Skip to main content
Cybersecurity

Internet Voting Exclusive: Too Risky for Elections

Internet Voting Exclusive: Too Risky for Elections

“If we put our ballots on the internet, what are we asking of a fragile trust?” That question has circled election halls and security labs for decades, and it refuses to go away. Proponents promise convenience, higher turnout and modernized access. Skeptics warn of fundamental vulnerabilities that no patch can fix. The debate is not merely technical; it’s about whether a society can accept elections that depend on systems known to be insecure.

For more than twenty years, computer scientists and security experts have reached a consistent conclusion: internet voting—where voters cast ballots remotely over general-purpose networks and consumer devices—cannot be made acceptably secure with any known, practicable technology. The risks range from silent vote manipulation and large-scale automated fraud to covert disruption of vote counting and the permanent loss of voter privacy. Those dangers are not theoretical edge cases; they are realistic attack surfaces exploited by nation-states, criminal groups and opportunistic actors.

Advocates and vendors respond with new architectures and marketing narratives. They point to end-to-end verifiable cryptographic protocols, smartphone-based apps and pilot programs that they say prove safety and usability. Some organizations, meanwhile, press election officials and the media to adopt or pilot their systems, arguing the benefits of convenience and accessibility outweigh residual risk.

Why the sharp divergence in assessments? Partly it is a difference of perspective. Technologists who study the root problem emphasize systemic properties: the internet is a hostile, shared environment; voters use untrusted devices; supply chains and update mechanisms are vulnerable; and secrecy and verifiability requirements pull in opposite directions. Practical adversaries can exploit any one of these layers to change votes, suppress turnout, or produce plausible but false evidence about results. Those conclusions are echoed in broader analyses of election threats, which show how digital tools and synthetic media compound risks to institutions and public confidence. For instance, recent expert commentary highlights how sophisticated disinformation and manipulation amplify technical vulnerabilities and strain the institutions that must adjudicate contested results .

Policymakers face a dilemma: the desire to expand access and reduce administrative burdens versus the obligation to preserve integrity and public confidence. Some jurisdictions have experimented with internet or mobile voting for narrow populations—military and overseas voters, for example—or as optional convenience features. Proponents argue such targeted deployments can be done safely with layered protections. Critics counter that even limited use creates precedents, normalizes risk, and opens avenues for scaleable abuse.

From the voter’s point of view, the appeal is obvious: no travel, no long lines, and the ability to vote from a smartphone or home computer. For disabled voters and those living abroad, remote options can be transformative. But usability gains do not neutralize core security trade-offs. A ballot cast on an untrusted device can be altered without leaving reliable evidence; voters cannot independently determine whether their vote was recorded as intended unless the system supplies strong, auditable proofs that are themselves resistant to tampering. Moreover, reliance on private vendors raises questions about transparency, independent auditability, and the risks posed by software supply chains and cloud hosting.

Consider the adversary perspective. An actor intent on undermining an election need not subvert every voter’s device; altering a small percentage of votes in targeted precincts can change outcomes, and covert manipulation is often enough to sow doubt. Attack tools—from phishing and malware to compromised infrastructure—are widely available and continuously improving. Adversaries also exploit the information environment: well-timed leaks, manipulated returns, or plausible counter-narratives can turn technical incidents into crises of legitimacy. Election security analyses emphasize the need to harden both technical systems and the institutional pathways that convey results to the public, and to resource election officials accordingly .

Where does the science stand? The mainstream position among security researchers is blunt: there is no known, practical way to provide the confidentiality, integrity and verifiability guarantees elections require when ballots are cast over general-purpose consumer networks and devices. Proposals that claim otherwise either move trust to opaque components (proprietary servers, closed-source apps) or depend on unverifiable assumptions about the honesty of hardware and software vendors. Successful defenses against these classes of attacks would require changes to the fundamental threat model—changes that are not currently feasible at scale.

That does not mean innovation is irrelevant. Investments in secure, auditable voting methods, resilient paper ballots, risk-limiting audits, improved voter authentication, and better cybersecurity for election infrastructure are all essential. Policymakers can expand access in safer ways: more voting centers, extended early voting, mail ballots with robust chain-of-custody procedures, and better support for voters with disabilities through supervised, in-person assistance. These approaches preserve a tangible audit trail—paper—that enables independent post-election checking.

Arguments in favor of limited internet voting often cite pilots and specialized use cases. Those experiments can provide lessons about design, usability and logistics. But pilots are not the same as deploying a system at scale for competitive public elections. The transition from small, low-stakes trials to national or statewide use multiplies exposed vulnerabilities and magnifies the consequences of any compromise. Experience and recent expert commentary suggest that election security benefits from conservatism: where uncertainty about risk is large and the stakes existential for democratic legitimacy, prudence argues for preserving offline, auditable modalities.

Finally, the debate is also political and rhetorical. Vendors and advocates sometimes emphasize convenience while downplaying or dismissing deep security objections. That messaging can shape public expectations and pressure officials into risky experiments. Observers warn that such campaigns—however well-intentioned—can mislead decision-makers about the magnitude and nature of the threat. At the same time, those worried about disenfranchisement must avoid false choices: security and access are both essential goals, but security cannot be sacrificed without imperiling the very outcomes access seeks to include.

  • Key technical risks: vote alteration on untrusted devices, supply-chain compromise, server-side manipulation, and inadequate verifiability.
  • Institutional risks: loss of public confidence, difficulty adjudicating disputes, and scaling of vulnerabilities from pilots to statewide elections.
  • Practical mitigations: paper ballots, risk-limiting audits, stronger cybersecurity for election offices, expanded in-person access and legally enforceable chain-of-custody rules.

If the central purpose of elections is to produce an authoritative, accepted expression of the public will, any technology that makes results inherently contestable or unverifiable should be treated with skepticism. The promise of convenience cannot outweigh the need for a durable, auditable record and the public’s trust in outcomes. As one set of experts recently argued about the wider election ecosystem, strengthening infrastructure, funding local officials and improving transparency are practical steps that reduce risk; those same principles apply squarely to choices about remote voting technologies .

In the end, the choice is not between convenience and democracy—it is about how to modernize voting while preserving the one thing modernity cannot restore once lost: confidence in the count. Will we accept systems whose fundamental weaknesses could be exploited to change outcomes or will we insist on reforms that enlarge access without surrendering verifiability? That question matters now, because technology that seems attractive today can harden into practice tomorrow—and reversing course after a compromised election is a cost no democracy should be willing to pay.

Source: https://www.schneier.com/blog/archives/2026/01/internet-voting-is-too-insecure-for-use-in-elections.html