Imagine this: It’s the morning of Election Day, 2020. Americans across the country cast secure, encrypted votes from their smartphones and laptops, electronically choosing their president for the first time in history. Turnout reaches record highs. Live results online show that it’s a close race between the two leading candidates. But by early afternoon, an independent candidate—a sketchy figure with ties to multiple terrorist organizations and no public support whatsoever—mysteriously takes the lead. At 4 p.m., he officially wins the election. The American people rise up in protest: Clearly, hacking, bribery, or other nefarious activity has taken place. However, because the voting software is designed with end-to-end encryption to ensure anonymity, no audit or recount is possible.
America’s next president is a terrorist.
This is the hypothetical scenario that won Bruce Schneier’s annual online “movie-plot threat” contest by popular vote this past weekend.
Schneier—a world-renowned cryptographer and computer security specialist—hosts a yearly contest asking readers to submit imaginative stories about technology-driven terrorist threats—crashing satellites, attacking cars with viruses, and the like. The goal, he explains on the site, isn’t to point out present-day threats that deserve actual security attention from the government. It’s more to create over-the-top, intentionally scary scenarios that are almost amusing in their implausibility: the type of scenarios that would be perfect for dystopian tech-driven films. Think The Matrix, or the latest Avengers film.
This year, the theme was encryption—a timely topic, given that Schneier has come out against the idea of putting “back doors” into encryption, to permit law enforcement surveillance. The runners-up for the 2015 contest included a plot about an encrypted flash drive with exclusive information about deadly virus’s antidote and another one about an unstoppable, automated attack on the NSA.
Though the main point of Schneier’s contest is to entertain, there is quite a bit of significance to the fact that this particular “movie-plot threat”—a scenario dealing with the fairly unglamorous topic of electronic voting systems—was chosen by Schneier’s readers to win the contest, which received more than 125 entries. The selection shows a general public fascination with the accessibility and convenience of electronic voting, an idea that has been tossed around by election officials and computer scientists for many years.
Schneier and many other privacy experts say that an online voting system, even one that uses the most cutting edge technology, is completely infeasible for the foreseeable future. Whereas streamlining voting is a great idea in theory, putting the process on an electronic platform is the opposite, he says. For an example of how well-intentioned efforts to technologize voting can go very wrong, he points to the results of the 2002 Help America Vote Act, which tried to remedy Florida’s infamous vote-counting debacle in the 2000 presidential election by replacing punch-card voting machines with electronic machines. The new machines can fall victim to all kinds of bugs, hacks, and malfunctions. (For example, a Virginia machine actually had the password “admin.”) They’ve “been disastrous for a decade,” Schneier says. “People who actually do security know that elections can’t be done without paper.”
If it’s possible to make million-dollar financial transactions on a smartphone, it should be possible to cast a vote on the Internet, right? But an online election is fundamentally different, experts say. Bank transactions can be traced down to every exact cent, but votes must remain confidential. The necessity of mass-scale anonymity poses security issues that are almost impossible to address with today’s buggy computer technology. As the very recent hack of federal employees’ Social Security information reminds us, not even the most high-level software is ever fully defended against malice.
For an online voting system to work, it would have to be fully auditable—but still encrypted. It is theoretically possible to store a vote in an encrypted system and then decrypt it if necessary for an audit, says Duncan Buell, a computer science professor at the University of South Carolina who specializes in electronic voting systems. However, this type of technology is too complex for most voters to use and too cumbersome to roll out on a mass level.
Not that online voting hasn’t been tested in real life: In 2015, roughly 250,000 people voted through the Internet in a state election in New South Wales, Australia. Researchers found that more than 66,000 of those votes were compromised because there was a major security hole in the system when they were cast.
Those who believe that an online election may be possible in the future will ultimately have to wait a long, long time. “People have become more comfortable using the Internet, but the Internet has not become a safer place,” says Pamela Smith, president of watchdog group Verified Voting. At present, online voting is still just a pipe dream—or a rather implausible movie plot.