numbers would be recorded so I can see my number not how I voted but the fact that the vote I submitted went through.
Great so we solved it, right? Absolutely not. Because if you do find a problem what then?
If finding a problem on your phone calls an election into question unfortunately a lot of people would do that deliberately. "If the fact that I have malware on my phone causes an election to be overturned or upset then there are going to be a lot of people who intentionally put malware on their phones. " But here's the craziest part to me about all of this: Actually flipping a vote isn't even necessarily the biggest cyber security risk.
Imagine an enemy just makes it a little bit more annoying for certain groups to vote. That brings us to the fourth and maybe highest stakes challenge with online voting, which is called a denial of service attack. The goal of this type of attack is to overload a system with fake traffic causing a website to crash or not load properly or causing an internet outage in certain areas.
Even if it just causes a slowdown for a few hours that could be catastrophic. We know that rain influences voter turnout. This would be basically people creating online weather in only specific places to affect how people vote just enough.
"Slowing down voting, that can change the outcome of an election. What's the acceptable level? Where do we say well not too many voters were inconvenience so we're going to accept this election.
" "Our adversaries are extremely talented. They have unbounded amounts of hackers computers networks and cash. " This story is not about your mom's email scammer.
This is about nations trying to influence each other's elections. It also touches on the obvious problem of public trust in voting. .
. which is not a technological problem. "There's a lot that goes well beyond technology here yes.
" I came into this story thinking, online voting! This should obviously be a thing! But like many of the stories that we cover this is a way harder problem to solve than I thought.
"We are making progress but there are unsolved problems. " "Lots of constructive folks have done the what if about how might this work but it's hard. " There is a future where this could work and that is huge if true, but in the meantime it's worth remembering how awesome it is to vote in the first place.
A lot of people fought for my right to be able to do that and I feel incredibly grateful so if you feel that way too if you can go vote. No matter what the technology it's time to make your very human voice heard.
