Ignoring Security Experts, Washington State Eyes Voting by Smartphone

Security experts still widely agree that online voting can’t be adequately secured or transparently audited. Yet the siren song of 'easier voting' appears irresistible.
January 22, 2020, 9:18pm
Image: Getty Images 

Seattle and other Washington state residents will soon be allowed to vote in an upcoming election via smartphone—even if security experts continue to say that’s an idiotic idea. The King County Conservation District (KCD), a public land management agency governing 30 cities including Seattle, will soon be electing a new board supervisor position. The election itself is relatively obscure; but it’s a landmark event given it’s the first time Americans will be allowed to vote via smartphone in a public election at any real scale.


The project, announced Wednesday by the KCD, lets an estimated 1.2 million Washington state residents vote for the new board supervisor via smartphone, mail in ballot, dropbox, or in person. The agency says it’s working with voting tech firm Democracy Live and advocacy organization Tusk Philanthropies to eliminate barriers to voting. Starting today, voters can visit the Democracy Live portal, submit their vote, then have it tallied by February 11. While the technology has been used before for absentee voters and voters with disabilities, it’s the first time it’s being widely deployed to the broader public.

"The more people vote, the more government reflects the will of the people," Tusk CEO Bradley Tusk said in a prepared statement. “1.2 million people can now vote securely on their phones. It's the biggest innovation in democracy in years.” The problem: security and infosec professionals, far and wide, continue to warn that online voting isn’t ready for prime time, can’t be adequately secured, and often results in a lack of a meaningful paper trail, making transparency an uphill climb. As your vote stumbles around the internet, experts say it’s currently all but impossible to guarantee information security. The KCD did not respond to a Motherboard request for comment explaining if and how they’ve managed to overcome the consensus worries of the infosec community. While efforts to expand voter accessibility may be well intentioned, groups like the Electronic Frontier Foundation have long argued that the gold standard for election security should be good old paper ballots and risk-limiting audits. “EFF still strongly believes that e-voting is the wrong direction right now, because online elections cannot be adequately secured,” EFF Senior Staff Technologist Jacob-Hoffman Andrews told Motherboard in an email interview. “King County's biggest risk is not that their particular election will be attacked, but that their pilot will encourage e-voting adoption at a state or federal level,” he added. “We won't start to see the hacks until the stakes are high enough.” There’s a widespread consensus that we need to do something about the antiquated, insecure, and often broken machines the U.S. trots out every election cycle, not to mention the voter suppression tactics that often result in obnoxiously long lines and confusion at the ballot box.

Lawmakers like Oregon Senator Ron Wyden have pushed legislation that would bring mail in ballots to the entire country, though the efforts have yet to gain traction. In states like Washington and Oregon voting via the mail works well, helps improve voter turnout, and creates an easy to navigate paper trail.

But internet voting is a seemingly irresistible siren song, despite the fact that election hardware is routinely proven vulnerable to attack, government-cozy vendors routinely dodge accountability for flimsy machine security, and an international roster of bad actors are ramping up their efforts to undermine fair and open elections. Efforts to fix the problem are routinely mired in partisanship, resulting in the shooting down of even the most basic election security and funding efforts. And when problems are found, the voters are routinely among the last to know—courtesy of a process that’s dominated by a handful of well-connected corporate giants and the lawmakers paid to love them. Much like the apathy toward the lack of security in the internet of things, election security is a problem we’re apparently eager to do nothing about—until it’s too late.