Entire elections can be compromised if online voting systems are hacked, U.S. says in blunt warning to states

By Dustin Volz

May 8, 2020 6:10 pm ET

Several U.S. government agencies told states on Friday that casting ballots over the internet poses high levels of cybersecurity risk and is vulnerable to disruption, a warning that came as some states consider expanding online voting options to cope with challenges created by the coronavirus pandemic.

The unusually stark, eight-page federal risk assessment, sent to states privately, said that electronic delivery and return of ballots could be manipulated at a scale that allows for the wholesale compromise of elections, unlike the tampering of physical mail ballots, which is difficult to achieve and limited in its potential size or impact.

But attacks on internet voting “could be conducted from anywhere in world, at high volumes, and could compromise ballot confidentiality, ballot integrity, and/or stop ballot availability,” the advisory, which was reviewed by The Wall Street Journal, stated. It rated the electronic delivery of blank ballots to voters as a low risk, but said allowing voters to return completed ballots electronically was high risk.

While government officials previously have said internet voting poses risks, the new assessment contains the most direct language yet from federal authorities who typically avoid specifically instructing state and local election officials on how to carry out their elections. Some election officials have resisted calls for federal limitations on internet voting or voting machines that allow for wireless internet connectivity.

But the assessment makes clear that vote-by-mail options are preferred to internet voting.

“While there are effective risk management controls to enable electronic ballot delivery and marking, we recommend paper ballot return as electronic ballot return technologies are high-risk even with controls in place,” the document said.

The risk assessment, labeled for official use only, was delivered by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, the Election Assistance Commission, and the National Institute of Standards and Technology. An earlier draft version of the assessment, authored only by CISA, was published Friday by the Guardian.

Asked to comment on the risk assessment, the four federal agencies said in a joint statement that election officials were “best positioned to evaluate the risks and make decisions accordingly.”

No U.S. state currently allows all its voters to vote online, but some allow for exceptions, including for overseas or military voters and disabled voters. While some states send blank ballots to voters electronically so they can be printed and returned by mail, others allow for ballot returns via the internet as well.

A handful of states so far have said they would allow some voters to cast ballots over the internet in coming elections, overriding concerns from cybersecurity experts and intelligence officials about tampering or technical glitches. At least three—Delaware, New Jersey and West Virginia—will allow small slices of their electorates to use an online voting tool in presidential primaries or local elections, a number that could grow ahead of the November contest.

Mike Queen, a spokesman for West Virginia Secretary of State Mac Warner, defended the use of the option on a limited basis. “Secretary Warner agrees with DHS that there are risks associated with internet-based ballot transfer,” he said. “But to date, DHS doesn’t have an alternative for overseas and military voters not being able to vote an absentee ballot because of their venue.”

The fear of vote tampering has become more acute since Russia’s interference operations during the 2016 presidential election, which included targeting of some state voting systems, though officials have consistently said no votes were manipulated. Senior officials repeatedly have said that Russia and other adversaries are likely to interfere in the 2020 contest, though those warnings often have concerned efforts to conduct influence operations on social-media platforms and elsewhere, rather than direct attacks on voting infrastructure.

The draft version of the document published by the Guardian included a line omitted in the final copy that CISA “discourages electronic ballot return technologies, which have not been demonstrated as capable of being secured from interference at this time.”

A person familiar with the assessment said the line was deleted due to interagency discussions that included concerns that directly recommending against a form of voting could expose the government to potential litigation from companies that offer that kind of technology.

Critics of internet voting applauded the government’s risk assessment and said it underscored the necessity of ensuring vote-by-mail options were well funded and as widely available as possible for the November presidential election given the public health risks that coronavirus poses to voting at in-person polling sites.

“This confirms what cybersecurity experts have long warned: The return of marked ballots over the internet poses a high risk to national security and to the integrity of Americans elections,” Sen. Ron Wyden (D., Ore.) said in a statement. “States should not be rolling the dice with our democracy by using insecure technology, including email, to receive electronic marked ballots over the internet.”

—Alexa Corse contributed to this article.