Latest in Gear

Image credit: EDUARDO MUNOZ ALVAREZ/AFP via Getty Images

Study finds security holes in online voting for New Jersey and West Virginia (updated)

OmniBallot appears to handle personal data very loosely.
Jon Fingas, @jonfingas
June 8, 2020
202 Shares
Share
Tweet
Share

Sponsored Links

A man casts his ballot at polling station during New Jersey's primary elections on June 7, 2016 in Hoboken, New Jersey. / AFP / EDUARDO MUNOZ ALVAREZ        (Photo credit should read EDUARDO MUNOZ ALVAREZ/AFP via Getty Images)
EDUARDO MUNOZ ALVAREZ/AFP via Getty Images

States are under pressure to use online voting for the US presidential election when COVID-19 could remain a threat in November, but those platforms might not be as secure as you’d like. MIT and the University of Michigan have published a report detailing security problems in Democracy Live’s OmniBallot, the voting and ballot delivery system that will be used by some citizens in Delaware, New Jersey and West Virginia. The system apparently takes a number of risks with data, including personal info.

The online vote relies on a “simplistic approach” that isn’t software-independent or verifiable from start to finish, the researchers said. They also lean heavily on third parties like Amazon and Google to host functions. Delaware’s take on the system sends your identity and vote to Democracy Live even if you intend to print and mail your ballot, while all systems send personal info like names, addresses and partial social security numbers. There’s also a chance that even blank ballots could be “misdirected or subtly manipulated” to lead to incorrect vote counts.

The findings led academics to recommend an abundance of caution. They believe people should only mark ballots online through OmniBallot “as a last resort.” You’re better off either sending a physical ballot or to avoid using OmniBallot entirely in favor of conventional voting methods.

We’ve asked Democracy Live for comment. These potential points of failure don’t necessarily guarantee there will be hacking attempts. When many security experts anticipate hacking attempts from Russia and other countries during the 2020 election, though, it’s difficult to completely dismiss concerns — these issues theoretically open the door to manipulation or identity fraud.

Update 6/8 7:40PM ET: Democracy Live had mixed reactions to the report in its response to Engadget. It argued that the researchers “did not find any technical vulnerabilities” in OmniBallot, and that a “secure, federally approved” option is better than emailing ballots or using fax machines. It also stressed that the voting option would mainly be restricted to those with disabilities or others who can’t vote in person, such as military personnel serving outside of the US.

At the same time, the company was receptive to some of the suggestions. It promised a vote verification system for “every future deployment” of its voting system, and that it will “immediately” bring its contracted privacy policies to its ballet portal. Democracy Live is willing to change, then, even if it believes the security risk isn’t as high as claimed.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
202 Shares
Share
Tweet
Share

Popular on Engadget

Rocket Lab mission fails shortly after launch

Rocket Lab mission fails shortly after launch

View
Two Nigerians face US charges over online fraud worth 'hundreds of millions'

Two Nigerians face US charges over online fraud worth 'hundreds of millions'

View
Facebook envisions using holographics for super-slim VR glasses

Facebook envisions using holographics for super-slim VR glasses

View
Animal Crossing fans get real about the fictional NookPhone

Animal Crossing fans get real about the fictional NookPhone

View
Boeing is reportedly ending production of its 747 jumbo jet

Boeing is reportedly ending production of its 747 jumbo jet

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr