Bad actors could tamper with ballots cast via OmniBallot without being detected by voters, election officials or the tool’s developer, a study finds
OmniBallot, a platform approved for online voting in multiple US states, is insecure on multiple levels and is susceptible to various degrees of manipulation, a paper by researchers at the Massachusetts Institute of Technology (MIT) and the University of Michigan has found.
“At worst, attackers could change election outcomes without detection, and even if there was no attack, officials would have no way to prove that the results were accurate. No available technology can adequately mitigate these risks, so we urge jurisdictions not to deploy OmniBallot’s online voting features,” according to Michael Specter and J. Alex Halderman, the researchers behind the report.
The two academics assessed risks connected with three methods of using OmniBallot, an internet voting and ballot delivery system developed by Democracy Live. The methods were blank ballot delivery, online ballot marking, and online ballot return.
Online ballot return was ranked as a severe risk since there is no way for voters to verify that their votes have been delivered unaltered. Furthermore, bad actors could modify the votes in a way that could prove hard to detect by any of the parties involved – voters, officials, or Democracy Live. The researchers also criticized the fact that this method relies heavily on third-party services and infrastructure and cannot achieve software independence.
“We find that OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare,” said the two researchers.
The risks associated with online ballot marking manipulation are considered high. Attackers can find out the voter’s choices and can either alter the vote for a different candidate than intended by the voter or misdirect them and cause them to be scanned as a vote for somebody else. Although in the former scenario the changes would be visible, the voter wouldn’t be likely to notice the difference. Voter education and procedural defenses can only go so far in mitigating the risks; therefore, the team recommends limiting the deployment of online ballot marking.
As for delivering blank ballots, there is a risk that bad actors will be able to modify voters’ ballots or return instructions by omitting candidates or cause the votes to be scanned incorrectly. The researchers consider the risks to be moderate since rigorous election procedures could mitigate them.
RELATED READING: Is online voting a security risk?
Against the backdrop of the COVID-19 pandemic, US states are preparing for the possibility that voters will not be able to vote in person in the coming elections. Three states announced they will be allowing certain voters to return their ballots online using OmniBallot. New Jersey made the option available for disabled voters, West Virginia followed suit and additionally allows military personnel and overseas residents to vote online as well. Delaware took it a step further, offering the option to all voters who are sick, social distancing, or self-quarantining.
Besides the recommendations for jurisdictions outlined in the report, the researchers also shared some advice for individual voters on how to protect their vote. Concerns about election hacking are not new, of course. And since the 2020 presidential election will be taking place during an unprecedented time, it is understandable that anxiety levels are high.